(First published on Kiltr May 2017)
Enduring interests abide in me with regard to how information, data, is collected and value extracted from it. This, as well as in the codes, languages, used to express it through. It isn’t passing curiosity. In one way or another, those interests have been the basis for over twenty years of academic research.
Over time I have come to see the relationship between information and the code it is expressed through, the semiotic relationship, as underlying and determining societal, economic and political structures for centuries, entrenching increasingly inherent bias. The nature of how this occurs is becoming far more easily and widely understood as it becomes more literal. This has made it necessary for those who would seek to attain or retain power and wealth to obfuscate the nature of their machinations and render as many societal structures and relationships complicit in the process as possible, smoke and mirrors in their game of thrones. Before, knowledge may indeed have been enough to imply power, but now data drives global economies and power, soft, hard or indeterminate is a far more nebulous concept.
Given pause for such insidious considerations while I cogitated over whether to first publish a short addendum piece to ‘The Great Panjandrum’, drawing out a few thoughts I had omitted from it in the editing process but nevertheless felt ultimately pertinent, or to go with another piece I’d written a few weeks ago and was yet to publish, unsure of whether it may place me in the midst of a debate which can be fairly febrile, or of the relative dangers that may entail, I genuinely couldn't decide.
This latter is written in what currently passes for standard orthographic Scots, takes issue with one of its extant culture bearers and at least one other, and has notes on the whys, wherefores and my thoughts on what should be a far more involved and nuanced Scots language debate than the excuse we currently have as one. Its themes as much as any intended addenda to ‘The Great Panjandrum’ related to it just as much, my quandarry was in whether if or when I would feel able to take it in the neck from both sides of what stands for that debate.
In the end, along came a virus exploiting a bug codenamed EternalBlue, affecting my life and those for whom I and my company are advocates, in very stark, real and alarming ways. Data encryption swiftly became a matter of life and death and related to my addenda in ways I had to prioritise. So ‘The Great Panjandrum 2.0’ grew some arms and legs and I could easily wait to get pelters about my thoughts on the Scots language.
Just in case you didn’t hear, the bug named EternalBlue, general awareness of which emerged a few weeks ago when shady hacker crew Shadow Brokers dumped a load of cyber tools, believed to belong to and to have been hoarded and exploited by the NSA, was used as a method for rapidly spreading a ransomware variant now called WannaCry around the world from Friday. Initial reports of its deployment came from within the NHS.
I first became aware of the threat while managing office appointments for my partner’s counselling business, which receives some referrals through the NHS. We were sent a warning email early Friday afternoon. My company also provides email servers for the counselling business, as well as for quite a few other small charity and non-profit organisations.
We became not only alarmed at the situation but, in knowing a little about how these types of attacks are propagated, at the NHS’ naïveté in sending out email warnings from compromised servers. I became more concerned still for the clients of the non-profit I run, which my company is the revenue raising arm for, supporting people with neurological disabilities. I had a personal neurologist's appointment due next week myself so decided to check on the situation directly.
On calling the department, I was told by reception they had no access to any patient records due to ‘the system being down’. I explained that given this was one of the main centres for neurological research in Scotland and a main diagnosis centre, and since I was fully informed and aware of the situation, I wondered if it would be possible to give me more than bland non-reassurances, maybe even let me know what was being demanded in the ransom for my records alongside everyone else in the department’s. The receptionist floundered. I wasn’t sure if she wasn’t able to answer or wasn’t allowed to.
WannaCry propagates itself, worm-like, by encrypting any files it captures. Then ransoms are demanded to release the files. For individual users affected this manifests itself as victims being asked to pay up to $300 to remove the virus, otherwise files remain locked and systems inaccessible.
The ransomware has hit the NHS hard, exposing vulnerabilities in a system badly in need of greater investment, poorly built and maintained, with multiple sources reporting closures of entire wards, patients turned away from appointment and admissions as well as Accident & Emergency departments. A central London NHS Trust advised patients to look for assistance elsewhere, pointing out ambulances may not be available. Another NHS England organisation had to turn away outpatients and restrict life saving radiology services on its cancer ward. Another hospital, which had closed its A&E department, would only admit patients in ‘life threatening conditions’.
As of Friday evening, NHS England reported 16 individual organisations within its make up had been hit to the point of virtual shut down by WannaCry. Half of NHS Scotland Trusts had also been hit. There are fears it could spread much further when staff reached their desks on Monday morning.
The outbreak has hit systems in at least eleven other nations. A security researcher with AVG said he’d recorded 36,000 variants as of Friday. Security firm Kaspersky later said it had recorded as many as 45,000 variants in 74 countries, noting Russia had been the hardest hit with Spain under virulent attack too. MalwareTech produced a map of the spread.
The dispersal of malware came through email, in which fake invoices, job offers and other lures were sent. Within the emails is a zip file which if clicked activates the infection. The worm like nature of the virus targets a Windows operating system vulnerability in a network file sharing protocol.
After the initial Shadow Brokers’ dump and exposed online discussion of how to exploit vulnerabilities it highlighted, a patch was issued for Windows, in March, to prevent just this exact occurrence. WannaCry’s rapid dissemination through essential health, government and energy/utility systems shows how widely spread wilful ignorance of that threat was.
This is not a random or isolated event. This is the accumulation of issues over many years. One of the most significant, though far from the only one, is how government understands the term ‘cyber warfare’.
Despite spread and awareness of the term, governments, Presidents, Prime Ministers, generals and journalists treat the term as an extension of the jingoism surrounding their approaches to warfare in general. This has led to an at best imbalanced understanding of what it actually means. This has, in turn, led directly to exposure to attacks like that propagated by WannaCry.
Cyber warfare is entirely different to ‘traditional’ warfare and demands an equivalently different response. This does not appear to be a mindset many governments are predisposed to.
In ‘standard’ warfare, it is possible to build up your own defences without improving those of any opposing forces. You can develop new offensive weaponry which your ‘opponent’ does not have. Aiming for this asymmetry has been fundamental to how wars have been won.
In cyber warfare, in contrast, everyone uses the same basic software infrastructure and weaponises the same vulnerabilities in global technological or network infrastructures. Building up your own defences contributes to building up everyone’s defences. It is only possible to develop new ‘weapons’ if everyone can develop them, can exploit the same vulnerabilities.
Governments and politicians with a reflexive trust of their own intelligence agencies develop massive issues in understanding these basic principles. It is in the interests of the agencies to obfuscate and promote their own favoured positions. That’s why agencies like the NSA and GCHQ like to emphasise how much they are engaged in defence.
In a bizarre coincidence, at exactly the same time as WannaCry was attacking the NHS on Friday, GCHQ tweeted its defence credentials in limerick form (it was National Limerick Day apparently, who knew! Well apart from the bods at GCHQ, who should have known other things entirely!):
These organisations do not form the first, last or any line of defence in cyber wafare. Instead they keep us vulnerable to attack because their organisational structures create powerful incentives to do so. The ‘Snooper’s Charter’, now law of course, means vast amounts of citizen based data is hoarded on their servers too, a valuable and desirable resource, whether for data horse trading or for ‘cyber criminals’ with will and intent.
The basic psychology of agencies like GCHQ and the NSA makes it nigh impossible for them to engage in genuine cyber defence. These agancies are rooted in the psychologies of the spy network, of the cold war. Engaging in cyber defence as a matter of due diligence would require reporting vulnerabilities as soon as they were found. But that would appear, to their psychology, to preclude any advantage, any means of exploitation they may have over other networks. The nature of information flow, shadow data, they rely upon would soon dry up and budgets along with it as they became politically vulnerable.
And yet, while the vulnerabilities of NHS data management put lives directly at risk, is still doing so, its a fairly safe bet, GCHQ, or a government spokesperson on their behalf, will not be held liable, during a General Election on Theresa ‘strong and stable’ May’s watch, for limericking while the NHS burns! No doubt they will instead be given extra powers of offense, ostensibly to snuff out the threat of those who so exposed their frailties, for failing so badly at defence.
Which brings me to what were to have been far simpler, more idealistic addenda to ‘The Great Panjandrum’ based thoughts. There is a word being as much used in data management circles as it is in those of futurists and culture design enthusiasts. It is a word with cultural resonance for us in Scotland and perhaps it is one which we can play a part in reclaiming. Not for ourselves in any kind of contrition with exceptionalism, but as a drawing of a line, a staking of a claim to a collective future by owning the etymologies of our past. The word is steward.
GCHQ are not good or even appropriate stewards of our data. A hard-right Conservative government in Westminster is proving, at least in democratically expressed international, national and regional terms, wherever your sympathies lie in any tribalistic political divides, to be an increasingly inappropriate steward of Scotland’s future.
Scotland’s history, and in some regards as much that of the Union too, it’s past, is inextricably linked to the lineage of Stuart descent. The surname is etymologically derived from an occupational name for a steward. In pre-diphthong shift Old English, the word was compounded from ‘stig’ or ‘household’ and ‘weard’ or ‘guardian’, to be rendered ‘stigweard’. It came to mean the overseer of a ‘noble’ household, with particular associations to safeguarding the treasury.
Where records exist, the surname, devoid of occupational association, is first found in Scotland from the 13th century. It evolved differing connotations in a Scottish cultural context as the feudal and burgh systems of managing capital evolved across Europe.
Few royal European houses, in an age still in thrall to an absolute power embodied in the ‘divine’ right of monarchy (albeit increasingly tempered through a dissemination of some wealth and power among barons, knights, lairds and clergy) would elevate any descendant in a line of mere stewardship to ‘absolute’ power. A pervasive, however ultimately illusory, cultural notion persisted, embodying the ascendant royal lineage with ‘stewardship’ of Scotland on behalf of its peoples. It does not appear to have been a notion which readily translated through the politicised processes of Union.
The notion of stewardship persists though. As it is around the world, Scotland is struggling to balance the tensions, the push and pull of a heavily politicised, data driven economy against the imminent plethora of genuine global existential crises. From where will we derive the wise managers of cultural evolution before it’s too late, before the seemingly inevitable overshoot and collapse of current general, global mismanagement?
Perhaps you’ll think it a trite and overly simplistic observation, but it comes from a place of deep frustration and ultimate need to hope. It’s a relatively safe statistical bet we already know everything we need to, to solve our current political, societal and planetary crises. As we move towards an increasingly perilous future no one can surely want. Seemingly blind to our capacity for collective re-imagining of potential and possible futures, we appear to resign ourselves to participation in someone else’s poor design, to entrust stewardship of our future to the least able to think collectively. To those unable to imagine a future beyond an illusory past.
For the last half century, technically at least since the Enlightenment, government agencies globally have invested relative billions in funding social sciences. And yet still we grapple with intensifying social, economic and political issues on local, national, international and global scales.
A major reason the issues persist is not because academia has unearthed no viable solutions but rather is in a failure to ensure vital bridge building between the arenas of academic research and social change practice. It should be shameful to us as a society how many life’s works, how many academic findings are never translated into social improvement or the positive change they foreshadow.
And so we find ourselves, as individuals and as a species, disoriented human beings living in an increasing bountiful but paradoxically barren 21st Century; where we were promised utopian jetpacks we face the dystopia of compounding existential threat. Not merely to our own existence or to that of the species but to the totality of human lived experience, gathered knowledge and accrued wisdom, held in a state of jeopardy by the capricious demands of a greedy few. A mass extinction event is unfolding, driven primarily by human activity which increasingly benefits only them, until it benefits no one. There would be no lessons learned from the end of the species.
Urging it on, squeezing every last drop of capital from every possible resource, hidden in plain sight, just follow the money as Deep Throat never said, this cabal of billionaire financiers have built a machine, the most sophisticated system of misinformation, marketing, spin and outright propaganda the world has ever seen. And they have done their damndest to make us all complicit in their machinations, to almost embed us in its sub routines, as they have gone about it.
They corrode and undermine our electoral systems, defunding or supporting government as they see fit, directing taxpayer funded research toward the entrenching of their positions. Then wheel out willing puppets to tell us we’ve had enough of experts who we never get to hear.
It is a massive global system designed to extract and hoard wealth, where wealth has come to equal power. It has become so successful at propagating itself just 62 people now personally hold the same aggregate wealth as 3,700,000,000. Those are vastly overstacked odds which should fill every one of us in the latter number with an even greater righteous anger for every zero counted. But the rigged nature of the game translates it into an even deeper sense of futility and frustration.
Something which won’t be mentioned much in our impromptu General Election campaign is that the choice is not between political parties but between attitudes towards culture design, between ideologically conscious divides, between attitudes in how we respond to impending future collective necessity. As a vast infrastructure for spreading, sowing division, hatred and lies, for pitting one political tribe against one another, for turning data back on itself, whilst the coffers are stripped bare, shifts its focus again to the UK, in Scotland, can we find the means to move beyond it? Can we find our route to become part of something more, to play a part in becoming wise stewards of planetary and cultural evolution?
As our planet and species behaviour changes in unprecedented ways, can we learn from and apply the sciences of cultural evolution to navigate the cascade of crises already besetting a world deeply and profoundly altered by human actions?
The issues run deeper than any political debate. Discernment of priorities is more than deciding what is fake and what is real news. They are symptoms, skirmishes in the midst of a full on, non-linear information and data war, where it will no longer be clear who the combatants or what the motivations even are.
As yet no one has claimed responsibility for WannaCry. Targetting the NHS seemed to make the impact on individual lives, the possibility of deaths, to find responsibility, to point fingers of blame, far more likely. Was it intent or obfuscation, a strike or exposure of failing political and technological systems?
Against backdrops like these there are no simple binary choices, until there are. They are not just between a hard right Brexit cliff edge and another IndyRef. But each choice delineates pathways of culture design.
One will lead to the inevitability of overshoot and collapse, with power increasingly transferred from the many to fewer, by institutions of greed and wealth hoarding at the blackened, selfish heart of the current failing ideologised, economic system.
The other has at least the potential to recognise humans as part of nature and to see any willing distinction, any separation of global and local crises as a cultural sickness. It has the potential to choose to take a leading role in becoming part of a global network of nations as culture design laboratories, recognising the challenges we face as a species and joining in addressing them through open collaboration and participation in the design of our collective futures.
It is just the potential it has for it mind. It would take active agency and engagement with what’s actually at stake. It would take deciding which MPs, which of us, can genuinely become what Joe Brewer calls ‘seed islands of transformation’. It would take acknowledgement that humanity already has the knowledge to solve every chronic issue it and our societies face. To not have done so is either poor management or wilful political prestidigitation. It would take acknowledging systems of endemic power and entrenchment. Most of all it would require a collective will to uproot them wherever they have grown wild.
In the immediate sense, in a world driven by data, it would take an acknowledgement it is not a resource to be treated lightly. Certainly not by a government agency claiming to be the first line of defence in cyber warfare, falling desperately short, writing limericks about its capabilities whilst they are woefully exposed, literally threatening the lives of citizens it claims to defend. If mismanagement of data can lead to the possibility of death, on any scale, you are certainly not fit to manage it.
As Joe Brewer says, we can only reach a future we all strive for together. If stewardship of the future leads to there being none, those who would have you appoint them under those circumstances, with those plans for culture design, have wholly misunderstood the concept; perhaps it’s a cultural thing.
Oh, and don't click on any unsolicited zip files in emails, OK?
No comments:
Post a Comment