Andrew Work speaks to Morgan Marquis-Boire, senior researcher- University of Toronto, security director- First Look Media, was a speaker at the Emtech Hong Kong Event hosted by MIT Technology Review and Koelnmesse. His research on surveillance and cybersecurity along with digital targeting of activists and journalists has been featured in not just the media but also caught the attention of the United Nations Inter-regional Crime and Justice Research Institute.
NEXCHANGE: Hi, I’m Andrew Work with NexChange and we are down at the Emtech Hong Kong event where they have brought some of the world’s greatest thought leaders to look at essentially the future. I’ve got one of those thought leaders with us.
This is Morgan Marquis-Boire and he is the director of security at First Look and a researcher with the University of Toronto. He spoke today on cyber security, a little bit of the past sub-security but also the future. Morgan, I want to ask you about consumers and how they’re behaving with everything that’s happened. I mean with Snowden and WannaCry. I mean it just seems like every couple of months, we have a major incident that’s in the news. It gets on people’s awareness. Are we at turning point where consumers are going to take responsibility for their own cybersecurity and seeking out encryption that will help them to protect themselves or are we getting to that point yet? Where are we?
MORGAN MARQUIS-BOIRE: Well I’d say that it happens more than every couple of months now right. It seems that keeping up with cybersecurity news is a full-time job. Yeah it’s difficult even for me. I think that things like WannaCry have definitely, if thinking hadn’t already been changed on cyber security, it’s definitely instrumental. I mean we had live medical devices in hospitals being being hit by this worm and part of the problem here is there are so many Internet connected devices now which enhance our lives. But do they get patched? how does that work? And yet this problem is only going to proliferate right. So I think the sad thing is when it comes to purchasing consumer technology, if you’re buying it for yourself then perhaps when you purchase a smartphone you think which smartphone gives me the best security.
And now that’s probably not going to be your sole consideration unless you’re a very specific type of individual. You’re going to want to think about selfies and features and all that type of thing. But when you’re purchasing a camera, does it have Wi-Fi? When you’re purchasing a fridge, when you’re purchasing a toy for your child, the Internet connected Barbie. Whether or not this is secure is actually probably not going to be in your thinking and so the issue is as we move away from traditional computing devices like a laptop.
I think the tablet or the smartphone falls within the realm of something that people might have security concerns about, but of course there’s all of these other computer driven devices that are connected to the Internet which i think just fall outside of our standard realm of concern when we’re thinking about security.
NEXCHANGE: Yeah that’s a big one I know and one of the big ones that’s been in the news of course is automotive. I mean if somebody hacks your Barbee not such a big deal, somebody hacks your car while you’re driving, that’s going to be a big issue for people. Do you think companies are going to take that on only under regulatory pressure? Or they’ll take it on saying wow if it’s my car that gets hacked, I’m going to have a major public relations and translating into a sales disaster on my hands that they’re going to want to avoid.
What do you think is going to be the real driver? Do you think it’s going to be more regulatory or do you think manufacturers are going to want to get ahead of having a real problem?
MORGAN MARQUIS-BOIRE: That’s a great question because I don’t think that the automotive industry has traditionally had to deal with cybersecurity researchers. But this is has become a real hot button issue in cyber over the last few years because we’ve seen hacks on Chrysler and Tesla and then that type of thing. And as people obviously have cars become more computer driven, there are more features. We want more capacity, more capability which means that cars need to get updated, which means that they connect to the internet, which means…… And so I think, I’d like to think, I’m going to say that it’ll probably vary manufacturer to manufacturer. I mean I know that certain companies have heavily invested in cybersecurity teams.
They have advanced security research divisions but it depends because I mean I think it doesn’t do the reputation of car manufactures any good if they say buy our super advanced new sedan, you will ride in the most technologically advanced luxury that humans can produce. And then there’s bad headlines about the fact that their car has massive security risks which may endanger the lives of your family. No one wants those type of headlines right but whether or not that type of reputational pressure is enough to persuade automotive companies to take security seriously remains to be seen.
NEXCHANGE: Okay, well Morgan I know you’re originally from New Zealand. You’re in Canada now. And you’re in San Francisco now but associated with University of Toronto. Okay so one of my Canadian podcasts and we’re talking about automotive and said maybe Keanu Reeves will have to come back and do a redo of speed, only this time it’ll be a hacker instead of a bomb and a bus.