Privacy rights took a hit when Congress and President Trump decided to roll back rules adopted by the Federal Communications Commission (FCC) at the end of the Obama administration regarding online data collection. As Carl Weinschenk wrote:
Among other things, they mandate that consumers give their permission (“opt in”) for their location, browsing history and perhaps other data to be shared …
IT staff, organization leaders, and the average citizen have all expressed levels of concern over this about-face in regard to ISP privacy. Now security professionals are chiming in with their opinions on how this decision will affect cybersecurity for consumers, for businesses, and for global relationships. Here’s what they had to say.
Security Pros Give Their Opinions on ISP Data Privacy Rollback
IT staff, organization leaders, and the average citizen have all expressed levels of concern over the FCC about-face in regard to ISP privacy. Here’s what the security experts say.
Washington Needs to Take a Stand on What Digital Privacy Is
“Recent events have brought debates around digital privacy into the spotlight, and we have finally hit the breaking point. To tackle this important issue, we need the national government to take a stance on what our digital privacy is. Is it an immutable human right? If so, there needs to be explicit legislation that goes beyond what is currently in place. It needs to protect each and every citizen and hold those who might put our privacy in jeopardy accountable for their actions. This will be the most important cybersecurity decision in the next year and it will shape the security and privacy landscape for years to come.”
Carl Herberger, vice president of security at Radware
Businesses Need to Be More Mindful of Encryption and Data Sharing
“Some IT pros believe the privacy changes could lead to major consequences for businesses and the larger security market. For example, if ISPs aren’t required to provide the same level of protections when managing company data, we should expect to see more data leaks and less responsibility taken by companies for the breaches. Many IT pros also believe that if these privacy changes are put in place, data encryption will be even more important to prevent potential leaks. But as we know from the Spiceworks encryption report, most businesses are not currently encrypting their data at rest.”
IT Analyst Peter Tsai of Spiceworks
Eroding Trust in Privacy Framework
“Unfortunately, one likely outcome is that this will be another blow to the trust in the U.S. privacy framework from European regulators that may make challenges or skepticism about Privacy Shield grow. Also, this means that FTC may have to step up by ‘making examples’ of companies that act badly.”
Dana Simberkoff, chief compliance and risk officer at AvePoint
Wake Up Call That Business Needed
“The fact that your ISP can sell your browsing history to the highest bidder is a wakeup call. To help protect our privacy from looming ISPs, today’s internet users must set up a proxy server or VPN, at the most basic level. The only problem is most people don’t even know what a VPN is, let alone how to manage one. If you obtain a VPN and get it set up, guess what? You need one for your house, your mobile devices, and you have to manage and pay for it.”
Ajay Arora, CEO and Co-founder of Vera
Find Out What Our ISPs Actually Collect
“The first thing concerned consumers should do is call their ISP and ask for a copy of their data logging policy. If they do not have a clear statement against logging web traffic, then assume that they are going to be logging it. If that is the case, then consumers should try to change their ISP. If they cannot change their ISP, then I recommend using Privacy Badger and HTTPS everywhere to boost online privacy. Both of these free browser add-ons are created by the EFF and should be done at a minimum.”
David Cox, CEO and Founder of LiquidVPN
Threat to World Economy
“The repeal of the rule on privacy of customers of broadband services is a major loss of both the privacy and security of U.S. citizens and customers of internet service providers. This is only increasing the profit of ISPs, at the cost and sacrifice of privacy and security of citizens without transparency and consent. When cybersecurity is a major threat to the world economies, businesses and consumers, which was a major discussion point during the World Economic Forum, and with some countries especially in the EU taking citizens’ personal data very seriously, in 2018 a major regulation known as GDPR is being imposed to put data protection back in the hands of the citizen to counteract cybercrime and excessive collection of data.”
Joseph Carson, chief security scientist at Thycotic
Who Ends Up Paying to Mine that Data
“To be honest, it’s not good if the ISPs can actually put a Big Data architecture in place that would be able to take advantage of the information they are now going to have open season on. And this is about the only saving grace. The volume of data is going to be huge and the cost of mining through it is likely to be extraordinarily large. However, If they sell access to the data (to pharmaceutical or industry to do direct targeted ads/marketing), then they take the burden off themselves.”
Chris Roberts, chief security architect at Acalvio
Businesses Care About Privacy
“Businesses are specifically concerned about the privacy of their employees, and most importantly, the confidentiality of their business. Enterprises do not want their executives’ movements tracked or their business development browsing history profiled. While individuals have limited leverage, large enterprises have much more sway and would be able to demand what individuals may not be able to get.”
Nimrod Vax, co-founder BigID
Up to Us to Protect Our Own Privacy
“It’s now up to all of us as consumers and businesses to protect our own privacy. Enterprises and SMBs should take steps to encrypt their websites with HTTPS. Doing so will hide any content transferred between the business’ app or website and the end user’s device. It will not hide the domain of the website visited, but everything else is secure. This is especially important on any web page that asks for user input. HTTPS certification is now cheaper and easier than ever thanks to certificate authorities like CertBot and LetsEncrypt.”
Paul Bischoff, Privacy Advocate at Comparitech.com
Concerns About Profit Over Privacy
“The fact that the U.S. Congress voted to repeal these internet regulations and the President moved forward with signing the resolution into law is extremely concerning. Even more concerning is that by lobbying for this change, internet service providers (ISPs) and telecoms companies have demonstrated that they put profit over their customers’ wellbeing and security. Legislation like this changes consumers from ISP customers into ISP products. The amount of vast personal data ISPs and other companies will be able to collect will create a huge honey pot for any adversary wishing to obtain information on innocent Americans.”
Jacob Ginsberg, Senior Director with Echoworx
Is This Just the Beginning of Privacy Loss?
“While businesses will be able to increase revenue by either selling browsing data to advertising networks, or to use it themselves to target more services to their users, it will become harder for users to find ways to prevent this sort of tracking and have the ability to determine for themselves how they want their personal information to be used. Furthermore, it will be interesting to see if additional decisions are made by the current administration over the next few years, which may piggyback off of this decision to further strip away every individual’s right to protect their personal data privacy on the internet.”
Nathan Wenzler, chief security strategist at AsTech
