Feeding the Frenzy
Lately our society has become completely obsessed with the concept of threats. We live in a dangerous world. There are all kinds of people out to get us and destroy the American way of life. Strangers are a menace to our children. The streets aren't safe. By default, we're encouraged to look at anything unusual as if it were a predator waiting to strike. Everything, after all, is a potential threat. And, just so we don't let our guard down, we have the federal "threat level" reminding us just exactly how dangerous the world really is.
And then, of course, there's the Internet, where we can panic freely without ever having to leave our homes. Everything from chat rooms to websites to hackers has become something to fear, reinforced by media stereotypes. The real threats, such as the failure of companies to protect customer databases and the private information contained within, are usually glossed right over in favor of an easier, more sensationalist target.
For instance, when the Bank of Montreal recently sold computers containing sensitive bank account information for thousands of their customers to a private citizen, most media reports focused on what hackers could have done with this information rather than the notoriously bad security practices that allowed this to happen in the first place.
This summer has seen a virtual plethora of nonsensical threats on the Internet. It's easy from our perspective to laugh at the utter stupidity of so much of it. But oftentimes in our holier than thou smugness, we fail to realize that the absurdity has become the reality.
Such change always occurs gradually. Were it to happen all at once, it would be a lot easier to see the faults. When people have a chance to get used to changes and, more importantly, when people begin to forget what it was like before the changes, the reality landscape change is complete. It's essential to recognize this, even if it seems to be impossible to change it.
What happens online frequently mirrors events in "real life." And on the Internet, we're being encouraged to become paranoid about our safety, hostile to outsiders, and dependent on things we really don't need to survive. And if we're not careful, we'll soon forget just how ridiculous this is.
The Summer of 2003 will be remembered as the summer of worms and viruses, where names like "LoveSan" and "Blaster" became synonymous with online terrorism. The Internet became clogged, commerce was affected (the claims of billions of lost dollars quickly became accepted as undisputed fact), and our very way of life was once again being threatened.
Yes, it's easy to see how absurd this situation is. But very little is being done to address that point. Instead, the discussion focuses on increasing prison time for people who write these programs (possibly charging them as terrorists), putting the Department of Homeland Security in charge of Internet security, and continuing to connect critical and noncritical systems together so that any threat can easily become a catastrophe.
It's almost as if we need the excitement of utter chaos. Systems are designed poorly and then tied together so that the cascading effect is realized when there's a malfunction or security breach. People capable of causing more mayhem by writing some simple code are more than happy to oblige, ostensibly be cause they want to enjoy the chaos as well. Of course they fail to realize that the final act of this little drama invariably needs a villain to blame and punish in order to reestablish some semblance of normalcy.
So instead of dealing with the fact that we've become hooked on operating systems with large security holes that any idiot with a basic knowledge of programming can exploit, we handle it as if it were some sort of "cyberwar" complete with enemy combatants, spies, and a terrified populace. It's a not-so-distant cousin of the Y2K hysteria when many became convinced that the world would be plunged into anarchy when the calendar changed.
In such cases we need to remember some rational thoughts: Don't become entirely dependent on any single system because failures and flaws are inevitable; Keep regular backups; Put the whole picture into perspective and realize that an occasional glitch in your e-mail or a temporary outage for amazon.com is simply one of the growing pains of the Internet, not the end of the world; Always have a different way of achieving the same ends so that if a piece of software or hardware becomes unreliable, you won't be completely stuck. This latter point can apply to individual applications or entire networks - even the concept of bypassing computers and networks altogether should that become necessary.
When a massive power outage hit some major cities in the United States in August, speculation quickly pointed to hackers possibly being somehow responsible. The mere suggestion that computers involved in keeping the nation's electrical grid online could be affected by an errant piece of e-mail on the public Internet seems, once again, absurd. Yet it seems to be growing ever closer to reality. This gap in logic is possibly the easiest way to achieve this world of eternal crisis that so many in the media, government, and populace seem to crave.
But before we get to the stage where a denial-of-service attack by some idiot somewhere causes the lights to go out in a major city or a surge of pornographic spam clogs the life support systems in hospitals, we ought to change our way of dealing with these issues. If a critical system is vulnerable, covering up that fact is every bit as bad as attacking it. We don't advocate the crippling of any system or network, critical or non. We're certainly not in favor of imprisoning people who do something stupid and simple without thinking as if they did something requiring detailed planning with a clear intent of malice.
What we do support is the full disclosure of any wide open security holes that could result in either a royal pain in the ass for people trying to surf the web or something a bit more life threatening. Such disclosure needs to be encouraged and even rewarded. It's clear there's a lot we're not being told and that there are many in power who would like to keep it that way.