AUT alumna Erin Chapman is currently studying cyber security at Oxford University. After first studying English literature and ancient history, and then completing her Master of Computing and Information Sciences at AUT, she is now in the first of a four year programme exploring the wider realm of cyber security.
You first studied English literature and ancient history - does a liberal arts background bring any insight to cryptography?
I think that having come completely out of left field as far as educational background is concerned has offered me a very different perspective. I have a tendency to want to look for the creative solutions, and to always be after the “why” of any particular algorithm. Also, I’m fairly decent at the academic writing side of things, which is a nice bonus.
What are you hoping to learn with regards to legislation and enforcement as it relates to cryptography?
I'm very interested in how current legal systems globally are being reformed to deal with cyber crime and hacking. Because of the pace at which the technology is moving, most of our legislation is completely unprepared to deal with these issues.
What are the biggest issues in cyber security at the moment and how will we overcome them?
Big Data and the Internet of Things are going to cause a lot of difficulty. The first because the larger the set of information for encryption, the slower the process of securing it. Each time we produce a more secure standard (for example, the change from the Data Encryption Standard, DES, to the Advanced Encryption Standard, AES) we increase the time it takes to complete the encryption process. The Internet of Things on the other hand is an entirely different security model from traditional cyber security in computing. Because of the miniaturised platforms, the prevalence of third party installations, and the lack of a really cohesive security strategy, we don’t really know how secure these new networked devices are, or where the data they collected is sent and stored.
"The trade-off between privacy and security is a current legislative battle, and it is one we need to consider very carefully, because it will shape not only our lives, but the lives of future generations."
Have you ever been hacked yourself? Are we all too complacent when it comes to online security?
My parents' company was actually taken down during the WannaCry outbreak. One of their contractors’ computers wasn’t completely up-to-date on the new security patches, and as a result one of the company servers was encrypted with the virus. Thankfully, they had daily backups set up, so they were able to restore everything. But it does go to show that you really are only as strong as the weakest link in your network. The recent attacks on our networks have certainly acted as a wake up call with regards to the importance of data recovery, and cyber insurance.
Tell me about the role of automated algorithms - are they going to become a help or a hindrance in the future? What level of oversight should humans hold?
Automated intelligent surveillance is very much a double-edged sword, like many areas of cyber security. Because on the one hand, if you have automatic monitoring over all public transport stations, and it can detect when someone pulls out a weapon, and dispatch emergency response at a much faster rate than a human, that’s a positive. On the other hand, you have projects like Palantir, which use predictive models to create what is, in essence, a real-life Minority Report, predicting crimes before they occur. In Chicago, these models are already in use.
The wholesale data collection that occurs to feed these programs means that the operators of these programs have your entire online history, your digital life, to draw inferences from. An online warrant would not only be for anything occurring right now or in the future, but it would automatically extend into the past, unlike a conventional wiretap. Regrettable statements as a teenager, who your friends were in high school, anything and everything that might make you suspicious could be mined for data.
So while there are arguments to be made for the potential security applications, we have to look at how far we are willing to sacrifice our privacy to automated surveillance.
The trade-off between privacy and security is a current legislative battle, and it is one we need to consider very carefully, because it will shape not only our lives, but the lives of future generations.
Are you interested in visiting Bletchley Park while in the UK, or does MI5 hold more appeal?
Oh, I definitely want to visit both! I’m also hoping to have a chance to visit the Alan Turing Institute, at the British Library. They are doing some really interesting data science.