There’s an elephant in the room. It’s a phrase that hails from a short 1814 fable, in which a man enjoyed all the small wonders of a museum but failed completely to see the giant elephant exhibition. It’s a brief read and pretty much encapsulates the idiom: “You can’t see the forest for the trees.” In short, you get so wrapped up in the detail that you fail to appreciate the bigger picture.
Unfortunately, this definition kind of derails my intention of calling online security the elephant in the room. So, instead, I’d like to invoke a bit of writer’s hubris — a dash of arrogance just because I happen to put words to page for a living.
Let’s call that elephant in the room a subject that everyone notices yet only discusses superficially before moving on.
“Hey, is that an elephant in the room?”
“Yes, but let’s not attract attention. Let’s make someone else take care of it.”
This is how we deal with digital security; it’s that elephant we mention in passing but don’t really want to tackle with full appreciation.
But there is only one consistent answer among experts when it comes to digital security, and that is encryption.
Every other means of making our digital lives more secure is falling away.
The amount of ways to deliver dangerous software onto a device grows every time you see a new headline.
Twenty years ago, a virus — a piece of infected software that had to be run by a user — was how you got a system infected.
Today it can be done with an MMS or the compromised ad network of an unsuspecting site. There have even been reports of malware propagating through sound.
These are examples in the pre-Internet of things days. We joke about malware attaching itself to our cars and fridges, but these are going to be tomorrow’s concerns.
Only, they are also yesterday’s debates: experts were arguing about connected car security for years before such vehicles arrived on the market — and there is no answer yet.
So, if you think that somebody is on top of the security issue, you are dead wrong. It’s the elephant: we’ll talk about it, but in tones suggesting that someone else is taking care of business.
We could argue that people need better online habits, that a lot of the fault lies with uninformed and negligent users. Fair enough. But after a century of cars, we still have bad drivers.
This is another elephant we’re paying lip service to: security may be too much of a responsibility to be left to the digitally unwashed masses. Data will be stolen, so all we can hope for is that the encryption securing that data will not be breached.
Actually, encryption is an absolute
US President Barack Obama opened SXSW in Austin, Texas at the weekend by saying encryption isn’t an absolute, that there has to be a middle ground. Well, he’s wrong. I don’t like an absolute, but some do exist.
For example, a hole in the hull of a space station is an absolute. The mere existence of one would be a catastrophe.
Encryption is the same. It’s not the role of a backdoor in software or who controls it — the mere existence of one outweighs its purpose.
Maybe we can trust the US government with backdoor software — although, as Edward Snowden has revealed, we can’t — but what about Russia, China and other governments? And will backdoors controlled by governments make us safer?
Politicians: take a hint from Bob Dylan and don’t criticise what you clearly don’t understand. Admit that you don’t appreciate the size of the elephant in the room.
Above all, please stop pretending it’s a mouse and that Apple should take care of the problem. You’re only endangering every digital citizen and their connected future.
- James Francis is a freelance writer whose work has appeared in several local and international publications