Who's Watching the Store?

I was sitting in a session on InCommon at Internet 2 this week when I noticed my spouse’s name pop up in my inbox with the subject line "Trouble." Oh no, I thought, what could be wrong? Her mother has been ailing lately, and so my concern went immediately to her as I clinked on the message. Here is what it said in full:

Hi

Apologies for having to reach out to you like this, but I made a quick trip to London,United Kingdom and had my bag stolen from me with my passport and credit cards in it. The embassy is willing to help by letting me fly without my passport, I just have to pay for a ticket and settle Hotel bills. Unfortunately for me, I can't have access to funds without my credit card, I've made contact with my bank but they need more time to come up with a new one. I was thinking of asking you to lend me some quick funds that I can give back as soon as I get in. I really need to be on the next available flight.

I can forward you details on how you can get the funds to me. You can also reach me via alternate email or hotel's desk phone, the number is, +447045749898

I await your response.

Thanks

Denise

I jumped up from my chair and said to Ken Klingenstein, who was sitting next to me, “Denise has a virus.” Kindly, he asked after her health, to which I said, “No, it is an Internet virus, and that is why I am so concerned!” (Denise, thank heavens, is a very healthy lady.)

When I called Denise she reported that an administrative assistant had already alerted her to the problem. She was then unable to get into her Gmail account because Google had cordoned it off. That act made sense to me as a standard automated security procedure. But how was Denise going to get a message out to friends, family and associates – many of whom are wonderful parishioners -- who would want to help a priest in the Episcopal Diocese of Rochester where Denise works? Facebook was a partial answer; partial because they closed her account too for a while reporting a problem emanating from San Francisco (actually Mountain View, where Google has its headquarters, but never mind map particulars). When it opened again in a few hours she posted a message on her wall that went out to all of her “friends” informing them of the hoax.

It was the next best means to her contact list. That list was tucked inside the Gmail account and the principal tool of the botnet spammer built into the hacker’s code. Of course Google had rendered it inaccessible. In the meantime I answered well-intentioned email messages and phone calls from my Aunt Angel, my cousin Kit and our friend Peggy about Denise’s welfare. Denise received many inquiries about the validity of the message, including from some elderly ladies at the Church of Ascension where Denise is acting as an interim priest. These wonderful ladies barely know Denise but wanted to reach out to help her. The sociology of the Internet remains ripe for study as a place where humanity and technology meet in the most fascinating way every second of every day.

By the next day the virus activity subsided but Denise was still in crisis. Google kept the account closed and she had no way but through a web interface to report and attempt to remediate the problem. After almost 48 hours and many pleas into cyberspace, she had access to her account but was dismayed to learn that all of her mail from before the attack was gone, both stored and inbox. Worse yet, her contact list had been emptied. Google deleted all of it, completely and irretrievably.

How should we think about this result? One the one hand, the complete purge method it is a very hygienic approach to a hacking; a fresh start means that no nasty code remains to infect other accounts or re-infect the one originally affected. Google can plead white hat good guy and rest assured of the security of its other accounts in terms of that particular hacking. On the other hand, it left Denise without years of valuable contacts and information. It was not a user-friendly solution. This solution took no notice of Denise’s dependence on that system and information, a dependence that included both personal and professional aspects of her life. Untold hours will now go into rebuilding that account. Because she is not privy to the security engineering analysis of how it happened or how it was cured, she has no way to know whether she should change passwords on all of her accounts, Facebook included, or curb any particular Internet-related contacts or communications. Lurking behind her wariness is the threat that, without warning, it could happen again … and again … and again.

But then again, why should she assume otherwise? The account is for free! What does one expect when you get something for free? Why would anyone think that you could or should do business on more mutual contract terms when you are receiving a service for free?

Yet we do. Every day more and more businesses, large and small, for profit and not-for-profit, elect to use Google as the infrastructure for everything from mail to documentation and work product creation and storage as well as Internet browsing and computer operating systems. Almost every day another college or university signs on for student mail services, many also for faculty and staff, as well as Google Apps, which melds institutional information and legally protected information such as education, financial and medical records into the accounts. And everyday Google becomes the target for Internet attacks whether it be for political gain, such as Chinese nationals, or financial, as in the case of Russian or Nigerian criminals. It is today in terms of security the Microsoft of yesteryear. And why would't it be? They have the resources and so much control and money.

Whose watching the store while this turbulent world emerges upon us? Not only do millions of individuals rely but an increasing percentage of our gross national product is tied up in this one Internet corporation giant? Who is monitoring the technical security standards and criminal process? Who is attempting to balance the needs of users, lured into this arrangement for a variety of reasons from financial to social crowd sourcing with the unequivocal power of the industry to control its decisions about access and content? Twentieth century labor history is all about shifting degrees of bargaining power. Let’s face it: users have none in this twentieth-first century configuration of the information economy.

What is stunning is that a hundred years ago workers knew where they stood at the bottom of the political barrel, and fought for decades to acquire the right to organize and bargain collectively. We may look back at that time with nostalgic admiration and even pity for the terrible working conditions and long, punishing hours that our ancestors faced in mills and mines and factories. I wonder what they would think of us, however, if, resurrected from the grave, they, with the hard-won experience, could look upon our sugarcoated dependencies of today. Pity may work the other way around.

We should take our lessons from history.