by Daniel J. Solove
I’ve really been enjoying the new TV series Mr. Robot on USA. Network. It presents highly-engaging depictions of hacking and social engineering, and it is great entertainment for privacy and security geeks.
The protagonist is Elliot Alderson (played by Rami Malek), a tech who works at a cybersecurity firm in New York City. The show is narrated with voiceover by Elliot, and we get a glimpse into the mind of this reclusive and quiet person. Voiceover can often falter as a technique, but here it works wonderfully — and all the more impressive because Elliot speaks softly, often in monotone. But Elliot is such a fascinating character and Malek delivers Elliot’s monologue so effectively, that it becomes surprisingly engaging.
Elliot is very smart and clever, and he sees many around him as idiots. He suffers from severe bouts of depression, is a recluse who wants to be invisible, and he is very awkward around other people. He lives most of his life inside his head. The show presents the stark contrast between what he says to others and what he is thinking. In one scene, we see him speaking to his psychiatrist, telling her hardly anything. But we hear his thoughts and know that he is pondering quite a lot.
At his day job, Elliot defends against hackers, but like a fireman who is a pyromaniac, Elliot hacks in his spare time, breaking into the accounts of nearly everyone he meets. In just a few episodes, we see a smart phone hack, a brute force attack, and many other examples of hacking and social engineering. The show makes it engaging without dumbing things down.
When it comes to technology, the show is more careful about details than the vast majority of shows. For example, bloggers broke down a scene in Episode 3 about hacking an Android phone and noted that “most or all of the tools on display in the brief scene are real. Android power users could hardly fail to miss the root permission Super SU as it flashed on the phone screen.” One blogger even broke down the scene with screen shots showing the installation of spyware.
The show demonstrates how fascinating data security is, and the show has something to teach for those who train lay people on data security. The topic need not be boring or complex; it really can come to life and be understandable if presented well — and this often involves using stories and teaching people how readily their data can be exposed. In the show, corporate data and personal secrets get exposed, thus driving home a key point: Data security isn’t just something people need to know for their employment; it is also something people need to know for their personal lives.
The events that set the show in motion center around Evil Corp., an enormous conglomerate with a logo similar to Enron’s. Elliot loathes Evil Corp., blaming it for causing his father’s death. But ironically, Evil Corp. is the biggest client of the security company he works for — Elliot helps to protect Evil Corp. while desiring to destroy it.
But it might not stay that way for long. Elliot meets a man named “Mr. Robot” (played by Christian Slater) who runs a hacking group and who wants to recruit Elliot to help take down Evil Corp.
It is not clear yet what is real and what is imaginary. The show depicts things from Elliot’s point of view, and there are doubts as to how reliable a narrator Elliot is. Elliot is a deep and interesting character, He breaks countless laws and destroys people’s lives, but he has a moral code. He is not motivated by money or fame. To most of the world, he’s just a soft-spoken, polite, and shy engineer, typing away in a cubicle. But there’s so much more going on in his hidden universe.
I am eager to see where this show goes. I hope it can keep up with the level of the first few episodes. I recommend Mr. Robot highly, especially to anyone interested in data security. For those of you who haven’t seen it yet, you can catch the first few episodes online here.
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics.
Professor Solove is the organizer, along with Paul Schwartz of the Privacy + Security Forum (Oct. 21-23 in Washington, DC), an event that aims to bridge the silos between privacy and security.