On 14 August the website opex360.com reported a spoofing incident which purported to show a French naval vessel (the Provence) appearing in waters between China and Taiwan. A bit of digging revealed that the MMSI number was fake, and the picture displayed was of a different vessel, and the Provence was somewhere else entirely.
Quite apart from any geopolitical mischief that this incident may have been intended to cause, it also shows the risk of assuming that information is true just because a computer application tells you so.
“Trust, but verify” is a Russian Proverb (Doveryai, no proveryai – Доверяй, но проверяй) which became one of President Reagan’s stock phrases during the US/Russia Arms Control negotiations in the 1980s. It neatly sums up the dilemma of relying on open source – and closed source – information, thrown into stark relief more recently amid the allegations of ‘fake news’ of the Trump era or the allegations and counter-claims of misinformation around COVID-19 vaccinations.
At the regular user level, it’s also relevant to the phishing and ransomware plague. Our national authorities are constantly exhorting us to check the authenticity and provenance of messages that appear in our inboxes, purporting to be from senior staff, utility providers or long-lost family members, and asking us to do things with our personal details or corporate credentials as a matter of urgency.
Yet time and again, we read of calamities. Links are clicked, identities faked, and money lost – and at its severest, as the opex360 article illustrates, geopolitical tensions can be stirred up.
Why are we so gullible?
I suggest three reasons below – and doubtless there are many more:
In raising awareness among user populations of the bad things that happen on-line, those responsible for training, education and awareness raising must understand how users interact not only with systems but also with the information on the systems.
Not everything is an alert; false positives happen; and just because the system tells you something is or is not happening does not absolve the user of their need to apply common sense before clicking on a link or believing a reading.
Some in the IT industry and particularly supporters of autonomous vessels argue that removing the human from the decision-making loop makes decisions more consistent. But we are a long way from automating sound judgement and experience. And until we have genuine trust in our IT systems – and our users – ‘computer says yes’ cannot mean ‘computer is right’.