Is nothing safe! From next month, Singapore’s civil servants will be disconnected from the Internet. And then connected again using notebooks that are disconnected from the government intranet to which all government computers are connected. ‘Two systems, one government’ so to speak. There are caveats. For example, the new rules won’t apply to teachers, who are regarded as civil servants in Singapore. Civil servants will be able to communicate with each other using Facebook’s Workplace social media platform. But will civil servants be allowed to take their government-sanctioned notebook home with them? Crucially, will they be able to download into a USB work-related information and then transfer it into the sanitized government intranet-only hardware? Presumably that’s a Big No-No. Over the past few years government databases, including that of the defence ministry, have been hacked, although it is claimed nothing more serious than personnel contact details were stolen. The government must now be very concerned about spear-phishing those personal email accounts.
So yes, nothing is safe in the Internet world. The message has finally started filtering through to the general public. Stories of connected toys which transit data back to vendors who then resell the data have been hitting the headlines with growing frequency. Recently those ‘toys’ have included children’s teddy bears and adult sex toys that connect partners globally. To sell data to commercial enterprises such as toy manufacturers, insurance companies and the like is, at minimum, a breach of trust and privacy. The more serious threat is that data finds its way onto the Dark Web for paedophiles and blackmailers.
The highjack of the IoTs, such as unprotected webcams, to launch DDOS attacks using bots to take control of the devices and send a tsunami of traffic to the victims’ websites reached new levels during 2016. Ransomware became a cybercrime of choice. Politically-motivated and terrorist-associated cyberattacks on critical infrastructure have gone increasingly from theory to practice.
Not surprising Singapore feels that drastic action is required. For the most critical cyber assets the move may well be followed by other governments and organisations, who will certainly be studying how Singapore manages the situation. It seems to go against the entire point of the Internet, namely to achieve seamless universal communications. And how will government-to-public (G2P) communication be structured? Presumably as G2G/G2P where the / represents an offline process. Won’t this disrupt automated real-time communications? These are issues of detail for sure, but underlying them is the wider question: can safety only come as a trade-off involving convenience, efficiency gains, and functionality? If, for example, a smart city is to embrace G2P and P2M as well as M2M on a massive scale using artificial intelligence to process and interpret information real-time, can the concept withstand a significant retreat from real-time connectivity?
At the personal level, will citizens forever be happy with their personal data being shared without their knowledge and expressed agreement? The latest addition to Facebook Messenger, for example, has surreptitiously added a “My Day” + sign which will automatically share a selfie, for example, with the entire contact list. One fat finger, or an unsuspecting touch of the + and privacy disappears out into cyberspace. Last summer, Facebook quietly let it be known that personal data from its subsidiary WhatsApp would be shared with the parent company. This is under investigation in Europe, as it should be everywhere. What makes this particularly damaging is that in a world of Internet where nothing is safe, the last remaining vestiges of trust are also disappearing. Everything from e-commerce to e-government relies upon a degree of trust. Following Singapore’s example, trust may only be preserved when we are disconnected.