What if your television was watching you back?
All the personal data that we put online are a juicy target for both criminals and governments
If you suspected your fridge was spying on you, it turns out you might not be paranoid after all. Mike Barton, the chief constable of Durham, says that household gadgets connected to the so-called internet of things are prone to attack by hackers. Those of us who unaccountably rely on our refrigerators to order more milk when we are close to running out are vulnerable to crooks trawling the web looking for insecure bank accounts. While your fridge fills up with gold top, your bank account is emptied. And the nark could be your kettle or robot vacuum cleaner.
Which self-respecting criminal nowadays bothers with a stockinged mask and sawn-off shotgun to carry out a robbery when it can be done in comfort and relative safety from home? Mr Barton’s solution is that all new appliances capable of being hooked up to the internet should carry a Kitemark rating showing how secure they are. As if that is going to make a difference.
There is no protection against idiocy and we are all at risk if we forget to take basic security measures like changing passwords, if we open suspect emails, or fail to update software. Even the biggest institutions like the NHS, which are supposed to be “cyber-aware”, have been hit by hackers demanding money to unlock frozen systems.
And it’s not just criminals. Foreign agencies are hard at it targeting our national infrastructure – power stations, electricity grids, warships, anything run by a computer system which offers a way in that never used to exist.
But what if our household appliances are not just a point of entry for criminals after our savings but an opportunity for the state to keep an eye on us as well? Leaked documents recently purported to show that the CIA and British agencies were running a secret computer-hacking program to turn televisions and smartphones into bugging devices that can record conversations and even take photographs.
It was tempting to dismiss this as baloney – except that Mr Barton’s warnings about the risk from criminals must apply to others who might have cause to hack into our homes to pry rather than to rob. After all, why wouldn’t they if they can? It is just the modern equivalent of steaming open a letter or planting a bug behind a painting in a suspect’s sitting room.
I am not suggesting that the employees of GCHQ are sitting in Cheltenham taking part in a sort of reverse Gogglebox, watching us watching TV. But the point is they have the ability to do so and we are always handing over more and more personal information to make it possible. For instance, why is it now necessary to register to watch BBC’S iplayer by giving email details the corporation never used to need? They say it is to personalise what we watch or listen to, but I can do that perfectly well myself, thanks very much. One of the objections to the nationwide installation of new smartmeters, beyond the fact that they seem to have failed to achieve their ostensible purpose of keeping energy bills down, is that they can be hacked. This has not been much of an issue here, but in France privacy campaigners are trying to block the equivalent programme, known as Linky. There have been protests against what one leader called a “Trojan horse” in our homes that could harvest vast amounts of data about our activities.
This information could be sold to companies looking to sell us something we didn’t realise we needed. But data from such devices can also be used by counter-terrorist agencies who think someone might be up to no good. So fast is the communications revolution that legislation designed to set the limits of state surveillance powers is almost out of date before the ink is dry on the statute. The most recent measure, the Investigatory Powers Act, has given the authorities access to bulk data – and that includes information from smart energy meters.
On a recent visit to Israel, I was shown around a counter-terrorist cyber-facility run by Elbit Systems where all this data could be accessed in pursuit of jihadists. A simulation of an attempted attack on a sports stadium used number-plate recognition, drones, CCTV and telephone intercepts to track down the suspect and his accomplices in minutes, like a Jason Bourne movie.
This technology exists now and we could do it here, except for one key difference. Israelis have to carry ID cards and must enrol on a new biometric database, whereas we don’t. Funnily enough, 2017 is the year when Labour’s ID project was due to be fully operational and a citizens’ database all but up and running, until it was scrapped by the Coalition in 2010.
But if you thought it was dead and buried, think again. Only last week in the House of Lords, ministers were pressed to revive the ID scheme by piggybacking off plans for EU citizens to register after Brexit.
Lord Campbell-savours said: “Why not use the introduction of these identity documents as the test bed for a national roll-out of identity cards… throughout the country?” Lord Blair, the former Metropolitan Police commissioner, said: “Why are we resisting something that, given the terrorist situation we are currently in, must be an advantage to the country?”
The Government says it has no plans for an ID card system – but with no majority it is not exactly in a position to stop it if a head of steam builds behind one. It would be ironic if David Davis, the most vociferous opponent of ID cards in the Commons 10 years ago, now becomes the harbinger of their return.
In any case, ministers are being disingenuous. It is not cards that the state wants; it is the database. Paper ID documents are ancient history. One American security firm will shortly begin implanting radio-frequency ID microchips the size of a grain of rice into its employees, between the thumb and forefinger. The company foresees that this technology will become widely used to pay for goods, log on to computers, store medical information and gain access to buildings.
The advantages of such devices in a world where so much that we do is digital are obvious; but so, too, are the drawbacks. We will become hackable, trackable people. This is the future. Just ask your fridge.