Future Crimes: Everything Is Connected, Everyone Is Vulnerable, and What We Can Do About It

According to a study at Carnegie Mellon University, the average American encounters 1,462 privacy policies a year, each with an average length of 2,518 words. If one were to read each and every one of those policies, it would take seventy-six full workdays, at eight hours a day, from our lives.

Analysis of your social network and its members can also be highly revealing of your life, politics, and even sexual orientation, as demonstrated in a study carried out at MIT. In an analysis known as Gaydar, researchers studied the Facebook profiles of fifteen hundred students at the university, including those whose profile sexual orientation was either blank or listed as heterosexual. Based on prior research that showed gay men have more friends who are also gay (not surprising), the MIT investigators had a valuable data point to review the friend associations of their fifteen hundred students. As a result, researchers were able to predict with 78 percent accuracy whether or not a student was gay. At least ten individuals who had not previously identified as gay were flagged by the researchers’ algorithm and confirmed via in-person interviews with the students. While these findings might not be troubling in liberal Cambridge, Massachusetts, they could prove problematic in the seventy-six countries where homosexuality remains illegal, such as Sudan, Iran, Yemen, Nigeria, and Saudi Arabia, where such an “offense” is punished by death.

An investigation by the House Energy and Commerce Committee revealed that “more than a dozen American utility companies reported ‘daily,’ ‘constant,’ or ‘frequent’ attempted cyber-attacks ranging from phishing to malware infection to unfriendly probes. One utility reported that it had been the target of more than 10,000 attempted cyber attacks each month.” The report concluded that foreign governments, criminals, and random hackers were all hard at work either planning or attempting to take down the grid.

But many of these Silicon Valley entrepreneurs hard at work creating our technological future pay precious little attention to the public policy, legal, ethical, and security risks that their creations pose to the rest of society.

did you realize every time you speak a query into Apple’s Siri artificial intelligence agent, your voice recording is analyzed and stored by the company for at least two years?

For example, in 2012 researchers at Kaspersky Lab in Moscow uncovered a highly complex piece of malware known as Flame that had been pilfering data from information systems around the world for more than five years before it was detected. Mikko Hypponen, the well-respected chief research officer at the computer security firm F-Secure, called Flame a failure for the antivirus industry and noted he and his colleagues may be “out of their leagues in their own game.” Though millions around the world rely on these tools, it’s pretty clear the antivirus era is over.

Google gets $59 billion, and you get free search and e-mail. A study published by the Wall Street Journal in advance of Facebook’s initial public offering estimated the value of each long-term Facebook user to be $80.95 to the company. Your friendships were worth sixty-two cents each and your profile page $1,800. A business Web page and its associated ad revenue were worth approximately $3.1 million to the social network. Viewed another way, Facebook’s billion-plus users, each dutifully typing in status updates, detailing his biography, and uploading photograph after photograph, have become the largest unpaid workforce in history. As a result of their free labor, Facebook has a market cap of $182 billion, and its founder, Mark Zuckerberg, has a personal net worth of $33 billion. What did you get out of the deal? As the computer scientist Jaron Lanier reminds us, a company such as Instagram—which Facebook bought in 2012—was not valued at $1 billion because its thirteen employees were so “extraordinary. Instead, its value comes from the millions of users who contribute to the network without being paid for it.” Its inventory is personal data—yours and mine—which it sells over and over again to parties unknown around the world. In short, you’re a cheap date.

If J. K. Rowling had written Harry Potter in Google Docs instead of Microsoft Word, she would have granted Google the worldwide rights to her work, the right to adapt or dramatize all the Muggles as Google saw fit, to say nothing of the Hogwarts School of Witchcraft and Wizardry. Google would have retained the rights to sell her stories to Hollywood studios and to have them performed on stages around the world, as well as own all the translation rights. Had Rowling written her epic novel in Google Docs, she would have granted Google the rights to her $15 billion Harry Potter empire—all because the ToS say so.

If there is one thing that gives me considerable solace after nearly two decades working in the field of global security, it is this: the good people in this world vastly outnumber the bad. That is a huge benefit but one that we have not fully leveraged to our benefit.

If you control the code, you control the world. This is the future that awaits us.

If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology. BRUCE SCHNEIER Cyber

In an instant, all of his data, including every baby picture he had taken during his daughter’s first year of life, were destroyed.

In China, organ brokers are particularly targeting young people in Internet forums with slogans such as “Donate a kidney, buy the new iPad.

Mathematically, IPv4 can only support about 232 or 4.3 billion connections. IPv6, on the other hand, can handle 2128 or 340,?282,?366,?920,?938,?463,?463,?374,?607,?431,?768,?211,?456 connections. The implications of a number this large are mind-boggling. There are only 1019 grains of sand on all the beaches of the world. That means IPv6 would allow each grain of sand to have a trillion IP addresses. In fact, there are so many possible addresses with IPv6 that every single atom on our planet could receive a unique address and we would “still have enough addresses left to do another 100+ earths.” It is in the wake of these changes that the Internet of Things will be born.

No matter how many firewalls, encryption technologies, and antivirus scanners a company uses, if the human being behind the keyboard falls for a con, the company is toast. According to a 2014 in-depth study by IBM Security Services, up to 95 percent of security incidents involved human error.

Open-source warfare and crowdsourced crime must be met with open-source security and crowdsourced public safety.

The ability of one to affect many is scaling exponentially — and it's scaling for good and it's scaling for evil.

The best way to predict the future is to invent it. ALAN KAY, XEROX PARC

The challenge, however, is that Google, Facebook, Netflix, and Amazon do not publish their algorithms. In fact, the methods they use to filter the information you see are deeply proprietary and the “secret sauce” that drives each company’s profitability. The problem with this invisible “black box” algorithmic approach to information is that we do not know what has been edited out for us and what we are not seeing. As a result, our digital lives, mediated through a sea of screens, are being actively manipulated and filtered on a daily basis in ways that are both opaque and indecipherable.

The day before something becomes a breakthrough, it’s a crazy idea. PETER DIAMANDIS

The more we plug our devices and our lives into the global information grid—whether via mobile phones, social networks, elevators, or self-driving cars—the more vulnerable we become to those who know how the underlying technologies work and how to exploit them to their advantage and to the detriment of the common man.

The noted Yale computer science professor Edward Tufte once observed that there are only two industries that refer to their customers as users: computer designers and drug dealers. Importantly, you are equally as likely to recover damages from either of them for the harms their products cause.

The six-hundred-page Encyclopedia of Jihad is also widely available online and includes chapters such as “How to Kill,” “Explosive Devices,” “Manufacturing Detonators,” and “Assassination with Mines.” In a striking example of how dangerous such online education can be, Dzhokhar Tsarnaev, the terrorist suspect arrested for his role in the April 2013 Boston Marathon bombings, admitted to authorities he and his brother learned how to make the pressure-cooker bomb used in the attack after reading step-by-step instructions published in al-Qaeda’s online magazine, Inspire, in an article titled “Make a Bomb in the Kitchen of Your Mom.

Those very same metadata are contained in millions of photographs posted to sale and auction sites such as Craigslist and eBay. For example, a photograph of a diamond ring or an iPad posted on Craigslist might have embedded with it the precise location of your home where the photograph was taken.

Today 89 percent of employees are accessing work-related information on their mobile phones, and 41 percent are doing so without permission of their companies.

To paraphrase an old philosophical question, if a tree falls on the Internet and no search engine indexes it, does it make any noise?

We saw a blatant example of this abuse in mid-2014 when a study published by researchers at Facebook and Cornell University revealed that social networks can manipulate the emotions of their users simply by algorithmically altering what they see in the news feed. In a study published by the National Academy of Sciences, Facebook changed the update feeds of 700,000 of its users to show them either more sad or more happy news. The result? Users seeing more negative news felt worse and posted more negative things, the converse being true for those seeing the more happy news. The study’s conclusion: “Emotional states can be transferred to others via emotional contagion, leading people to experience the same emotions without their awareness.

When votes become electrons recorded in computers, there is an opportunity for malicious actors to exert influence.

When you post your vacation plans on social media and burglars pay a visit, it was your decision to share that helped facilitate their criminal activity.

Why would people write down their passwords on Post-it notes and stick them on their computers? Because making people change them every two weeks and requiring that they be at least twenty characters long, with an uppercase letter, a number, a symbol, a haiku, and in iambic pentameter, is just too much for the average user to handle. So people subvert the security systems in place so that they can get their work done.