Yesterday, Wikileaks published what it believes are details of hacking tools used by the CIA in order to spy on Americans. There is a lot of speculation and misinformation about the ability the government has to hack our devices or spy on us. We know from the whirlwind that was Apple’s battle with the FBI that there are still limits to the tools they have at their disposal to get into our most personal computing devices. Much of what the government does have requires them to have the device in hand, meaning they have acquired it through legal means and have the ability to attempt to acquire information from it. While there is no doubt they have the ability to monitor phone/cell networks, the move to things like messaging as a primary communication method has made it harder for them to spy on us over traditional airwaves.
The point is, while there is still doubt and skepticism around the extent any government can monitor its citizen’s communications in things like a messaging client, you can bet everything you own they are going to try their hardest to do so. If anything, the events of the last few days, and a great deal of the commentary around it, only confirm a key narrative Apple has been describing: we simply can not stand still when it comes to security and privacy techniques. The bad guys, and this often includes our governments, are continually getting better and trying ever harder to come up with techniques that give them access to our devices. Unfortunately, we will never be safe because of the relentless pursuit of others to invade our privacy for their own gain.
What is fascinating is we are having this discussion with still only a few connected devices per person. How much more opportunity will there be for hackers, including governments, to attempt to spy on us when we have microphones, cameras, and other forms of biometric scanners and sensors all over our homes and in common spaces like cities, malls, and places of business? As more digital devices invade our lives, the threat level will only increase. As it increases, the responsibility will still fall on those who provide us with these digital devices to go above and beyond to do all they can to provide security and privacy for their customers. Sadly, only a small handful of companies even seem to be serious about this and consumers are now only waking up to the reality. Many will not become aware until it’s too late.
This is why I found it interesting that Consumer Reports is now adding the evaluation of data security and privacy to products they report and provide recommendations for. I found the first two paragraphs interesting. They explain why Consumer Reports feels they need to add this additional component to their products and services evaluations:
One day in August 2015, Jared Denman got a frightened phone call at work from his wife, who was home with their 2-year-old daughter. A song was playing through the couple’s baby monitor—the Police’s “Every Breath You Take.” The monitor was the kind that connects to the internet so that parents can see and talk to their baby or caregiver when they’re away from home. The device had been taken over by a malicious hacker, and the song’s lyrics were particularly ominous: “Every game you play, every night you stay, I’ll be watching you.”
Incidents like this may illustrate the need for consumers to be better educated and more vigilant when it comes to digital security. But if a breach could happen to Denman, who is an IT administrator with a sophisticated understanding of computer security practices, it can probably happen to most consumers. Some products, like the Denmans’ baby monitor, are sold by their manufacturers with vulnerabilities that leave them open to attack, such as a setup process that doesn’t require users to change the default username and password. And it’s not just homes with baby monitors that are vulnerable. It’s also homes with routers, security cameras, health-and-fitness apps, and even cars.
As I said, as the number of digital devices containing microphones, biometric sensors, and cameras increases, so does the threat level dramatically increase as well. We have to remember we are, to a degree, dealing with scenarios we have not had to deal with before. The convenience levels of connecting our digital products together is high but that can’t come with a security trade-off as it has so often in the past. The ability of the news, social media, and instant communications can make these issues travel quickly and enlighten consumers in near real-time. Our latest security and privacy study revealed that sentiment from consumers is increasing on these issues and awareness is at an all-time high. We, as an industry, still need to wrestle with the reality that consumers are becoming more savvy to security and privacy issues.