Future Crimes – Book Review
Author: Marc Goodman
Publisher: Doubleday, Random House LLC, NY, NY
Copyright: 2015, ISBN: 0385539012
Cover: Pet Garceau, PixelEmbargo (copyright)
Reviewed by: Lynard Barnes, January 15, 2016
Summary: Security on the internet is doomed, all internet transactions are doomed, we are all doomed. In the immortal words of CEO Parker Posey in the 2001 movie, Josie and the Pussycats, when all is doomed, “let’s have ice cream”.
Imagine you are living in single story house. Your front door is facing New York’s Times Square. On New Year’s eve you leave the house, leaving the front door open, to shop, visit family and friends, to work. You leave your front door open because you do not have a front door. The folks who built the house did not build the house with doors. This, essentially, is author Marc Goodman’s take on the internet. Expectations of privacy and security are a delightful delusion promulgated by profound ignorance.
Goodman’s approach in FUTURE CRIMES to address the sea of blissful, wide-eye acceptance of our growing technological dependence is to go over the current bad players and the opportunities for bad players in the future.
What is fascinating about FUTURE CRIMES is that it does an extraordinarily good job of telling us who is out there on the street who just might ooze through the open door. The book offers nothing of significance in the way of explaining whether doors can be erected or closed. We do get the usual story of the internet and WEB evolving from a community where trust and security were not an issue. Least we forget, the internet was preceded in the late 1970s by BBSs (computerized bulletin board systems).
Of course the primary focus of this book are big data vulnerabilities. The big data vulnerabilities start with the security illusion Goodman describes in chapter one. In Goodman’s words:
“Rather than proactively looking for these vulnerabilities [zero-day exploits] themselves, antivirus software companies generally only consider known data points. They’ll block a malicious bit of code if it’s just like the other malicious bits of code they have seen previously.”
Page 16, FUTURE CRIMES, Marc Goodman
The remainder of the book adheres to this theme. Nobody is really doing anything about the vulnerabilities of the cyber world. They lack the incentives, the skills and the will to do so. It is like generals fighting the last war: defend against the knowns because the unknowns are unknowable. Goodman makes the point later in the book that this attitude is not based on the limitations of technology. Computer science is not inhibited by a lack of skills in defending against malicious players. It is the most important point of his book.
In reading FUTURE CRIME, you might keep coming back to the question of why any sane person would want to, in effect, leave the door to their house facing Times Square open while mingling with the crowd. The question only peripherally comes up in the book. The focus is on the crowd. In the crowd is where the bad guys. Even here however you are facing the question of whether the bad guys are really bad guys or merely opportunists who are integrity challenged and fascinated by the technology. In sorting out the murky convolutions, FUTURE CRIMES is pretty thorough.
Starting in Chapter Two, we learn of supervisory control and data acquisition (SCADA) systems that regulate such essentials as water treatment facilities, air traffic control, and the electric grid. According to Goodman, “SCADA technologies . . . are readily attackable and persistently targeted”. (page 23) The vulnerabilities spread universally over cyber world from this critical nexus.
If there is a problem with FUTURE CRIMES it is this redundant identification of a ubiquitous problem. Sitting at your computer or staring down at your smart phone, concerned about the personal data stored in its circuitry, the focus of your concern may end there. Concern about the big data security discussed in this book may be so peripheral as to be irrelevant. Of course the security issues are the same. Your little data is but a tiny layer in the big data. Neither are safe. After reading this for the hundredth time, it gets infinitely tiring.
Goodman does employ some novel and interesting approaches to getting across the point that our modern world is dependent on computer hardware and software, all of which are vulnerable to industrious crooks. Most of the book pinpoints the dependencies, both the obvious and the not so obvious.
We are being lulled into a sense that reality is really a computer screen–a “black box” society in which the data appearing on a computer screen is reality. It is an astute observation by Goodman with more implications than even he ferrets out. Most people have no idea how the information gets to chromatic screen; no idea what varied and circuitous causeways are responsible for the information arriving in front of our eyes. Most people act upon the information without a second thought and often without a second source. Just how potentially dangerous such acceptance can be is highlighted in FUTURE CRIMES.
On page 166, the author discusses the Heartbleed security bug that has been around since December 2011. It is a flaw in the Secure Sockets Layer (SSL–also known as Transport Layer Security or TLS) protocol in which “two-thirds of all Internet traffic” is communicated. SSL is the secure data transfer platform of the WEB. Of course, despite the encryption service SSL provides, data is not secure because of this programming bug. Goodman says that it “is emblematic of the challenges we face”. It is the “we face” part of the statement that draws attention. The Heardbleed bug affects an estimated 500,000 Web data servers. Chances are, unless you read about it in FUTURE CRIMES or followed the esoteric web news devoted to internet security, you would never learned of Heardbleed’s existence. Therein lies the glaring inadequacy of what we have come to call computer data security. (No one purposefully designed the Heardbleed bug. It was an accidental result of programming. Exploits of the bug, if there have been any, are the result of wilful malfeasance).
By the time Microsoft came out with the Windows 3.0 operating system in 1990, a few of us working in the old Microsoft Disk Operating System (MS-DOS) figured computer use was being dumbed-down for the expediency of money. Reaching out to a Bulletin Board over the internet in the days of DOS was not inherently dangerous because to make that outreach required some understanding of the vulnerabilities on both ends. The other operating system, UNIX, developed by Bells Labs, was not relevant for personal computer use at the time though its security features would eventually become of interest. Maybe too much interest.
In focusing on the generality of data security and of bad-actors in the age of universal connectivity, Goodman provides a fairly impressive list of vulnerabilities past, present and those awaiting future occurrence. This latter is the internet of things (IoT) which is already here. Amazingly, those creating the internet of things and those using the devices –refrigerators, cars, cameras–pay little attention to the hackability of these devices. It is easy to dismiss this lack of concern by citing the trusting nature of people, the optimistic attitude that lightening always strikes someone else, or that there is safety in the enormity of the internet itself.
We come back to this analogy of leaving a door open in a house facing Times Square.
Our technological dependency has routed all kinds of pipes into that open door–some helpful, some malicious, some malicious under cover of help like anti-virus programs that are in fact spying surrogates. In his conclusion, Goodman says we have “reached an inflection point, a punctuated moment in time that demands our immediate and greatest possible attention.” This inflection point requires that we re-evaluate out dependency on technology that few understand, few control and few are even aware that it is integrated into their life.
If you are at all fuzzy on exactly how vulnerable your life is to the inadequacies of our internet connected world, you should definitely read FUTURE CRIMES.