Being involved in cyber-security can be quite depressing. So much of the time we see things that make life better for many people being spoiled by a few bad hats. I can’t help feeling this is getting worse, and that our digital future will be more paranoid, more cautious, less global and considerably less convenient than it is even now.
It feels a bit like passports. Bear with me and let’s have a brief excursion into history. Immigration control and passports are largely a WW1 invention; before the war there were pretty well no restrictions on travel or immigration. Fear of spies and enemy agents in wartime brought passports and movement controls. After the war at the Paris Conference in 1920 delegates said:
[security concerns prevent] for the time being, the total abolition of restrictions and the complete return to pre-war conditions which the Conference hopes, nevertheless, to see gradually re-established in the near future.
While we’re on the topic of travel, think about airports and flights. Peak convenience for air travel passed some time ago – perhaps in the sixties for Europe, but as late as 2001 for the US. Where once we sauntered through a pleasant lounge then drank and smoked our way through the flight while chatting up the flight crew, now we arrive hours early to be herded like sheep though humiliating security inspections only to face a flight tinged more often with officious suspicion and discomfort rather than “coffee, tea or me”. (OK, let’s not mourn the end of everyday sexism too much, but I presume you take my point).
In both cases, few people made it bad for many. A few spies amid the huddled masses yearning to be free; a few terrorists among the global tourist hordes.
These kinds of “temporary” restrictions on convenience tend to stick around; we’re a hundred years on from Paris, after all. It’s a very brave politician who will risk reversing a measure, however draconian, introduced in the name of safety or security, especially when the threat is very real.
Now consider technology; frictionless purchasing, the world’s information at your finger tips, easy and free global communication…but the more you say, do, store, transact, the more you risk. Staff must double-check emails before opening them; businesses are discouraged from storing cards for repeat purchases; access requires ever more complex (and oft-forgotten) passwords and sometimes secondary devices; news is fake; data is hijacked and nothing can be trusted.
It will get worse. Governments like cashless transactions for tax; criminals like them for ease of compromise. Governments also (confusingly) want to emasculate the cryptography that makes electronic transactions secure – it may help them catch a few terrorists (which is not to be sniffed at) but it will also make the criminals happy, and richer.
As cyber fraud continues to grow, and ID theft with it, we will have to jump through ever more onerous hoops to prove who we are. Anyone who’s been through FATCA or opened a bank account recently knows how tedious this is. You have to send a scan of your driver’s licence or a utility bill to order a number plate on-line, for heaven’s sake. So you either spend ages redacting the scan so it proves your identity only to the recipient and can’t be re-used, or you give up and go to Halfords for your plates. This is not frictionless.
But forget the impact on the consumer. Businesses have to spend more and more money to protect themselves and their customers from cyber criminals. This is good for me but bad for you. Every pound spent on cyber is a pound not spent on improving service or innovating.
We are not winning. Perhaps AI will help, but criminals can buy AI too – and remember, crime is all they do all day; everyone else has a day job. Al-Qaeda and ISIS industrialised terrorism, and changed the face of politics and travel; cyber-criminals are industrialising too, and will change the face of commerce and interpersonal trust.