New Frontiers #

China #

• 5 of the largest Internet platforms are Chinese
  • TikTok: first to become dominant globally without Chinese government help
• PRC-based companies:
  • Have to deal with political content moderation requirements
  • Less experienced with safety issues as Western companies are
  • Are not experienced with Western privacy laws
  • Might store data in the PRC
  • Could decide to not follow ECPA
• Crackdown on PRC-based tech CEOs that publicly disagree with CCP policies or that present a threat to Xi Jinping’s power

Synthetic Media #

• Example: DNC email hack in 2016
• Can create fake Facebook/Twitter profiles to mislead
• Types of abuse where falsity isn’t relevant to impact:
  • Fake accounts
  • Sextortion
  • Harassment
  • Spam
  • Hate speech
  • NCII
• These are ripe grounds for deepfakes

IOT #

• Everything is a computer! (@internetofshit on Twitter)
• Computers are easy to hack, especially given trickle-down of attacks from state actors when they are released
• Combination of the two is very dangerous - lots of potential for spying or other harassment

State and financial attacks on individuals #

• Just two days ago (11/27/2021): NYT article on Iran-Israel hacking of gas IT and dating apps
• Cryptocurrency scams and hacking, etc

Security is only the tip of the harm iceberg #

Alternatively: Stamos’s hierarchy of bad stuff that happens on the internet

• Biggest issue: abuse (technically legal use of a platform to cause harm)
• Infosec: only 20% of the iceberg
  • Account lifecycle/passwords (large majority)
  • Corporate patching (attacks from security updates not being applied)
  • Config errors
  • Old app vulns
  • Tip of this iceberg: new research
    • Tip of this iceberg: 0-day
    • Even smaller: side-channel attacks