Tuesday 7 October 2014

Teh internet really is serious business

At the Royal Court Theatre last night, the audience and I were left with the impression that internet security is a luxury that all too few of us will ever be able to afford.


Because we were seeing a magnificent play which charted, in the broadest of terms, the rise of the hacktivist group Anonymous, and the fall of members of a related group called LulzSec.

If you want to appreciate how a small group of exceptionally talented individuals can cause havoc, when they try, or shed much-needed light on secrets that large institutions have tried so hard to conceal, then this is the play for you.

 As Dominic Cavendish put it: “at last, we have a play fit for the bewildering online times in which we live. Tim Price’s Teh Internet is Serious Business (the misspelling is knowing, btw, as is much else) takes us inside the strange world of the hacker, at once solitary and part of a sort of surrogate family.”

And as John Nathan remarked: “crucially the show reveals how our lives, institutions, values and laws are at the mercy of a group of talented but unruly teens - sometimes for good, at others, for ill.”

It made me realise how much we rely on those who provide us with our own on-line security products to go that extra mile to keep up with the very latest advances in digital protection. It made me appreciate how much so many organisations have relied on software developers who, because of the speed with which they have been required to deliver products, have not been able to fully assess all potential vulnerabilities.  And it made me think even more carefully about the motivations of those who attempt to test to the very limits the security controls that currently exist. These people will not necessarily do it with evil intent. They may not even appreciate the gravity of what they are doing – until the digital locks have been broken and much-valued secrets are secret no more.

I’m planning to attend a meeting of Parliament’s Intelligence and Security Committee next week, to offer my views on the appropriate balance between our individual right to privacy and our collective right to security. I do hope that many of the Committee members manage to pop over to the Royal Court to soak up some of the exuberance, anarchy and occasional naivety of some of those who have such strong hactivist skills.  The play is running until 25 October, so there is time, if any are so minded.

If they do see it, then they may realise that its not only the intelligence Agencies’ use of intrusive surveillance capabilities, and the adequacy of the existing legislative framework that governs this issue, that requires a review. What’s also required is a more fundamental review into the consequences of a truly interconnected world.

If I’ve learnt anything from last night, it’s the need for organisations to consider building even more physically separate systems, rather than relying on security to be provided primarily by means of specially designed software. Certainly, they need consider the merits of creating air gaps within their own IT systems. Does every large organisation need to rely on a single set of connected servers? Cyber attacks are here to stay.