Share on Social Media:

California Enacts New Privacy Law

The Golden State claims to have blazed a trail in the protection of online privacy.  The California legislature has passed, and Governor Jerry Brown has signed, an online privacy bill that its supporters say requires full disclosure and the right to opt out of data sharing and third-party sharing. The consumer will also be able to delete collected data if he wishes.

Image result for california images

Some consumer advocates are unsatisfied with the bill. They say that businesses should be required to obtain opt-in consent before collecting or sharing user data. Some internet service providers and online advertisers fiercely opposed the bill, though, so it couldn’t have been entirely toothless.

All parties will have ample time to adapt to the new law. It won’t be in force until 2020.

Was the privacy bill necessary?

Advocates of the privacy law point to recent events that they say indicate need for action. Among these are a pattern of serious data breaches, Cambridge Analytica’s use of Facebook data, scrutiny of tech platforms by Congress, and the FCC’s handing off of online privacy concerns to the FTC.

An even tougher data privacy bill had been scheduled for placement on this November’s ballot. Now that the California legislature has acted, though, the sponsors of this tougher bill have agreed to abandon their effort.

The lobby that most actively promoted the bill is Common Sense Media. Two Democrats, Senator Robert Hertzberg and Assemblyman Ed Chau, introduced it n the legislature.

Did anyone object?

Some analysts say the new law will bring more harm than good. The critics argue that web users gladly exchange personal data for free goods and services. The new law would inhibit these exchanges. Web users, then, would miss out on many essential services- or would have to pay for them.

Some privacy advocates say the California law doesn’t go far enough. They want the ‘opt out’ standard replaced with ‘opt in’. In other words, ISPs, browsers, and social media couldn’t collect user data without express consent from users. Under the the new privacy standard, consumers can opt out of sharing or commercial use of their data. But they have to act affirmatively to do so. They waive their online privacy unless they remember to act affirmatively to protect it.

The new law incorporates a separate children’s rights section. This section does require opt in parental consent for sale of data from minors under 16 yeas old. The law provides for fines and lawsuits for breaches of this section.

Will other states follow suit?

Will California’s online privacy bill be a model for other states? It’s too early to tell. The state’s political and cultural climates are so unusual, it can be difficult to predict when its accepted practices will be adopted elsewhere.

 

(For the most reliable internet connection, contact Satellite Country. We can help.)

Share on Social Media:

THE DAY THE INTERNET DIED

Internet_outage_map_October_2016

Is It Impossible?

The event had long been predicted. Most of us scoffed at the alarms, though, thinking they were merely the paranoid mutterings of conspiracy theorists, or cynical self-promotion by merchants hoping to profit from mass  hysteria.

The internet couldn’t possibly fail. A few websites might be vulnerable to hacking and malware, but the backbone of the internet was decentralized, robust, and thoroughly secure. We could always count on it. The dreaded day of Electronic Apocalypse would never arrive.

The Fateful Day Arrives

On Friday, October 21, 2016, the alarmists were proven right. The first wave of attacks began early in the day: about 7:00 a.m. Eastern Standard Time. This was in the midst of “rush hour” for internet use in America, with tens of millions casually reading the news, tweeting, and reviewing their Facebook pages. Some of the most heavily trafficked web sites and internet services in the world were knocked offline, including Netflix, Reddit, Etsy, Twitter, Spotify, AirBnB, the New York Times, Sound Cloud, PayPal, and the PlayStation Network. By about 9:00 a.m. EST, the affected services were operating again. They had apparently succeeded in repelling the attacks.

The day was not over, though, and the hackers were not finished. A second wave of attacks began just before noon EST. Yet a third wave began just after 3:00 pm.

The internet outages were especially severe and prolonged on the U.S. East Coast, where most of the affected servers were located. Widespread severe outages also afflicted California, the Desert Southwest, the Pacific Northwest, some Gulf Coast states, and parts of Europe. Asia, Africa, and Latin America saw very few outages.

What Caused the Outages?

Friday’s attacks on the internet were distributed denial of service (DDoS) assaults of Dyn, an internet performance management firm that provides Domain Name System (DNS) services. Dyn described the raids as “a very sophisticated and complex attack”.

A DNS service is, in essence, an address book for the internet. Reading the web addresses we see on our browser tabs, the DNS service finds, and connects us with, the corresponding servers so we can receive the content we request.

A DDoS attack overloads a server with fake service requests, consuming its memory and bandwidth, so it has little to none left for legitimate requests. To the web surfer, it appears that requested pages are busy. The hackers prolong the outage with automatic repetition of their requests. Even innocent surfers can aggravate it by refreshing their requests from unresponsive pages.

The source of Friday’s attacks was a botnet (artificial intelligence application) called Mirai. The botnet army took control of, and then launched its attacks from, a host of lightly secured webcams, fitness monitors, location devices, DVRs, routers, and even baby monitors. The Internet of Things (IoT) is a critical point of vulnerability.

Could it Happen Again?

In the wake of Friday’s attack, many web analysts have said that we might see similar attacks disrupting the upcoming election. An Election Day internet failure, though, is unlikely to affect the presidential race much. Control of polling places and balloting is too decentralized. Internet failure could affect down-ballot races, though.

The threat of further internet outages won’t fade away soon. It could persist for months or years, even if the culprits in Friday’s attacks are caught and punished quickly. The source code for the Mirai botnet has been released to the public.

What Can You Do?

First, make sure you have a strongly-encrypted internet service, such as HughesNet. Change your passwords often for all connected devices, including webcams, DVRs, and fitness monitors. Be careful about sharing passwords or electronic devices. Every day, be careful when logging into your computer.

If you’re unsure, ask your internet service provider what it’s doing to thwart similar attacks. If there’s any good news in this episode, it’s that the FCC says providers have it in their power to prevent DDoS failures. They just need a few system upgrades. And now, of course, ISPs are aware of the need for tighter security. Friday’s outages were a loud wake-up call.

With vigilance, we can prevent the next great day of internet failure. It will require effort and close attention, but we can do it.

The enclosed map is by Level 3. It provides equipment and services for internet carriers.

For the best online security, you need a reliable connection. This is where we come in. Talk to us. We can help.

Share on Social Media:

NET NEUTRALITY FIGHT TO END?

Image result for arm wrestling

The ongoing battle over the FCC’s ‘net neutrality’ rules has been bitter, and has hitherto offered no sign of abating. Several engineers at Stanford University, however, claim to have found a way out of the impasse. We don’t have to fight over this, they say. A technical fix is at hand.

The Stanford engineers say they have pioneered a technique that would enable  internet users to tell ISPs and online publishers when or if they want ‘preferential delivery’ for some data. (An ISP is an internet service provider.)

‘Net neutrality’ means ISPs must treat all data equally. They won’t be allowed to favor some content, nor to block or throttle other content.

The political battle over such net regulations has been loud and ferocious.

Professor Nick McKeown, Associate Professor Sachin Katti, and PhD Yiannia Yiakoumis say their new method, ‘Network Cookies’, could render the debate moot. An open internet and preferential delivery can coexist. The user decides what content gets favored delivery, while ISP administrators and content sources are unbiased; they throttle or speed data only in response to user preferences.

The Stanford engineering team field-tested the Network Cookies on 161 home networks connected with Google, sending boosted service requests from home routers to the ISP. The Network Cookies got heavy consumer use.

McKeown said, “…They’re simple to use and powerful. They enable you to fast-lane or zero-rate traffic from any application or website you want, not just the few, very popular applications. This is particularly important for smaller content providers– and their users, who can’t afford to establish relationships with ISPs. Second, they’re practical to deploy. They don’t overwhelm the user or bog down user devices and network operators…”

If this is all McKeown’s team says it is, then there may be no need for the Federal Government to weigh in on ‘net neutrality’ at all.

(For the best internet service, you need a reliable connection. Talk to us. We can help.) 

Share on Social Media:

SOCIAL MEDIA AND PRIVACY

If you spend much time online, your privacy is unsafe unless you take steps to protect it. What may be even more dismaying is that the rules governing online privacy are inconsistent. They inhibit only a few of the worst potential violators, leaving others free to vacuum up as much of your personal data as their technologies allow.

Last week, the Federal Communications Commission unwittingly underscored this inconsistency. Tom Wheeler, the FCC Chairman, announced a proposal for imposing strict new privacy rules on internet service providers.  From the consumer’s point of view, the proposal was a huge step forward, as ISPs would have to protect personal information, report breaches, and obtain consumer consent for personal data collection. Consumers would have to ‘opt in’ to allow collection of personal information. The new regulations would make it more difficult to use consumer data for targeted advertising.

Unfortunately, the new rules would exempt Facebook, Twitter, Google, and other browsers and social media. The American Civil Liberties Union expressed disappointment with the proposed new rules, and other consumer groups gave them only qualified endorsement. Some ISPs panned the proposal. AT&T, for example, called it discriminatory. The telecom giant objected that broadband providers would be held to stricter standards than other online companies.

Since the FCC won’t do much to protect you, you have to protect yourself when using social media. Consider using an ad blocker. Carefully review the privacy policy of any social website you visit.

You need to be vigilant to guard your privacy on any social medium. Some websites change privacy settings frequently, without notifying users. Facebook is especially notorious for this.

If you find that your privacy settings have been changed without your consent, change them back. Then send a complaint to the site administrators. This will not guarantee that the site’s policies will change, but it may help. If enough users complain, administrators may finally pay attention.

Above all else, remain alert. The best safeguard for your privacy is your own common sense.

(For the internet service that meets your needs, talk to us.)