Robert Vamosi wants us to think about how systems we rely on for creating business value may have downsides in his book “When Gadgets Betray Us.” Imagine yourself sitting in a coffee shop, your Apple iPhone next to your vanilla latte, briefcase slouched against the table, logged in to the free wireless network. If this was a typical look at digital risk, you might guess that your phone and laptop were your biggest concerns.
That’s not the point of this book. Instead, the gadgets you should be thinking about are your car’s remote notification systems, the parking meter you used, and the ID tag your records management staff placed on that file in your briefcase. What are the systems around us doing with information we, or our gadgets, provide them? Vamosi looks at our reliance on technologies and paints a thought-provoking picture about those interactions.
But he is not a Luddite attacking the dominance of gadgets, nor focused entirely on technology. A former contributing editor at PCWorld and senior editor at CNET, he opens with a fascinating look athacker locksmiths. In particular, Vamosi explores the pros and cons of those who can break or expose shortcomings in systems sharing those shortcomings with others. If you’re a purchaser of that gadget or bike lock, you might want to know about potential problems. But you may be worried to know that thieves or crackers have access to the same information.
Manufacturers are concerned about that, and Vamosi discusses a number of products where the manufacturer attempted to block sharing of negative information about its product or only acted to fix a known problem after public exposure. But the meat of this book is not in the retreading of commonly discussed security and product issues, like using unencrypted public wireless networks or the recent revelation that Apple iPhones and Google Android phones retain longitude and latitude coordinates in a hidden file on the device. Vamosi looks instead at the everyday systems around us.
“When Gadgets Betray Us” follows a typical business book format, with each chapter opening with an anecdote and then moving into specifics about the technology or device in question. Whether it’s the global positioning system (GPS) user who gets out of her car and avoids being hit by a passing train or the transit pass user who figures out how to get unlimited rides for free, Vamosi puts you in a real-world situation before digging into the details.
And there are lots of details. The technical terminology was sometimes daunting, particularly in the chapter on wireless phones (CDMA, GSM, EDGE, etc.). Vamosi’s writing is engaging, though, and I found that in those sections where the discussion was more technical than I needed, I was soon out of the thickets and still able to understand his explanations of what are unquestionably complex systems. While there will be technical readers such as law firm CIOs who will easily grasp the vocabulary, I think this book is more geared towards, and valuable for, the managing partner and other law firm business leaders. Vamosi touches on a number of important issues that, while illustrated by non-law examples, have direct application to how law firms adapt technology to their own success.
Vamosi has tackled the sorts of systems we see everyday but not that the ones that we probably think about. The chapter that deals with parking meters is particularly interesting, almost humorous, in pointing out the multiple points of possible failure or susceptibility for tampering that certain systems offer. Cities save money by moving to electronic credit card meters, but what is being stored and for how long? It might keep your credit card number, which is a critical piece of information at the hub of whole range of systems you use, from banking to travel check-in to shopping. And if city workers armed with PDAs can download the information, who else can? The paranoid may want to start wrapping their wallets or purses in aluminum foil!
One critical aspect is entirely non-technical — a recommendation to remind lawyers and support staff use common sense when using technology. A central tenet to Vamosi’s book is that we sometimes shift to auto-pilot, literally, when we have a gadget that we rely on. Just because the GPS or Google Maps says, doesn’t make it so. It is cliché, but we need to trust but verify when dealing with technology. A law firm can drive off a cliff without the help of GPS: what if those radio freqency ID (RFID) tags your records management files use are insecure, and susceptible to being hacked or read without your knowledge when those files leave the law firm’s premises? Vamosi’s description of a researcher with an embedded RFID chip in his skin, which was then hacked and rewritten by another researcher in a live presentation, is a bit creepy. The point is not that we should be paranoid, but that we should be aware that RFID can be attacked and understand how we defend against that.
Single point authentication is a recurring deficiency with many of the systems that Vamosi discusses. He gives a nice discussion of how adding additional complexity for two-factor (ATM card + PIN) or three-factor (ATM card + PIN + handprint) authentication can improve systems without compromising their usefulness.
If you think about how many systems are secured in a law firm by a single key or username and password, or how many are unlocked by a single sign-on, the possibilities become obvious.
Vamosi isn’t suggesting that user convenience be discarded. In fact, he returns to this point repeatedly, that enhanced security needs to balance with what the user can be relied upon to perform. If a lawyer has to use a 12 random character password that changes every eight weeks, they may be more likely to store it on their smartphone in plain text than if it was an easier password requirement that changed less frequently.
Another theme Vamosi repeats is the improper re-use of a technology or system. This makes sense from the manufacturers’ perspective, because they can use a known technology to deliver their product. It may even create a substantial benefit to the customer.
But you pause when Vamosi explains the potential attacks that are possible when a patient’s Pacemaker is given an IP address and made available over the internet to a remote doctor for monitoring. Devices connected to the internet need to be secured and monitored, and if we can’t adequately protect smart phones against viruses, how do we approach protection of Internet-enabled medical equipment?
Vamosi is a skilled writer and the topic is fascinating, both to the non-technical and technical alike. Many law firms have staff whose job it is to think about these sorts of issues at the organizational level. Vamosi breaks down our infatuation with gadgets so that even those of us without information systems responsibility can think differently about how we interact with and rely on the technologies around us.
::: BOOK INFORMATION :::
“When Gadgets Betray Us: The Dark Side of our Infatuation With New Technologies”
By Robert Vamosi, senior analyst, Mocana (smart device security company)
Basic Books (March 29, 2011)
List price: $26.99
Kindle edition: $12.99