Recently, the US Social Security Administration sent an email subscribers to his official blog explaining how to access social security statements online. Most people know they are wary of seemingly official emails that contain links to websites asking for credentials.
But for seniors who are wary of the prevalence of scams targeting their demographic, such an email can be especially alarming because they have been told that the SSA never send emails.
This population has been educated in a tactical approach to online safety based on fear and mistrust – even of themselves – and focused on specific threats rather than developing strategies that allow them to be online in completely safe.
Elders have learned this approach from organizations they tend to trust, including nonprofits that teach seniors how to use technology.
These organizations present a view of older people as being very vulnerable and encourage them to defend themselves in ways that could put them at risk. As computer science researcherswe think it need not be so.
Older people and online safety
Older adults may also be more susceptible because they find it difficult to trust technology even though they recognize its benefits.
We have found that older people try to draw on personal experience develop strategies to reduce privacy breaches and security threats.
In most cases, they succeed in detecting threats by being on the lookout for activities they did not initiate, for example, an account they do not have. However, outside experts have a disproportionate influence on those with less ability or experience with technology.
What “Experts” Tell Older Americans
Unfortunately, the advice older people receive from those who are likely to have authority on the matter is less than ideal.
Perhaps the loudest of these voices is AARP, an American advocacy group that has been on a mission to “empower” individuals as they age for more than six decades. During this time, he has established a commanding presence in print and online. His magazine reaches more than 38 million mailboxes in 2017and it’s a effective advocacy group.
What we found is that AARP’s cybersecurity releases use storytelling to create cartoonish folk tales of Internet deception. A regularly featured diet of sensational headlines like “The pitfalls of grandparents,” “Scams” and “Evil Diagnosesdescribe current and emerging threats.
These scenarios appeal to readers in the same way crime shows have always appealed to viewers: by using narrative devices to alarm and move.
Ultimately, they also trick viewers into the misconception that they can use what they learn in these stories to defend themselves against criminal threats.
Folktales and Manias
One of the tasks of folk tales is to state the dangers that a culture wants its members to learn in childhood. But by presenting cyber risk as an ever-changing set of stories that focus on particular risks, AARP’s advisories divert attention from basic principles to anecdotes.
This forces readers to compare their online experiences with specific stories, putting them at the center of the narrative.
Our analysis of hundreds of blog posts published by AARP from 2004 to 2020, as well as our research on older couples over the past four years, shows that this storytelling approach can foster engagement. We used discourse analysiswhich is a common technique in the social sciences to analyze the meaning of a text, to assess the themes to which people have been exposed and to determine their potential effects.
Readers are implicitly encouraged to assess the plausibility of particular scenarios with questions such as, is it possible that I have unpaid tax arrears? And, do I really have an extended warranty?
This forces people to catalog each of these stories and then determine for themselves each time whether an unsolicited message poses a real threat based on its content rather than the person’s situation.
No, it’s not personal
Through this inventory of stories and characters, we also found that AARP was personalizing what is, at its core, a set of structural threats, impersonal in nature. Stories often portray con artists as people in the very middle of the reader who use local news to manipulate the elderly.
The real threats are not “lottery scammers” or “Facebook friends”, with a live scammer sensitive to the needs and weaknesses of each intended victim.
There is rarely a human relationship between the cyber-scammer and the victim – no crooks behind the famous “grandparents scam”. AARP bulletins and notices imply that there is – or at least implicitly encourage – this outmoded view of a direct relationship between scammer and victim.
Perhaps even more concerning, according to our analysis of 162 randomly selected AARP blog posts from 518 relevant Internet security and privacy articles, AARP reviews seem to encourage investigation into scenarios, when the engagement of any kind puts people at risk.
In a post alerting people to “8 military-themed impostor scamsthey discuss “prices that are too good to be true,” when the very concept of buying a car on Craigslist, or an “active duty member” selling a car urgently, should be a red flag discouraging any form of commitment.
Internet users of all ages, but especially the most vulnerable populations, should be urged to back off from threats, not be seen as detectives in their own thriller stories.
Protecting the Elderly in an Age of Surveillance Capitalism
In order to reduce everyone’s risk online, we believe it is important to provide a well-organized set of principles rather than presenting people with a set of stories to learn.
Everyone exposed to online threats, but especially those most at risk, needs a checklist of caveats and strong rules against engagement when in doubt.
In short, the best strategy is to simply completely ignore unsolicited contact, especially from organizations you don’t do business with. People need to be reminded that their own context, behaviors and relationships are all that matters.
Because at the end of the day, it’s not just about tools, it’s about worldview. Ultimately, for everyone to make effective and consistent use of security tools, people need a theory of the online world that educates them about the basics of surveillance capitalism.
We believe people should learn to see themselves online as reconstructions made of data, as unreal as bots.
This is admittedly a difficult idea because people find it difficult to imagine themselves separate from the data they generate and to recognize that their online life is affected by algorithms that analyze and act on this data.
But it’s an important concept – and one we see older adults embracing in our research when they tell us that even if they get frustrated at receiving spam, they learn to ignore communications that reflect their “self” to which they do not identify themselves.
Editor’s note: This article was written by nora mcdonaldassistant professor of information technology, University of Cincinnatiand Helena M. MentisProfessor of Information Systems, University of Maryland, and republished from The conversation under Creative Commons license. Read it original article.