Veteran Software Developer David A. Kruger recently offered some thoughts on computer security to High cost. We appreciate the opportunity to republish them here as a series. Last week, we looked at the fact that the cybercriminal isn’t necessarily the weirdo in the hoodie. It could just be some annoying corporate bureaucrat collecting data on you that his boss plans to use later.
Now, let’s look at where the money is in the business:
It’s all about the Benjamins
Why HDCs [human data collectors] so willing to abuse their own users? For the money and the power that comes from having a lot. In 2002, Google discovered that the raw human data it collected from its users to improve the quality of user experience could be reused to serve targeted advertising, i.e. advertisements served on the an individual’s screen in real time based on what the individual was. currently search, and these ads could be repeated, called ad retargeting. This ability has proven to be incredibly lucrative. As of February 2021, Google’s market capitalization was around US$1.4 trillion and around 85% of its revenue came from advertising. About 95% of Facebook’s revenue comes from the sale of advertisements.
It’s not the moon
Knowledge is truly power, and HDCs act as guardians of the sum of everything digitized surface canvas content plus the sum of everything digitized human data they have collected to date. This is a concentration of power never seen before in human history. Let’s take a closer look at the current preventable harms made possible by this concentration.
HDCs are creatures of open data; they could not have come into being, or continued to exist in their present form, without it. Their internal use of open data and reliance on symptomatic point solutions has resulted in multiple preventable harmful breaches of users’ personal information, and it is unreasonable to predict that these breaches will end. Future damage preventable by breach is expected.
In the list of cybersecurity failure types described earlier, hinder the flow of data, is not well understood. Usually it is defined only as disturbing the flow of data, as it happens in a denied service offensive. Another more insidious and arguably more harmful impedance is distorting the flow of information.
The early ideal of the Internet was to be the public library of the world, a library that would provide almost instantaneous and unlimited access to the sum of all information available on the surface canvas (with one notable universal exception — child pornography).
No one expected the information on the new global web to be completely accurate, truthful, and non-contradictory. Why? Because truth, lies, errors, misinformation, misinformation, bias, blame, slander, gossip and the means to spread it to huge audiences existed (gasp) before internet. A vital feature of a free society, before the Internet and now, is that people 1) have the right to unimpeded access to public information, 2) are responsible for their own due diligence, and 3) are free to come to their own conclusions. Distorting the flow of public information diminishes each of them and harms individuals and society as a whole.
Nudge, nudge, wink, wink
Ads are a mix of useful to useless and entertaining to irritating, but nonetheless, producers have a legitimate need to market to their prospects. Persuasive advertising and marketing copy is neither illegal nor immoral. Real-time human behavior-based ad targeting and retargeting has provided advertisers with a truly new capability, explained below by Shoshana Zuboff in “The Age of Surveillance Capitalism” (reviewed by Expensivity here):
“Advertising has always been a guessing game: art, relationships, conventional wisdom, common practice, but never ‘science’. The idea of being able to deliver a particular message to a particular person at the precise moment when it might have a high probability of actually influencing their behavior was, and always has been, the holy grail of advertising.
However, Google and other HDCs didn’t stop there – and therein lies the fundamental principle. Politics problem.
Google, followed shortly by Facebook and others, has found that for any given individual, the greater the volume and variety of raw human data they can collect and the longer they can do so, the more data can be used effectively to slowly and surreptitiously use algorithmic nudge for cash the beliefs and behaviors of the user. In other words, HDCs treat human beings as perpetual guinea pigs in an endless and totally unethical experiment using software designed to to learn how to manipulate their user most effectively. This is unethical because HDCs’ intention is to use their software to diminish personal autonomy, and they hide their intentions from their user for the most obvious reasons: if the user becomes aware of how of which it is being manipulated and for what purposes, they would probably be angry and demand that the manipulations stop.
In addition to the nudge, as users see more ads the longer they stay logged in, HDCs began to use their new user manipulation ability to get users hooked on their software. Details about the mechanics of addiction are beyond the scope of this article, but most rely on presenting information and controlling its flow in a way designed to generate and reinforce a dopamine hit or to amplify negative emotions such as fear, anger, envy, guilt, revenge, and lust. The algorithmic boost and intentional addiction of HDCs is increasingly seen as harmful to individuals and society as a whole, as evidenced by numerous studies and whistleblower testimonials. The HDCs are well aware of the evil, but that hasn’t stopped them.
Key point: Advertising is not the problem; manipulation of users via surreptitious algorithmic nudges and intentionally addictive users is.
Key point: The ability to manipulate users to a purpose creates the ability to manipulate users to any goal.
Following: How search engine results can be distorted
Here are the first seven segments of the series:
The real cause of cybersecurity failure and how to fix it Tip: The cause and the solution are not what you think. Forbes Technology Council member David A. Kruger says the situation is getting worse: We’re in a hole so stop digging! Go back to root cause analysis.
What’s wrong with cybersecurity technology? Know your enemy: the target is not networks, computers or users; they are pathways to the target – taking control of the data. The challenge: If a cyber defender scores 1,000,000 and a cyber attacker scores 1, the cyber attacker wins, points out David Kruger.
The Ingredients Cybersecurity Needs to Really Work Software companies continue to produce open data as if we were still living in the 1950s and the Internet had never been invented. David Kruger of the Forbes Council said the focus should be security (preventing damage) rather than, as is so often the case now, security (reacting to hacks with new defenses).
Cybersecurity: Limit the risks. We already have the lid. According to security specialist David Kruger, data must be contained while in storage and in transit and controlled while in use. Cyber attackers are not the problem; sloppy methods are. We have to solve the problem that we have created one data or software at a time.
The Sweet Science of Agile Software Development Effective security, as opposed to partial security, increases costs in the short term but decreases them in the long term. Software veteran: Getting manufacturers to shift their priorities to safer products rather than the next cool new feature will by no means be easy.
IT Security Expert: Start helping ruin the lives of cybercriminals. Okay, their businesses. Unfortunately, part of the problem lies in the design of the programs, written with the best intentions in the world… First, we have to face the fact that software manufacturers are often not held accountable for inherent flaws in their systems.
The cybercriminal is not necessarily who you think… Chances are that the “human data collector” is simply someone who works for a company that makes money by collecting data on you. Did you know that his bosses have paid billions in fines for what he and his colleagues are doing? Let’s learn more about what they cook.