by John Freeman
Donald Trump Wants You, Please Respond
Not all scams and spam problems have passive victims. In other cases, “phishing” schemes encourage people to hand over passwords or private information by posing as e-mail from a legitimate, trustworthy source, such as a bank, a health care organization, or even the IRS. Some of the earliest cases of phishing occurred over America Online, the world’s largest ISP network in the 1990s. Hackers would break into the AOL staff area and send instant messages to users currently online, posing as staff members needing to confirm password information. Even though AOL had a message on its screen—“AOL will never ask you for your password”—the scheme worked, allowing phishers to then use those accounts for spam or other malicious purposes. Breaking into an AOL internal account gave a phisher access to AOL’s membership search engine, which gave access to credit cards. We’ve come a long way from the British-American Claim Agency’s twelve typists sending out phony pitches for inheritance claims.
Since then phishing schemes have become incredibly more sophisticated and hard to stop. In recent years they have become clever enough that criminals can figure out which bank a victim might use, which is called “spear phishing.” A message will be sent with a phrase such as, “We are changing systems and we need you to confirm your password data.” If you click on a hyperlink in the e-mail, it takes you to a site that is bogus but cosmetically similar to that of the institution, which collects your data. We care about our money and our health, and we care about love—and just one curious click can be lethal to your computer.
Even worse, spammers have become very skilled at targeting people where they’re most vulnerable. People love and need to be loved. Not surprisingly, the most successful phishing schemes mimic social networking sites, logging, in some cases, a 70 percent effectiveness rate. In May 2008, many of the most common malware spam e-mails—messages that provide a link to a Web site that triggers the download of software that will compromise a PC—came with the following headers: “Love You”; “With You By My Side”; “A Kiss So Gentle”; “Me & You.” And then there’s the bizarre: according to AOL, which blocked 1.5 billion spam messages a day in 2006, the most common junk e-mail subject line was “Donald Trump wants you, please respond.”
Let’s stop for a moment to ponder this curious condition. A mechanized network of zombie PCs gangs up to flood communication channels with messages appealing to people’s need for the most human of all emotions, love, in order to turn their workstations, the extensions of their minds, into factories for pumping out unwanted advertising messages. This sounds like science fiction, but it’s far too real, and it’s a battle between machines and people that we are losing. Like a virus, botnets use up a host and move on. The costs to the system are astronomical—and never ending.
Tougher laws do not seem to affect the volume of spam which is sent. In 2003, the United States passed the CAN-SPAM Act, which made it illegal to send commercial e-mail with a misleading subject line. The law also requires that the e-mail include an opt-out method, that it be identified as a commercial e-mail, and that it can be returned to an actual address. The first trial centered around charges based on the CAN-SPAM Act of 2003 didn’t occur until 2007, when two men who had run a $2 million pornographic spam service were brought to trial for charges ranging from wire fraud to interstate traffic of hard-core pornographic images. The men used a server in Amsterdam to make it appear that the messages were coming from outside the country and registered their domain under the name of a fictitious employee at a shell corporation they had set up in the Republic of Mauritius. Each time someone clicked through a link in their e-mail spam to a pornographic Web site, the men received a commission. They also received a lot of complaints—over 650,000 were logged with AOL alone. In October 2007 they both received five-year prison sentences.
Their fine was a pittance compared to the $873 million judgment a New York District Court judge handed down against Adam Guerbuez, a Canadian man who used a phishing scheme to steal Facebook members’ passwords. He then sent 4 million spam messages to Facebook members in the form of e-mails and postings on their walls, signed with the names of their friends, so they appeared to be legitimate. Among the products friends appeared to be endorsing were marijuana and the ubiquitous penile enhancement pills.
Solutions to the spam problem tend to have a short-lived life cycle, since spamming remains incredibly lucrative. A UC San Diego survey discovered that, with large enough networks of botnets behind them, spammers can become millionaires on a response rate of just 1 in 12.5 million e-mails. That hasn’t stopped people from trying to prevent them from cashing in. In 2004, Bill Gates announced to the World Economic Forum, “Two years from now, spam will be solved.” Gates turned out to be wrong, but you can hardly blame him for trying. In late 2004, it was reported that the most spammed person in the world was… Bill Gates, who received more than 4 million messages per year, most of them spam. “Literally, there’s a whole department almost that takes care of it,” said Microsoft CEO Steve Ballmer. They’ll continue to be busy. Despite dips in spam, it’s only going to increase. Studies have shown that online marketing is going to double from its current state by 2012. And the number of viruses in e-mail has been growing faster than the volume of e-mail itself.
Big Brother Is Watching
With all these threats to privacy, the message is clear: “You have zero privacy,” Scott McNealy, the CEO of Sun Microsystems, once said about life on the Internet. “Get over it.” Web sites you visit send tracking “cookies” to your browser, tiny parcels of text that go back and forth between a server and a client like your browser, allowing the Web site to store information about your preferences and the Web sites you have visited. Retailers mine your computer any time you purchase something online—and then turn around and sell it to the highest bidder. And it doesn’t stop there. E-mail, which, it’s important to remember, is stored on servers most of us don’t own, is constantly monitored. Especially at work.
In 2001, 14 million U.S. workers—35 percent of the online workforce—had their Internet or e-mail under constant surveillance. Worldwide, 27 million workers were in the same boat. Employers spend $140 million a year on employee-monitoring software. Thanks to the Sarbanes-Oxley Act of 2002 and other regulations, publicly traded companies are required to archive their e-mail. Europe still has strong privacy protections for its employees, but many U.S. employers in the private sector, as long as they have an established policy and have put it into writing, can keep a close eye on what their employees send and receive, and where they point their browsers. “Some companies say they do it to control the information that employees send through the corporate network,” wrote Matt Villano in The New York Times. “Other companies do it to make sure employees stay on task, or as a measure of network security. Other companies monitor e-mail to see how employees are communicating with customers.” Mary Crane, the president of a consulting firm in Denver, gave this advice: “The last thing you want to do is make your employer think you’re slacking off…. Nothing you’re doing on e-mail is worth jeopardizing your career.” The names of the companies that specialize in employee monitoring will make you never want to goof at work again: ICaughtYou.com, eSniff, Cyclope Series.
It’s not just your employer peeping in, however. Lovers and spouses do it, too. A survey done in Oxford revealed that one in five people had spied on their partner’s e-mails or texts. Cheaters are constantly caught. “Spurned lovers steal each other’s BlackBerrys,” wrote Brad Stone. “Suspicious spouses hack into each other’s e-mail accounts. They load surveillance software onto the family PC, sometimes discovering shocking infidelities.” In one case, Stone described a woman who was convinced her husband was straying—he was far too obsessed with his BlackBerry. On his birthday she drew him a bubble bath and rifled through his handheld while he was soaking, discovering that he did have a bit on the side and planned to meet her that night. All this evidence gleaned from glowing devices winds up in divorc
e proceedings, where the electronic paper trail becomes the knife you stick in your former partner’s back. “I do not like to put things on e-mail,” said one divorce lawyer. “There’s no way it’s private. Nothing is fully protected once you hit the send button.”
Increasingly, governments are getting into the act. And it’s hard not to understand why. “In this new kind of war,” James Bamford has written about the importance of Internet communications for stateless agents, “in which motels are used as barracks and commercial jets become powerful weapons, public libraries and Internet cafes are quickly transformed into communication centers.” But surveillance of e-mail predates the so-called war on terror. Indeed, long before it was revealed that Mohamed Atta and the other 9/11 hijackers had communicated by e-mail, logging in at public libraries, no less, the U.S. National Security Agency (NSA) was keeping tabs on “chatter” by monitoring e-mails. The scope of its listening capacities is truly awesome. As James Bamford describes in A Pretext for War, “dozens of listening posts around the world each sweep in as many as two million phone calls, faxes, e-mail messages, and other types of communications per hour.”
In December 2005, though, New York Times reporter James Risen and Eric Lichtblau broke the story that President Bush had told the NSA, whose mandate is to spy on foreign and foreign agent communications, to spy without warrants on the phone calls and e-mails of people inside the United States. President Bush assured the American people that one end of the conversation had to be outside the United States, but in fact the NSA was “trolling through vast troves of Americans’ telephone and e-mail conversations with artificial intelligence,” writes Maureen Webb, a human rights lawyer and activist, “looking for key words and patterns.”
Most alarming for many Americans is the fact that the communications companies were helping them. To a certain degree, this is not new. According to a federal statute called the Communications Assistance for Law Enforcement Act (CALEA), passed in 1994, communications companies must design their facilities so that their network can be easily monitored. As Bamford explains in The Shadow Factory, “it even requires the company to install the eavesdropping devices themselves if necessary and then never reveal their existence.”
As Webb describes in her book Illusions of Security, this is just the tip of the iceberg in a vast data-mining program that will draw from multiple databases to create a “black box,” a giant trove of data vastly more sophisticated than the black boxes that Internet service providers have to monitor user traffic.
Little is publicly known about the workings of these, except that they are like the “packet sniffers” typically employed by computer network operators for security and maintenance programs running in a computer that is hooked into the network at a location where it can monitor traffic flowing in and out of systems.
The Internet, which used to be a law enforcement nightmare, has become a useful tool now that technology has developed to monitor it. Sniffers can monitor the entire data stream, searching for keywords, phrases, or strings such as net addresses or e-mail accounts. They can then record or retransmit for further review anything that fits their search criteria. Black boxes are apparently connected directly to government agencies by high-speed links in some countries.
In other words, they’re vacuuming up e-mails at broadband speed as you read this. In 2002, the NSA was gobbling up 650 million intercepts a day, the same number of pieces of mail the U.S. Postal Service then delivered in America every day.
On the Perils of Driving Fast
We believe at this point, we need people to change their behavior…. We need to make sure when people are getting on the highway, they are prepared to travel safely.
— JOHN NJORD, DIRECTOR OF THE UTAH DEPARTMENT OF TRANSPORTATION
One of the deadliest places you can be in the United States is on a roadway. In 2006, 42,642 people were killed in traffic accidents; it was a banner year since it represented a drop of roughly 2 percent from 2005. Yet the Interstate Highway System and the smaller roadways have become essential to living in the United States. People get in their car, buckle up or don’t, and drive off without a flicker of a thought that they might be on their way to becoming one of the 116 fatalities about to happen that day. The urban planning that developed as a result of roadway use often doesn’t give them much choice; they have to drive.
It didn’t have to be this way. The U.S. Interstate Highway System, the largest public works project in the history of the world, was born out of the same military background as ARPANET. President Dwight Eisenhower signed it into law on June 29, 1956, having been heavily influenced by traveling around Germany on the Autobahn after World War I and realizing that America didn’t have a similar system for mobilizing and transporting troops. It also happened to help people travel around the country and was a great boon to automakers, who lobbied heartily for it.
For every benefit of the interstates—and there have been many, from faster shipment of goods to greater ease of travel and an enormous number of jobs for Americans—there have been many side effects. Interstates have torn up the landscape, destroyed the frontier, made Americans dependent on automobiles that pump tons of carbon emissions into the atmosphere, and created a system of suburban living that siphoned tax wealth out of cities, causing slums to develop and flourish—one of the most potent examples of which is the ring around Los Angeles. “Nothing has been learned from the dismal California experience,” Mike Davis once wrote, “not even the elementary lesson that freeways increase sprawl and consequently the demand for additional freeways.”
In 2009, when the Pennsylvania Turnpike/Interstate 95 Interchange Project is finished, the last project of the original interstate plan will be completed, but we are nowhere near the end of the infinite highway system coconceived in Eisenhower’s era by the good folks at ARPA and now known as the Internet. Each month, new traffic circles, abutments, and auxiliary lanes are thrown up and quickly exploited as new host computers go online, new devices are invented, more and more people use wireless. The speed limit gets higher and higher.
Entire virtual cities are thrown up and torn down, and the speed of our ability to travel between them virtually means that we actually don’t have to physically leave the house anymore. For this reason, a Stanford professor, Norman Nie, has commented, “The internet could be the ultimate isolating technology that further reduces our participation in communities even more than did automobiles and television before it.”
And what of this highway? There is so much to see by the roadside, so much of enormous use, be it the endless library of Google books, the streaming sports scores on ESPN, or the river of talk bisecting the screen after an episode of America’s Next Top Model. But as we just learned, if we think of our e-mail accounts as the middle lane on this interstate, what kind of road is this? Would anybody in real life get onto a freeway where nine out of ten cars had a penile enlargement ad on the side, let alone the occasional thief looking to siphon off your financial information or breach your home, where the identity of drivers could be concealed, where the government or your employer or your lover was constantly monitoring you, where people veered into your lane to impose their needs on you two hundred times a day? What sort of ballistic defensive driving course could prepare us for this kind of travel?
Movement is metaphor, because all travel—virtual or actual—changes us. The Greek word for “carry” was meta0phora. What we bring and carry into the virtual world, and what we put up with there, changes us. It alters our priorities, shrinks or expands our empathic bandwidth. We know this about e-mail; keeping up with it, as useful as the message system is in so many other ways, just like that highway, is shrinking our focus. It’s one of the reasons why it causes such anxiety. None of us can change the system on our own. And then there’s a more insidious reason: we simply cannot stop ourselves.
4
THIS IS YOUR BRAIN ON E-MAIL
If the medium is the message, what does that say about new survey results t
hat found nearly 60 percent of respondents check their e-mail when they’re answering the call of nature?
— MICHELLE MASTERSON, CHANNEL WEB
Now that handheld devices give us 24/7, virtually worldwide access to e-mail, there is nowhere, it would seem, that people do not pause to check it. We log on during the drive to work, download a few messages on the train ride home; we look at it in the bath and in between sermons at church. Sixty-two percent of Americans check their e-mail on vacation and respond to work queries, at a time when they’re supposed to be relaxing. According to Merriam-Webster’s Collegiate Dictionary,“vacation” means “a respite or a time of respite from something” or “a scheduled period during which activity (as of a court or school) is suspended.” Nothing is suspended in the wired vacation of the twenty-first century. Any time there’s a moment of silence, a break between moments, e-mail insinuates itself with stunning regularity. “You know those pregnant pauses you have on elevators? That’s a great time to pull out a BlackBerry and get some work done,” says Raul Fernandez, the CEO of Dimension Data North America.
There is no downtime anymore, even at bedtime. Sixty-seven percent of the four thousand people age thirteen and over surveyed in AOL’s 2008 e-mail addiction poll admitted to having checked e-mail in their bed, in their pajamas. In the 1996 film She’s the One, Jennifer Aniston is married to a distracted financier who cares more about his job than his wife; we know this because he takes his laptop to bed. Now many of us are doing the same, even if our devices have shrunk along with our trust in financiers. Sean Young of Phoenix is one. He logs on before and after the gym, by the pool, in the car, and leaves his handheld inches from his face at night so he never misses a message. “I just realized I have a problem,” Young said, describing his daily routine of message consumption in an e-mail to a reporter.