Keeping up to date on technology will contribute to your security and privacy online
As we enter 2018, I encourage everyone to include a simple resolution on their list: make sure you are well-informed about the technology you use, and avoid getting swept up in false narratives and exaggerated claims about its dangers. Let me be clear: there are genuine threats, but they don’t come from the technology itself. As I always say, technology is agnostic. The dangers come from the bad actors that are willing to use any tool at their disposal, including those in cyberspace, to do harm. Our real target should be combating these forces, not demonizing this or that latest technological development. Education about the realities of our digital world is the best antidote against misplaced fears. And, conveniently, it is also the best way to inoculate ourselves against the security issues that technology does indeed pose.
Within all our favorite devices and applications, there are always lurking security vulnerabilities waiting to be exploited. When they inevitably come to light, we become hyper-focused on them for a few days, or weeks at most, and then return to our usual practices. Even now, with so many well-publicized hacks, how many of you change your passwords regularly, turn on two-factor authentication, and follow other basic cybersecurity best practices.
Instead of repeatedly being surprised by data breaches, we should expect them. These exploits are a fact of our technological landscape. Flaws are unavoidable in a fast-paced, competitive environment, with the massive chip exploits nicknamed Meltdown and Spectre just the latest examples. Every company is striving to be faster and cheaper, which makes mistakes and related security holes nearly inevitable. The market will push back, and consumers and regulators will punish such companies, at least to a degree, but the bottom line is that exploits are a permanent reality. As I’ve noted before, the most effective way to protect yourself is to inoculate yourself against the “virus,” so to speak. Maintaining good personal security practices keeps you safer, but it’s also about herd immunity. The more people are aware of the constant threat and practicing good digital hygiene, the less likely an “epidemic” is to break out. Staying informed is the first layer of defense.
That said, once we have taken steps to safeguard our security, grave threats—at the personal, national, and global levels—remain. These threats are serious and the most difficult to address. That does not mean we should shy away from tackling them, or divert our attention to less urgent problems. As recent events demonstrate, the dangers of avoiding these challenges are mounting. Take the recent efforts of Russian hacking group Fancy Bear to penetrate the U.S. Senate and the upcoming Winter Olympics in South Korea. Far from being deterred after its 2016 hacking of the Democratic Party, the group has been emboldened by its successes and is taking on new campaigns. (And as is always the case, it’s the ones you don’t know about that do the most damage.) In its latest endeavor, it designed a sophisticated email phishing scheme to gain access to Senate emails. Concurrently, it released a batch of emails stolen from U.S. Olympics Committee officials in retaliation for their exposure of Russia’s massive state-sponsored doping program.
While all of this has been unfolding, much of our national attention has been shifted toward pushing for transparency and accountability at home. In the most recent pendulum swing in the debate, security hawks won a victory with the long-term extension of key parts of the Foreign Intelligence Surveillance Act (FISA). Under the new legislation, the U.S. government has been cleared for six more years to use various online surveillance techniques, including browsing email and search histories, without warrant requirements the government calls burdensome.
This may sound routine, since government representatives nearly always favor the expansion of government powers, no matter how much “small government” rhetoric they spout. But this development marks a reversal in the tide of the national conversation, which has favored privacy advocates since Edward Snowden’s dramatic release of NSA documents in 2013. While the discussion is absolutely an important one to continue having, I worry that it has become a distraction from much graver threats to security. North Korean and Russian hackers, after all, are not subject to Congressional oversight!
As we push for the preservation of important freedoms at home, we must stay vigilant against the actors abroad that want to undermine the very foundations of Western democracy. Often, this involves difficult tradeoffs. We want to safeguard our elections, but we don’t want the government to have excessive online surveillance capabilities. That means striking a delicate balance between privacy and security—and, sometimes, that entails sacrificing a degree of individual liberty for better collective security.
In my last post, I wrote about our willingness to exchange troves of individual data, such as biometrics, in exchange for the convenient services and capabilities companies offer in return. Trying to preserve genuine privacy in the face of such widespread collection is an exercise in futility. Instead, savvy users will take common-sense steps to protect themselves in a world where Facebook, Apple, Google, and Amazon are all competing for their information.
You can find plenty of actionable, expert advice on how to protect yourself on this site alone, from optimizing your password strategy to circumventing insecure internet connections with a VPN. At the same time as you implement measures to keep yourself safe online, I hope that you will remember that it isn’t just big public corporations competing for your attention and clicks, and it isn’t only the U.S. government accessing your communications. As fashionable as it may be in some circles to refer to these giant private companies and democratic governments as “evil,” this can distract us from the threats from the real bad guys. Don’t worry, I’m not letting the companies off the hook. More than anyone I’m sensitive to how social media has been weaponized by Russia and others while Silicon Valley shrugged its collective shoulders and counted its profits. I just want those who weaponize tech to be held at least as accountable as those who make it.
Hackers and malware are now an ever-present part of our digital reality, and authoritarian governments are increasingly able to leverage technology for their purposes. The problem is not bad technology—it’s bad people. I urge you, then, to focus on the core challenges to human prosperity: repression, illiberalism, corruption. Continue to explore the ways that technology can enhance your life, and do not fear innovation. New tools bring new opportunities, for both good and for evil. The upcoming year will present plenty of advances and obstacles alike, I am sure. With an awareness of how we each interact with technology, individually and as members of a global community, we can make sure that 2018 is a step towards greater security and freedom for everyone.
Avast researchers have discovered cybercriminals using an old medium (PDFs) in a new--and dangerous--way.
That .zip file looks legit, but it's actually a sneaky new way for cyber criminals to steal your info.