How many times have you been watching a movie only to be confronted with a bunch of techno gobbledy-gook?  Or seen something on a TV show involving technology that seems far outside the realm of possibility?  Unfortunately, you probably see something like this often - maybe too often.  I am familiar with the theory of "suspension of belief" - after all, at the end of the day it *is* just a movie, right?  But for me, when technological bloopers happen they actually take away from your enjoyment of the film.  I'm much more willing to suspend belief for Star Wars or The Matrix because movies like these take place in the future of almost different universes.  It's movies like The Net and Hackers that bother me.  As if you can access any bit of information over the Internet.  As if you can fit any entire conspiracy to take over the online world onto a single floppy disk.  As if real servers doing real work look like video games... I could go on and on, but I'll just say this:  Hollywood, if you want people like me to enjoy your movies and TV shows, please read the following tips:

1)     Decrypting any kind of data takes time – Let’s face it, the NSA isn’t exactly telling the public what kind of computing power they have.  But even so, the biggest, fastest computer the NSA has would take at least an hour to decrypt an encrypted email or password – several weeks or months is far more likely.  In the case of Ramzi Yusef - one of the plotters of the 1993 WTC bombing - it took the NSA a year to access all of the encrypted data on his laptop computer!  And even though most algorithms used to encrypt data are well-known – especially to people who earn a living breaking the things – there’s still the issue of how such encryption is implemented.  Decrypting a file encrypted with PGP is vastly different than decrypting an email encrypted via digital certificates.  Not only that, but different vendors use multiple algorithms and users have access to multiple different algorithms via the “Options” section of the application.  So the idea that someone can just type a few keys and see plaintext 30 seconds later is laughable.

2)     Decrypting any kind of data takes real power – In the movie Swordfish, Hugh Jackman breaks into an encrypted system in less than sixty seconds using John Travolta’s run-of-the-mill laptop.  OK, stop laughing – it’s true!  Anyway, not only does it take time simply to figure out how something was encrypted or with what algorithm, it takes an ungodly amount of computing power to actually break it.  In real life, John’s laptop would still be sitting there in that nightclub’s VIP room working on the hack today – and would still be sitting there when the sun explodes and destroys us all in 5 billion years.  I’m not kidding or exaggerating, folks.  It would take today's top-of-the-line PC around 5 billion years to pull off the scenario shown in the movie… Unless they had a “back door”.  But then again…

3)     There are no "back doors" in encryption – Many people – even smart, IT-savvy people – are under the impression that encryption has “back doors” that allow shadowy government types to press a few buttons on a keyboard and get access to your data.  This is simply not true.  Well, mostly.  Certain algorithms might have weaknesses that can be exploited, but these typically are not used in commercial software or have been fixed in years past.  There’s also the implementation of that algorithm – one sloppy coding error used in the program that creates the encrypted data can cause it to be hacked – which is why you should only trust established names in computer security like PGP and RSA and not some program your cousin wrote in his first semester of C++ programming.  Anyway, that’s there’s no “back door” should be obvious to anyone that’s actually read the freakin’ manual for any kind of encryption program.  If you lose the key or passphrase your data is lost forever.  Which is the whole point of encryption in the first place, ya know?

4)     Decrypting data is an “all or nothing” process – how many times in the movies or TV have you seen someone decrypting data and the “partial results” show up on the screen as the decryption proceeds?  It’s silly – either all of the data is encrypted or it isn’t.  It’s just that simple.  Similar scenario: imagine that I stole your ATM card.  If I went to an ATM and started entering PINs starting at 0000 I would eventually find your PIN by the time I reached 9999 – it’s a mathematical certainty.  But the ATM isn’t going to tell me when I have 1 or 2 or 3 digits right – it’s simply gonna work or it’s not.

5)     “Photo enhancement” is bogus – Well, not really.  Sure, there are programs out there than can enhance an image.  Plain old Adobe Photoshop is one.  But the programs that spy agencies supposedly have – that can take a standard, grainy black and white image from a security camera and “enhance it” to read the license plate off a car on the other side of a mall-sized parking lot?  Please.  And how about the movie Enemy of the State where surveillance camera footage was taken and “enhanced” to show something dropped into a shopping bag from an angle that was never seen by the cameras?  See here, Hollywood writers: if I’m standing pants-less behind a wall that comes up to my waist, and if you only have one camera that’s positioned in front of that wall, there’s no way to “enhance” the picture to see my naked bits.  The information simply is not there. The thing that kills me about this is that many people are used to this concept.  For example, most digital cameras have LCDs on the back that show the picture you just took at 320x240 pixels, while the actual file on the flash card that you download to your PC is much bigger, like 2272x1704 pixels.  So, in a sense, you can “enhance” the image you see on the LCD screen because there’s more information available in the larger image on the card.  If however you wanted to read a license plate number off the 320x240 image alone... well the data’s just not there – it’s impossible.

6)     By design, networks allow access to proper users – One episode of the third season of 24 had a scenario where the CTU director used a “no-name account” (their words) to delete some important information off a server.  Note to Hollywood: the whole purpose of having user names is to prevent stuff like this from happening.  In the real world, sloppy use of permissions and accounts let things like this happen a thousand times a day at companies large and small.  But in sensitive locations like banks, military installations - and, presumably, anti-terrorism agencies – these things get checked and rechecked a thousand times.  Administrator or root passwords are kept very secret and guest accounts – which don’t have delete permissions anyway – are disabled.  Everyone that has a need to access a certain resource is given read-only access and maybe even change access, but not full access.

7)     Try real-world GUI design for a change – how many movies and TV shows have people using computers with some stupid, incredibly large GUI?  To continue beating up on Swordfish, Hugh Jackman designs a malicious program using something that looks like a “virtual Rubik’s cube”.  As he writes the program, the “cube” falls apart during coding errors and finally comes together as a whole when he’s done.  Note to Hollywood: I know you do this because it looks better on the screen – especially a much larger movie screen – but all code is simply typed into an editor.  For example, if you’re using Internet Explorer to view this webpage, click on View > Source.  A Notepad window will open with a bunch of gobbeldy-gook on it.  Software programs contain code that looks something like this – well, much more like it than some Rubik’s cube anyway.  Fortunately, “product placement” means that more and more real-world GUIs – especially Windows XP – are making their way into the movies.  Unfortunately, the programs they supposedly run on them are still fake. 

A tale of two GUIs... what a server administrator sees in the movie Hackers (left) and in the real world (right, Windows 2003)
(click either thumbnail to enlarge)

8)     Hacking is 50% stupidity and 50% social engineering – There are very few “true” hackers in this world.  Sure, you hear of computers being hacked into or websites defaced on a somewhat regular basis, no doubt.  But most of that hacking is done by either sloppy administration (like having blank or easy to guess passwords on an Administrator account or never installing security patches on a public server) *or* by social engineering (like calling a company’s IT department and claiming to be “Bob from accounting” and requesting a password reset).  One of the most notorious hackers in the world – Kevin Mitnick, if you’ve even seen a “Free Kevin!” sticker on a payphone or stop sign, this is that Kevin – used phone tricks and "dumpster diving" to accomplish the lion’s share of his hacks – not some elite, super-secret hack you so often see in movies or on TV.

9)     Pay somebody to review your lingo – How many times have you heard something like this in a movie: “that hacker FTP-ed into my BIOS and defragged my telnet!”  Huh?  That’s like your mechanic saying “I changed the oil in your rear-view mirror and rotated and balanced the taillights.”  You’d think that the people that make movies and TV shows could afford to run their scripts by people that know better… but you’d be wrong.  Again in my crosshairs, in an episode from third season of 24 Tony told Chloe that “[he] need[s] those cron tables right away”.  Which sounds good, but “cron” is simply an automated task scheduler for the UNIX operating system (like the Windows Task Scheduler).  Although you can use cron to do any number of things, it’s mainly used for automated system housekeeping duties – just like how Windows uses it's own Task Scheduler to run defrags or disk checks or anti-virus scans - something the director of CTU would have precious little interest in on a normal day – much less a day when a bioterrorist is threatening the United States.  Having said all this, I’m not sure I’ll complain too much about this one.  Not because they’re right (they’re not), but because so much gibberish is also used in hospital and courtroom dramas – and I know nothing about either of those fields.  I’ve watched CSI before and it seemed to be a good enough show – until someone I knew in med school trashed it just as I’ve trashed IT stuff on TV and the movies.

10) Why can't you understand bandwidth? – How often have you seen someone in a movie or TV dial-up to another computer via modem... and then get full, high-definition, 30 frames-per-second video from a surveillance camera?  Too many times in movies we've seen people using modems and getting incredible video or access to a full-GUI server (see rant #7).  For instance, in the movie Hackers, all of the hackers go to Angelina Jolie's apartment to drool over the 28.8 modem in her laptop.  From this we can assume that everyone else has a slower modem.  Yet later in the movie we see them "hacking the planet" - that is, logging into the evil guy's server over these modems.  The operating system they use looks more like Tron than any server I've seen - but yet they're able to operate in a full 3-D environment (see picture above) over 14.4 and 28.8 modems!  How lame is that?  I think that everyone that reads my words here can remember trying to watch streaming video over a modem, and back then it took everything we had - and more - to watch a postage stamp-sized music video, much less a real-time 30-frames-per-second feed from a surveillance camera or a 3-D GUI.  Or full-screen real-time video conferencing.. Or....