Computing GCSE is 40 years too late

Lots of modern technology appears, to the average person, to be black magic. They can set their TV recorder from their phone, miles away from home. They can swipe through all the singles in their area with a few lazy thumb flicks. And they can enter just a few personal details into an online game and get a badge to share with their friends.

Problem is, most of this modern technology requires the best part of a PhD to understand. News stories about hackers and encryption and cyberterrorism—poorly researched and poorly translated for mass consumption—at best pass right over people’s heads, and at worst trigger panic and confusion.

Two of the things right now that seem to be causing a lot of confusion are online security and data privacy.

Because, while there are a few thousand proper nerds in the UK—the sort of people who use separate, long, random passwords for each online account, air gap their computers while creating PGP keys, maybe even store their phones in the microwave—and a few hundred thousand lesser geeks like me who know enough about technology to at least be worried about the way things are heading, the majority of people live, through no fault of their own, in blissful ignorance.

They share the minutiae of their life on social media because it makes them feel good. They write passwords on pieces of paper under the mousemat, because who really cares. They take mobile phones into private business meetings. And they send pictures of their genitals to complete strangers.

It sounds terrible when you phrase it like that – after all, they only do these things because they’re busy getting on with all the real shit in their lives.

Problem is, technology is quickly becoming real shit too. In fact, scrub that. It’s already real. And it’s plain wrong that people aren’t being educated about what technology can and can’t do, and how to question the things they’re told about how technology works.

Even the recently established Computing and Computer Science GCSEs (a long overdue replacement for the completely useless ICT qualifications that were around in my day) are still, in themselves, about 40 years too late. We have two whole generations of people with no idea how modern internet technology works, and how much trouble you can get into if you use it wrong.

It depresses me to think there could be a ‘lost generation’ like this, prime for exploitation by big corporations and misinformed governments.

But, more troublingly, I have no idea what we can do to stop it.

I mean, I know enough about computers, routers, and the concept of zero-day exploits, to know that it’s a trivial task for anyone with enough time or skill to enable the webcam and microphone on your laptop or tablet, at any time they want, and record whatever they see and hear.

But, aside from giving my parents sticky notes to put over their webcams, it feels like there’s not much I can do about it.

I know enough about encryption to know that “banning it” in an effort to “stop terrorism” is not only futile, but would most likely actively expose the privacy and safety of billions of regular citizens in insidious, dangerous ways they would never notice until it’s too late.

But, aside from moving to a different country, it feels like there’s not much I can do about it.

I know enough about machine learning and internet infrastructure, to know that mass government surveillance (like Echelon, Prism, and the proposed “Snoopers Charter”) have been proven to make no difference to police investigation of illegal activity, and are at best an online equivalent to the ‘security theatre’ we endure at airport screening halls.

But, aside from running for election to somehow change the law, it feels like there’s not much I can do about it.

I know enough about data security to be horrified at the idea of people sending DNA samples off to completely unregulated private companies like 23AndMe—ostensibly to be “screened” for common allergies and deficiencies—but realistically to be stored indefinitely, and no doubt, at some point in the future, sold (or simply “misplaced”) to marketers, insurers, and credit agencies.

But aside from writing some snarky blog post, it feels like there’s not much I can do about it.

I know enough about pop psychology and online behaviour to be frightened by Facebook’s grab for power in India, handing out free locked-down devices like candy, in exchange for billions of new eyeballs for their advertising platforms.

And I know enough about how centralised platforms like these can be used to silence ‘radicals’ and minority views, that I know I really wouldn’t want to live in a country where online communication was dependent on a network owned by, say, Facebook, whatever my political views.

But, aside from paying five quid a month to the Open Rights Group, it feels like there’s not much I can do about it.

I know I’m not alone in feeling completely powerless when it comes to questions of mass surveillance, net neutrality, data privacy, and online security. Most of the time we just ignore it. But every now and then it really does get me down – especially the thought that I’m not the only one involved here: There are millions of people who don’t even know they’re being had.

Not a very uplifting thought for a New Year blog post, but there it is.

This Christmas I got thinking. Why do people in my position feel powerless to protect the people around us? And what can we do to turn it around?

I started thinking the problem is general education. The more people actually understood the technologies they use every day, the less they would fall for the government’s sticking plasters, or the media’s half-baked shock pieces. And the safer they, personally, would be.

I mean, people are slowly coming round to the idea that their employers are able to see a lot of what they say and do on Social Media. But I bet very few of them have even considered that something online (a status update joking about the door you left unlocked all night, or a condolence from a friend on your diagnosis with HIV) could just as easily make its way to their mortgage provider or insurer.

I am absolutely convinced that within a few years (if not already) firms like these will be using the data we create and share online, to de-risk their investments, by increasing premiums or interest rates.

Oh, and when they inevitably get it wrong—mistake you for your neighbour or someone with a similar name—and suddenly you can’t get a mortgage any more, oh well, too bad. Because odds are, all this stuff will be totally secret, even from you (case in point: personal credit scores).

Maybe if people knew more about this data, how it’s collected, how it’s used, they’d be better off?

But, cripes, it feels like an uphill struggle. And a very very long game. Even if Simon Cowell stood up in the middle of the X-Factor final and said “Hey guys, maybe you shouldn’t share so much personal information online, it’s really not safe and if it falls into the wrong hands it could very tangibly ruin your lives,” I doubt anyone would change their behaviour as a result. There could be a Band Aid style charity single about it—“Don’t make it Christmas-time for the NSA” or something—and maybe people would avoid Facebook for a few days, but after that, they’ll be back into the same old habits.

Real change would require either financial incentives (like the government-backed feed-in tariffs which increased residential solar panel installs in the UK this decade) or a long, slow cultural shift (like the change in attitudes towards issues like abortion and gay rights between 1800 and the present day).

Very quickly we’re at such a grand scale, a person like me is left wondering where you’d even start? … Maybe setting up a library club teaching kids about technology? ;-)

Perhaps we could affect much greater change by educating the people already in power? The MPs who passed DRIP and who will, no doubt, pass Theresa May’s Communications Data Bill, aren’t evil, malevolent people. They simply don’t know any better. Every day, they’re confronted with issues from moaning constituents; from war in the Middle East, to school closures, to fox hunting, to overgrown shrubbery. Can we really blame them for toeing the party line when it comes to some shiny new communications bill that the Prime Minister says is such a good idea? Even shadow cabinet members can’t be relied upon to properly scrutinise the tech regulation suggested by their opponents.

Maybe then, we should be talking to our MPs? Giving them short little crash courses on what “encryption” really means, how personal data can be de-anonymized, or why net-neutrality is an important topic.

The trick is getting the information across to them, without sounding like privacy-crazy nutjobs. And then, the leap of faith: actually trusting them to act on the information, when it could potentially make them very unpopular with the rest of their party.

Maybe, instead, we leave it to corporations? Lots of grand social and legal changes have been brought about by companies innovating in new spaces, and fairly quickly changing the way we think.

At least a few companies right now, it appears, have business models that aren’t entirely predicated on the exploitation of people’s privacy or security. And in any case, maybe a new wave of startups is just around the corner, that’ll finally bring modern cryptography tech to the general population, or use proper UX design to make people feel empowered about how technology fits into their lives, rather than just ignoring it and hoping for the best.

But it all feels a bit of a pipe dream, doesn’t it?

I dunno. What would you do? Suggestions to @zarino on Twitter.