Attack Surface by Cory Doctorow
Continuing the stories from Little Brother and Homeland (which I haven’t read), this story follows the adventures of young Masha Maximov.
Masha is a super talented, mostly self-taught, hacker genius. Her particular super power is a facility for network analysis, using digital traces (of which there are plenty) to construct maps of social hierarchies. In adversarial situations, this intelligence is used to identify the real leaders and capture, subborn, or neutralize them. It is also used to foment internal conflict, and otherwise destroy an organized group.
As a teenager, Masha came to the attention of the US government and was “recruited”. With one thing and another, she fell out of grace and was recruited by a corporation, where she did the same magic tricks for a lot more money as a contractor. When that gig ended in a mess, Masha was recruited by yet another company, and so on.
This is, of course, the grand myth of the super hacker, who is so talented that instead of jail they are hired on. It is also classic spycraft reappearing as normal business practice in private contractor land: talent is more important than morals, including loyalty. Is this how it really works? Certainly not for most contractors, who are in it for the money and glory. Or most employers, who do not hire loose cannons, if they can avoid it.
Masha has a history which she has never come to terms with: her friends and sort of friends are activists, protesting racism, inequality, and digital spying. Her corporate gigs basically enable the authorities to wipe out these folks, so that’s kind of a major conflict of interest for Masha. She boasts of “compartmentalization”, but how long can that work?
On a recent gig in central Europe, she actually made friends and helped a group of activists in her off hours. At the office, she spied on them and helped the police destroy them. After work, she helped them defend against the stuff she did at work. What could possibly go wrong?
(Note to readers: don’t try this at home. Seriously, children, this is a way to get fired, prosecuted, and dead.)
Masha’s entire career seems to involve these dangerous dances with one foot on either side of the fence. This doesn’t work all that well, and eventually she is forced to choose sides. Stuff happens, systems get hacked, head are cracked, robot cars run amok, etc.
Much of the book is thinly disguised tutorials on digital spying and countermeasures you might take, AKA opsec. As always, Doctorow is preachy and didactic about technology. The technical stuff is OK, but surely out of date.
In any case, Doctorow makes really clear that it’s a lot of work and can’t protect you from targeted surveillance (as opposed to general surveillance). As always, you are playing defense and one mistake and it’s all over. Worse, it’s a team sport, and you are only as safe if everyone you interact with is perfect, too.
Doctorow’s sketches of the snooping abilities of governments and contractors are realistic enough, although the organizations and corporate cultures are caricatures. Even though it’s cartoony, believe it. You want to not be traced? Then don’t carry a phone or use a computer. They’ll still find you from video coverage, but at least you won’t be cooperating.
Can you live life without a phone or apps? Probably not.
Above all, Doctorow is correct in his point that there is a difference between general surveillance and targeted. If you keep a low profile and follow reasonable, if annoying, opsec, you will probably escape notice of the police and authorities and random crooks and teenagers. Of course, if you are doing nothing interesting, “they” don’t need to notice you, do they?
But if you come to attention, say, by effectively protesting or resisting, and “they” want to track and possibly attack you, they will be able to overwhelm any opsec you can come up with. In fact, your opsec will make you stand out as a target—a well defended phone must be an interesting phone, no?
And this means that you cannot expect to publicly protest or otherwise resist authority and at the same time preserve your digital privacy and security. When you yell and scream, you invite scrutiny, and scrutiny will go very deep. It will also extend to everyone you know and touch.
Who will spy and possibly attack you? Anyone with a motive. The targets of your complaints. Anyone affected by your complaints, e.g., companies with business at stake. Ideological actors. Mercenaries hired by any of the above. And these days, random kids out for a lark could have significant capabilities.
In the end, we can see Mr. Doctorow has been paying attention and growing up. His main sermon is that hacking may be fun, and is powerful, it cannot actually achieve what we want. The things he wants to achieve are political goals, and they must be reached by political means. Technology can help, but it isn’t sufficient.
Having sampled Doctorow over the years, this is quite an evolution. With good reason. Fantasies of DIY technology defeating “the man”, liberating the people, or seceding from the state are gone. Political organizing, public relations, and as-best-we-can-manage democracy are the tools of liberation.
In this I agree.
Please take Masha’s friend Tanisha as a model: find a home, dig in deep, fight on forever.
For those of you in the tech business: pick a side and stay on it. Don’t try to play a double game, because you will end up fired, prosecuted, and possibly dead.
And, by the way, that robot car thing? Believe it. This is going to happen at some point.
- Cory Doctorow, Attack Surface, New York, TOR, 2020.
Sunday Book Reviews
Robert McGrath's Blog 
6 thoughts on “Book Review: “Attack Surface” by Cory Doctorow”