Practically everybody loves open data, ie “data that anyone can access, use or share”. And nobody loves it more than Tim Berners-Lee, creator of the World Wide Web, and co-founder of the Open Data Institute (ODI).
Berners-Lee and his ODI colleagues have spent years passionately evangelizing governments and companies to publicly release their non-personal data for use to improve communities.
So when he recently told the Guardian that hackers could use open data to create societal chaos, it might have been this year’s most surprising “man bites dog” news story.
What’s going on here? The growing fear of data sabotage, that’s what.
Take, for instance, one of the most promising arenas for open data: transportation. By one estimate, London’s initiative to open up its bus system’s data will deliver customer benefits exceeding costs by 100 times over the next decade.
For Transport for London, open data has led to a flowering of creative new apps that it didn’t have to pay to build: once it made the data feeds available, outside developers happily did that for them. All this creativity, Berners-Lee told the Guardian, “really makes London better”.
But, he continued: “If you disrupted traffic data for example, to tell everybody that all the roads south of the river are closed, so everybody would go north of the river, that would gridlock you [and] disable the city.”
As ODI co-founder Prof Sir Nigel Shadbolt added, it’s time to start thinking of open data resources as “vital public infrastructure”. He told the Guardian: “Your list of legal companies… [or] where the hospitals are, or geographic data … it’s part of our critical infrastructure, it could be attacked… [When] you’re thinking about providing an overall cyber-defence posture – [ensure] you are as diligent in thinking about your open assets as your closed stuff.”
By now we’re all accustomed to thinking about security in terms of “people discovering what they are doing,” Berners-Lee added. “What they don’t think about is the possibility of things being changed… If you falsify government data then there are all kinds of ways that you could get financial gain.”
That’s quintessential data sabotage – and the ODI folks aren’t alone in worrying about it.
As CNBC recently reported, data sabotage isn’t just about hacking and disabling cities: it’s also about “the subtle tweaking of data within transactions to gain some type of benefit”.
And there are all sorts of “less sensational though highly influential opportunities” to do that, including “manipulation of personal finance information, stock tickers, or even a company’s earnings report…”
Hackers will increasingly fake economic or news reports, aiming to profit from the markets’ response. It may have happened already, CNBC noted: “In 2013, Syrian hackers tapped into the Associated Press’ Twitter account and broadcast fake reports that President Obama had been injured in explosions at the White House; within minutes the news caused a 150-point drop in the Dow.”
Who made a bundle trading on that massive blip? According to USA Today, the US Securities and Exchange Commission and FBI certainly wanted to know.
Whether data is coming from governments or corporations – and whether it’s formally “open” or simply “widely available” like AP’s Twitter feed – it’s increasingly vulnerable to deliberate falsification.
But, for governments and others who believe in the open data movement, it’s no longer enough to protect privacy when they release data, or even to ensure its quality and consistency – already significant challenges.
From now on, they’ll need to protect it against deliberate sabotage, too.
Follow @NakedSecurity Follow @BillCamarda