By Irina Tsukerman
Let’s admit it. Many of us, some more than once or twice, have gotten that dreaded phone call from our credit card company, informing us about a security breach. Some of us have even been inadvertent victims of identity theft, with the unhappy result of having to practically restart our financial life. A few of us have had our emails or social network accounts hacked, enduring the embarrassment of having everyone on our contact lists spammed. Then there are the incessant emails from Nigerian princes or allegedly robbed and imprisoned colleagues or distant acquaintances promising vast fortunes (or eternal gratitude) in exchange for a large wire transfer.
Irksome, as opposed to criminal, incidents also abound. Receiving hateful responses to a blog post or Facebook status update. Being deceived by that sweet girl or guy on a dating website. Getting into a flame war with an Anonymous (or a few), who gang up to tear you down on your own page without leaving a trace of their own identities. You are, of course, free to delete their poison, ban them from your website, report them to the networking overlords, but they have done their damage. Before your audience, an uninvited guest in a mask crashed your party, insulted you in your home, bewildered other guests, trampled all over your nice furniture, and left you to clean up the mess, violated and forlorn. You feel betrayed, by your credit card company, your email host, humanity. There is a temptation to turn back the clock, become a Luddite, disappear from cyberspace, and never talk to another stranger again. However, life goes on, and access to online resources, be they of the research or human kind, is just too important to you to give it up altogether.
In light of recent revelations about NSA procedures, the actions of private network providers, as well as the possibility of security breaches, have raised questions about what we want from cyberspace. What draws us to the Internet, to social networks, to expanded communication, to self-revelation and greater vulnerability online? It is nothing less than a sense of community, a desire for human contact. And any community—be it online or physical—will struggle with the balance of privacy, anonymity and secrecy—three distinct concepts of rights that many of us get woefully confused.
Anonymity has proliferated as communities have grown, resulting in crime and other socially unacceptable behaviors. Simultaneously, both privacy, the legitimate expectation of being left alone, and secrecy, the practice of selectively keeping information hidden, have been declining. We tend to forget how spaces where we have created so many close relationships, have shared stories of growth, transformation, laughter, love and tragedy over the years, not to mention amusing cat videos… are not nearly as private or secure as we think.
To the extent that—as Lawrence Lessig has put it in his books Code and Code 2.0—cyberspace is a social construct, a multi-faceted communal approach should be employed.
Numerous studies have shown that muggers choose pedestrians for victimization, the type likely to walk slumped, or appear distracted. The same rule holds true for cyberspace. Educated, aware users are more vigilant about the type of information they share and the potential consequences of being attacked. Instruction on good usership needs to begin when children are first introduced to the Internet.
Older users would be wise to adjust their Firefox or Chrome privacy settings, use privacy browsers (e.g., Epic), encrypted password generators, and email encryption—all of which could be taught in free online courses, at libraries, local schools and universities.
Just as the “neighborhood watch,” volunteer users could be trained and work with law enforcement to watch for red flags indicating potentially criminal behavior online. Of course, comprehensive training and oversight should be instituted to prevent abuses and the chilling effect private interference could have on the open market of ideas and debate.
Some of the most clever cybercriminals use proxy servers and can never be caught, or at least not without costly and time-consuming international operations. Large companies and governments have ways of responding to DoS attacks, trojans and viruses whereas individual users frequently fend for themselves. A variety of stakeholders (individuals with technical backgrounds, ISPs, privacy groups, etc.) could coalesce to create rapid response hotlines to identify and react to attacks on private citizens. The hotlines could also educate the public about criminal developments such as ransomware. Community support can create the basis for self-reliance and independence, freeing private companies and law enforcement from many easily preventable minor cases while simultaneously sparing users from victimhood.
Above the hotlines, there could be taskforces comprised of policymakers and coders who could focus on formulating innovative scenarios and informed policies.
Private industries (and even the government) would profit from increasing the use of open source software, which is more innovative, flexible and secure due to the large number of active reviewers looking for bugs and interference.
Opt-out options for users
Perhaps private companies could be incentivized to create opt-out options for users unable to negotiate under EULA. Regulation or tax advantages could be two potential incentives for creating such flexibility. Alternatively, individual users could pay a fee (likely nominal) in exchange for increased privacy protection, thus off-setting the company’s opportunity cost for not selling the users’ personal information to third parties.
Reforming the “listeners” and the way they approach information gathering with respect to “privacy” is making headlines. It is, however, private companies rather than the government that may comprise a greater danger to individual Americans, as they are freely being entrusted with vast quantities of personal data.
Not one of the above solutions would comprehensively counter the threats the cybercommunity is currently facing, but the combination of multiple factors can go far towards preventing common nuisances and crimes, and creating a more holistic approach to cybersecurity.