Corrente has a YouTube (and link to a text file transcript) of a talk by Dan Geer, who I guess we'll call a cybersecurity expert. In a world where increasingly everything is online he takes a big picture view, based on his years chasing down malevolent hacker types, and concludes it's time to head for the exits.
I have long preferred to hire security people who are, more than anything else, sadder but wiser. They, and only they, know that most of what commercially succeeds [as a security product] succeeds only so long as attackers do not give it their attention while what commercially fails fails not because it didn't work but because it wasn't cheap or easy or sexy enough to try. Their glasses are not rose-colored; they are spattered with Realpolitik. Sadder but wiser hires, however, come only from people who have experienced private tragedies, not global ones. There are no people sadder but wiser about the scale and scope of the attack surface you get when you connect everything to everything and give up your prior ability to do without. Until such people are available, I will busy myself with reducing my dependence on, and thus my risk exposure to, the digital world even though that will be mistaken for curmudgeonly nostalgia. Call that misrepresentation, if you like.
By "misrepresentation" he is talking about the freedom to create multiple identities on and offline:
Privacy used to be proportional to that which it is impossible to observe or that which can be observed but not identified. No more -- what is today observable and identifiable kills both privacy as impossible-to-observe and privacy as impossible-to-identify, so what might be an alternative? If you are an optimist or an apparatchik, then your answer will tend toward rules of data procedure administered by a government you trust or control. If you are a pessimist or a hacker/maker, then your answer will tend towards the operational, and your definition of a state of privacy will be my definition: the effective capacity to misrepresent yourself.
Misrepresentation is using disinformation to frustrate data fusion on the part of whomever it is that is watching you. Some of it can be low-tech, such as misrepresentation by paying your therapist in cash under an assumed name. Misrepresentation means arming yourself not at Walmart but in living rooms. Misrepresentation means swapping affinity cards at random with like-minded folks. Misrepresentation means keeping an inventory of misconfigured webservers to proxy through. Misrepresentation means putting a motor-generator between you and the Smart Grid. Misrepresentation means using Tor for no reason at all. Misrepresentation means hiding in plain sight when there is nowhere else to hide. Misrepresentation means having not one digital identity that you cherish, burnish, and protect, but having as many as you can. Your fused identity is not a question unless you work to make it be. Lest you think that this is a problem statement for the random paranoid individual alone, let me tell you that in the big-I Intelligence trade, crafting good cover is getting harder and harder and for the exact same reasons: misrepresentation is getting harder and harder.
The reason that issues from Dan Geer's field (cybersecurity) spill over into everything else is what he's calling convergence:
Let me ask you a question: Are the physical and digital worlds one world or two? Are cyberspace and meatspace converging or diverging over time? I conclude that they are converging, but if they are converging, then is cyberspace looking more and more like meatspace or is meatspace looking more and more like cyberspace? That is not so clear.
Possibility #1 is that cyberspace becomes more and more like meatspace, ergo the re-creation of borders and jurisdictional boundaries is what happens next. Possibility #2 is that meatspace
becomes more and more like cyberspace, ergo jurisdictional boundaries grow increasingly irrelevant and something akin to one-world technocratic government more or less follows. The former is
heterogeneous, the latter is the monoculture of a single nation-state. As we all know, resiliency and freedom obtain solely from heterogeneity, so converging meatspace to cyberspace is the unfavorable outcome, but what can be done about it?
Convergence is happening because increasingly there are no alternatives to going online:
It seems to me that the leverage here favors cyberspace whenever and wherever we give cyberspace a monopoly position, which we are doing that blindly and often. In the last couple of years, I've found that institutions that I more or less must use -- my 401(k) custodian, the Government Accounting Office's accounts payable department, the payroll service my employer outsources to, etc. -- no longer accept paper letter instructions, they each only accept digital delivery of such instructions. This means that each of them has created a critical dependence on an Internet swarming with men in the middle and, which is more, they have doubtlessly given up their own ability to fall back to what worked for a century before.
It is that giving up of alternative means that really defines what convergence is and does. It is said that all civil wars are about on whose terms re-unification will occur. I would argue that we are in, to coin a phrase, a Cold Civil War to determine on whose terms convergence occurs. Everything in meatspace we give over to cyberspace replaces dependencies that are local and manageable with dependencies that are certainly not local and I would argue much less manageable because they are much less secure. I say that because the root cause of risk is dependence, and most especially dependence on expectations of system state. I say "much less secure" because one is secure, that is to say that one is in a state of security, if and only if there can be no unmitigatable surprises. The more we put on the Internet, the broader and unmitigatable any surprises become.
The issue is bigger than just a virus here or malware there. It's about control of the online monoculture. Geer admits at the beginning of the talk that no one person can see the whole picture, which may be why a slightly panicky exit is the best course for the individual.
