In the growing wave of security concerns spawned by the slow staccato of major information breaches --Target, Neiman Marcus and several others unnamed at this writing are only the latest -- there is another factor, largely ignored but of equal importance and perhaps even greater intractability.
That factor is convenience and our romance with it in virtually every part of our lives.
While the news media has yet to discover the story, more than one respected industry commentator has opined that “increasing convenience almost always reduces security.” Even without complex technical analysis, it only makes sense that when you make things easier and simpler for your intended users, you inadvertently do the same for the “users” you want to keep out.
In the business world, although a significant challenge, this convenience-security confrontation is more easily addressed because business planners are in a position to balance security and convenience at a level sufficient to protect their information assets from compromise -- not to say that all do, of course -- by directing internal users to simply deal with the security requirements as a condition of employment.
The Consumer World Is a Very Different Story
If there’s one thing we all truly love, and many times believe we can’t do without, it’s convenience. In fact, convenience is often the first and most persuasive consideration we make in buying or doing all manner of things. In consumer technology, convenience has become one of, if not the major influence on what sells and what does not. Recognizing this, most manufacturers have made convenience their primary design goal and marketing message. Today, most marketing battles among new consumer products are fought largely on the plane of whose gadget is the most convenient.
This Isn't New
In fact, the move toward convenience began as far back as we knew how to make something … anything easier; at least a few centuries. In the early days, we called new and easier ways of performing required tasks “labor saving” and they usually were. The electric washing machine freed housewives from the endless drudgery of hand laundering their families’ belongings. The automobile made journeys of more than a few miles into an hour’s drive instead of a dusty, day-long buggy ride attempted by only the hardy and only when absolutely necessary. Back then, everyday life was hard enough for the average person that convenience for its own sake was usually crowded out by development of ways to actually make life easier.
New Functions vs. More Convenient Functions
Back then, and still true, there were two major kinds of new developments: those that enable us to do things that had been practically impossible before, and those that make things we are already doing easier and less complex. The automobile made previously unthinkable travel possible for the first time, but Kettering’s new electric starter, while a major boon, improved something previously done manually (hand cranking the engine), making it easier and more convenient.
Likewise, portable blood sugar monitors made it possible, for the first time, to measure and accurately manage the use of insulin -- having had a grandfather using insulin in the 1940s and a wife doing so today, I can attest to the remarkable difference these devices have made. But the wearable insulin pump, while a worthy development, simply made that process more convenient.
In today’s technological world, we confront essentially the same dichotomy: new functions versus more convenient functions, with the latter taking center stage most often.
As you might expect, the beneficiaries of increased convenience soon become so accustomed to it that they demand ever more convenience as an incentive to buy or adopt all manner of new products or services in every part of their lives. Manufacturers (no dummies they) push the convenience aspect of their products and services, often to levels approaching farce -- voice activated automobile technology that frees the driver from reaching for dials and controls while driving might be considered a worthy development, but voice activated washing machines, for all but the severely disabled, seem a bit beyond the useful.
Open the Door Too Wide and You Can’t Control Who Enters
In the wireless connectivity world, this push for more convenience has the often unnoticed, and rarely mentioned, side effect of making entire networks less secure from external attack. Vulnerability to attack is nothing new, to be sure. From highwaymen of earlier centuries -- “stand and deliver” -- to bank robbers, to pickpockets and the like, there have always been criminals intent on taking what belongs to others.
Today, however, we face a new level of threat from “cyber-criminals” capable of stealing from us with incredible leverage and without physically breaking in or threatening us. Indeed, today’s cyber-criminal can often do his mischief on a massive scale from halfway around the world, grabbing our digital data without our knowing it until all manner of damage surfaces. Even when he must be physically close to us, the robber need never acknowledge his identity and rarely catches our attention.
Are We Heading for a Collision?
As technology continues its explosive growth, the intense drive for convenience cannot avoid increasing our vulnerability to technology-based crime, leading us toward a collision point at which our lives become so open, to each other and to attack, that using technology becomes literally dangerous -- as we approach the “connected house,” for example, our very home becomes a target. Should that happen, our technology based world could begin to unravel as the consumer technology market suffers and buyers recoil from it.
So what are we to do?
The worldwide growth of the cyber crime industry -- and industry is an apt word for it -- makes it clear that we cannot continue down our current path of increasing connectedness without risking a new and very dangerous “wild (or wireless?) west” future.
Safety is Within Our Reach … But Will We Use It?
The most effective solution would be to begin building dramatically increased security features into new technology products, including those designed for the consumer market, and retrofitting existing products to increase their security features. That, of course, will not happen any time soon among a vendor community basing its future on the ability to convince prospective buyers of how much quicker, easier and more convenient their products are. No firm, after all, wants to be the first to implement higher security, giving its competitors the ammunition to erode its market position.
Time for Collective Action?
Given this “not me first” mentality in the marketplace, the next most effective approach may be an industry-wide standards effort to develop and implement security features across the market, with all vendors introducing them simultaneously, either by industry agreement or with the help of government regulation. Many of the automotive safety standards in place today, for example, came through SAE research and industry adoption even before they were included in government regulations. The same can be said of dozens of other industries, showing a way toward effective -- and common -- security standards in the connected world.
While this will probably depress the market to some extent, the reduction will likely affect all manufacturers equally, fading as consumers grow accustomed to the new security measures.
Target’s travails notwithstanding, we probably have time for the necessary changes to be discussed, planned and implemented. We do not, however, have all the time in the world, and if we elect to just take the money, and our convenience, and run, ignoring the gathering security storm, we may wake up one day to find ourselves turning into a definition of Dystopia.
It would be a shame if such stories, now the stuff of science fiction movies, ended up as documentary.
Title image by Sorbis (Shutterstock)
Editor's Note: Barry also looks at the big picture in Thoughts on the New Cashless Society