Susan Landau’s Listening In is an encyclopaedia of cyber security, but misses out on the opportunity to set the stage for policy dialogue.
After the San Bernadino terrorist shootings of 2015, FBI recovered an iPhone belonging to one of the attackers. FBI and Apple Inc came to loggerheads when Apple declined FBI’s request to create software that would unlock the security protection on the iPhone. FBI wanted “exceptional access” to be built into the encryption systems on Apple’s iPhone, using the pretext of national security. However, Apple argued that in an age of cyber attacks, weakening of security should be the last thing to do, even if that means that the data of terrorists and criminals remains hidden from law enforcement. The basis of Apple’s argument was that security loopholes would be eventually found and exploited by hackers, presumably causing more harm to national security.
Using the above case as the background for her book Listening In: Cyber Security in an Insecure Age, Susan Landau, a cryptography and cybersecurity expert, studies the clash between the individual’s need for privacy and the law enforcement agencies’ need for access to information. Landau unequivocally bats for not weakening security standards, even if that makes government investigations difficult. She sets the stage for her argument for stronger encryption standards by narrating one example after another of cyber espionage, exploits and attacks, and how these have been getting more sophisticated over time. She traces the first cyber espionage to 1986. With the involvement of the CIA, KGB and a student in Germany hacking into systems at an energy research lab at Berkeley, this story makes for a fascinating read.
Many of the examples in the book are dedicated to describing how Russia uses cyber techniques to carry out its political vendetta against the Western nations. Indeed, one can say with certainty that Russia meddled in the 2016 US presidential elections using cyber-exploitation techniques. Also interesting to read is how China and the western governments use cyber power as a weapon. Those who have been following Iran’s nuclear development programme would know of Operation Olympic Games – a 2010 cyberattack initiated by US and Israel to attack the centrifuges at the nuclear facility in Natanz, Iran.
Hardly a day goes by when we don’t hear of some kind of cyber crime committed somewhere. While some of these crimes are low-level thefts affecting individuals, others are carefully planned and executed large-scale manoeuvres that have nationwide consequences. Cyber threat tops the US Department of Defense list of vulnerabilities, as it does for nearly all the countries. India too has acknowledged that cyber attacks pose one of the most important security challenges for the country.
In this sense, Listening In is a relevant book and a quick read for aspiring cyber security professionals and those interested in privacy debates and cyber wars. Susan Landau’s writing is lucid and her explanations of cyber security related terminology are accessible to lay persons. Her examples trace the evolution of cybersecurity in our digital age.
In some ways, Listening In is an encyclopedia of cyber security. However, this is also a weakness of the book. While conventional and nuclear warfare are well understood and researched, the literature around cyber warfare is still evolving. This book is a missed opportunity to set the stage for policy dialogue around cyber power and the geopolitics as it will play out in an event of a cyberwar.