For those of us of a certain age, The Godfather movies represented a cultural touchstone and an endless source of “tough guy” quotes. “Leave the gun, take the cannoli.” “I’ll make him an offer he can not refuse.” And, my favorite as one of the lead characters ruefully comments on another’s death, “this is the business we have chosen.”
When I heard about the Yahoo data breach of some 500 million accounts, I was expecting public outrage. What I’ve seen from the public so far is a shrug of the shoulders and a sigh. For cyberspace, leaked information seems to be the cost of doing business. And, so far, the public seems willing to accept it.
I think this dull reaction is a combination of three problems – two technical and one social. The first is the ubiquity of an Internet that was never meant to do what it is doing. Security was not a consideration because the original development was done in national security installations. Thus the issues of outsider break-in and insider threat were not really considered. We are retrofitting security, which makes people feel better – more complex passwords and anti-hacking systems galore. But they are expensive and it is hard to judge their effectiveness versus their cost. But it appears to be a panacea to many concerns for many concern for now.
There also remains in the socially powerful Silicon Valley – a producer of much security software — an interesting 1960’s attitude toward free sharing of information and anti-government interference. This has produced a generation of younger libertarian people who expect their information to be protected from government surveillance and is outraged at government efforts to “surveil” them. In consternation to my generation of national security types, the breaches don’t seem to bother them as much.
The third problem is simply the problem of the public’s lowered expectations. The continuous drumbeat of breaches from OPM to Sony to Yahoo and hundreds of others have conditioned the public to accept this level of lax security. And until individuals are hit with some sort of personal cost – stolen credit card charges, fake bank accounts, and damaged credit – the cost does not really come home.
Some like former NSA head Michael Hayden have suggested a “high side” secure Internet. Many others are adopting forms of encryption – much to the pain of a government charged with national security in an Internet age when the bad guys use the Net.
So, unless there is some form of real and extensive public outrage, we are likely to continue in this pattern of a stream of security breaches and temporary wringing of hands. This may be the cyber business we have chosen, but paraphrasing The Godfather characters, it’s about time we make the illegal hackers an offer they can’t refuse.”