Exploding Data: Reclaiming Our Cyber Security in the Digital Age
by Michael Chertoff (Grove Press, £20)
When it comes to the protection of data “we are overdue to recast the rules of the road”, says Michael Chertoff, writing with the authority of a former US Secretary of Homeland Security. What he has to say has become very relevant in light of the current refusal to allow British police access the American server holding the Facebook data of a man being investigated for the murder of a 14-year-old girl.
Governments, corporations and individuals now have an unprecedented amount of data at their disposal. The internet of computers and servers has expanded to become ‘the internet of things’ as machines and devices such as phones, cars, printers, heart-pumps, microchips and so on, and pieces of physical infrastructure, such as dams and power stations, become remotely accessible.
Wireless technology enables the transformation of what were once ‘dumb’ devices into ‘smart’ ones that can record information about what is happening around them.
As data accumulates it is also becoming easier to store and aggregate. Our ability to analyse it is continually improving. Modern video analytic tools, for example, enable police officers to search weeks of CCTV footage within seconds for a specific licence plate number, or for the face of a suspected criminal.
Internet service providers (ISPs) employ tools called algorithms to correlate the data they gather about their users. They sell their findings to advertisers or political campaigners who use it to target consumers and voters. Algorithms produce startlingly precise information: Trump’s team learnt that Iowans who liked grilling and tending their lawns were highly likely to vote for their man in the 2016 presidential election.
That machines have gained this level of insight into our lives and attitudes should be a cause for concern: “a world in which every step we take factors into auto insurance or marketing, or allows the government to predict and regulate our behaviour, would be a substantial constraint on our freedom of belief, our relationships, and our actions. Essentially, it means that we would become programmed. We are moving in that direction.”
The law must move with technology, Chertoff argues. It could distinguish between information that ISPs gather from users to improve their services, on the one hand, and information they analyse and sell for profit, on the other. In the latter case the law could change to entitle users to compensation.
The author, a lawyer and security consultant, defends the State’s right to gather information. The more data it gathers, the more likely it is to acquire information that is or might prove useful in solving or preventing crime. The law should allow the State considerable latitude in terms of the information it collects, while enforcing tight standards under which data could be inspected, analysed and used.
Chertoff makes a frightening point about the danger of connecting infrastructure with the internet. Infrastructure is often ‘easily hackable’.
He discusses a failed attempt to sabotage a small dam, wondering why such an insignificant piece of infrastructure attracted the attention of hackers when the US offered so many larger targets. He reasonably speculates that the attackers’ intended target was another much bigger dam with the same name!
His book makes a powerful case for legal restraints on technology. You wonder whether these restraints should extend to connectivity.