Yzabel / January 14, 2018

Listening In: Cybersecurity in an Insecure Age by Susan Landau

My rating: [rating=4]

Blurb:

A cybersecurity expert and former Google privacy analyst’s urgent call to protect devices and networks against malicious hackers

New technologies have provided both incredible convenience and new threats. The same kinds of digital networks that allow you to hail a ride using your smartphone let power grid operators control a country’s electricity—and these personal, corporate, and government systems are all vulnerable. In Ukraine, unknown hackers shut off electricity to nearly 230,000 people for six hours. North Korean hackers destroyed networks at Sony Pictures in retaliation for a film that mocked Kim Jong-un. And Russian cyberattackers leaked Democratic National Committee emails in an attempt to sway a U.S. presidential election.
 
And yet despite such documented risks, government agencies, whose investigations and surveillance are stymied by encryption, push for a weakening of protections. In this accessible and riveting read, Susan Landau makes a compelling case for the need to secure our data, explaining how we must maintain cybersecurity in an insecure age.

Review:

[I received a copy of this book through NetGalley.]

An interesting foray into encryption and privacy, especially when considering the point of view of authorities who may need to access data on devices seized upon arrests.

The author makes a case for strengthened encryption, and I feel this makes more sense than the contrary. The book is positioned around the main controversy of including backdoors to allow police and intelligence services to access a device, so that when they need to do it during an investigation, to apprehend a perp or to follow the trail of other people potentially involved, they could do so easily; whereas strong encryption would make it difficult or impossible. However, as has been discussed during actual investigations (an example given in the book involves Apple), there’d be no guarantees that in-built backdoors would be used only by authorities: if they’re here, sooner or later someone with ill intentions is bound to find them and use them, too.

This ties into a general concern about how we have evolved into a digital age, and have to envision security from this perspective. Here also, while not going into deep technical details, the book explains the principles underlying this new brand of security; how this or that method works; the pros and cons of going towards more encryption or less encryption; what other solutions have already been tested, especially in military environments; how cyber-attacks can disrupt governmental operations in many different ways, such as what happened with Estonia and Georgia, and even the 2016 US elections. All very current and hot issues that deserve to be pointed at and examined, because whatever solutions get implemented, if they create less security and impinge on civilian privacy as well, they’re not going to be useful for very long (if ever).

Also interesting, even though it’s not the main focus, is the concept of encryption methods needing to be made public in order to be really efficient: the more people have a chance of poking at them, testing them, and finding faults, the more these methods can be revised and strengthened.

Conclusion: Not a very technical book, but that’s precisely why it makes a good introduction to such matters: easy to understand, while highlighting major concerns that not only deal with national security, but with our own (and with our privacy) as well.