In early 2016, Professor Susan Landau testified in front of the U.S. House Committee on the Judiciary for their hearings on the FBI-Apple encryption dispute that erupted after the San Bernardino attacks. That episode provided the impetus for her recently published book, Listening In: Cybersecurity in an Insecure Age.
During her recent book talk hosted by Ginn Library, Landau began by discussing the encryption debate. Throughout the 1990s, the interests of the FBI and the National Security Agency were aligned regarding limitations on encryption, but those interests began to diverge by the end of the decade. From there, Landau described the evolving nature of government investigations ranging from tracking phones to discovering patterns in communications metadata.
In addition to encryption, Landau spoke about the risks of insecure data. The Sony Pictures hack in 2014 resulted in stolen information including e-mails, unreleased movie scripts, and other confidential data, she explained. “Sony thought of itself as canisters of film, not bits,” she said. In contrast, banks came to the realization that financial transactions were made of bits that needed to be protected.
Smart devices are another source of insecurity Landau warned we should be concerned about because they are becoming more commonplace in households. “The Internet of Things (IoT) is very poorly secured,” Landau said. “There’s a real rush to market without securing the device itself or its connection to the network.”
The 2016 U.S. presidential election unveiled further concerns facing the civilian sector: In January 2017, the Office of the Director of National Intelligence released a report on Russian efforts to influence and undermine the election. Landau critiqued the Obama Administration’s hesitant response and the Trump Administration’s lack of response to Russia’s election attack, saying “we haven’t acted appropriately.”
Russia’s campaign to manipulate the American public through disinformation and fake news has few easy solutions. “We haven’t handled the disinformation problem well,” she said. “I don’t think the Internet companies are thinking about it enough.” She also referenced the proliferation of political and issue-based advertisements about contentious subjects on social media sites such as Facebook.
While plenty of attention was directed toward Russian efforts to hack the Democratic National Committee (DNC), Landau also expressed concerns about efforts to disrupt advocacy groups, non-profits, think tanks and other civil society groups that “are the glue between people and government.” Landau pointed out that these are organizations that operate on small budgets and lack the necessary technological expertise to deal with powerful nation-state actors.
“Disrupting civic organizations directly threatens American social cohesion. It’s different than hacking the DNC,” she said. “We’re already in a position where social cohesion has worsened [in recent decades].”
The United States still has plenty of work to do on cybersecurity, Landau insisted. “The technology is outpacing our ability to legislate,” she told the audience of students, faculty and staff. Moreover, the government “has not thought of the difference between cyber attacks and kinetic attacks.” She noted, however, that U.S. Senate staffers have taken greater interest in technology issues recently.
Landau also briefly discussed ways to keep personal data secure including two-factor authentication apps such as Duo Mobile. The app allows users to verify their identity by approving push notifications on their phone before securely accessing applications. She praised Duo Mobile’s emphasis on making the app usable and accessible for all people. Currently, Tufts University and The Fletcher School are working to get all students, faculty, and administrators signed up for two-factor authentication.
This semester, Landau teaches two courses on “Privacy in the Digital Age” and “Cyber in the Civilian Sector.” The courses bring together students from The Fletcher School and Tufts’ School of Engineering to discuss interdisciplinary questions that arise in the digital era. The unique nature of the courses allows those with technical skills and knowledge to interact with students who have policy backgrounds. “Fletcher students think in shades of gray and the techies think in zeros and ones,” Landau remarked. “This is a way to get two communities to talk to one another.”
With new technologies bringing new challenges, cybersecurity risks will remain prominent for individuals and organizations alike. Landau’s book Listening In discusses many of the technological issues that require further thought and discussion. “We cannot go back to the society that we had 40 years ago,” she said. “The question is: How do we secure what we have?”