FORGET BETTER ANTIVIRUS; THE ENTIRE TECH INDUSTRY NEEDS A REBOOT

by Rob Loggia

Friday, July 1, 2016


The building War on Privacy in America and worldwide has become so overt and obvious that there is no need to make the case that it exists. It is not even denied - the people perpetrating it fully admit thatthey expect the population to surrender privacy to gain increased safety they expect the population to surrender privacy to gain increased safety, or at least perceived safety. The ostensible public servants responsible make this case at every opportunity - both in the media and through legislation. They are determined to undermine the foundation stone of human dignity, and it is frightening that what motivates many of these people is an ugly and addictive lust for power over the lives of others.

However, the most frightening aspect of this problem is not what is happening, or why it is happening. The worst news to advocates of privacy rights is how it is happening. For once the government resolves to remove a level of privacy that the population enjoys, it becomes merely a technical issue. And for the most part, they have found these hurdles startlingly easy to overcome. Our technology is what makes this possible.

The early days of software development are rife with horror stories of projects developed without any concern for user data security. Many of these projects later had security bolted on as an afterthought. The growing popularity of computers and networking quickly made this an issue, and as computers became targets for malfeasance the anti-virus industry was born. This approach worked for a while, but beneath the surface dangerous, large-scale vulnerabilities continued to fester.

While finding and fixing small-scale, specific bugs and code exploits will always be an ongoing battle for the programmer, most software professionals seem to believe that following existing best practices will result in good, secure technologies that, in the main, are safe to deploy into the wild. Most believe that they are doing a good job, and that the companies and projects they work for are providing a valuable service for the marketplace.

They could not be more wrong.

Despite our vast knowledge of human psychology, and despite the very visible and public trends towards the elimination of privacy by government, the fact is that most platforms and products are still designed in the absence of what should be, by now, some basic and fundamental assumptions about information security. In doing so, they are providing a massive surface of vulnerability that allows the erosion of privacy to continue unabated and relatively unhindered.

There are at least two assumptions that should be built in to every technology, software and hardware, as a design goal at least as important as any other. They are:

  • The vendor must have no visibility or access to any user data created or stored by the technology.
  • The government should be assumed to be a potential bad actor, and no provisions can be made for special government access.
  • One could imagine and accept that the absence of the first assumption from the majority of technology platforms is for the most part due to oversight or naivety. Most programmers and software businesses don't believe themselves to be evil people, and have no intention to ever trespass on the privacy of their users. They don't see the harm in deploying solutions configured such that while the vendor usually doesn't see any user data, it can gain access if necessary. They know they won't look, and they consider the problem solved.

    Not only does this open an additional door for hackers, it also makes it impossible to address the second assumption, that governments can be bad actors. For even if no special government backdoors are created, any data that the vendor can access is also within reach of the government. Most technologies belong to businesses and non-profits, and these entities must follow the law. This may appear to be a good thing on the surface - certainly a company has an obligation to comply with a legitimate government request for information accompanied by a warrant.

    But what happens when the government overreaches, and produces what is in fact an extra-legal warrant? Anyone that doesn't believe this can happen needs to read some of the documents leaked by Edward Snowden and other whistleblowers. And what happens when the government passes laws that violate the natural human right to privacy? Many of the recent surveillance laws appear to do just this. Then what?

    There can be no doubt that the future of humanity will be saturated in, and built around, technology. If the human race is to continue to enjoy the right to privacy in any meaningful way, vendors must radically rethink the technologies they are unleashing upon the world. vendors must radically rethink the technologies they are unleashing upon the world.

    This is not a political question, or even a legal question. This is a matter of ethics; the recognition of privacy as a fundamental human right and the resolve to do what is necessary to protect it, from all threats.

    Anyone responsible for inventing, developing or deploying a new technology needs to think heavily on this subject before pulling the switch and sharing their creation. You have to live in this world too, as do your children and grandchildren. Ask yourself if this wonderful new technology you are contemplating can be exploited or perverted to deny them a basic human right. If the answer is yes, you have a moral obligation to go back to the drawing board and get it right.


    SHARE THIS POST