When Our Gadgets Betray Us; Lafayette Audience Learns What's Good - And Bad - About Today's Technology

The world is a big place fraught with danger: Madmen in the Middle East, metal fatigue in the sky and monsters under the bed. Robert Vamosi wants us also to consider the dangers lurking in our pockets, purses and belt loops.

A cyber security writer and contributing editor for PCWorld, Vamosi spoke at the  Tuesday meeting of the Commonwealth Club at the Lafayette Library and Learning Center on the topic of his book, “When Gadgets Betray Us: The Dark Side of our Infatuation with New Technologies.” The event was moderated by Chris O’Brien, a business and technology columnist for the San Jose Mercury News. O’Brien provided a conduit for audience questions following Vamosi’s reading of his book’s tech-heavy third chapter covering the vulnerability of GSM (used by AT&T and T-Moble) and 2G CDMA (older Sprint and Verizon technology) networks to denial-of-service and eavesdropping attacks.

The evening offered a number of creepy “what if” scenarios, such as the theft of data or malware infection of computers installed in passenger cars. However, the overall theme was the general use of caution when using any gadget that collects or receives information and can share what it knows with other gadgets or the Internet.

Vamosi pointed out that even mundane gadgets, such as Clipper Cards, used to pay fares on BART and Muni, and FasTrak transponders, used to pay bridge tolls, collect information about where you go. Such information has been used, he said, by employers checking up on employees, as well as estranged spouses looking for an edge in divorce court. Cellular phone records are legally protected and require a subpoena, but the legal requirements for obtaining data from Clipper Cards and FasTrak are not as stringent.

Amanda Casey, one of the nearly 50 people in the audience, was less interested in privacy issues than she was in finding out if she had anything to fear from the iPhone in her purse. “I have to admit that I never thought about security,” she said.  Chief among her fears were security issues — someone stealing her identity or financial information.

While Vamosi’s message was heavy on potential security and privacy threats posed by our favorite mobile gadgets, it wasn’t all doom and gloom. He pointed to efforts by industry and the government to protect consumers.  The Federal Trade Commission recently appointed Princeton University security wonk Edward Felten as its chief technologist, which Vamosi said was an indication that policy makers are taking digital security seriously.  Likewise, he said, gadget manufacturers and service providers don’t want consumers getting spooked by bad experiences and are keen on keeping good gadgets from going bad.

He used a question about the security of mobile banking to provide an example of caution on the part of many industries involved in mobile data. Vamosi noted that there are few features available via mobile banking; users can check balances and transfer between linked accounts, but not much more. The likely reason he gave for the trickle of capabilities into mobile banking was that banks were trying to figure out security before allowing access to more sensitive tasks. The use of NFC, or Near Field Communication, is another area in which companies are trying to develop security standards that theoretically will allow phones or other mobile devices to make purchases as conveniently as a debit card.

Vamosi acknowledged the convenience offered by gadgets and said he recognized that people may have different thresholds for establishing a balance between security and getting things done. “I think security is a personal decision, I think privacy is a personal decision,” he said.  At the very least, he expressed hope that people would be aware that potential threats do exist.

A compelling idea Vamosi offered was to make gadget security easier for users by implementing a single standard or seal, akin to the Underwriter’s Laboratory seal on consumer products. Such a seal would offer users assurance of a minimum level of security when buying new machines. “When it comes to gadgets, we don’t have that and particularly when it comes to security,” he said.

Ultimately, users must raise their level of awareness about cyber security as more information moves into the public domain, such as cloud computing and Wi-Fi hotspots. He reminded the audience that data should be encrypted before moving it to the cloud, as well as encrypted while it’s in the cloud to prevent other people from viewing it.  And when connecting via free public wireless connections, Vamosi advised making the same distinction between public and private behavior we make in general. “When you’re out in public you need to rein it in a little bit,” he said.  If a Wi-Fi network is open and unsecure, then your data is, too.

Vamosi’s message was well received by Casey, who said she still planned to enjoy the convenience offered by her iPhone, “but, I wouldn’t rush to do (mobile) banking while doing yoga.”