Equifax, Facebook, & Foreign Governments: What Have We Done Since?
Throughout the 1990’s, after the dawn of the Internet, people (and kids especially) were repeatedly taught the dangers of our interactions with the Internet. In the online world, our parents made sure that we did not give away any personal information. Our parents made sure that we did not communicate online with strangers. Our parents made sure that we did not “spend all day staring at a screen.” In the 2000s, as the world got more comfortable with social media and the Internet/apps exploded onto phones across the country, we quickly and freely gave away personal information (location, email addresses, credit card info), talked to strangers (dating apps, social media, Whatsapp groups), and spent all day staring at a screen (examples unnecessary – everyone knows what I am talking about).
We shifted from a fear of the Internet (although it was cool and fun from the beginning) to complete reliance and comfortability within this space. Our online identities morphed into our own real-world identities; there was little we weren’t trusting with online services that we weren’t comfortable sharing with our parents or friends. Then, in the past few years, we have been reaping what we sow. From hackers obtaining millions of social security numbers from online social security providers to foreign governments hacking emails and manipulating social media to influence elections to tech CEOs being summoned by Capitol Hill, we hit a wall where all the fun and excitement of the new technologies available to us collided with reality. All the things we do and share online are not just a “fun thing,” but what happens online can have real-world implications for people when misused.
In the aftermath of some of the most prolific instances of consumer privacy and identities being violated online, organizations like the European Union implemented the GDPR to bring companies and organizations with a web presence (read: everyone) in-line with a certain set of standards. Of course, this made a lot of people think, “After all the Congressional hearings, after all of the investigations, what sweeping policy changes have been made by the United States’ government to combat data misuse and protect consumers?”
Robert Johnston is the Founder and CEO of Adlumin, a software company that provides cloud-native, cybersecurity and SIM solutions. Johnston, a former Marine Corps Captain, was the person who discovered that the Russian government had hacked the Democratic National Committee and later discovered the same about the hacking of the Joint Chiefs of Staff. In regards to what policies the United States government has implemented since all of those events, “The United States government has not really implemented anything yet. When you compare the United States to Europe’s GDPR, we already had very stringent data-privacy legislation. The thing is not with the public outcries, private companies are making moves to better police themselves.”
“Now, you have much greater control over your data privacy, and you can choose what you want to share. A lot of that is being done by self-policing by the companies and organizations themselves.” Even though companies have been making significant moves to improve data privacy for their users, Johnston still feels that legislation is coming. “The Hill and Congress are still probably going to pass some type of legislation. There is too much public outcry for protection. The government knows they want to do something. They just don’t know yet what they want to do.”
One interesting thing that Johnston has noted is how crucial it is that organizations and people protect their credentials. What are we learning from the investigations behind many of the most significant manipulations and thefts of consumers’ data? “We are learning the importance of credentials. They figured out your username and password, through various means, and once they had one username or password, it opened up so much more information to be stolen once they had had one credential. The username and passwords that live in your organization are the single biggest things to protect an entire organization’s security.”
This will not be the last time that you read the news on your phone and see that there has been a major privacy scandal. There will be more. The hope is that they are less frequent than they have been in the past and significantly less damaging. While companies like Adlumin seek to protect organizations, it has yet to be seen what major steps the government will take to ensure our protection as well.