You and I probably follow this stuff more than the average person.
These days it's pretty much my job to. And yet I missed Carrier-IQ,
the Android vendor malware. Eventually read about it a year after the
first investigations. Also I almost missed the Apple CSAM debacle,
being busy with a couple of contracts. Total time from tentative leak,
through disclosure, expert-public outrage to Apple backing down was
about 8 weeks, please correct me if I am wrong?
This is Blotto front exhaustion and fatigue in action. It's in the
counter-terrorism literature. When you're under attack on many fronts,
and adversaries regularly create new ones, and attacks are frequent
but random, eventually some get through.
And I very much consider "big tech" to be adversaries in the civic
cyber-security game, because they can and will do whatever would make
them money, bending and breaking laws, covering up wrongdoing,
silencing critics and smearing whistleblowers. They've done so
reliably for years.
Perhaps at issue is what we think a "scandal" is.
Scandals used to be mainstream news events that caused widespread
public discontent, led to lengthy investigations. government reports,
companies being fined, shut down, careers being ruined, even
suicides and jail time....
Today the word has lost its currency. Data leaks were once scandalous
but we long passed the point when weekly and then daily major breaches
lost the interest of the media. By definition, news has to be
something new. Otherwise it's "Oh-Dearism". Again, company X
installing malware and spying on you is hardly raising
eyebrows. People are coming to expect it.
I'm not making a point of moral outrage, or even passing much by way
of judgement here. It's just what's happening. But the essential
"criminality" of big-tech (if only in spirit not letter) does have
profound implications for the future of digital technology, and we
should not ignore it. The possibility that the main players have been
silently compromising rented VMs for reasons other than mandated
law-enforcement should not be lightly dismissed.
I'm curious to know what you think the mechanism/psychology is at play
in the "people not caring", other than the fatigue factor I mentioned.
This is Blotto front exhaustion and fatigue in action. It's in the counter-terrorism literature. When you're under attack on many fronts, and adversaries regularly create new ones, and attacks are frequent but random, eventually some get through.
And I very much consider "big tech" to be adversaries in the civic cyber-security game, because they can and will do whatever would make them money, bending and breaking laws, covering up wrongdoing, silencing critics and smearing whistleblowers. They've done so reliably for years.
Perhaps at issue is what we think a "scandal" is.
Scandals used to be mainstream news events that caused widespread public discontent, led to lengthy investigations. government reports, companies being fined, shut down, careers being ruined, even suicides and jail time....
Today the word has lost its currency. Data leaks were once scandalous but we long passed the point when weekly and then daily major breaches lost the interest of the media. By definition, news has to be something new. Otherwise it's "Oh-Dearism". Again, company X installing malware and spying on you is hardly raising eyebrows. People are coming to expect it.
I'm not making a point of moral outrage, or even passing much by way of judgement here. It's just what's happening. But the essential "criminality" of big-tech (if only in spirit not letter) does have profound implications for the future of digital technology, and we should not ignore it. The possibility that the main players have been silently compromising rented VMs for reasons other than mandated law-enforcement should not be lightly dismissed.
I'm curious to know what you think the mechanism/psychology is at play in the "people not caring", other than the fatigue factor I mentioned.