Alex Grigsby is the assistant director for the Digital and Cyberspace Policy program at the Council on Foreign Relations.
In case you missed it, the premiere of CSI: Cyber aired last Thursday. I’ve been waiting for this show with baited breath since its trailer was announced last year in which the lead character, played by Patricia Arquette, turns to a colleague and says: "It’s not the perfect crime, it’s cyber crime." How can you not watch a show with a zinger like that?
Hollywood is notoriously bad at portraying hackers and computer security issues because—let’s face it—watching someone typing up a storm on a computer screen doesn’t make for riveting entertainment. Despite some successes, like War Games and the Matrix, they tend to be outweighed by some of the crazier and implausible scenarios, like a scene in CBS’s Scorpion, in which a character driving a Ferrari on a runway downloads data from a commercial airliner flying a few yards above the ground using an ethernet cable to prevent 200 other planes from crashing into each other.
While not quite so outlandish, the premise of the first CSI: Cyber episode is pretty far fetched (warning: spoilers ahead). The CSI: Cyber team disrupts an organized crime ring that conducts live auctions of babies by hacking into Internet-connected video baby monitors. Eventually stumbling on the criminals’ hideout, the team needs a twenty-character password to decrypt the database of all of the hacked cameras and sold babies. Turns out the criminals didn’t read Cybersecurity for Dummies and wrote down their password in the form of tattoos on the ringleader’s body.
CSI: Cyber is no different from the other CSI franchises. As noted by the AV Club and Gizmodo, the show rehashes the same formula that has made the other series part of the CSI franchise so successful: a predictable formula, cheezy punchlines, technobabble, and montages of people in lab coats doing science with rock or techno music blaring in the background. And while critics don’t like the show, the formula works. The premiere raked in almost four million viewers.
And that’s the problem.
The fact that so many people will watch CSI: Cyber will likely further skew popular opinions of cyber crime, contribute to unnecessary hype about the threat, and hinder intelligent discussions about policy solutions. The odds of anyone becoming a victim of the plotline in the first episode is infinitesimally small and that will probably be the case for future episodes as well. People are most likely to become victims of cyber crime in two ways: (1) they will be solicited for information (e.g. phishing or fraud) or fall victim to ransomware that will give criminals access to money or (2) they will have their computers harvested as part of a botnet or a hop point to target someone else’s computer.
I wouldn’t be surprised if some form of "CSI effect" occurred as a result of CSI: Cyber, where people develop unrealistic expectations of what kind of cyber crime is most likely going to affect them and make unreasonable demands of policymakers and law enforcement. I hope I’m wrong, because the last thing we need is more cyber hype.