Have NSA leaks given us our cyber-Chernobyl?

It has been said over and over again, for as long as I can remember: the reason the general public does not take information security seriously is that we have not yet had a sufficiently serious information security disaster to make them take notice. The phrase ‘Chernobyl-level event’ has become shorthand to describe the severity of an incident that would be needed to grab everyone’s attention. But have Edward Snowden’s leaks about the NSA given us the ‘cyber-Chernobyl’ that will make people sufficiently paranoid about the integrity of their data to start taking security seriously?

History has shown us that initial problems with new technology are not enough to get people to invest in making it safer. After the advent of cars and aeroplanes, it was many decades before people really started taking safety technology seriously. For example, it has only been in the last few decades that safety belts in cars and planes have become common.

Nuclear power is a younger technology than either cars or planes, but older than the Internet, so this can give us a view into how things may develop. The first experimental nuclear power plant started generating electricity in 1951, and the first accident happened within a year [1]. No deaths were attributed to this accident, and had future US President Jimmy Carter not been on the clean up crew, its effect on the world’s view of nuclear safety would have been minor.

In the next decade, there were many more accidents, including one Level 6 [2] event in the Soviet Union that resulted in the eventual evacuation [3] of over 10,000 residents. Despite there being several other accidents that resulted in fatalities [4], it was not until the first Level 7 event at Chernobyl, with an official death toll of 56 and an estimated 4,000 additional fatalities through cancer caused by radiation, that the general public really got concerned about the safety of nuclear power.

We’ve certainly had a number of major malware events over the years. The discovery of the Michelangelo virus practically brought about the anti virus industry as we know it today. The Melissa virus was perhaps the first to make the evening news around the world. But there are few cases of fatalities being directly attributed to computer-related incidents, and as a result most people view malware as an annoyance rather than a real danger. And these days, malware authors are more interested in being stealthy than in causing a lot of damage – making it highly unlikely that the turning point for people to be concerned with data assurance would be a large number of fatalities.

But death isn’t the only thing that could make people nervous; in terms of shock value, it’s hard to imagine anything more effective at making people squirm than the discovery of a massive and widely abused system of surveillance that has been going on under everyone’s noses for years. Even as a highly jaded security wonk who had already suspected that governments were up to shenanigans, the recent revelations have truly floored me on several occasions. I can only imagine the effect this is having on people who are not steeped in security paranoia on a daily basis.

I never thought I would see the mainstream press covering things like Tor and encryption, which until recently seemed like tools that were too complicated and paranoid for most people to bother with. After all, we’re still collectively fighting with some popular websites to get them to implement HTTPS properly. But every major news outlet has had to address both of these issues in light of Snowden’s leaks.

Taking steps to protect one’s privacy is suddenly no longer considered to be strictly tinfoil hat territory, even if people don’t yet understand (or use) tools to protect themselves. But the general public appears to be more willing to listen when we put things in context of the government surveillance bogeyman.

Latest articles:

Bulletin Archive