With last weeks privacy vote, hackers now know where to learn a Senators darkest secrets or how to uncover U.S. military personnel travel plans, among other things.
Lets say a three-star general and career intelligence officer books a trip online from Dulles to OHare for a 3-day conference. She scans her inbox and spots an email with the subject line: Review the itinerary for your upcoming trip to Chicago! After skimming the body of the email, she double-clicks the attached PDF, at which point sophisticated malware developed by a U.S. adversarys intelligence organization imbeds itself and begins silently transmitting every file stored on the hard drive to a clandestine server, activating a system that monitors her future web and email activities, plus, for good measure, every keystroke she types.
This continues for over a year until the malware is discovered, but by that time the damage is done. The malicious software will have already collected volumes of sensitive information about the generals family, her movements, as well as scattered bits of semi-classified information. How did the state-sponsored hackers learn of the generals travel plans? Thats easy: Congresss decision to rollback the FCCs prohibition on broadband providers collection and sale of customer web histories basically handed nefarious actors a treasure map with a large X marking the treasure in this case, the databases with the generals private information.
Its interesting to wonder when online privacy protection will become an issue with consistent bipartisan support, like improving education or ensuring veterans have access to proper healthcare. The prevention of national security threats is one area in which, during normal times, politicians tend to unite. Thats why it was surprising that a scenario like the one described above was never raised throughout the Congressional debates in recent weeks. While its true that cybersecurity and privacy issues are often so bound up that its difficult to see how one affects the other, in this case its clear that the decision to permit the mass collection of consumer behavioral data has grave national security implications. Heres why.
The most common initial phase of a hacking episode relies on spear phishing, a term used to describe a hackers method of fooling a person into opening a malicious file or link. And the key to executing a successful spear phishing campaign is obtaining the information necessary to create the appearance that the hackers message originates from a legitimate source.
By allowing Internet service providers to not only collect but also share and sell the web histories of customers, Congress has graced the creation of thousands of databases containing the most valuable spear-phishing ammunition in modern history. For context, in 2015 the U.S. Office of Personnel Management (OPM) suffered a breach that exposed information on government workers like their prior residences and the contact information of friends and family.
At the time, security experts warned that this compromised data represents a treasure trove of information with which hackers can launch spear phishing attacks. But the sensitivity of data stolen from OPM doesnt hold a candle to the information that would be exposed if a broadband provider were hacked and millions of web histories misappropriated. The severity is compounded because even assuming that the broadband providers cannot be hacked (which is nearly impossible), any number of entities with which theyve shared web histories may be compromised. This sensitive information can and will be used against high-value targets, as well as citizens at every level.
Along with guiding hackers to our most private thoughts and valuable data, Congresss decision also effectively shifted the authority to regulate online privacy into the hands of the Federal Trade Commission (FTC). Appointed by President Donald Trump, acting FTC Commissioner Maureen K. Ohlhausen has publicly stated that she believes market based-solutions to varying consumer privacy preferences is the appropriate path forward. In other words, the private sector should create tools to protect the information of privacy-concerned citizens.
This likely means that the rollback will lead to a boom for software companies offering security solutions an online privacy microbubble. Selfishly, thats good news for companies like ours that develop privacy protection tools for consumers. Of course, not everyone will take the necessary steps to protect themselves and they shouldnt have to.
It will only take one prominent attack using data created as a result of Congress’s recent action to understand the gravity of the decision. Here’s hoping they wake up before then.
Chandler Givens is the CEO and co-founder of TrackOFF, a Baltimore-based startup that builds tools to help consumers protect their online privacy. To learn more about TrackOFF, visit their website at TrackOFF.com, or contact Alexander Seher, VP of Business Development, at email@example.com.
WATCH: The first zero emissions ship looks pretty badass
More From this publisher : HERE