Uncategorized

Ignorance is Bliss

There is no federal legislation that requires organizations or individuals to notify victims of online data breaches. (Tucker 2014)  Something I found pretty cool considering the frequency of data breaches of major companies lately.  It varies state to state.  So when Target or TJX or the next company to lose your personal information waits months to let the victims know that their personal financial information has been stolen there is very little legal recourse for the victims.  Especially if the company resides in a stat in which the laws are lax or non existent.
This is definitely a case of technology outpacing legislation.

I don’t believe ANY digital security failure should require release to the public.  If every site that found an insignificant breach released that information to the public we would be totally inundated by the information that when we actually needed to pay attention and take action the public would be too complaisent.  On the other hand though we shouldhave a right to know whenever our ‘private’ information has been accessed.  Mat Honan of Wired was social engineered out of a twitter account by someone else accessing his personal information and posing as the account holder.  His apple and gmail accounts were just collateral damage.  Luckily the hackers were just in it for his twitter account, had they wanted to cause serious damage they could have with all of the accounts they got access to. It wasn’t even from Apple that Honan found out his account was accessed by someone else, he was notified by one of the hackers.  (Honan 2014)  If the policy was to verify or notify whenever private information was accessed there may have been a chance to stop all or part of this hack.

It doesn’t make me that much more wary to shop online knowing how at any point our data could be accessed by a third party and there is no rush by the party that was breached to let me know about it.  I was already wary of corporate online security so I don’t shop online much as it is and I certainly don’t bank or send financially sensitive information to my email(s). I use a third party site rather than give online retailers my credit card number, but heartbleed may have affected that site as well.
I wouldn’t say I am more or less likely to shop online.  Definitely less likely to bank online.  I am also one of the people that doesn’t tie all of their accounts to each other and then use the same password.

 

 

 

Sources:

Honan, Mat. 2012. Wired. “How Apple and Amazon Security Flaws Led to My Epic Hacking.”
Retrieved from http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/all/

Tucker, Eric. 2014. Associated Press. “No Consensus on How to notify Data Breach Victims.”
Retrieved from http://www.nwitimes.com/business/local/no-consensus-on-how-to-notify-data-breach-victims/article_83f5e298-6443-5a2e-a06b-0eb22b4b9714.html

Advertisements
Standard
Uncategorized

Edward Snowden was a systems administrator for the NSA.  His job gave him access to classified documents about the inner workings of the NSA, namely who they were keeping tabs on and how they were able to do so.
He took it upon himself to copy thousands of said documents and contact documentary filmmaker Laura Poitras and Glenn Greenwald of the UK newspaper The Guardian.  This decision made Snowden a wanted man.  By the time the NSA realized there was a breach he was gone, having hopped a plane to Hong Kong to escape the inevitable charges that were going to be levied against him.  Shortly after the release of the classified documents Snowden ended up in Russia with the help of Julian Assange.  Snowden remains in Russia, where Putin has given him asylum for a year.  He has expressed the desire to obtain asylum in a democratic country rather than try for a longer stay in Russia.

The classified information that has been published shows that the NSA is spying on every method of electronic communication, from emails to xbox live, to cellphones to the Tor network.  Who you talk to, for how long and where you were when you called are all stored in a government server in one of the many data centers around the country.  What websites you visit, what you search for on the web, who you email, bank records, medical records are all known to the NSA.  Software companies are paid to insert backdoors for NSA surveillance.  “Secure, Anonymous” browsers like Tor offer no such safety.  Even this that I’m writing right now could possibly(probably) put me on a list somewhere.  It is not for people who are suspected of a crime, it is everyone in America that has a cell phone or internet access.  This is just the tip of the iceberg.  During Glenn Greenwald’s interview last Friday by Bill Maher on Real Time, Glenn said that he had many more documents than what he published.  What we know was “safe” to publish.

I think that it was a good thing that Snowden leaked this information.  It is very telling that he didn’t choose to release it to the mainstream American media.  This exonerates alot of people that after the passage of the Patriot Act were marginalized as conspiracy theorists for their fears of government surveillance of innocent civilians.  It is sad though how many others must have had access to the same information and they were willing to be complicit in breaking constitutional law rather than show America we were being spied on.  Let alone try to stop it.

Sources:
http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption

http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security

http://en.wikipedia.org/wiki/Edward_Snowden

http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data

Link