Fragged by Your Fridge: The Wired World Is Dangerous in More Ways Than One
Most Americans don’t understand the country’s vulnerabilities that come with their connected lives.
The prospect of hanging, the eighteenth-century essayist and biographer Samuel Johnson wrote, wonderfully concentrates the mind. So should the exploding pagers and walkie-talkies that blew through Hezbollah’s ranks in Lebanon two weeks ago.
An attack by their web-enabled garage door opener or kitchen fridge, however, isn’t what should worry Americans. Rather, it’s the country’s mounting vulnerabilities as their online personal information and activities—from texts, emails, and scrolling habits to wired homes, cars, and toys—transform their lives into an open book.
Connecting remote controlled assassinations in Beirut and, say, a cosmetics marketer using social media posts to target ‘tweens’ in Buffalo isn’t an analytical stretch. Surveillance, Harvard Business School’s Bruce Schneier wrote in 2014, is the business model of the internet. Like the battlefield, in business its value lies in exploiting what you’ve found out.
Big tech’s oligarchs couldn’t agree more. They claim their empires would wither if government even trifled with their model of surveillance capitalism, whatever its consequences in exposing personal data on the web. Unfortunately, events suggest the Silicon Valley elite’s attitude toward protecting national security is no less cavalier than its disregard for the privacy of Americans’ lives.
The Federal Trade Commission’s (FTC) report this month on the practices of social media and video streaming companies laid out their approach to personal privacy. As Samuel Levine, the FTC Consumer Protection Bureau director, observed in its preface, the amount of data collected by large tech companies is simply staggering.
“They track what we read, what websites we visit, whether we are married and have children, our educational level and income bracket, our location, our purchasing habits, our personal interests, and in some cases even our health conditions and religious faith. They track what we do on and off their platforms,” Levine emphasized.
And that’s not all.
“The companies often combine their own information with enormous data sets purchased through the largely unregulated consumer data market,” Levine wrote. When queried for the FTC report, the companies said they “collected so much data that they couldn’t even identify all of it, or who they shared (it) with.” Without action, he concluded, “the commercial surveillance ecosystem will only get worse.”
Meta, Alphabet, and Amazon obviously deserve the spotlight but they’re not alone. Add Comcast, Verizon, and the rest of the internet service providers (ISPs), Netflix and other video streamers, thousands of sales sites, and the data brokers who collate and resell Americans’ digital resumes. Their motherlode can only bring smiles to cybercriminals and foreign adversaries working to up their game.
Many Americans are concerned. That said, by their own admission they’re poorly informed and confused about online privacy. According to a Pew Research Center’s poll last October, 81 percent worry about what companies collect, but 67 percent also say they don’t understand what happens to their data. The vast majority queried also feel impotent; while 77 percent told Pew they distrust social media, two-thirds believe they can’t do much, if anything to protect their presence online.
However much or little Americans may understand their own risks, when it comes to the national security implications of surveillance capitalism, it’s a good bet they grasp even less. Take ransomware—attacks that encrypt information systems or their data, or exfiltrate sensitive information that can only be retrieved for a price. For anyone who falls for a phishing email and downloads a tainted file, it’s an up-close-and-personal danger, and if people haven’t been extorted, many know others who have.
Ransomware crooks, of course, prey most aggressively on businesses. After all, that’s where the money is. Not surprisingly, companies often try to avoid revealing the extortion, fearing the reputational as well as financial consequences. A recent analysis by VPN Networks, a security consultancy, does a good job of explaining the threat and its scope. Its report lays out the types of attacks, their characteristics, and also prescribes what companies should do when they strike.
VPN Networks cites several noteworthy cases: the shutdown of US operations of China’s ICBC Bank; the disruption of government services in Fulton County, Georgia’s largest; and the victimizing of CDK Global and the thousands of auto dealers whose CDK-run, back-office systems went dead. The companies are only a sample of victims, but they testify to the exposure of financial institutions, government at all levels, and industries nationwide to ransomware’s attacks.
What the VPN Networks’ report doesn’t address is where sensitive personal information, such as the files ransomware crooks often target, fits into a growing national vulnerability: the volume of personal data vacuumed up on the web combined with foreign adversaries’—not just criminals’—increasingly sophisticated attacks. A Wall Street Journal news story last week that presents the sinister synergy is a case in point.
US officials quoted in the Journal’s report say China was behind the months-long hacking attack on a half-dozen American ISPs. According to official sources, Beijing was trying to disrupt their broadband networks and gain access to other targets that depend on them. FBI Director Christopher Wray sized up China’s ambitions earlier this year. “(Its) hacking program is larger than every other major nation combined.”
Wray could have added that the ISP’s own versions of surveillance capitalism couldn't do more if they tried to give Beijing a hand.
Take recent news stories on the Chinese effort to influence the November election. China’s political warfare tactics reportedly cover the spectrum: spam spread to sow discord and social divisions; fake social media accounts; and doctored TikTok videos. Who knows whether election meddling is one of the reasons behind China’s effort to burrow into the ISPs. The fact is, the communications giants haven’t been shy in advertising what’s available if Chinese hackers want to give it a try.
Effectv is an example. The division of Comcast describes itself as helping businesses reach audiences across TV, streaming, and video using “household level data.” The translation of the advertising copywriter’s euphemism: Comcast uses the personal information it acquires to enable its clients to deliver their ads tailored to the recipients’ beliefs, likes, dislikes, and behavior, and directly to their preferred digital device. And Comcast obviously isn’t alone.
Effectv and its competitors are providing powerful tools for the 2024 campaigns, allowing them to reach potential voters, not just by ZIP code, but right down to their IP addresses. For a campaign manager who wants to communicate to one of his candidate's loyal “base,” while delivering another pitch to the undecided neighbor next door, the value is obvious. Suffice it to say, it’s not unreasonable to assume that Effectv’s marketing message, not to mention its trove of Americans’ personal data, almost certainly isn’t lost on Beijing.
In sum, Americans troubled by their nonexistent online privacy should be, and for their country’s sake as well as their own. That’s a message from at least one of Silicon Valley’s glitterati. Craig Newmark, Craigslist’s founder, is pledging $100 million to bolster the nation’s cybersecurity. Newmark is dedicating half of his latest philanthropy to educating the public about the importance of online security.
Democrat or Republican, liberal activist or election denier, independently wealthy or three-job working stiff: when it comes to Americans’ lives online and off, privacy is a quaint concept that simply doesn’t apply.
For Chinese political warriors charged with roiling 2024’s election waters? With comrades in the hacking department just down the hall burrowing into Comcast’s or Verizon’s or ATT’s data, what’s not to like?