The connected world is here, and while privacy and security have always been hot topics for the creators of tech, increasing numbers of high-profile breaches are building public awareness of the challenges and dangers that face us. Who knew, as the magic beans of interconnectivity grew, that the golden goose came complete with scary giant? What does the connected world know about you and your life? How has our confidence in the online space changed over the past decades? And what are the security and privacy implications of the sci-fi future that is already with us?
What does the connected world know about you?
I’ve written about privacy many times before: here’s my report on Facebook, Google and Microsoft’s strategies and vision from South by Southwest last year (“How do the biggest tech firms protect your data?“). As we marvel over the latest smart devices – who really wants a bluetooth kettle, honestly? – we’re entering a world where the integrations we rely on for an easy existence reveal more about our daily lives than we’d dare share on Facebook.
Wearing a Fitbit or Jawbone device? This “Jawbone Seismograph” is a record of Californians being jerked awake by the Napa Valley earthquake in 2014. OK, that’s anonymous ‘smart’ data – but individual activity tracker records have already been used in divorce cases, and an ongoing murder trial recently presented evidence from the victim’s Fitbit. Carrying an iPhone? Dig down into the Privacy menu and you may find a list of your most frequented locations – did you know they were there? Booked a surprise weekend away or ordered a gift online? Don’t let the lucky recipient see your news feeds until the big day, as they’ll be peppered with ads for the same purchase.
We have all scrolled through long Terms & Conditions documents. You can’t skip them: the ‘Agree’ button lights up when you reach the bottom, on the assumption you have actually read the thing. Yes, you have agreed to your data being harvested and used in this way. Should you care? On balance, probably not. All businesses collect data to function, to better serve their customers. Facebook is a case in point – we think of it as a social network, but it deals in rich data, and thanks to the connected world it has evolved beyond imagination across ten years and almost 2 billion members.
Changing perceptions of privacy
Despite the easy life that a connected world delivers to us, we the public don’t much like the accompanying cybersecurity fallout. An Institute of Customer Service poll in June 2016 showed that some 86% of more than 1,000 UK consumers thought the government should review data protection laws, while 77% felt it should do more to protect data from cyber attacks.
As author and AOL co-founder Steve Case said at this year’s South by Southwest (SXSW), true ‘security’ is likely to be all but impossible. Nothing is foolproof: all businesses can do is focus on critical areas; all we can do is recognise that our perceptions of privacy have changed over the years and will continue to do so. In 1985 when home shopping emerged, they said it would never work, because we’d never allow our credit card details to be handled online for fear they could be compromised. Scroll forward to 2017: thank you Amazon for saving my card details for future purchases at the click of a button.
We work to a continuum of privacy, neatly summarised by this South by Southwest panel on the Reality of Online Privacy. There are three scenarios:
- Privacy we surrender for our own benefit – we exercise a choice.
- Specific protection of certain things in our own lives: a personal sliding scale of what we are comfortable to make public, against what we are not willing to share.
- Things we share without knowing – location settings, anonymous data gathering, clues to password information from viral quizzes.
We are in control of the second, and often unaware of the third. Outrage happens when privacy we have surrendered by choice is compromised, or when things become public that we did not know were shared. Perhaps the lesson for us as consumers is to assume that everything online is effectively public, or may become public in due course.
Emerging technology means emerging security challenges
The enterprises who are building this connected world have a heavy responsibility. Systems work better when technology is new, said Steve Case, but the speed of emergence of new technologies means that developers and cybersecurity experts are navigating chaos. Blockchain, for example, is heralded as a new way to secure contracts and hold verifiable credentials. Developers are following the path of Bitcoin, on the assumption that any technology that makes a currency secure can secure the ‘essence of truth’ in a transaction. Are hackers far behind?
Artificial Intelligence (AI) is already in our homes and businesses: my TV remote uses Alexa to navigate the evening’s viewing, and at the recent Sage Summit UK I met Pegg, the chatbot which interacts directly with an accounting system. Behind Pegg sits a team staying one jump ahead on security. Artificial Intelligence technologist Kriti Sharma and Sage security specialist Robin Fewster explained the additional challenges which are very specific to the development of AI (on top of traditional worries like authentication, infrastructure, and external attacks, of course). The frameworks for AI are all new technology, the interfaces between bots and humans are many and varied: Alexa, Slack and Facebook for starters. Ensuring that interactions between human and machine are secure from start to finish, that sensitive information is protected, is almost as complex as producing the bot in the first place.
To add another layer of concern, we’re entering a period where a chatbot would be capable of passing a Turing test. Alan Turing suggested in 1950 that because we judge intelligence by verbal reasoning, if a machine were to answer questions in a manner indistinguishable from humans it might be considered intelligent. Could a bot masquerade as a human? Plenty do. There are ‘Evil Bots’ right across social media; check your friends and followers! Research published in March this year (“Online Human-Bot Interactions: Detection, Estimation, and Characterization”) suggests that as many as 15 per cent of Twitter accounts are not run by humans.
Don’t panic: it’s too late for that
The genie is out of the bottle: we’re moving into a new phase of the internet, where integration rules. What can you do?
Trust the experts who are managing security. Listen to them! Where you have control, use it. Be wary of what you put online, and be aware of what may be published automatically on your behalf. However, the benefits of this new world are worth grasping. As long as you know this is all a compromise, the future could be a fairy tale with a happy ending, after all.
Kate Baucherel is a strategic consultant working with businesses who use or develop digital tools. Contact us for advice if your business is ready to take advantage of new digital opportunities.