Cyberterrorism versus …?
A few weeks ago, the governments of Canada, United States and Australia, whether coincidentally or not, announced that they were going to impletement new, taxpayer-funded initiatives to fight cyberterrorism.
I was just thinking of this in terms of the company I work for, for whom I handle banking account reconciliation. I log onto our online banking website regularly, using what is, in my opinion, a very unsecure password. And across workplaces, you’ll see a lot of the same bad habits all over the place– passwords written on post-it notes, passwords saved in web browsers. Those are the easy “rubber hose decryption” liabilities. On the more technical side, I’ve used computers with adminstrator accounts auto-logged in, with no firewalls, and unsecured wifi routers.
“Cyberterrorism” most relevantly pertains to the normal person as something a lot less dramatic than anything with the word “terrorism” in it– in most cases, its simply stealing your money. Maybe “Cybercrime” is more relevant. It’s not meant to terrorize you any more than a mugging in the street is. The “terror” part is incidental to the “getting your money” part, which is why I don’t really agree with the way the campaign is spinning it the way it is.
If what they mean by cyberterrorism has to do with Wikileaks related stuff, that’s a different story– If the governments are trying to make a big deal out of deffending government property, why are they telling the people about it? That’s never been our business. Conspiracy theory: they’re telling us about it because the word “terror” has a lot of emotional baggage for us. At the end of the day, it’s a word that’s used to make us feel a bit safer to be a citizen in country X, because out government is looking out for us.
Convenient how here in Australia, this plan against cyberterrorism comes up a bit before an election– and how despite the declaration, defense budgets have been cut by craploads in the last year. So where is the money going to come from; what really are they trying to do; and just how are they going to do it?
If we’re not talking about terrorism, and we’re talking about crime, it’s a different story.
One of the first things you learn about law when you’re a law student is that the law is a pretty blunt and ill-adjusted tool to preventing bad behavior. You can make laws, and impose pentalties, sanctions and punishments on those who break them. But you can only do all that to the ones who are caught– and by that time, the wrong has already been done.
Corporate law is on a completely different scale from criminal law altogether– it’s much easier to ask forgiveness (if caught) or, alternativly, pay fines, than it is to ask permission.
Cybercrime? Like a lot of bad things that happen in the world, it is facilitated by a combination of things that retaliatory policies cannot fix.
Like a lot of crime, the cybercrime has a social root. People turn to crime when there is a certain ratio between the probability of being caught and the quantity of personal advancement.
The probability of being caught is much lower if the general computing education of the population is low. Passwords. Firewalls. Basic “street sense.” An understanding of some basic security concepts. How many people do you know go into an absolute panic when they can’t find their phone, because it’s not password protected somehow, and it’s a gateway to all sorts of personal accounts?
The personal advancement angle is a social one. Basically, if you encourage a class divide, if you don’t make more effort to making citizens respect people as people, if you don’t give them education, jobs, and a sense of self worth, then they have very little to lose by commiting a crime.
While it’s true that crime is a choice, there is a much thinner divide between those who actually become “criminals” and “normal” law-abiding citizens than you might think.
So what am I saying we should do?
Well, first of all, it’d be nice for a change if I heard that our tax dollars were being spent on social programs, especially education. That is the only way that the “trickle down” theory will ever work.
Getting tough on cybercrime? Getting tough on terrorism? That’s just a government trying to sound like it should be given pat on the head, when really, all it’s doing is learning to clean up it’s own shit after shitting in the wrong place in the first place.
No, I’m not saying that government leads to terrorism– but what I’m saying is that terrorism, is a reaction, and counter-terrorism is a reaction to a reaction. If we’re already two degrees behind, perhaps we should reallocate the budgets to the roots of the problem, rather than the symptoms that we create.
Go out today, and do something nice for your country– go to your parents’ or grandparents’ computers, and turn on their firewalls. Put a password on their WiFi. Explain to them what Paypal scams look like. Put a password on your phone, and for bonus points, enable a remote memory-wipe feature.
At the very least, don’t save your password on your work computer?