Articles Posted in Cybersecurity

Internet privacy laws have been implemented to protect us from legal violations. These laws are meant to protect us against cyber threats and data intrusions which are designed to extract personal or confidential information (e.g., intellectual properties, trade secrets) without authorization. Data privacy is paramount when it comes to the collection, use, and storage of personal or confidential information. However, not many are taking proper steps to ensure security. These steps can include encryption, firewalls, intrusion detection systems, and two-factor authentication.

It is important to realize that even though the criminals are not personally entering your private space or domain, however, they are still able to follow your digital footprints. These digital footprints can be followed by using special tools – e.g., keylogger – which can follow you without your knowledge and consent. Also, cookies can be used to follow you around in a clandestine manner.

What are the internet privacy rules or regulations?

In general, ransomware is a type of malware (i.e., malicious software) that is designed to take control of an electronic communication device, prevent its owner from accessing the electronic communication device, notify its owner that the electronic communication device has been held ransom, demand payment from the owner, and return access to electronic communication device after payment. There have been many instances of ransomware attacks when the hackers have taken control of a company’s servers and prevented its employees from accessing the network and database servers. The hackers would notify the employees by email and demand payment of funds in order to return access to their computers. Now, in some instances, a payment was necessary, but in some exceptional cases the company owners can have an advantage over the hackers and not be required to transfer the funds.

There are several types of ransomware. First, there are applications that fall under the category of scareware and intended to create fear for the recipients and force them to purchase unnecessary software. Second, there is prankware which is intended to cause fear by sending unanticipated pictures, sounds, or videos. For example, NightMare was a type of prankware that would remain dormant on the recipient’s computer and launch itself by changing the computer screen to a skull and playing a loud noise. Third, there is a group of crypto-ransomware named as GPCode or PGPCoder that claims to use PGP encryption to prevent file access. So, in other words, it’s a virus that encrypts files on the infected computer and demands a ransom to release access to the encrypted files. The hackers have been able to become more effective with their tools. The new generation of this type of ransomware denies user access to files by writing encrypted files to a new location and deleting the original file. However, this strategy was ineffective since a file restoration would allow the victim to recover the files. Fourth, CryptoLocker became the new generation of ransomware. It shares similar distribution models of previous ransomware variants and relied on phishing attacks with portable executable attachments. It would install itself on the user’s profile folder and add a registry key to run on startup to maintain persistence. Then, it would start to communicate with the command and control server to generate an RSA-2048 key pair and send the public key to the victim host.

What are the relevant laws?

Cloud computing has become the normal protocol to store data for most individuals and businesses. The fact that online storage is cheaper these days has contributed to the expansion of this technology. There are numerous companies out there that provide cloud storage facilities which may be inside or outside of your jurisdiction. Now, the question is why is that important at all? Well, the answer is because the laws of each jurisdiction may be different when it comes to interstate commerce and cybersecurity. This is one good reason to make sure you read and understand the cloud service provider’s terms and conditions before you sign up. There will be provisions that can help you understand your rights and responsibilities. For example, where and how the parties can resolve their disputes? Also, the laws of which state will be used to resolve the dispute? The answers will be in the venue, choice of law, or governing law provisions. In some cases, the cloud service provider includes an arbitration clause which requires the parties to resolve their dispute through arbitration.

There are various cloud computing platforms that allow the users to send and receive information. So, obviously the users should use precautions when transferring data towards the cloud service provider. For example, it’s recommended to encrypt the data before transferring it. Also, it’s a good idea to confirm that data integrity will be protected after the transfer. The users should also have a functioning backup of their files in a safe place in case the data is lost, stolen, or destroyed.

The Privacy Shield Program applies to cloud computing platforms that do business with other countries – e.g., European Commission, Switzerland. This program is administered by the International Trade Administration (ITA) within the U.S. Department of Commerce and enables U.S.-based organizations to join the Privacy Shield Frameworks. For example, a U.S.-based organization must self-certify to the Department of Commerce and commit to the Framework’s requirements. It’s not mandatory to join the Privacy Shield Program, but once the organization makes the public commitment to comply with the Framework’s requirements, the commitment will become legally enforceable. The participating organization will receive the following benefits:

Quantum computing technology will be affecting most of us in a direct or indirect way. We have stated in a prior article that: “A quantum computer is a highly-advanced computer system that works exponentially faster than today’s conventional computers. Quantum computing is the practice of studying quantum computers and their potential. This practice is growing and has caused the rapid decrease in the size of computers at the same time as these systems are rapidly increasing in their capability.”

Now, quantum computing has become a reality and technology companies have launched projects in order to compete in this sector. The question is how quantum computers will affect us.

First, since quantum computers are faster than conventional computers, they can break passwords or decrypt encryptions in a shorter time. This has caused concern over privacy and security which has forced companies to invest in quantum resistant cryptography. This technology and its potential ramifications on encrypted networks will also affect EU’s General Data Protection Regulation (GDPR) which outlines the rules and regulations for protecting unauthorized access. The United States government has also reacted and Congress has passed H.R. 6227 in order to implement the National Quantum Initiative Act that states as follows:

There have been cases where spammers have transmitted spam via email and text messages. These messages can include improper content, propaganda, hidden messages, and malware (e.g., virus, trojan, ransomware, adware, spyware). The spammers use the Internet Service Provider’s and user’s bandwidth to disseminate spam which results in bandwidth saturation, lost productivity, and other complications.

What is spam?

Spam is unsolicited commercial email advertisement that is sent towards recipients by third parties. An “unsolicited commercial email advertisement” means a commercial email advertisement that: (1) The recipient has not provided direct consent to receive advertisements from the advertiser; and (2) The recipient does not have a preexisting or current business relationship with the advertiser.

Internet of Things is more extensive than the Internet itself. It constitutes the combination of all electronic devices that are connected on the web and are able to communicate with each other. It is different from the Internet because it is essentially governed by information that is stored by electronic devices without human intervention. Now, smart devices can be connected through complex network systems and embedded sensors. These smart devices include, phones, refrigerators, thermostats, automobiles, or pills that allow medical professionals monitor a patient’s health status. These technological advancements enable smart devices to communicate in real time and promote the process of developing a more intelligent environment.

Artificial Intelligence is the intelligence demonstrated by machines in contrast to the natural intelligence displayed by humans and other animals. It allows machines to learn from experience, adjust to new inputs, and perform human-like tasks.  It relies heavily on deep learning and natural language processing. It uses neural networks which are a combination of software and hardware devices that are designed to emulate the operation of neurons in the human brain.

Smart Dust is a system of tiny microelectromechanical systems (MEMS) such as sensors or robots that detect light, temperature, vibration, magnetism, or chemicals. They are usually operated on a computer network wirelessly and distributed over an area to perform tasks by sensing through radio-frequency identification. This technology is able to collect and transmit data which can be uploaded to the cloud or other remote location.

Smart Dust is a system of tiny microelectromechanical systems (MEMS) which include sensors or robots that are able to detect light, temperature, vibration, magnetism, or chemicals. They are usually operated on a computer network wirelessly and are distributed over an area to perform tasks by sensing through radio-frequency identification.

The concept for this technology came from the Research and Development Corporation (RAND) and a series of governmental studies for potential military applications. This technological advancement was influenced by science fiction authors who mentioned microrobots, artificial swarm intelligence, or necroevolution. Now, this new technology is capable of collecting and transmitting data to and from specific locations. These tiny electronic devices, which are also known as motes, can detect light, vibration, and temperature. Also, the data that is collected by these devices can be uploaded to the Cloud or other remote location for processing.

Smart Dust v. Internet of Things

In this article, we plan to discuss the Fifth Amendment implications of requirements to digitally identify oneself, for example by facial or thumbprint recognition.

The spread of data-encryption services has made the retrieval of information more difficult for law enforcement officials.  Over half the attempts the FBI made to unlock devices in 2017, for example, were thwarted by encryption.  As such investigatory bodies would have it, the government could simply compel a suspect to hand over the password.  Their biggest obstacle, however, remains to be the Fifth Amendment.

Fifth Amendment jurisprudence has come to bear on this issue in the past decade, yet remains somewhat unsettled.  Back in 1975, Fisher v. United States set a foundation for the issue.  The case involved the IRS attempting to compel the defendants to give up certain documents, which they refused on the grounds that they would be incriminating themselves, and were protected by the Fifth Amendment.  The Supreme Court ruled that the Fifth Amendment’s words: “[n]o person … shall be compelled in any criminal case to be a witness against himself” only protect a suspect from having to communicate incriminating testimonialevidence, and that the production of that case’s physical evidence wouldn’t compel the person to “restate, repeat or affirm the truth of it.”  The Court later fleshed out the term testimonial in a case regarding the subpoena of bank records and said that it’s “[t]he contents of an individual’s mind [that] fall squarely within the protection of the Fifth Amendment.”  Generally, the courts don’t protect people from having to produce physical evidence, which is not considered “testimony” or the “contents of an individual’s mind.”