Adapted from an article that first appeared in the San Jose Mercury News
by Larry Magid
A lot was written about the DNSChanger scare last week, including several articles about how over-hyped it was. I tried to downplay the risk, but some security experts and journalists sounded alarms. Could it be that spreading fear about malware helps sell security software and improves ratings for news stories?
In case you missed the hype, DNSChanger is a computer virus of sorts that caused infected computers to access rogue DNS servers and be directed to hackers’ sites instead of where they meant to go. The FBI took down those servers in 2011 and temporarily replaced them with clean ones, then announced a long time ago that those clean servers would go offline on July 9th, at which time anyone still infected would effectively have no Internet access. Months ahead of that deadline, people with infected machines received notifications from their ISPs and major websites, so it’s not as if the deadline should have taken anyone by surprise.
There is no way to know the exact number of computers that were still infected on July 9th. But even if you take a high estimate of 50,000 in the United States, that represents about one in 5,000 PCs. It’s no wonder a Comcast spokesperson told me that their customer support volume last Monday was no higher than a typical Monday.
A bit of perspective
We’re talking about not being able to access the Internet, which is hardly life threatening. And even if you were infected, it isn’t that hard to fix the problem.
To put this in perspective, I dug up a 2007 article from New York Times columnist Tara Parker-Pope, who laid out the odds of dying from a variety of causes. It turns out that the odds of some really scary things happening are a lot higher than the chances of being knocked offline by DNSChanger.
For example, the odds of dying in a car crash are 1 in 84 over an 80-year life span. There’s a 1-in-218 chance of dying from falling over that same life span, and a 1-in-1,100 chance of drowning. And of course, we all have a 1-in-1 chance of dying from something.
In 2009 the property crime rate in the U.S. “declined to to 127.4 crimes per 1,000 households,” according to the Department of Justice. That’s still a 1 in 8 chance of being victimized, which is far higher and more consequential than many online crimes. And by the way, violent and property crime rates in 2009 were at the “lowest levels since 1973.”
I’m not trying to scare people. I’m trying to put this persistent techno-panic into perspective. Why is there so much hype about bad things that can go wrong with technology when the odds are higher that worse things will happen to us in the nondigital world?
DNSChanger was far from the only example of a techno-panic. There have been virus stories in the news for decades, sometimes featuring spokespeople from anti-virus companies with dire warnings of impending doom. Many of my fellow journalists — especially my colleagues in the broadcast media — love to dramatize these stories. I know because I’m often called upon to comment on the air and sometimes I get the sense that the person interviewing me is a bit disappointed at my relatively relaxed attitude.
I wasn’t always that way. In 1992, I was one of the journalists who quoted John McAfee when he said that millions of PCs would fail to startup on March 6th of that year — Michelangelo’s birthday. But the hype over the Michelangelo virus was far worse than its bite.
One question that was raised back then and keeps coming up is whether all the pre-publicity prevented the problem. The same claim was made for the Y2K scare, which also fizzled. It’s certainly true that raising an alarm about potential threats causes people to take precautions, but there are ways to accomplish that without going out of your way to scare people.
It’s not just malware. We’re worried about all sorts of technology-related catastrophes. In 1994, I wrote “Child Safety on the Information Highway” because I was genuinely worried about how this newfangled online world would affect our children. I’m still promoting Internet safety, but I’ve since learned that kids are less vulnerable and more resilient than I once feared.
For years NBC Dateline’s “To Catch A Predator” feature scared Americans about online pedophiles. But I don’t recall the program ever pointing out that children who are sexually abused are many times more likely to be victimized by a family member or an acquaintance than by a stranger they met online.
Predator panic, though still with us, has diminished slightly, but now we’re panicking about cyberbullying, even though school bullying is far more prevalent. Last year, a leading pediatrics journal published an article about “Facebook depression.” But the Journal of Adolescent Health last week reported no correlation between social network use and depression in older adolescents. Likewise people panicked about sexting with stories that one in five kids were sending around nude pictures of themselves until a credible study from the Crimes Against Children Research Center found that only found that only 1.3% had sent or created an image of themselves that showed breasts, genitals or “someone’s bottom.” A somewhat higher number (2.5%) sent images where they were either nude, partially nude or in a sexy pose, even if fully clothed.
We worry about Internet privacy but how many of us bother to shred confidential papers or think twice about the information we’ve turned over to financial institutions, insurance companies and even supermarkets?
I do think we need to worry about cell phone privacy, not because they’re easy to bug (they’re not) but because we’re using them out in public where strangers can hear what we say.
For some of the best thinking on techno-panics, see Technopanics, Threat Inflation, and the Danger of an Information Technology Precautionary Principle from Adam Thierer and Why Technopanics are bad from my ConnectSafely.org co-director Anne Collier.