The people that can find ~ an information, data and privacy blog
It's been a long twelve months 2017. No doubt many newscasters have had their hand full picking out the most significant stories of the year: between a newly elected president in the United States, an investigation on international election interference, terrorist attacks, devastating hurricanes, North Korea upping the nuclear ante and the damn bursting open on previous silence of sexual harassment within Hollywood and beyond, we are certainly living in interesting times. In the fields of information science, data law and privacy, the past year has been far from quiet, seeing more consequences of mismanagement and attempts to control information even as it flows through more channels than ever. In no particular order, here are ten ways the information landscape changed in 2017:
1) Fake News
What is fake news? Why it must be stories, articles and features about things that didn't happen, reporting on lies instead of facts. How do you know the news is fake? "Because I, [insert name here] say so." The concept of news reporting as having bias isn't a new take; much of media has an innate bias, because the people who write the stories and provide insights do. The moment a report deviates from stating the actions as they happened, assures that an action is good or bad, you're looking through someone else's lens, and its up to your own understanding and values to judge. However, there's a stark difference between innate bias in media and the growth of "fake news" where prominent politicians, media personalities and online experts decry the entire industry, arguing they didn't say what is otherwise captured on record, that events did or did not actually happen at all, that the news isn't news at all but a fairy tale, and the facts are only those they agree with. It's a dangerous form of information manipulation that has individuals picking sides band closing minds to very real problems, threats, and events. While hearing both sides of an argument is critical, if only because both sides are needed if an understanding is to happen, there are facts that remain true no matter what side you're on. The world is round, not flat. Human beings need healthy food, water, and sleep to live. If a person is killed by a shooter they remain dead, no matter how fake the story is decried, and if a shooting did not happen the people involved remain alive; there's no need for further violence. That we question sources is a good thing; however this outcry of ignoring actions on the basis of beliefs is a dangerous trend that has made the past year full of turmoil in the news industry.
2) China’s New Cyber Security Law Is in Force
If your business is selling to the market in China, or using a Chinese provider for data processing services, pay attention to what you're collecting and sharing across the great digital wall. China has long made headlines in the digital world due to it's online restrictions and past challenges of Internet giants trying to set up shop on Chinese soil, and this summer enacted a new law intending to guard against cyber threats both inside and outside the border. The Cybersecurity Law of the People’s Republic of China makes the middle kingdom’s position on data sovereignty clear: if it is generated from or is sent to China, the data is subject to Chinese law. Provisions include Article 37, which states personally identifiable information on Chinese citizens must be stored in China, Article 47 which places an expectation on network providers to police information published on their platforms, and Article 50, which provides State information network departments the right to contact network providers over information they feel should be deleted or blocked. Add this to the development of personal credit scores, and we’re seeing a very new level of information control within the Middle Kingdom.
3) FCC Changes the Course of Information in the United States
Oh FCC, you've really done it now. Between your March 28th ruling stopping laws from blocking Internet Service Providers (ISPs) against selling user web habit data, to the December 14th choice to abandoned Net Neutrality, it's clear who you're working for now, and that isn't the people. Both rulings threaten some of the basic tenements of privacy, and freedom to access information within the United States, potentially with global ramifications. Allowing ISBs to sell web habits, much like Facebook, gives them a cache of information previously unaccessible: every site a user visits, ever action caught by at-home Internet of Things (IoT) device could now, be potentially sold to markers. The removal of Net Neutrality opens the ability to treat online streaming like cable packages; access to sets of social media or sites, with a pay more model to access different items, and potential throttling of websites, including viewpoints or services, the ISP isn't a fan of. How far these changes will affect access remains to be seen: already individual states are proposing internal net neutrality laws, with some state attorneys including those in Oregon, Washington and Illinois suing the FCC for ignoring the submission of blatant false evidence before the vote. The Internet in the United States to put it bluntly, is no longer what it was a year ago.
4) Equifax Hack
Equifax, you've really done it now. Equifax isn't simply notable in the sensitivity of the information stolen, including social security numbers, or the size, 143 million accounts breached in the U.S. alone; a third of the population. No, what's the most noteworthy about the Equifax hack is how bad a company could respond, let alone one in the business of selling identity theft protection solutions. When it comes to things gone wrong, this story has it all: insider trading, an underhanded attempt to avoid being sued, sending victims to a hacked website, blaming a single employee on the mess… the list goes on. Equifax wasn't the last hack of 2017, and make no mistake there will be more in 2018, but hopefully it will have raised a few flags for businesses on how not to deal with a crisis.
5) The Highs and Lows of Apple
Apple of course, continued to make headlines: as the Forbes number 1# ranking for most valuable brands in the world, how could the business not? However, not all of the news has been good news for iOS lovers: to begin with, in an year where 'data breach' has happened with increasing frequency, the exposure of a major High Sierra flaw wasn't a pleasant wake-up call for fans of the system. Apple and fans have often touted the system as more secure, but that reputation is hard to hold onto when you release an update that allows anyone to get root access to the new system. 2017 has also seen the release of the iPhone 10, considered revolutionary by many, a step back by some privacy enthusiasts. Sure, unlocking your phone by looking at the screen sounds cool, but how hard is it really for others to unlock the phone for you? Worse, what happens to that biometric data once it gets stored, and who else can access it? While Apple will likely absorb these hiccups and continue mobile dominance in 2018, it will be curious what full impact these black spots will have on the next year and future upgrades.
6) Uber Upsets
Hey Uber, you love being a centre of controversy don't you? While Uber's top story in 2017 remains the tell-all blog written by a formal female employee, Susan Fowler, who described in detail the business's active sexism in its workforce, information and security experts have also listed the business under "what not to do" when you've been hacked: in particular, don't expect a cover up will make a data breach go away. In November it was revealed that Uber was hit by a ransomware attack, and rather than tell its base, paid up in hopes the attacker would shut up. Unfortunately, when the story hit the media, Uber's attempt to keep it silent completely backfired, drawing even more attention and outrage towards the hack than they might have self with if going public when it happened. While Uber may not have been in the wrong paying the ransom to keep the information private, keeping users in the dark about their personal information being stolen resulted in another hit towards the business's trust, with international lawsuits piling up, which will unquestionably add to the $100,000 price tag Uber paid for silence in the first place. Apparently it doesn’t always pay for businesses to keep their customers in the dark.
7) Yes Virginia, in Canada Your Texts Are Private
Oh Canada! My home country, alas when it comes to cyber security issues you're not off the hook. Two stories were particularly catching for Canadian privacy enthusiasts: first, Bell Canada one of the country’s largest telecoms suffered it’s largest data breach to date: 1.9 million emails exposed, ouch! The full fallout remains to be seen, but this December may have provided a clue, with the results of a class-action lawsuit where the Canadian government has been ordered to pay out $17.5 million to those Student Loan recipients affected by a prior breach in 2013. On the up side, also in December was a win for privacy protection, with the Supreme Court of Canada deeming text messages private communications. There are also proposed changes to PIPEDA, but until they pass that will be left for next year's list.
Who wanna cry? U.K. Hospitals wanna cry, as did a large number (over 300,000) of computers who were affected by this nasty ransomware bug that hit hard in May. While ransomware itself isn’t news, WannaCry lead the conversation due to the dire consequences of its takeover: by getting into hospitals and medical systems, it had an immediate impact on paramedics and the emergency room, two areas with no time to spare. Worse, Wannacry didn’t go in through the usual “don’t open that email link” backdoor: the attack was creased using NSA EternalBlue exploit and an existing Microsoft venerability to move from computer to computer inside a network, taking systems hostage before switching to the next target. If nothing else, Wannacry highlighted the importance of patching systems right away: Microsoft had fixed the vulnerability months prior to the attack, highlighting that it isn't the software developers who need to improve security vigilance, its individual systems administrators and, more critically, business management investing in upgrades, operating procedures and managing expectations. If your company doesn't have a solid system in place for patching critical systems when updates are released, you need a plan, yesterday.
9) Border Wars: Privacy When Traveling
Travel was highlighted a few times this year, most notably thanks to the United States travel ban, which after several revisions and appeals is still in the courts. For technology enthusiasts, trouble at the border has had a different spin: now more than ever stories are coming out not only of travellers being forced to unlock their devices, but from agents viewing internal material, to the point of flipping through private emails or making a complete copy of the data for later inspection. Needless to say this search and seizure without a warrant is a huge privacy issue, not to mention a security concern for workers such as Sidd Bikkannavar, a NASA employee required to carry sensitive information as part of their job. A 'how-to' was written earlier this year for any one carrying an electronic device via airlines, but with more and more horror stories about how much information is searched and saved, not to mention and questionable treatment of data privacy by border officials, the best solution is a simple one: if on the go switch to temporary device and social media passwords that can be reset later, run a back check on what you’ve posted via social accounts, and keep all of your documents in a secure cloud space until well after landing.
10) Bitcoin and Blockchain's Growing Prominence: Oh My!
Unless you've been under a rock this year, you've heard of Bitcoin (in which case hey, can I join you?): 2017 has been cryptocurrency’s year, hitting value at $10000 per coin, and a spot in the world financial system, although the jury is still out on who should be investing. Bitcoins, Etherium and other similar digital Initial Coin Offerings (ICOs) have their fans and enemies, the argument shifting between cryptocurrency as the future of financial systems and those that point out the system is dangerously unregulated. Still, while the future of cryptocurrency is anyone’s guess, one group is already riding the waves to success: developers of blockchain, the underlying technology behind cryptocurrency that is showing potential as a game-changer in a lot of fields, most notably supply chains. I expect to hear more in 2018 and 2019 as the technology evolves; I only hope that privacy is implemented into the evolving design.
- 10 Ways the Information Landscape Changed in 2017December 31, 2017
- Hi-Tech Holidays: Put Privacy in Mind When Picking out PresentsNovember 30, 2017
- Fake News vs Free Speech: Facebook’s Festering Information ChallengeOctober 31, 2017
- Blockchain and Privacy: the New FrontierSeptember 30, 2017
- Five Security Lessons from Game of ThronesAugust 31, 2017