About: Digital Self Defence

Computer security for everyone

This Digital Self Defence site contains a collection of essays by Andy Farnell which include challenging modern tech critique.

Background

We seem to be in a time of global anxiety. A pandemic has swept the world. Financial systems wobble. Recession always looms. AI threatens job security. There is a crisis of leadership. We suffer corrupt and incompetent governance. Climate change threatens our way of life as we try to reduce dependency on fossil fuel. All these problems are reported daily in the news media.

Less visible is a corresponding digital crisis. Our internet, phones and computers, things supposed to help, are turning against us or failing. Each day we hear about more hacking, data leaks, child exploitation, cyber-bullying, fake news stories, privacy violations, mass surveillance, and the misdeeds of giant too-powerful tech corporations.

To "save money", algorithms and AI are taking over from people. As traditional jobs and services disappear we are led into a deeper sense of isolation and hopelessness.

A popular myth is that "people do not care about digital security and privacy". That is false. We do care but do not know about the digital crisis, which is a different thing. Why is so much journalism on the subject awful, if not outright misleading? Because these subjects are difficult to understand. Public figures, politicians and writers find it hard to comprehend and communicate. Outside the professions of computer science and cybersecurity, ordinary people occupy a similar position to 14th Century church-goers, when Mass was read in Latin.

Despite a successful, widespread programme of digital literacy in the 1980s, we have slipped back into relative ignorance of our technological world. Social media and Big-Tech have engendered an unreflective, accepting and docile relation to technology. Technology serves the profit and control motives of the few at the expense of the masses who are treated like cattle.

We are losing ownership and control of our technological society. People's lives are increasingly run by giant unaccountable monopoly corporations that spy on us and manipulate us, bypassing liberal democracy that has been the basis of our nations for hundreds of years. This abusive and intrusive relationship results from:

  • our lack of knowledge about personal data security
  • the extremely poor quality of device and software security
  • a lack of alternatives in a 'gangster economy' of monopolies
  • too much dependency on tech we don't really need
  • weak government lacking the skills or will to protect citizens

What can we do?

"Cyber security" is the art of protecting your digital life from intrusion and harm through technical knowledge of devices and software. "Operational security" is common-sense skills to avoid being scammed or manipulated, using human psychology and awareness. Together we call this Digital Self Defence, which is about making cyber and operational security accessible and relevant to ordinary folk.

We also call this "Civic Cyber-Security" because the functioning of a benevolent technological society is a shared affair. Failure of systems for any one of us quickly becomes a failure of the system for us all.

Some of the Big Issues

Resilience

What would happen if the power grid or internet failed tomorrow and stayed off for a few days or weeks ?

Thinking about that is not paranoid, it is prudent. Most serious businesses consider just such threats. Fortunately there are simple steps to safeguard you and your family, at least in the short-term of such a crisis.

We are starting to depend on the internet too much. If we don't maintain back up plans like paper receipts, cash money, ballot box voting, and fail safe supply lines we could be in for a shock.

The Internet is still really new, and fragile. It's just a few decades old! Because humans live a relatively short time we already think the Internet has always been here, and always will be. Yet a war, or technical failure could shut it down rapidly. Failure of fragile mono-cultures could cost many lives, even with relatively short outages.

Collective and individual roles

Digital self-defence is therefore about more than individual technology rights, even though they are of very high importance. Most cyber-security courses are aimed at corporate students. Their aim is to protect already wealthy institutions.

Digital self-defence is for the rest of us, it's civic cybersecurity in the public interest.

Individual rights also underpin a shared vision and democratic responsibility to look after our digital world. This returns us to a notion popular at the birth of the Internet, of the "Netizen".

As a stakeholder, each of you have a right and responsibility to protect and partake in the digital world - including the right to withdraw and live life in peacefully free from it. This broad interpretation of technology is humanistic. Digital self-defence is both for benevolent and safe systems, and from inhumane and dangerous ones that threaten the resurgence of new forms of fascism and social control.

A bottom-up (grass-roots) project

Why can governments offer so little to help? Why must digital self-defence work as an organic, Big-Society project?

Instead of investing in defensive measures and civic cyber education, our governments waste money and effort on silly things like cyber-offence and domestic surveillance. They kowtow to giant corporations who put power and profit before real national security. Plus, where governments are corrupt, they have their own agendas to hold power, which work against our security and aim to weaken the systems that empower people.

Digital Self Defence is therefore a project to educate politicians, MPs and decision makers, to get government back "on-side" and properly doing its duty to protect citizens from all threats, foreign and domestic, commercial or institutional.

In the real world we can fight back against disease and global warming with science. We can isolate, wear masks and avoid crowds. Meanwhile, scientists were able to create vaccines. Benevolent medicine pushed back the corona-virus.

In the real world we have choices to resist disaster. We can drive our cars less, fly less, eat more vegetables and recycle. Even these small things give us a sense of agency. We feel we can do something, even if the path ahead is hard.

By contrast there is little or no coordinated civic resistance in the digital world. We feel disempowered by lack of knowledge. The digital world seems fleeting, always in motion. No sooner have experts offered advice, it is obsolete. Even the most benevolent governments cannot keep up. They choose to let "markets" decide. They play a very dangerous game abandoning citizens to ignorance and disinformation.

How do we organise?

So how do we counter technological helplessness? How do we even start to understand issues like digital dependency and addiction? How to we inform people about the value of secure end-to-end encryption, ways to protect our privacy and dignity from the data thieves that roam and bully their way around our Internet?

Holding classes at church halls, universities, YMCAs, cadet centres, scout or guide groups, and libraries! That's the grass roots path to building real national cyber security, building upwards from personal cyber security.

First we must be curious and willing to help others. Most of the first-wave digital revolution happened because we spread knowledge person to person. Long before Google, it was nerds and geeks running computer clubs, enthusiastic teachers and the local "computer guy" who who helped you get online or fix your computer.

Whatever your age, occupation or political leaning, you still can have a part to play in creating a strong, benevolent technological society. You might want to share understanding of what our children are up to on social media. You might want to improve your knowledge and defences against an ever growing tide of digital abuses, scams and attempts to attack free speech and liberal democratic life.

Why listen to us?

Over many years I've given consultation and private classes to people from all sides of society, whether vulnerable women, bankers, soldiers, doctors, therapists, parents, teachers and young people's groups.

We all have more in common as citizens than we have at odds to fight over. Many of the ideas we teach come straight from the worries and questions raised by this audience. Just a few of these issues include:

  • repair, e-waste and ecological tech
  • digital literacy, teaching kids maths and programming
  • technology in the public interest
  • community mesh-nets, digital public libraries
  • digital minimalism and e-waste avoidance
  • intelligent technology critique
  • advising and steering our political representatives
  • helping teachers and schools
  • digital consumer rights, technology law
  • systems theory and sustainability
  • operational security (opsec)
  • personal information protection
  • safe home computer networking
  • psychology and social analysis
  • lifelong learning skills

Why study this life-skill?

At one time, computer security only concerned banks and the military. Today we all have internet, laptops, phones or tablets. We organise our lives around personal computers. They offer convenience and empowerment. But they also make us vulnerable.

Once computers promised great things. They were meant to open up society, spread free information and education. They were supposed to save time, build communities, facilitate debate, promote democracy, and generally solve world problems.

Instead we got bureaucracy, surveillance, advertising, distraction and addictive but empty amusement. Computers are now used to spy, manipulate, subdue and dominate. General sentiment, backed up by a huge and growing body of research, is that digital technology is making us all unhappy and sick.

Many of the promises made in the first era of digital literacy were false. We were promised that computers would transform society and took that as an unquestioned benefit. We forgot to ask the question; Transform society how? To whose benefit? We didn't ask, at what price efficiency and convenience would come.

Today, people need to relearn how to use computer technology. It's not our technical knowledge that we need to improve (maybe it never was) but our attitudes and assumptions.

Protecting our personal devices and data, and thinking about how we really want to use them, has become a life-skill we all need. We need to retake technology, which starts with a deeper understanding of how it should be used, how it is misused against us, and why.

Some FAQs and objections

But I'm too lazy. Won't governments and the law deal with this?

Unfortunately governments, their agencies, cyber-criminals and Big Tech monopolies are quite aligned in their interest to keep you dependent and easy to spy on. Governments are conflicted, not of one mind.

Ideologically, Europe leads the fight for technological liberty and fairness in the world, but the law lags sadly far behind reality. Europe too has notes of totalitarianism and authoritarianism within, and its fair share of naive politicians who would attack basic rights to encryption and privacy in the name of "protecting the vulnerable" or "collecting taxes".

Governments spend very little money on protecting civilians. For one thing, we cannot attract the best talent into civic life when such massive salaries are on offer from the private sector. There is also a decine in a conscientious service culture as governments have burned trust through corruption and institutional decay.

Civic cyber security is not seen as a real defence concern. If Boeing or BAE Systems get hacked, they'll sit up. But if your grandmother is conned out of her life savings, that's just an unfortunate indvidual's affair.

We don't see it that way! In fact we think the entire definition of "National Security" is wrong. So we redefine it:

National security is nothing but the sum-total of individual earned securities of every citizen, each taken as equal.

There are not enough dedicated people to fight for social good in the digital world. We need more good hackers. But this is something you can make a huge impact on, in your everyday life, just by making more intelligent and informed choices.

Why can't I just buy secure products?

Surely economics (markets) tend toward quality? Sadly not. Products are designed to be cheap and disposable, but good security costs money. Companies offering "no cost" services make money from you by spying on your personal habits and communications, which gives them an incentive to make insecure products. Many products now come with malware pre-installed.

Regulation seems useful, but in practice it has little purchase in a fast moving world and tends to stifle innovation and even restrict the rights of small businesses and individuals who desire the freedom to supplant Big-Tech but cannot afford to comply with complex laws.

If you want secure products you must invest in self-education and learn to select and configure technologies. You must learn to be vocal in objecting to deceptive or broken products that do not respect your digital rights - so as to create demand for benevolent tech.

Will schools and experts educate me?

Sadly our thinking in education is stuck in the 1980's. Teaching real cyber-security means teaching uncomfortable truths. Schools are frightened to do that. Even worse, incorrect advice often put out there to mislead and confuse us, is unwittingly passed on by teachers. Misinformation is often spread by corporations set to benefit from our lack of knowledge, to keep us insecure.

Lately a worse situation has arisen. Our schools and universities are being taken over by Big Tech. Google, Microsoft and others want to inculcate and influence our children to be dependent on their products. There is little push-back from teachers or regulation from government.

Parents who are socially or politically active, who are thought leaders, can step-up to protect our children from this. Intelligent and organised parents can make the biggest impact on child online safety.

We can help teachers to understand the issues. For our children, we can help reduce their screen-time, dependency and exposure to corporate surveillance and commercial propaganda. We can dispute and resist the false messages of kids "being left behind" or "socially excluded" by using less tech. Research shows this to be unfounded.

Even though good head teachers ban phones, and throw Microsoft and Google out of the classroom, presently the education system is in a poor state to meet this challenge. Poorer schools with fewer teachers and time actively contribute to the problem when they hand out tablets and "online homework" instead of real teaching.

A reluctance to face up to the challenges of a modern sex education and changing norms is actually making children more vulberable. The idea that instead, child online safety can be centralised and automated via surveillance (as suggested by the UK's tragic Online Safety Bill) is bankrupt and avoidant.

But I have a virus checker and updates

That was the 1990s. Virus checkers and updates are no longer enough. Most of what you think you know about device security is probably wrong.

For example, if your operating system and hardware are not trustworthy a virus checker is useless. Some devices, like so-called "smart TVs" come with spyware already installed, and it is impossible to remove. Companies now ship malware in the updates themselves.

Cyber-crime and manipulation is very sophisticated now. Seemingly innocent apps may not be trusted. You probably scan public "QR codes" or install a random "menu app" at a restaurant, for "convenience".

The reasons that data-miners collect and analyse our personal data is complex, and very, very lucrative for those who steal it, and those who collude with them - such as local councils that run a "smartphone only parking scheme" while selling your data to brokers, insurance companies and advertisers. So many aspects of daily life are tainted by "Surveillance Capitalism" which profits by putting you at risk.

A fair bit of digital self-defence is about what not to do, or what not to buy, and living and working to the assumption that your devices can easily be, or already are compromised.

Can Free Open Source software help?

Yes. Free and open source software is a major part of a potential social solution to the digital crisis. But it is no panacea.

Despite being transparrent, Free software can be subverted too. Infrastructure and technology developed by a generation of public minded programmers, mainly with public money, has been appropriated and put to hostile private use. Free software supply chains are as risky as any private ones.

Openness, software freedom and ubiquitous end-to-end encryption are all necessary but not sufficient elements of a free democratic society.

Openness only offers you the opportunity to gain knowledge and to exercise control. It's no use unless you have the willingness to learn and to make active choices. Many folks do not have the time or inclination.

However, an active citizen will make time to participate. You can learn to care and to talk to your children, partner, colleagues and bosses about your technological choices and needs.

That means changing technology from a personal cave or shield - something that you hide behind - back into a way of connecting with others, directly and without the censorship and mediation of others.

Maybe you've been trying to tell a friend that being on Facebook isn't such a good idea these days. Or you've been struggling to convince your partner that an internet enabled smart TV with hidden cameras and microphone in your bedroom makes you uncomfortable. Perhaps your child bought home a creepy toy doll that listens and tells tales over your WiFi.

If some corporations and governments had their way you would not be free to challenge these abuses.

It scares me to talk about technology

Studies show that people avoid potentially life saving workshops on medical subjects like dementia or cancer, even if they are free, because they would rather not know.

Knowing can be a burden that leaves you cynical and defeated. People describe being 'woken but broken' or 'black-pilled' by learning about computer security and the depressing state of society heading into a digital dystopia.

Like taking exercise there is a barrier to getting started. But you are better off taking the plunge. As your digital self-defence thinking strengthens you, you will feel a growing sense of positive agency. You will want to share your awareness and good habits with others.

I feel inhibited

Are you fed up with your phone tracking every move you make without your consent and control? Does that make you avoid some places or people? Are you reluctant to talk about things that really matter to you, like politics, religion, parenting, business ideas, your health, money, and travel… because someone is listening? We call this the 'chilling effect'. It leads to "Social Cooling". These feelings mean that computers aren't working for you and its time to retake control of them.

Technology is damaging my workplace

Whatever you do for a living, work is already a difficult enough tangle of power relationships and human psychology. Technology can make it easier, or much worse. Problems in the workplace include being scared to open emails, or feeling bullied or humiliated by ICT. Electronic harassment by colleagues and managers is no different than in the school playground.

Workplace technology is increasingly used punitively and abusively to control, and to avoid responsibility by blaming abstract systems and policies. Regaining control of technology can remake your workplace as a more pleasant and stress-free environment.

Those able to lead in this area will have a much sought after new soft-skill and become enablers of successful companies while competitors die from internal ossification.

Simply by recognising digitally mediated abuses you can call out or challenge the perpetrators, articulate complaints to employment lawyers or simply up and leave for a better job more compatible with your revised standards of dignity.

As if always-on smartphones weren't enough of a threat to boundaries, post-pandemic the intrusion of controlling workplace technology into your home and free-time may now be a problem. It is important that you resist this kind of hyper-exploitation which breaks out of the workplace and poisons family time and healthy living. Existing employment laws may need strengthening, and many of us will have to learn to say a firm "No" to new threats and incursions.

I am the boss but the technology rules me

Are you a boss who avoids talk of backups, firewalls and GDPR audits? Technology has a tendency to strangle companies in pointless process. Rather than enabling innovation it can severely limit it, through lock-in and remote control. Learn to push back and control your business in the face of aggressive vendors, misinformation about what you need, opaque but ever shifting regulation, insider threats, competitor espionage and ransomware. If you love the benefits of technology, but at the same time secretly wish it would all just go away, getting armed with some Digital Self Defence might be what you need.

How can I help my kids and family?

We want our children to have the benefits of technology, to not be "left out" or "left behind", but also we worry about what it does to their happiness and safety.

"Left behind" is really a myth and cultivates a more dangerous uncritical and shallow relation to technology. We know that the children of Silicon Valley tech execs who attend no-tech classes fare as intellectually well as other children. That cannot be explained merely by financial privilege.

It's about the person-to-person attention we give each other. Talking about technology with children is as challenging as talking about sex or drugs. It's hard to find the language and facts to talk about digital problems.

Whether its sexting, cyber-stalking, spam, tracking, privacy, phishing, or blackmail, the approach of digital self-defence is helpful because it draws on ideas from progressive teaching in computer science, psychology, strategic analysis and creative critical thinking. Hopefully learning digital self-defence lets you read about ideas you can personalise with your own interpretations and to pass on to your family.