Hello cybersecurity, my old friend...
Happy (belated) New Year, everyone! It’s already started at breakneck speed for technologists, with a continuation of the wildly fluctuating value of Bitcoin, horrifying evidence of privacy breaches being used to sway national opinions and the latest, insidious backdoors into the CPU chips of 99% of all computing devices – yes, backdoors into the brains of everything from your laptop and phone to your washing machine and fridge.
What a time to be alive.
Within the first three months of 2018, we’ve learned that Facebook essentially has no clue what happens to your personal data when they sell it; but you knew you were the product, right? So if that Farmville app you used to play obsessively happened to push all your friends’ data while you planted corn, they aren’t responsible. Just remember that this practice may have extended to Instagram and Whatsapp, companies that Facebook bought in 2012 and 2014 respectively. Oh, and Whatsapp message encryption? It does not cover the sharing of your contacts and their phone numbers with Facebook, its parent company.
Think all the hubbub about Cambridge Analytica harvesting data from Facebook’s API means nothing to us in the Caribbean? The parent company of Cambridge Analytica, SCL Group, has insinuated itself in elections and referendums in St. Kitts and Nevis, St. Vincent, St. Lucia and Trinidad and Tobago. Remind me again, what is Barbados constitutionally obligated to have before June 1, 2018?
Don’t think that Google, Amazon, Microsoft, Apple or other tech giants are any better. You may only find a deeper problem, now with cute speakers and names like Alexa, Siri or Cortana.
Run your business on Facebook or other US services for various reasons? Let avoidance of legal responsibility not be one of those reasons. The Clarifying Lawful Overseas Use of Data (CLOUD) act just passed by the US Congress lays a new framework by which countries can develop executive agreements with the USA for mutual legal assistance, allowing local warrants to be served on data stored in the USA and vice versa. No matter the arguments for and against the act, many countries will being rushing to the negotiation table.
Happen to work with clients from Europe? You will have to understand how this act will work in conjunction with the European Union’s General Data Protection Regulation (GDPR) and get your company – or country – GDPR-compliant in less than 50 days.
Don’t quite look to distributed ledger technology or Bitcoin for assistance in this privacy-deficient environment. Bitcoin has plummeted in value since the end of 2017, from a high near US$20 000 to US$7 475 as at April 3, 2018. Measured and responsible development of blockchain technology applications continues to war with get-rich quick schemes, or initial coin offerings (ICOs) that too closely resemble unregulated initial public offerings (IPOs), inviting crackdowns from regulators to advertisers. Regulators in China, South Korea, the European Union and the United Kingdom are also scrutinising Bitcoin and its backbone technology to stave off economic bubbles that could jeopardise the slow recovery of the global economy and weaken local currency restrictions. Meanwhile, Russia and Venezuela have proven ever-resourceful in avoiding sanctions through implementation of the Petro cryptocurrency.
That’s just the online and regulatory scenes. Even hardware is unsafe now, as two serious vulnerabilities named Meltdown and Spectre have been proven to allow access to critical data without leaving any traces on typical logs. Software patches have been developed for these attack vectors, but we are talking about patching every Intel, AMD and ARM chip developed, sold and still in use since 1995. To cover everything sold last year alone means updating refrigerators, washers, smartphones, laptops, desktops, tablets, televisions, monitors, ovens, ranges, cars, etc. etc. ad nauseum.
This is just the end of Q1. Hurricane season and elections roll around in 60 days; disaster recovery plans need to be dusted off, biannual IT audits are due and employees must be given time and privacy to exercise their civic duty.
If ever there was a year to budget for technology, compliance and strategic assistance, 2018 is definitely it.
(Leiska Evanson is a business analyst, digital marketer & project manager. Guide to business in the Caribbean)