February 05, 2015

The Internet as You Know It Will Cease to Exist, Part II

This is one of the major news stories today:
Health insurance giant Anthem Inc. said hackers had breached its computer system and the personal information of tens of millions of customers and employees was possibly at risk.

The attack on the nation’s second-largest health insurer could be one of the largest data breaches in the healthcare industry, experts said. Anthem said hackers infiltrated a database containing records on as many as 80 million people.

Hackers appear to have accessed customers' names, dates of birth, Social Security numbers, member ID numbers, addresses, phone numbers, email addresses and employment information, Anthem said. Some of the customer data may also include details on their income.

At this point, it appears that the data stolen do not include medical information or credit card numbers, according to the company.
I don't think anyone can be at all confident that medical information and credit card numbers (and perhaps still more personal data) were not compromised; Anthem obviously isn't all that sure itself ("At this point, it appears..." -- the language of professional weasels).

One of the more astonishing aspects of this story is that "the information involved was not encrypted in [Anthem's] database." The lack of encryption is altogether baffling and mind-crushingly dumb because Anthem has gotten into trouble of this kind before, and has been assessed fines precisely because of security weaknesses. Just goes to show: you can't count on large bureaucracies to do anything, except fuck up. (Well, and oppress, brutalize and kill people, but let's not go into all that for the moment, mmkay?)

Effectively buried in the middle of the story is this:
Suspicious activity was first noticed and reported Jan. 27. Two days later, an internal investigation verified that the company was a victim of a cyber attack, the company said. The unauthorized access to the vast database goes back to Dec. 10.
Get a load of that timeline. The first unauthorized access occurred almost two months ago. But no one noticed anything at all until January 27. And then it took two more days to verify that the company had been hacked.

So, a few thoughts. What Anthem admits makes the company appear to be run by some of the clumsiest amateurs in the world. Give them this month's prize for Outstanding Stupidity. And even though their admissions establish them as colossal dunderheads (Dumb and Dumber, indeed), I don't believe their story, except (possibly) in its most general outlines.

I don't believe it for several reasons that apply to all stories of this kind. Anthem has to acknowledge what happened in some form; if they tried to cover it up, they would eventually be in even worse trouble. But the company's leading executives will do everything in their power to save face, which means they will minimize the impact of the cyberattack in every way possible. When I say they're saving face, I mean they're trying to salvage what remains of their reputations, and of their future employability. (Would you hire the clowns in charge of this operation?) In situations like this, I always assume that the truth is far, far worse than anyone admits.

In a related story, and surprising absolutely no one who followed the story of the Sony hack, it is finally being reported that Amy Pascal is "moving on" from her position as co-chair of Sony Pictures Entertainment. Pascal was provided with the requisite face-saving deal (lots of face-saving in these stories, and Sony may also want to avoid a protracted battle over contractual obligations and the like): she's becoming a full-time producer, which is what Hollywood does to executives when it wants them to die. Pascal's bosses undoubtedly have some concerns about the hack itself, but of far greater significance, especially in image-conscious Hollywood, is that Pascal's emails revealed her and those with whom she exchanged messages to be sophomoric, asinine jerks. (And racist, too, let's not forget that detail. And honest to Christ: begging Al Sharpton and Jesse Jackson for meetings, so she can begin the "healing process." Pascal's life is like a truly shitty Hollywood movie, which will have to suffice as consolation.)

But we can't have the general riff-raff thinking that Hollywood people are stupid (racist) jerks! Hollywood people are special people, much smarter and better than everyone else. The general public can't learn that the people running Hollywood are the"adult" (I use the term loosely) version of the kids you hated in high school (you know, the shitheads who ran everything and made your life hell). Granted, Hollywood being concerned about its image is not unlike Jack the Ripper claiming to suffer sleepless nights because he's been accused of employing unsanitary practices, and being messy on top of it. Still, there you go.

Okay, what I really want to talk about is this. The story about the Anthem hack provides a brief summary of the major hacks in recent years (Target, Home Depot, the State of California, etc.). Hacks aren't news any longer; they're a regular feature of a world which has become alarmingly dependent on the internet. I say "alarmingly," because it's the internet -- that is, there's only one. That is very, very weird. It's the opposite of a decentralized, distributed system. In the United States, the internet is controlled by a handful of telecom companies -- and the State, of course. Can't forget the State. Worldwide, more companies are involved (but still not a large number), and more States. So the internet is basically at the mercy of a limited number of very large corporations and States. You can't make up a nightmare worse than that.

And since more and more information is available on the internet, more and more people will try to get access to it. There will be more and more hacking. For more than ten years, I've assumed that everything I've ever done on the internet is available to anyone, if they're determined enough to get it. I don't know why anyone assumes their information will remain confidential. I assume it's all public record. (That doesn't mean I like or intend for all my information to be public record; I simply recognize the possibility that it all could become known, and proceed accordingly.) And, yes, I'm aware of the Deep Web, but I don't think that alters my comments here, at least insofar as most of the general public is concerned. But feel free to correct me if you think I'm wrong about that.

What will save us from the future wave of increasingly frequent cyberattacks? Why, the State, of course. Late in the Anthem story is this:
The wave of cyber attacks, including the recent hacking at Sony Pictures Entertainment, spurred President Obama during his State of the Union address to urge Congress to pass legislation to fight cyber attacks and identity theft.
One of the more remarkably stupid viewpoints of recent years -- and you've all heard it, since it's repeated by vast numbers of people -- is that the internet will save us. The internet will make us free. Since so much information is available to more and more people, more people know the truth than ever before in history. Despotism and tyranny are doomed! The people know the truth now! We will be free forever!

I recently heard a commentator (with admittedly excessively limited mental capabilities) offer this catechism almost word for word. I am always astonished by the possibilities of human ignorance and self-delusion. The truth is precisely the opposite, and that is particularly true as long as we have the internet. I've been over this ground before (that's why this post is designated "Part II"). From the earlier post:
If you understood the possibilities that might be realized by the internet, do you seriously think those people and interests possessing the most power and wealth did not? Yes, we're all special and unique and all that keen stuff, but the ruling class is people, too (revolting thought, I understand, but also true). And the ruling class is not stupid. It is certainly not stupid about this kind of thing. So our betters will do everything in their power to harness and redirect every advance to their own purposes. Again, consult history. This is always the pattern.
I expect that, as there are more cyberattacks, there will be growing calls for increased State regulation. One possibility is that no one will be permitted to access the internet until they are provided with a personal ID number. Everything you do on the internet will be tied to that ID number. For most people, that will be the end of internet anonymity -- although, following the historical pattern, as more obstacles are erected, more ways to evade them will also be created. Just as people get fake IDs now, people will get fake internet IDs -- but it will be harder to do, and most people will simply succumb to State control.

If you consider the matter, I think you might agree with me that the internet is one of the most diabolically clever means for population control ever devised. Why, it's almost like someone did it with that very purpose in mind ...

Is there a solution? Yes, and one possible solution was suggested in my earlier post. I quoted one commenter to a story I discussed as follows:
Just open your wireless port, call it parasite.net, and then set yourself up as an 'ISP' with an FTP, web server, torrent tracker, etc. If you can convince enough people in your area to create access points and mirrors of the content we'll eventually cut out the telecoms and have a truly distributed data and communications network.
You can call it "going local." See the earlier post for more.

I'm sure some people are already setting up their own networks, in this or similar ways. And that's just one possibility. As I suggested in the conclusion of the previous post, the pattern remains the same. The ruling class consolidates and expands its power; those who would escape, or at least minimize, the depredations of the ruling class devise means of eluding their grasp; the ruling class then does its best to take over the newly devised means of escape from their rule and integrate them into its own powers, which are thereby expanded once more; still new means of escape are devised, and so on. I am profoundly skeptical of any claim that X changes everything. Nothing changes everything, except mass extinction or a means of making humans immortal. But in the last case, we wouldn't be talking about "humans" any longer, not using the current definition, so that would be a new ball game. Short of that...

So. Some ruminations for a Thursday. On we go...

P.S. I encourage readers to contact me with their thoughts about the future of the internet. I especially welcome comments from those with technical expertise in this area, which I sorely (and perhaps obviously) lack. I'll be happy to publish interesting and informative replies. You can write me at: arthur4801 at yahoo dot com. And please indicate if you give me permission to publish your comments (I never publish emails without permission, unless I do so anonymously, but that happens very rarely).