Meanwhile back in the real world: Cyber Security Questions

If the American media can get off the horse race/predictable elections tangent it’s been on of late, there are some stories needing far more explication and analysis than they’ve received, a not-so-modest-list on one topic:

Cyber Security:  There are questions in this realm that need to be explored, and if I had my druthers there would be far more discussion of —

(1)  How individuals can secure their data, or at the very least be assured that the results of data mining operations can be regulated such that breaches can be minimized and misuse mitigated?  If you aren’t a bit disturbed by recent Congressional action to allow the collection and compilation of your information from the Internet to the providers — without your consent, and certainly without paying you for it — then please give this another thought or two.   There’s been entirely too much “ho hum” attached to reports of data breaches.  This, in the face of the fact that 47% of data breaches in 2015 were either malicious or criminal in nature.  In 2015 Anthem Inc. was hit, 80 million customers at risk; in 2014 Ebay was hit, 145 million customer records were compromised; also in 2014 76 million JPMorganChase customers had their data in peril. [Bankrate]

There have been other breaches, which hit the news flaring like a roman candle on the 4th of July, and then flaming out of view just as quickly.  Ok, the subject matter is technical and explanations can be tedious, but aside from advising people to secure their data and change passwords, etc. the media has been behind the story in too many cases.

(2) No state Secretary of State and no local election officials want to be the subject of allegations they’ve not secured voter information.  Our ears should perk up when any one or more of these officials say things even remotely related to “it can’t happen here.” We know that this has happened in at least 39 states, and it obviously DID happen here.  Again, if “meddlers” (a kind word for foreign interests — Russian) want to muddle our elections then a break-in to election rolls, coupled with a few changes here and there, mixed with the already documented problems with the Cross Check program, is an obvious recipe for serious issues.

Update:  And the the WTF Moment — Secretary of State Tillerson says his desire is to work with the Russian government on…Cyber security.  We might want to wait on this until we find out the full extent of Russian efforts to intrude on our election systems and election information sources??

(3) Now, imagine that a breach can be made of such things as the Republican National Committee data on US voters. Oh wait.  It has been left vulnerable, for 12 days no less, simply sitting in a cloud file in a nicely packaged spreadsheet format– of nearly 200 million people.  This may not count as a “breach,” perhaps more like a giant leak.  And, will this major spill be investigated?  Broadly reported? Endlessly analyzed?  If the past is any indicator — probably not.  Yet, if major parties or marketers are allowed (maybe even encouraged) to compile large files of voter/customer data, then what liability do these entities have in terms of securing what has been collected?

Common sense would appear to dictate that “if you collect it you must secure it.”  Further, we need to ask: Are current penalties for storing data in such a state that it is vulnerable to attack sufficient to deter collectors from sloppy data management systems? If you haven’t heard talking heads opining on this lately,  neither have I.

Perhaps we should.

Comments Off on Meanwhile back in the real world: Cyber Security Questions

Filed under Politics, privacy, Privacy and Civil Liberties Oversight Board, Voting

Comments are closed.