Cyber Scene #24 - Spectrum Analysis: PRIVACY---------------?---------------SECURITY

Cyber Scene #24

SPECTRUM ANALYSIS: PRIVACY---------------?---------------SECURITY

SIRI-OUSLY, THE EYES (VICE JULY CYBER SCENE EARS) ALSO HAVE IT NOW

As an 10 August Wall Street Journal prelude to this Cyber Scene and the to New York Times Magazine feature discussed below, WSJ writer Matthew Hennessey examines the "grand bargain" between Silicon Valley and we individuals as we give up privacy for "cool stuff." Given the inclination of most people to share, he sums it up as "vanity trumps privacy." Big Tech has its FANGs ready to optimize this default. Hennessey looks not only at anecdotal stories (a 6-year old with a $162 purchase order) but cites a UC Berkeley's (aka "Cal") Center for Long-Term Cybersecurity study underscoring the IoT "heralding a qualitative shift in how privacy is managed, by people and by the organizations that create, sell, and operative internet-connected devices." The study tracks how consumers lose the capability of controlling data about themselves with no perception of the downstream impact of their own decision. Hennessey goes on to address worse impacts on families (hacked webcams and baby monitors) and also briefly notes the USG role in designing malware to exploit corporate cyber systems. Could a kryptonite webcam sticky or another variation on Newtonian action/reaction be in our future?

DATA MINING OF PII A LIMITLESS NATURAL DEPOSIT?

The New York Times journalist Nicolas Confessore, in the 14 August Magazine cover feature, pursues the monetization of the IoT privacy invasion in "Bic Tech's War on Privacy," underscoring that the trillion dollar industry has good reason to fight privacy issues. Oakland businessman Alastair MacTaggart ended up thrusting himself into fighting what Confessore terms a Silicon Valley resource grab. MacTaggart's attempt to impose a measure of control on PII access resulted in the Big Tech players lawyering and "lobbying" up. Fast-forwarding, the prior administration had just begun to work on a consumer-privacy bill when the Snowden IC revelations occurred. The press and industry fought back. The watered-down version of the proposed Congressional bill angered consumer privacy advocates. Following untold alternative approaches, MacTaggart succeeded in getting a California state law passed, effective in 2020, to curb some excesses. The present US administration is already looking at a new national privacy standard that would override the not-yet-effective California state law. Stay tuned!

FACEBOOK AD LIBS

The privacy debate has been ratcheted up: with the issue of Facebook ad manipulation rising in the run-up to midterm elections country-wide, the tension between privacy and democracy itself has come to the forefront. NYT's Natasha Singer sees the Facebook ad service as being a tool of external political trickery in her 16 August study. While the Kremlin-connected Internet Research Agency in London is digitally shuttered, and more recent transgressors undergoing some wing-clipping, Singer continues to believe that midterm primaries as well as November elections are prime targets for politically motivated ad placement with a view to clipping the wings of democracy itself.

APPLE--PRIVACY HERO? HOLD OFF ON THOSE LAURELS

As Apple posts its first trillion dollar bill on its wall of fame and continues to pointedly distance itself from those invasive Facebook and Google folk in support of "privacy as a human right," it too faces the same security problems with regard to its apps and the misuse of data that ensues. Bloomberg's Sarah Frier explores this on 13 August. iPhone developers have gathered phone numbers, home addresses, and social security numbers. Once developers get this info, it is no longer visible to Apple, whence the control issue. Although a new rule in July 2018 now prohibits the re-selling to data brokers, political campaigns, or postings on the internet, it is still not difficult "for developers to harvest this information." Frier notes that a blow up similar to Facebook/Cambridge Analytica could happen. However, Apple differs from Facebook in that it doesn't make money from advertizing. When users turn off sharing, for example, Apple does not delete data already shared. Google has a similar problem, Frier reports, but Google does not claim to be an advocate for consumer privacy.

GOOGLE REVISITS CHINA

Google, however, is an advocate of doing business in China, and, per New York Times correspondents Li Yuan and Daisuke Wakabayashi's 1 August article filed in Hong Kong, Google is picking up its work on a censored search engine for China to curb anti-government commentary as well as other expressions deemed at variance with the country's leadership. They reported that Amnesty International said Google's censorship program for China would be "a dark day for internet freedom." Some other Big Tech companies also feel threatened as foreign websites including Facebook, Twitter and the New York Times are at risk as well. Ironically, Google would find itself not as a harvester of personal data, but a silencer of it. The NYT article goes on to say that in addition to the Chinese to be censured, Amnesty International, and others, some Google employees themselves are also disappointed about the corporate direction to squelch expression.

BIG TECH ON THE HOME FRONT

The issue of technology leaders taking responsibility for fashioning policies that protect individual privacy rights while connecting the world (make that the free world, wherever it may be) is complex and fraught with pitfalls not envisioned until lately. Farhad Manjoo, writing on "State of the Art" in the NYT business section on 25 July, lays out a broad analysis of how the tech industry, under pressure, is trying to determine where its responsibilities lie. He notes that the lines drawn at present by Big Tech are fuzzy. He cites tech growth as the reason for the heretofore hands-off approach to addressing these responsibilities. (The grueling Congressional testimony Mark Zuckerberg endured may have motivated the FANGs to speed up their thought process about privacy protection and other attendant issues.) Manjoo probed inside as well as outside these big tech companies, impressed by the thoughtfulness of the discussions, but a defined course is still lacking.

NOT PRIVATE ENOUGH BY HALF: US ELECTIONS

As Big Tech ponders deep thinking on seemingly intractable issues, there's trouble in River City. National Security Advisor John Bolton expressed concern on 19 August, per Carol Morello of the Washington Post, that not only Russia, but also China, Iran and North Korea may meddle in US midterm elections. He added that "what we want is not war in cyberspace; we want peace in cyberspace." However, the Chairman of the Senate Select Committee on Intelligence (SSCI), Republican Richard Burr, in an interview to Associated Press Mary Clare Jalonick filed 18 August did single out Russia. The Senator said that the Mueller investigation must run its course, frustrating as the probe is, and that he does not want to be responsible ex post facto, for overlooking something important on his committee (of which Cyber Scene has written frequently). He said that when the SSCI's role in the probe began, "I don't think any of us...understood just how coordinated the disinformation and societal chaos campaign was." As noted in earlier discussion, the SSCI holds a stellar position as one of the few truly bipartisan entities on the Hill.

GIRDING UP THE GRID:

Following earlier discussion of additional attacks on critical US utilities, US leaders are working with the National Infrastructure Advisory Council, State Department's cybersecurity chief Deputy Assistant Secretary (DAS) Robert Strayer, Homeland Security, private sector experts, and former NSA and CyberCommand Director General Keith Alexander (who briefed the House Armed Services Committee) as well as New York Governor Andrew Cuomo inter alia to move forward with hardening the defense of the US grid. Rebecca Smith, writing for the Wall Street Journal on 5 August, notes that US officials are seeking stronger penalties for hackers from Russia, China, Iran and North Korea. On 17 August, President Trump took action to loosen the rules of engagement for US cyberattacks. (John Bolton's opinion on this action is not known.) According to Dustin Volz in his Wall Street Journal article of 15 August, this pronouncement generated several questions about how the military would move to offensive cyber strikes and whether this would escalate hostilities. While those issues are not likely to be discussed openly, the President's action is a big change from the interagency process prevalent during the 2008-2016 period. Many of the issues surfaced in this article stem from comments by Tom Bossert, the former homeland security advisor who was reportedly forced out of his job when John Bolton stepped in as National Security Advisor. In any event, this seems to go well beyond "prevent defense" and address the loss of national security treasures that keep this country running.