A buddy of mine who works in tech has been telling me for years that we’re all doomed. The problem, he says, is that there are too many systems that are too unsecure. When Stuxnet hit, the only aspect of the hack that surprised him was that the American security establishment was willing to show the rest of the world what was possible. The only rate limiting point with hacks, he explained, is intersection of imagination and resources.
He’s not alone. Last week tech writer Quinn Norton published a magnum opus on security making essentially the same argument. She called it, “Everything Is Broken,” and to read it is to despair about the technology that is driving our future.
Here’s Norton’s lede:
What Norton is getting at is that our lives are run by computers and that computers are run by software and that “software” is more complicated than you or I or any of us really understand. It’s not just an operating system or an app:
Your average [pos] Windows desktop is so complex that no one person on Earth really knows what all of it is doing, or how.
Now imagine billions of little unknowable boxes within boxes constantly trying to talk and coordinate tasks at around the same time, sharing bits of data and passing commands around from the smallest little program to something huge, like a browser - that’s the internet. All of that has to happen nearly simultaneously and smoothly, or you throw a hissy fit because the shopping cart forgot about your movie tickets.
We often point out that the phone you mostly play casual games on and keep dropping in the toilet at bars is more powerful than all the computing we used to go to space for decades.
NASA had a huge staff of geniuses to understand and care for their software. Your phone has you.
Plus a system of automatic updates you keep putting off because you’re in the middle of Candy Crush Saga every time it asks.
Because of all this, security is terrible.
The pessimist’s case is overwhelming.
And the only thing the optimists have to say for themselves is this: The real world is often held together with duct tape and gum wrappers more often than we’d like to know. It’s not like the electrical grid is some well-planned master design. Or the system that gets water into your kitchen tap is as secure as Fort Knox. The real world has all of the vulnerabilities and weaknesses that occur any time legacy systems last long enough to get new infrastructure built on top of them. And the real world has managed to limp along well enough, because most people are good folks.
Yet with computers, there is a difference: Someone who wanted to sabotage, say, the reservoir in Washington, D.C. would have to physically be there. Proximity and familiarity help to keep people on their best behavior. Computers and the Internet create immediacy and anonymity.
And those are two situations that do not generally lead to pleasant outcomes.
