The U.S. GDPR
The U.S. Congress is now working on data privacy rules much like the E.U. Our leaders on the Hill consider legislation to protect data, privacy and punishment as cybercriminals continue their reign of terror. All of this activity moves at a slow pace, dragging on as if we don’t want to protect people from online predators.
Ironically, U.S. companies doing business in Europe have to follow General Data Privacy Rule (GDPR). These are rules and expectations we don’t have in place across the United States. Therefore, we are letting Europe lead when it comes to cyber rule, although we are the most innovative country on the planet. You would just need to think of Facebook, Google, Apple, Amazon etc.
The hardest issue in cybersecurity is that people give their right to privacy away and creating doors to let the bad guys in. Many times, they do it without realization of the consequences from their actions. In parallel, technology automation is dictating a dual virtual life with real-life implications. In both cases, the user is not seeing the value of data and their likeness. The result is that third-party organizations profit from their digital ignorance.
Some apps in our cellular devices can also make videos or take screenshots of our daily activities on the phone. This means that whenever we open our bank or credit card statements, the app developers access our passwords and personal information and are free to do whatever they wish with this private data. More often than not, the App owner-developers send it to third-party companies who utilize this information for their marketing and advertising campaigns. They carry on with this activity without our or any user’s consent. This, in turn, leads to various security threats.
The crazy part is that users have no choice in the terms laid out by the App owner. We go by their rules if we want the convenience of their software products. However, the threat against us is growing such that checking the terms of the agreement is now prudent. And, users should accept those services that are free from these intrusive policies. Doing this will keep all users safe from fraudulent activity initiated by someone using their personal information. This also slows the selling of the user’s personal information unknowing.
We must also contemplate the fact that the overall pace of technological advancements ultimately leads us to an era of the self-autonomous web system. While these autonomous systems may create an entirely new level of convenience for the masses, we do not know whether they will be utilized for our betterment or not. Hence, we cannot depend solely on technological advancements and must play a fundamental role in safeguarding ourselves from security threats and data infringement. We can take the example of dual-use technologies and their impact on cybersecurity. The two key forms of online dual-use technologies include cookies and malvertising.
The HTTP cookie or browser cookie, more commonly known to us, has the propensity to act as gateways for hackers to access our information. The reason for this is that cookies, in light of their basic structure, can store themselves on the browsers of different users. This code are small pieces of data which could either be safe from the user’s standpoint if they are encrypted or they could be infected with malware that is easily installed in computer systems.
Malvertizing is another vector for online data theft or malicious advertising. This is another prevailing issue for web users as these software tools carry malware which could be installed by clicking on online advertisements. The reason why people are more susceptible to accessing these advertisements is they are present in even the authentic online websites. People believe the presence of legitimate brand presence on a legitimate website guarantees the security of each click. Hence, the user accesses it without careful evaluation. As a result, people and their personal data are exposed to cybercriminals and fraudulent activities.
The majority of governments around the world are not doing their part in minimizing these threats. The internet is a dangerous place and there are no police to even manage internet traffic, let alone catch jewel thieves. At least the EU is trying with their GDPR. The EU’s data protection laws were enacted in lieu of stricter policies. Businesses and vendors, under their jurisdiction, must first get consent from users before they can set up cookies in their browsers. If the user consents to these web cookies, only then can the companies access their personal information and use it to further their productivity. This is a good step taken by the EU and should serve as an example for other countries. Decisive action against cybercriminals and “spyware” regulation is not an option for lawmakers. It is their responsibility.