Open Letters Review on Click Here to Kill Everybody

Electronic security expert Bruce Schneier's studiously terrifying new book Click Here To Kill Everybody: Security and Survival in a Hyper-connected World, is a concerted counter-playbook to the end of human civilization, and the deaf ears it will fall upon have been deadened by two completely erroneous assumptions: that an unregulated Internet is better than a regulated one, and that Internet problems only affect people on the Internet.

Ninety percent of Schneier's readers have more than one "smart" electronic device, be it a cellphone or a tablet or a laptop or a new-model automobile. And ninety percent of that ninety percent have the same personal password for all of those separate devices and haven't changed that password in years. Virtually every single one of Schneier's readers who choose to download his book instead of buying a printed copy in a bookstore leaves a wide and easily-followed data-trail back to themselves. Every one of Schneier's readers who orders a printed copy of the book from online retailers like Amazon leaves an equally-accessible data-trail and never even thinks not to. Many of Schneier's reader who decide to buy a printed copy in a bookstore will use some kind of electronic preferred-customer discount card, and the bookstore's cash register system is electronically linked to its inventory system, and both systems have a D-grade security setup that a computer-literate 10-year-old could hack wide open. And a great many of those customers probably used the store's free Wi-Fi while they were browsing, which means any malware prowling that Wi-Fi is now in their phone, which means it will be in their laptop later that evening when they plug their phone into it to charge.

In other words, and one of the major points of Schneier's book: we are already living in the Matrix. The "everybody" in the book's title doesn't refer to sticky-pasty computer nerds chortling over 4chan jokes at 2 in the morning; it refers to the whole of human society.

The whole of human society would be affected if hackers started bringing down commercial (or military) aircraft; the takeoff, navigation, and landing software of almost all such aircraft are easily hackable. The whole of human society would be affected if hackers were to attack national power grids; they already have, and the results have been stark. The whole of human society would be affected if hackers, state-sponsored or otherwise, were to shut down the electronically-controlled safeguards at nuclear reactors; Chernobyl-level meltdowns at New York's five nuclear reactors alone would bring all life on the US Eastern seacoast to a halt (and those are just the publicly-known reactors).

And the dangers aren't just large-scale. Thanks to the increasing prevalence of the so-called "Internet of Things" or IoT, the incorporation of "smart" governing software into more and more everyday items, the tendrils of these dangers extend into almost every area of daily life. "Your oven is a computer that makes things hot," Schneier writes:

Your refrigerator is a computer that keeps things cold. Your camera is a computer with a lens and a shutter. An ATM is a computer with money inside. And modern light bulbs are computers that shine brightly when someone - or some other computer - flips a power switch.

The world that results from all this is a decidedly shared one: humans and the Internet share dominion, and the power-divide, already unequal, has the potential to become catastrophic:

Start with the IoT, or, more generally, cyberphysical systems. Add the miniaturization algorithms, machine learning, and artificial intelligence. Toss in some cloud computing, with corresponding increases in capabilities for storage and processing. Don't forget to include Internet penetration, pervasive computing, and the widespread availability of high-speed wireless connectivity. And finally, mix in some robotics. What you get is a single global Internet that affects the world in a direct physical manner. It's an Internet that senses, thinks, and acts.

The responses proposed in Click Here To Kill Everybody have deep historical analogues, and they boil down to greater governmental regulation, mainly focused on smarter oversight and a vastly improved culture of data encryption. The idea is simple: just as corporate and government regulation eventually guaranteed that auto manufacturers were adhering to similar safety standards, so too corporate and government regulation should guarantee that all data storage and transmission services, everything from phone conversations to hospital records, adhere to encryption standards designed to reduce the threat of catastrophic hacking to something close to zero.

The objections to such recommendations come readily to mind: they smack of Orwellian Central Control-type dystopia; they penalize the majority of honest people for the potential actions of the minority of dishonest people; most simply and therefore most persuasively, they make many currently easy procedures more difficult. Imagine using a random-number generator to come up with a new 17-digit password for your computer every time you log on and you can begin to sense to sheer mass of the inertia involved here.

The urgent message of Click Here To Kill Everybody is that overcoming such inertia is now literally a matter of life and death. The book should be required reading for anybody who's ever put their life or the life of their loved ones in the hands of ?smart' technology ... and in 2018, that's everybody.

Categories: Click Here to Kill Everybody, Text

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.