On Sunday night, 60 Minutes aired a feature with the ominous title, “Nobody’s Safe on the Internet,” that focused on connected car hacking and Internet of Things (IoT) device security. It was followed yesterday morning by the release of a new report from the office of Senator Edward J. Markey (D-Mass) called Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk,  which focused on connected car security and privacy issues. Employing more than a bit of techno-panic flare, these reports basically suggest that we’re all doomed.

On 60 Minutes, we meet former game developer turned Department of Defense “cyber warrior” Dan (“call me DARPA Dan”) Kaufman–and learn his fears of the future: “Today, all the devices that are on the Internet [and] the ‘Internet of Things’ are fundamentally insecure. There is no real security going on. Connected homes could be hacked and taken over.”

60 Minutes reporter Lesley Stahl, for her part, is aghast. “So if somebody got into my refrigerator,” she ventures, “through the internet, then they would be able to get into everything, right?” Replies DARPA Dan, “Yeah, that’s the fear.” Prankish hackers could make your milk go bad, or hack into your garage door opener, or even your car.

This segues to a humorous segment wherein Stahl takes a networked car for a spin. DARPA Dan and his multiple research teams have been hard at work remotely programming this vehicle for years. A “hacker” on DARPA Dan’s team proceeded to torment poor Lesley with automatic windshield wiping, rude and random beeps, and other hijinks. “Oh my word!” exclaims Stahl.

Never mind that we are told that the “hackers” who “hacked” into this car had been directly working on its systems for years—a luxury scarcely available to the shadowy malicious hackers about whom DARPA Dan and his team so hoped to frighten us. The careful setup, editing, and Lesley Stahl’s squeals made for convincing theater.

Then there’s the Markey report. On the surface, the findings appear grim. For instance, we are warned that “Nearly 100% of cars on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.” Nearly 100%? We’re practically naked out there! But digging through the report, we learn that the basis for this claim is that most of the 16 manufacturers surveyed responded that 100% of their vehicles are equipped with wireless entry points (WEPs)—like Bluetooth, Wi-Fi, navigation, and anti-theft features. Because these features “could pose vulnerabilities,” they are listed as a threat—one that lurks in nearly 100% of the cars on the market, at that.

Much of the report is similarly panicky and sometimes humorous (complaint #3: “many manufacturers did not seem to understand the questions posed by Senator Markey.”) The report concludes that the “alarmingly inconsistent and incomplete state of industry security and privacy practice,” warrants recommendations that federal regulators — led by the National Highway Traffic Safety Administration (NHTSA) and the Federal Trade Commission (FTC) — “promulgate new standards that will protect the data, security and privacy of drivers in the modern age of increasingly connected vehicles.”

Take a Deep Breath

As we face an uncertain future full of rapidly-evolving technologies, it’s only natural that some might feel a little anxiety about how these new machines and devices operate. Despite the exaggerated and sometimes silly nature of techno-panic reports like these, they reflect many people’s real and understandable concerns about new technologies.

But the problem with these reports is that they embody a “panic-first” approach to digital security and privacy issues. It is certainly true that our cars are become rolling computers, complete with an arsenal of sensors and networking technologies, and the rise of the Internet of Things means almost everything we own or come into contact with will possess networking capabilities. Consequently, just as our current generation of computing and communications technologies are vulnerable to some forms of hacking, it is likely that our cars and IoT devices will be as well.

But don’t you think that automakers and IoT developers know that? Are we really to believe that journalists, congressmen, and DARPA Dan have a greater incentive to understand these issues than the manufacturers whose companies and livelihoods are on the line? And wouldn’t these manufacturers only take on these risks if consumer demand and expected value supported them? Watching the 60 Minutes spot and reading through the Markey report, one is led to think that innovators in this space are completely oblivious to these threats, simply don’t care enough to address them, and don’t have any plans in motion. But that is lunacy.

No Mention of Liability?

To begin, neither report even mentions the possibility of massive liability for future hacking attacks on connected cars or IoT devices. That is amazing considering how the auto industry already attracts an absolutely astonishing amount of litigation activity. (Ambulance-chasing is a full-time legal profession, after all.) Thus, to the extent that some automakers don’t want to talk about everything they are doing to address security issues, it’s likely because they are still figuring out how to address the various vulnerabilities out there without attracting the attention of either enterprising hackers or trial lawyers.

Nonetheless, contrary to the absurd statement by Mr. Kaufman that “There is no real security going on” for connected cars or the Internet of Things, the reality is that these are issues that developers are actively studying and trying to address. Manufacturers of connected devices know that: (1) nobody wants to own or use devices that are fundamentally insecure or dangerous; and (2) if they sell such devices to the public, they are in for a world of hurt once the trial lawyers see the first headlines about it.

It also still quite unclear how big the threat is here. Writing over at Forbes yesterday, Doug Newcomb notes that “the threat of car hacking has largely been overblown by the media – there’s been only one case of a malicious car hack, and that was an inside job by a disgruntled former car dealer employee. But it’s a surefire way to get the attention of the public and policymakers,” he correctly observes. Newcomb also interviewed Damon McCoy, an assistant professor of computer science at George Mason University and a car security researcher, who noted that car hacking hasn’t become prevalent and that “Given the [monetary] motivation of most hackers, the chance of [automotive hacking] is very low.”

Security is a Dynamic, Evolving Process

Regardless, the notion that we can just clean this whole device security situation up with a single set of federal standards, as the Markey report suggests, is appealing but fanciful. “Security threats are constantly changing and can never be holistically accounted for through even the most sophisticated flowcharts,” observed my Mercatus Center colleagues Eli Dourado and Andrea Castillo in their recent white paper on “Why the Cybersecurity Framework Will Make Us Less Secure.” “By prioritizing a set of rigid, centrally designed standards, policymakers are neglecting potent threats that are not yet on their radar,” Dourado and Castillo note elsewhere.

We are at the beginning of a long process. There is no final destination when it comes to security; it’s a never-ending process of devising and refining policies to address vulnerabilities on the fly. The complex problem of cybersecurity readiness requires dynamic solutions that properly align incentives, improve communication and collaboration, and encourage good personal and organizational stewardship of connected systems. Implementing the brittle bureaucratic standards that Markey and others propose could have the tragic unintended consequence of rendering our devices even less secure.

Standards Are Developing Rapidly

Meanwhile, the auto industry has already come up with privacy standards that go above and beyond what most other digital innovators apply to their own products today. Here are the Auto Alliance’s “Consumer Privacy Protection Principles: Privacy Principles for Vehicle Technologies and Services,” which 23 major automobile manufacturers agreed to abide by. And, according to a press release yesterday, “automakers are currently working to establish an Information Sharing Analysis Center (or “Auto-ISAC”) for sharing vehicle cybersecurity information among industry stakeholders.”

Again, progress continues and standards are evolving. This needs to be a flexible, evolutionary process, instead of a static, top-down, one-size-fits-all bureaucratic political proceeding.

We can’t set down security and privacy standards in stone for fast-moving technologies like these for another reason, and one I am constantly stressing in my work on “Why Permissionless Innovation Matters.” If we spend all our time worrying about hypothetical worst-case scenarios — and basing our policy interventions on a parade of hypothetical horribles — then we run the risk that best-case scenarios will never come about.  As analysts at the Center for Data Innovation correctly argue, policymakers should only intervene to address specific, demonstrated harms. “Attempting to erect precautionary regulatory barriers for purely speculative concerns is not only unproductive, but it can discourage future beneficial applications of the Internet of Things.” And the same is true for connected cars.

Trade-Offs Matter

Technopanic indulgence isn’t always merely silly or annoying—it can be deadly.

“During the four deadliest wars the United States fought in the 20th century, 39 percent more Americans were dying in motor vehicles” than on the battlefield. So writes Washington Post reporter Matt McFarland in a powerful new post today. The ongoing toll associated with human error behind the wheel is falling but remains absolutely staggering, with almost 100 people losing their lives and almost 6,500 people injured every day.

We must never fail to appreciate the trade-offs at work when we are pondering precautionary regulation. Ryan Hagemann and I wrote about these issues in our recent Mercatus Center working paper, “Removing Roadblocks to Intelligent Vehicles and Driverless Cars.” That paper, which has been accepted for publication in a forthcoming edition of the Wake Forest Journal of Law & Policy, outlines the many benefits of autonomous or semi-autonomous systems and discusses the potential cost of delaying their widespread adoption.

When it comes to the various security, privacy, and ethical considerations related to intelligent vehicles, Hagemann and I argue that they “need to be evaluated against the backdrop of the current state of affairs, in which tens of thousands of people die each year in auto-related accidents due to human error.” We continue on later in the paper:

Autonomous vehicles are unlikely to create 100 percent safe, crash-free roadways, but if they significantly decrease the number of people killed or injured as a result of human error, then we can comfortably suggest that the implications of the technology, as a whole, are a boon to society. The ethical underpinnings of what makes for good software design and computer-generated responses are a difficult and philosophically robust space for discussion. Given the abstract nature of the intersection of ethics and robotics, a more detailed consideration and analysis of this space must be left for future research. Important work is currently being done on this subject. But those ethical considerations must not derail ongoing experimentation with intelligent-vehicle technology, which could save many lives and have many other benefits, as already noted. Only through ongoing experimentation and feedback mechanisms can we expect to see constant improvement in how autonomous vehicles respond in these situations to further minimize the potential for accidents and harms. (p. 42-3)

As I noted here in another recent essay, “anything we can do to reduce it significantly is something we need to be pursuing with great vigor, even while we continue to sort through some of those challenging ethical issues associated with automated systems and algorithms.”

No Mention of Alternative Solutions

Finally, it is troubling that neither the 60 Minutes segment nor the Markey report spend any time on alternative solutions to these problems. In my forthcoming law review article, “The Internet of Things and Wearable Technology: Addressing Privacy and Security Concerns without Derailing Innovation,” I devote the second half of the 90-page paper to constructive solutions to the sort of complex challenges raised in the 60 Minutes segment and the Markey report.

Many of the solutions I discuss in that paper — such as education and awareness-building efforts, empowerment solutions, the development of new social norms, and so on – aren’t even touched on by the reports. That’s a real shame because those methods could go a long way toward helping to alleviate many of the issues the reports identify.

We need a better public dialogue than this about the future of connected cars and Internet of Things security. Political scare tactics and techno-panic journalism are not going to help make the world a safer place. In fact, by whipping up a panic and potentially discouraging innovation, reports such as these can actually serve to prevent critical, life-saving technologies that could change society for the better.

Additional Reading

• Making Sure the “Trolley Problem” Doesn’t Derail Life-Saving Innovation, January 15, 2015.
• Muddling Through: How We Learn to Cope with Technological Change, June 30, 2014
• Law review article: “Removing Roadblocks to Intelligent Vehicles and Driverless Cars,” September 17, 2014.
• Law review article: “The Internet of Things and Wearable Technology: Addressing Privacy and Security Concerns without Derailing Innovation.”
• Ongoing blog series: Moral Panics & Technopanics
• Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom (2014)
• Slide Presentation: Policy Issues Surrounding the Internet of Things & Wearable Technology, September 12, 2014
• [Video] Cap Hill Briefing on Emerging Tech Policy Issues (June 2014)
• The Growing Conflict of Visions over the Internet of Things & Privacy, January 14, 2012
• Can We Adapt to the Internet of Things? IAPP Privacy Perspectives, June 19, 2013
• My Filing to the FTC in its ‘Internet of Things’ Proceeding, May 31, 2013

by Eric Beach & Adam Thierer

In our ongoing “Privacy Solutions Series” we have been outlining various user-empowerment or user “self-help” tools that allow Internet users to better protect their privacy online. These tools and methods form an important part of a layered approach that we believe offers a more effective alternative to government-mandated regulation of online privacy. [See entries 1, 2, 3, 4]  In this installment, we will be exploring CCleaner, a free Windows-based tool created by UK-based software developer Piriform that scrubs you computer’s hard drive and cleans its registry. We’ll describe how CCleaner helps you destroy data and protect your private information.

Whenever you move files to the recycling bin and subsequently purge the recycling bin, the affected files remain on your computer. In other words, deleting files from the recycling bin does not remove them from the computer. The reason for this is important and, in many ways, beneficial. In some respects, many computer file systems work like an old library catalog system. A file is like a catalog card and contains the reference to the actual place on the hard drive where the information contained in the file is stored. When a user deletes a file, the computer does not actually clean all the affected hard drive space. Instead, to extend the analogy, the computer simply removes the card catalog entry that points to the hard drive space where the file is contained and frees up this space for new files. The reason this is usually beneficial is that cleaning the hard drive space occupied by a file can take a while. If you want evidence of this, look no further than the length of time required to reformat a hard drive (reformatting a hard drive actually clears the disk’s contents). The practical implication of the way hard drives work is that when you delete an important memo from your computer, it is not actually gone. Similarly, when you clear your browsing history, it is not gone. The bottom line is that an individual who can access your hard drive (a thief, the government, etc.) could view many or all of the files you deleted.

The solution to this problem is to ensure that when a file is deleted, the space on the hard drive occupied by that file is not simply flagged as available space but is entirely rewritten with unintelligible data. One of the best programs for accomplishing this is CCleaner (which formerly stood for “Crap Cleaner”!)

CCleaner enables you to select a host of potentially sensitive files (e.g., recycling bin, browser history, memory dumps, and cookies) and definitively delete them by writing over them at the root of the file system. In particular, CCleaner enables the user to choose whether files should be entirely overwritten once, thrice (DOD 5220.22-M standard), seven times (NSA standard), or 37 times (Gutmann standard). The end result of this is that users can entirely remove a file from their machines. As an added benefit, CCleaner also allows users to delete files that may not be sensitive in nature, but are not necessary for everyday computer tasks and as a result, their continued presence slows down the computer.

The best part of CCleaner is that it is free, stable, safe, and extremely easy to use. It has won numerous awards and, according to the CCleaner website, the tool has been downloaded an astounding 300 million times.

To download CCLeaner, visit http://www.ccleaner.com or http://download.cnet.com/ccleaner. More information about CCleaner is embedded down below, including a couple of YouTube videos. The most important tip to using CCleaner is ensuring that all files that are deleted from the recycling bin are subsequently overwritten (and therefore cannot be uncovered by someone who later accesses your hard drive).  This feature is not enable by default. To turn it on, do the following: (1) Open CCleaner (2) Click on “Options” from the bar on the left hand side of the program. (3) Click on “Settings”. (4) Click on “Secure file deletion (Slower)”.  The adjoining exhibit shows what that screen looks like.

For more information about CCleaner, please see the following helpful sites:

• CCleaner Help
• CCleaner Documentation
• Wikipedia entry for CCleaner
• CNet Download Center page for CCleaner
• a coupe of YouTube video tutorials follow…

What would it take to create a more secure Internet?  That’s what John Markoff explores in his latest New York Times article, “Do We Need a New Internet?”  Echoing some of the same fears Jonathan Zittrain articulates in his new book The Future of the Internet, Markoff wonders if online viruses and other forms of malware have gotten so out-of-control that extreme measures may be necessary to save the Net.  Compared to when cyber-security attacks first started growing over 20 years ago, Markoff argues that:

[T]hings have gotten much, much worse. Bad enough that there is a growing belief among engineers and security experts that Internet security and privacy have become so maddeningly elusive that the only way to fix the problem is to start over.

Like many others, Markoff fingers anonymity as one potential culprit:

The Internet’s current design virtually guarantees anonymity to its users. (As a New Yorker cartoon noted some years ago, “On the Internet, nobody knows that you’re a dog.”) But that anonymity is now the most vexing challenge for law enforcement. An Internet attacker can route a connection through many countries to hide his location, which may be from an account in an Internet cafe purchased with a stolen credit card. “As soon as you start dealing with the public Internet, the whole notion of trust becomes a quagmire,” said Stefan Savage, an expert on computer security at the University of California, San Diego.

Consequently, Markoff suggests that:

A more secure network is one that would almost certainly offer less anonymity and privacy. That is likely to be the great tradeoff for the designers of the next Internet. One idea, for example, would be to require the equivalent of drivers’ licenses to permit someone to connect to a public computer network. But that runs against the deeply held libertarian ethos of the Internet.

Indeed, not only does it run counter to the ethos of the Net, but as Markoff rightly notes, “Proving identity is likely to remain remarkably difficult in a world where it is trivial to take over someone’s computer from half a world away and operate it as your own. As long as that remains true, building a completely trustable system will remain virtually impossible.”  I’ve spent a lot of time writing about that fact here and won’t belabor the point other than to say that efforts to eliminate anonymity for the entire Internet would prove extraordinarily intrusive and destructive — of both the Internet’s current architecture and the rights of its users.  There’s just something about a “show-us-you-papers,” national ID card-esque system of online identification that creeps most of us out. That’s why I spend so much time fighting age verification mandates for social networking sites and other websites; it’s the first step down a very dangerous road.

But what if we could apply such solutions in a narrower sense?  That is, could we create more secure communities within the overarching Internet superstructure that might provide greater security?  Markoff starts thinking along those lines when he suggests…

What a new Internet might look like is still widely debated, but one alternative would, in effect, create a “gated community” where users would give up their anonymity and certain freedoms in return for safety.

… but he is still thinking in terms of a replacement model for the entire Internet, which would be misguided for the reasons I stated above.  We don’t want to force a single, intrusive, anonymity-killing replacement model on the entire online universe.  Starting over isn’t even possible in a practical sense.

It’s a shame that Markoff didn’t interview my old colleague Wayne Crews for his story because Wayne has outlined an alternative framework worth considering. For many years, Wayne has been preaching about “spinternets,” or the notion that we need to start thinking about how develop not just one better Internet, but many better Internets. In a visionary piece for Forbes back in early 2001, Wayne argued that the solution to the growth of various online concerns “is more Internets, not more regulations”:

The Internet needs borders beyond which users can escape damaging political resolutions of these battles, which are rooted in the Internet’s nonowned, common-property status. Conflicting legislative visions in a cyberspace populated by exhibitionists at one extreme and would-be inhabitants of gated communities on the other, reveal the basic truth that not everybody wants or needs to be connected to everybody else.

Again, there’s that notion of “gated communities” that Markoff brought up. It’s not for everybody, but those seeking greater security could perhaps find it inside such online communities. Of course, others who wanted a different experience could start a completely different gated community under Wayne’s model.

But the problem with this notion, quite obviously, is that very few people want to stay inside their gated communities all the time. In the physical world of gated communities, for example, members of it still like to get out of there once and awhile to visit shops, events, parks, friends and family, etc.  The same goes for the Internet.  Just ask all those former denizens of AOL’s gated community.  For awhile, many of them — over 25 million strong at the zenith of its popularity — were content to spend most of their digital day inside the walls of Case’s Castle.  Gradually, however, they felt the need to explore outside those walls.  And so they did.  A mass exodus ensued and the walls came crumbling down around AOL’s gated community.

But that doesn’t necessarily mean the idea of online gated communities is entirely dead. There are certainly many closed, tightly-controlled networks out there already — mostly in corporate or government environments — that offer a glimpse of how such a model might work in practice.  Also, smaller social networking sites aimed at kids provide another example since they are usually tightly-controlled walled gardens that offer much greater security.

But Wayne was always thinking of something bigger — much bigger — than just closed corporate / government networks. He was thinking about a world of many different Internet s that didn’t necessarily have a back door to the broader Internet. Think of it as many parallel, but unconnected digital systems and networks, each serving a different set of values and cultures with unique rules.

Wayne envisioned the primary critique of this model in his original piece, noting that “it will be criticized as Balkanization.”  Indeed, Sonia Arrison called it “techno-isolationism, which goes against the very spirit that makes the Internet great.”  Indeed, it certainly would destroy something very precious about the current Internet — universal connectivity and openness.  But that’s sort of the point, isn’t it!  Universal connectivity and openness have given us many wonderful things, but some troubling things, too.  That’s what Markoff was getting at in his NYT piece, and it’s part of what Wayne was aiming to address with his splinternets idea.

But do we really want to encourage a world of multiple Internets where, presumably, they are split right down to the root? In other words, there wouldn’t be a common language for networks to communicate or a way to access many sites and services outside the particular Net you are on at any given time. It would be the equivalent of living on different digital planets that never linked or communicated.

I think it’s unlikely we’ll ever get there, and if we did it would likely be driven by global governments challenging ICANN and existing Internet governance structures. In other words, the DNS root would be completely split by some countries (China?) who didn’t want to play by the same rules as the rest of the interconnected world, or who wanted to try to impose a different vision upon a new, competing global network.

But might there be a way to find a happy middle ground between the Wild West commons of the current Net and the “techno-isolationism” of Wayne’s splinternet model?  Perhaps “Splinternet-lite” is the solution.  Within the confines of the existing Internet superstructure, there are ways to create walled gardens today and limit the number of back doors to the broader Net.  Again, the smaller social networking sites and virtual worlds aimed at kids already do that. Once you’re in there, you’re in a very different world. You have to be fully verified before you’re even let in the door, and once you’re inside their are tight limits on what you say, do, and explore. And you’ll get booted out pretty quickly if you break the rules.  The result is greater safety and peace-of-mind for kids and parents alike. It’s a less clear, however, how that model would “scale up” and apply to the entire universe of online networks.  I think we’ll have to be content with small patches of security within a world of insecurity. That’s the cost of the openness and interconnectivity that the Net current gives us.

In sum, there is no clear answer to John Markoff’s question, “Do we need a new Internet?”  We certainly could do more to address the problems with the current Net, but upending it and starting over isn’t likely an option.  More micro-splinternets within the overarching Net superstructure, however, might help those who are particularly risk-conscious find safe haven from various cyber-security fears. But it won’t shelter them from those problems completely.

I can’t believe we’re actually asking whether Obama—the candidate who promised to bring the Federal government (and perhaps everyone else) into the Web 2.0 era whether they like it or not—will have a “personal computer.”

The “webiness” of Obama’s predecessors is just embarrassing:   

Clinton famously sent only two e-mails while he was president, one to test whether he could push the “send” button and one to John Glenn, sent while the former Ohio senator was aboard the space shuttle… During his presidency, George W. Bush didn’t have a personal log-in to the White House Internet server, nor did he have a personal whitehouse.gov e-mail address. (He gave up his private e-mail account, G94B@aol.com, just before his first inauguration.) When he did go online, there were some things he couldn’t access. During Bush’s tenure, the White House’s IT department blocked sites like Facebook, YouTube, Twitter, and most of MySpace. The ability to comment on blogs was blocked, as was certain content that was deemed offensive. According to David Almacy, who served as Bush’s director for Internet and e-communications from 2005-07, only two people had access to the iTunes store during that period: Almacy, who had to upload speeches to the site, and the president’s personal aide, so that he could download songs for Bush’s iPod.

Pipes and tubes, pipes and tubes, my friends…  

If Obama decides not to implement whatever legal or technical changes would be required for him to do something so simple as having a computer on his desk, I suppose we’ll know that he’s not really all that interested—at least on a personal level—in all his rhetoric about the power of the Internet to make government more transparent and accountable.  Let’s hope that doesn’t happen.