This month’s ransomware hack of the Colonial Pipeline has motivated Congress to push forward more than half a dozen bills in the cyberattack’s wake to prevent and mitigate future attacks. This flurry of legislation in the last week is in addition to ongoing efforts by Congress and the Trump and Biden administrations to tighten cybersecurity in the finance, transportation, energy and defense sectors.
The Colonial Pipeline attack not only threw the East Coast’s fuel supply chain into chaos, it generated its own social media backlash. I joined the thousands posting images of hapless and clueless Easterners in gas-hoarding mode, filling container after container, some of which were even approved for gasoline storage. This latest bout of digital crisis schadenfreude brings home another reality: Our social media data, our phones and our email are fair game for hackers, and the big tech companies are still selling our data to nearly anyone willing to pay for it.
For those of us unhappy about government surveillance of its citizens’ activities, here’s some sobering news: Government agencies are also purchasing personal data when it can’t be accessed by other means. There is no law against phone and internet companies selling data— location information, ad clicks, cookies and the like—to nongovernment entities.
Digital data brokers are just that; they sell data harvested from any number of digital apps that we use for convenience, such as location data for our weather app, or purchase data for our online shopping. The Internal Revenue Service, the FBI, Homeland Security, DoD, and the DEA have all bought user data from these brokers. And these are the good guys!
Some companies are making concerted efforts to allow customers to opt out of third-party data sharing, and it is clearly very complicated. Many of the data brokers require a new opt-out request for every device. For instance, if you order Domino’s Pizza from your phone, your computer and your tablet, you have to wait for their tech folks to develop the opt-out fix for each platform. For smaller firms, or those recovering from the pandemic, skipping the revenue from data sales is not a palatable option.
This is one area where Congress has failed to act session after session. There isn’t even a ban on foreign governments buying Americans’ personal data. According to former Director of the National Counterintelligence and Security Center William Evanina in a Foreign Policy magazine interview, China is “one of the leading collectors of bulk personal data around the globe, using both illegal and legal means.”
Senator Bill Wyden of Oregon has previously introduced legislation to protect our personal data and he has just introduced a draft bill that would “set up common sense rules for how and where sensitive data can be shared overseas.” In part it requires prospective sellers to apply for export licenses, which would place such transactions under the review of the federal government.
If you wonder who could possibly be opposed to this legislation, I have to tell you the list is long and powerful. Google, Amazon and Facebook have built their multi-billion-dollar revenue streams on our data, as have the thousands of digital retailers they support. All the wireless phone companies are in this market as well. I wish Sen. Wyden all the luck but he has an uphill battle against a phalanx of K Street lobbyist commandos.
What can we do? The pandemic took everyone out of the public sphere and in front of our screens. The newer phones (post-2019) have better security settings in response to consumer demand—check the settings and set them to the most stringent. If you aren’t CYFD, use the free Signal app with encrypts your text messages. On social media, check your security settings once a month and make sure they are at the tightest level (social media platforms update quite often, so it’s a good idea to go in and directly check your settings).
And consider encrypting your personal email. Google has come a long way in the last 18 months or so and even the free personal Gmail app has some capability. There are third party applications that will support older email applications like Yahoo, AOL and Hotmail. The unfortunately named Panda Security (a Spanish firm acquired by Seattle-based WatchGuard) has a great article about free encryption options here: https://www.pandasecurity.com/en/mediacenter/panda-security/how-to-encrypt-email/
Like any other revolution, the digital revolution brought explosive results and great upheaval. It’s time to dust off the gunpowder, move past the manifesto and charter the governance for our brave new world. Congress must pass basic laws to govern the ownership, management and use of bulk data.
Merritt Hamilton Allen is a PR executive and former Navy officer. She lives amicably with her Democratic husband and Republican mother north of I-40 where they run two head of dog, and two of cat. She can be reached at email@example.com.