last byte
Future Tense, one of the revolving features on this page, presents stories and
essays from the intersection of computational science and technological speculation,
their boundaries limited only by our ability to imagine what will and could be.
DOI: 10.1145/1666420.1666448
Ari Juels
future tense
the Primal Cue
Cybersecurity depends on the human dimension.
Many CEntUriEs aGo, a mystified Roman farm- er held a bronze ingot crudely imprinted with a cow. He was handling
an early form of currency that supplanted a true cow—a life-sustaining,
milk-and-flesh-producing piece of
wealth—with a chunk of metal that
was strangely, with its embossed animal figure, supposedly of equivalent
value. (Roman cattle spawned our
English word “pecuniary”; the Latin
for cattle is “pecus.”)
The early Romans faced an abstraction that often distorted the material
world beyond their intuition. Their
befuddlement gives an historical
glimpse of the vast mental challenges
that people of all stripes face today as
cyberspace undercuts our own deeply
embedded intuition and instincts—
with ripple effects throughout security and privacy.
For pecuniary surrealism today,
look no farther than virtual worlds
like World of Warcraft and Second Life.
In them, developers of virtual “real es-
tate” earn real-world money for their
oxymoronic efforts. Laborers in third-
world sweatshops work in gold mines
represented only in cyberspace. There
have been real-world prosecutions for
larceny of virtual-world goods and at
least one real-world murder over the
theft of a virtual sword. Virtual-world
currency is spilling over into the real
world in the billions of dollars, add-
ing a new dimension to security con-
cerns like money laundering. The law
can’t keep pace with these phenom-
ena; the Internal Revenue Service
doesn’t yet know whether or how to
tax them. The interpenetration of the
real and virtual worlds is happening
in other ways, too. It’s possible to or-
der a pizza in a virtual world and have
it delivered to our real doorsteps. It’s
just a matter of time before other
real-virtual linkages become routine,
say, surgery conducted in a virtual
world operating on real patients and
electric grids mapped into virtual
us to log into an external email ac-
count, the request seems instinctively
safe thanks to the friends’ implicit en-
dorsement. Some social networking
sites have exploited this herd instinct
toward safety to entrap subscribers
through viral attacks. They invite new
users to “Log into your email account
so we can see if you have other friends
on this network.” They then hijack
space. Security failures will inevitably
propagate from virtual worlds into
the real one.
It’s difficult to wrap our minds
around these virtual/real entangle-
ments. But the online world also
thwarts our security instincts in much
simpler ways. Humans are biologi-
cally wired to make trust judgments
through attunement to faces, ges-
tures, and verbal intonations. Social
networking sites strip away these pri-
mal cues. For instance, when a social
networking site used by friends asks
our address books and send email to
our contacts in their name—inviting
new victims in turn to join the social
network and render themselves vul-
nerable to the same trick.
