Sharing isn’t caring: Online Security, Responsibility and You
Imagine if a friend casually dropped into conversation that they left their shiny new car unlocked, because it made getting into it easier. Or a company decided to stop locking its offices because it was too much of a faff to make sure they had enough keys for all their employees. Your jaw would hit the floor. But take the same approach to online security and you’re lovably flaky, or perhaps inventing a new lifestyle trend.
In a piece in The Guardian to promote her new book, Sarah Knight explains how she went from feeling “overextended and overburdened by life” to happiness by learning not to care what others think. While that’s a brilliant idea when it comes to dutiful, resentful attendance at social occasions she also added this gem to her list of things not to care about.
“Passwords. I used to feel so much anxiety about personal security, but then I read a number of articles by experts that suggest we’re all one pimply Slavic teenager away from getting hacked anyway, so I thought, maybe I could just use the same password for everything. Would it really matter?”
Yes, Sarah, yes it would. I too have read a number of articles by experts and they all suggest — without indulging in any lazy stereotyping about what hackers look like — that having different passwords, or using a password manager, is actually super important.
This ‘oh but it’s so complicated to remember my passwords’ attitude is particularly prevalent amongst journalists, writers and creative people in general, which is ironic, because if you’re that creative, surely you could create some catchy new passwords?
The password thing is just one example of the issues surrounding online security in general. Through laziness or ignorance, a lot of us are leaving our cars unlocked. The British government has been running its “Be Cyberstreetwise” campaign for some time, advertising on the radio and tube — places where it’s easier to reach those who think “password1” is hacker kryptonite.
Education is crucial. Some people will never understand that if you have dozens of work contacts on Facebook, *maybe* it isn’t the best place for that swimsuit Selfie, but there is hope for future generations.
“The best way to protect young people online is by educating them, not by trying to wrap them in digital cotton wool,” says Jules Hillier, CEO of Brook, a UK charity which provides counselling and advice for young people about sexual health. “The UK government is putting resources into digital literacy and safety lessons in schools, but there’s always more that can be done.”
Many schools now understand the importance of educating pupils about the online, as well as the offline, world, and happily are making sure students know how to look after themselves. I checked in with my old school, Fulford in York, to see how things had changed since we tackled Mavis Beacon Teaches Typing on 486s. The answer is, a lot.
“We do a lot to promote Esafety through assemblies, Computing lessons and crucially through our Personal Development programme,” says headteacher Lorna Savage. “We are very aware of the risks of unregulated use of the internet and work hard to promote safe practices, especially in relation to the use of social media.”
In the end, though, while schools can educate young people to be responsible online citizens, and governments can run campaigns, individuals are responsible for their phones, tablets and computers. And they are suspicious about their data, because the situation is constantly changing. After the Snowden revelations people were furious governments had been peeking on them; after the horror of terrorist attacks there are invariably political calls for more surveillance online.
Ultimately, code cannot tell if you’re a good guy or a bad guy: as FTC Commissioner Julie Brill said in a panel discussion last month, it’s “magical thinking” to believe that backdoors can be put in software for law enforcement, without them being found and abused by others.
Then you have companies, who are so lawyered up (apologies to my fellow DisCo columnists of the legal persuasion) that they create epic terms and conditions which we all know nobody actually reads. Of course nobody means to sign away their firstborn to access a Wi-Fi hotspot, but when it takes hours to read the legalese to set up your phone — which you’ve already bought — and 76 days to read the ones necessary for a year’s work, it’s all too easy to get bored.
That, in turn, leads to complacency, thinking “why would I set up a good password for this online food ordering service, when all hackers will be able to do is order me a delicious biryani?” If there’s one thing the internet has shown us, it’s that we don’t know the fascinating things our data will be useful for in the future. Also, they have your address, possibly your credit card details, and if you were stupid enough to have the same password, access to all your other favourite sites.
Moreover, some of this data is spicier than a delivery curry. Look at the Ashley Madison hack, and the “moral” reasoning of those behind it. Dating apps, sexting and clueless politicians mean there are millions of frankly eye-watering pictures floating around online. Think very carefully about what you share and with whom, and hope that if that does happen, you can be as brave about it as JenniferLawrence.
On the flipside, all this data is so useful. Location data provided through GPS, Wi-Fi and users themselves means Londoners can get from A to B more easily than ever thanks to apps like Citymapper, live real-time moving bus maps and cab apps like Addison Lee. But some people freak out when shown their location history. The two cannot be separated, but our understanding of what we’re signing up for can certainly be improved. Hopefully, as those who’ve grown up with the internet mature, things will improve!
A good New Year’s resolution would therefore be think, not panic, think about online security — and for God’s sake, give different passwords on different sites.