I've been rather silent of late - probably the longest interval between blog entries in, well, ever. I'm not entirely sure why I lost my muse for a bit, but I can reaffirm that I didn't much enjoy it. My fingers feel best when they're massaging an Apple keyboard, or exploring the controls of my Nikon, or holding the bar ends of my oh-so-pink Specialized wonderbike deep in a turn as I pound the pedals and accelerate toward the next curve. So tonight it's the Apple keyboard's turn, and it feels good. Let's do this, shall we?
Disclosure: I have a day job that allows me to wander into radio and television studios and talk about geeky things. Sometimes I even get woken up early to talk about geeky things from the darkened comfort of my home. Hopefully the dog remains asleep when that happens, but there are unfortunately no apps that can mute the sound of an excited schnauzer at 6 a.m. Or any other time, for that matter.
Once upon a time, the geeky things in my geeky world were separate and distinct from the decidedly non-geeky things that make the top of the evening newscasts. Those days are apparently over, as technology is increasingly woven into the very fabric of the everyday stories that make the mainstream news. Geek news is no longer the exclusive domain of geeks, and every story, whether we like it or not, always seems to have a geeky dimension that matters in some way to the average folks who lead average lives. Pocket protectors no longer define "tech".
Which explains why I got called yesterday* to explain the tech dimensions of the rapidly unfolding Panama Papers story, why I spent a good chunk of today talking about it, and why it'll probably dominate my analyst's agenda for some time to come. As I often do when I'm asked to weigh in on a story, I like to pull together some rough notes that I then share with the producers and hosts I work with. It gives them insight into how I dissect a story, and gives us a roadmap for the interview. Here's what I jotted down for this one:
The short-story version is this isn't just something that affects the rich and famous. We must all worry about it, too, because even little people like us are generating lots of data that someone will find valuable.
The list of people involved is huge - and I have a feeling it'll ripple out even further by the time additional analysis is done - and released - on the full 11-plus-million pages of leaked information. The list includes Iceland's Prime Minister, Sigmundur Davíð Gunnlaugsson, Pakistan's PM, Nawaz Sharif, Ayad Allawi, ex-interim PM and former VP of Iraq, Ukraine president Petro Poroshenko, Argentine President Mauricio Macri (who had campaigned against corruption), Alaa Mubarak, son of Egypt’s former president, and even actor Jackie Chan.
Beyond the names themselves is how easily even the most routine of fiscal transactions can be tracked and ultimately shared publicly. All it takes is a leak here, a leak there and before you know it your entire financial history can be laid bare for all to see.
The Wikileaks/Edward Snowden leaks should have been our biggest clue that anyone and everyone can fall victim. This time it's a who's who of political and business people whose private affairs are on display. But what it it's one of us? What stops an angry ex-spouse, business partner or employee from digging around and surfacing similar data on us?
We're inadvertently laying the foundation for something just like this to happen to us, everything we do is now stored, saved and tracked. And we aren't asking questions about what's being done to keep all of that information - OUR information - safe and secure.
Scary times, and our blase attitude toward information security isn't doing us any favors. In the meantime, here's a quick Q&A as reference/background:
Q1 - This is being called an "unprecedented" leak of millions of documents from the database of Mossack Fonseca, the world’s fourth biggest offshore law firm. How does a breach of this magnitude even happen?
A1 - We can talk about how even the most seemingly secure data can be quickly and quietly stolen thanks to staggeringly obvious gaps in internal security. I could easily walk into an office with a USB drive and walk out, undetected, with tons and tons of unencrypted, damning data. What I do with it afterward is anyone's guess.
Q2 - So it's Vladimir Putin. What does a data breach scandal involving one of the world's most notorious politicians have to do with you and me?
A2 - We can talk about how even ordinary citizens can be victimized. Our data is being gathered and stored everywhere - banks, retailers, governments, tech companies - and we're all one breach away from being exposed. There is no such thing as "below the radar" anymore. Everyone's data is valuable to someone, and we're all at risk. You don't have to be an oligarch and one-time communist spy to become a victim. We should all be worried.
Q3 - How hard can it be to connect the dots between millions of documents? Who has the time to analyze all of this and build a damning case against us?
A3 - Not that long ago, it would have taken years of grinding, extensive, complex analysts to paint a picture. Now, increasingly sophisticated, automated analysis and search tools - something like Google for Forensic Analysis - make short work of looking at a giant blob of data and telling a fascinating, potentially damaging story. With a USB drive in one hand and the right app in the other, even a semi-skilled hacker could easily go to town on pretty much anyone he/she wants.
Q4 - Are the risks getting worse?
A4 - Yes. Think of how much more we rely on apps, systems, web/cloud services today compared to just a few years ago. Think about the Internet of Things, and how the amount of data being collected from our day-to-day lives will increase exponentially and even logarithmically over the next few years. That data - our data - is valuable. And more of our data is being stored and exposed with each passing day.
Q5 - Can we protect ourselves?
A5 - We can. But it takes diligence and attention. Some tips:
- a) Don't overshare. Don't grant access carte-blanche. Question companies/apps/services that request blanket accesses to your information, and be prepared to delete apps or close services when you think they're overreaching.
- b) Encrypt everything. Virtually every device, app and service now offers enhanced security via end-to-end encryption. Go into the settings and turn it on. Also use dual/multi-factor authentication whenever possible (i.e. add fingerprint/voice/swipe/etc. authentication to existing password-based access methods. Two locks on a door are better than one.
- c) Be password-smart. Use hard-to-guess passwords, change them regularly and use different ones for different apps and services. Never share them.
- d) Clean up old devices, apps and accounts. Don't leave old data hanging around. Take deliberate steps to ensure it isn't easily harvested by criminals. Properly dispose of old hardware, too.
- f) Google yourself. Every once in a while, go online and do basic searches for yourself to see what's out there - and whether or not that makes you nervous.
ICYMI, here's a rundown of who' I've spoken with so far:
- CTV News Channel, Scott Laurie, weekly Clicked In segment
- NewsTalk 1010 Toronto, John Moore
- NewsTalk 1290 London, Andy Oudman (we'll explore more on our weekly Tech Talk segment tomorrow)
- CTV London, Gerry Dewan (video here, just over 11:00 in)
- 610 CKTB Niagara, Larry Fedoruk (podcast/audio here)
- NewsTalk 1010 Toronto, David Eddie
- CFRA Ottawa (my weekly Tech Tuesday segment with Rob Snow - MP3 here)