The Cybersecurity Paradox

In “Our Neurotic ‘Privacy’ Paradox” by Jennifer Senior, which appeared in The New York Times of May 19, 2019, the reporter makes the following statement:

“Resignation [to the loss of privacy] also explains the privacy paradox. It’s a perfectly rational response to a situation in which human beings have very little agency.”

In the first place, if the response is rational, how can there be a neurotic paradox?

Second, we have discussed this privacy issue many times and asserted that privacy is considered to be a right, whereas the implementation of cybersecurity measures is merely one way in which to achieve privacy—another being physical security.

Nevertheless, many of the attitudes that pervade Senior’s article apply just as well to cybersecurity as they do to privacy.

The main difference is that lawmakers and regulators, particularly in Europe, are able to come up with enforceable privacy rules, yet have relatively little success in drafting and enforcing laws and regulations about cybersecurity, other than broad generalizations that are outdated and ineffective. Why is this?

We have compared the problem of resolving cybersecurity risk to that of reversing climate change. When really intractable issues arise, we humans seem unable, or unwilling, to address them until it is far too late, at which point it is exorbitantly expensive and relatively ineffective. Often, the damage has already been done, and catch up only brings us to the level when events occurred, not to the current, much less a future, standard.

As a result, we pin our hopes on new technologies—primarily artificial intelligence and machine learning—but these methods are also backward-looking and are very unlikely to protect against new, improved attacks.

Whether this behavior is due to lack of concern, a feeling of being overwhelmed, a reluctance to dedicate the funds, or an unwillingness to give up convenience remains inconclusive. Perhaps it is a combination of all of them, although in what proportion seems impossible to determine.

We see this when there are wars. The inability to agree upon a common approach leads to discord and potentially to a conflict that neither side can afford. In everyday life, neglect leads to disasters and catastrophes that are orders of magnitude more expensive than the cost to correct the problem in the first place.

Perhaps this is just the human condition. We live in hope that the problem will go away, that nothing bad will happen, or that silver-bullet technologies will solve the problem. The latter happens quite often, which only reinforces procrastination. In some cases, having waited for some resolution pays off with a new discovery or a change in regime or some other means of solving the problem. But not always—and not by a long shot.

Nature has a way of finding a new equilibrium, but one which may or may not be in the interests of humankind. And sometimes the unpredictable falls in our favor, relatively speaking, as with nuclear bombs which, it was feared, might have started a chain reaction in the atmosphere that would have destroyed Earth as we know it, and make it uninhabitable for human beings. Or it can go the other way.

So, if we have opted for waiting to be saved from the impact of cybersecurity risks by some magical new technology, we might be lucky—or there again, we might not.

Post a Comment

Your email is never published nor shared. Required fields are marked *