2023 Cybersecurity Tricks and Treats
As Halloween approaches, many policy makers across the globe are doing their utmost to make the internet a scarier and more dangerous place for users. Too often, they are all too willing to sacrifice cybersecurity whenever it conflicts with their other political goals. Their efforts threaten the foundations of personal and data security privacy.
But fear not; the Taxpayers Protection Alliance Foundation’s (TPAF) App Security Protect has got its baseball bat, and it’s investigated what’s causing those scary noises outside the cabin in the digital woods.
And without further a-boo, the App Security Project presents 2023 Cybersecurity Tricks and Treats.
Europe’s Digital Markets Act (DMA) is Sucking the Life Out of Online Commerce:
The European Union has a history of overregulating its tech sector into a zombie-like stupor. Then, it decided to take this fright a step further by enacting the DMA, a broad and crushing regulation that has many similarities to the proposed the American Innovation and Choice Online Act. Among many — many — other questionable provisions, the law will force mobile devices to allow “sideloading,” which is the process of downloading unvetted apps from unauthorized third-party app stores. Sideloading is very risky business, and users who do it often end up with malware on their devices.
Today, consumers who want to enter the haunted house of sideloading can buy devices that allow it, while those who don’t have the option of buying iPhones, which bar the practice. But the DMA wants to remove this choice and expose everybody to the spookiness that is sideloading.
Only after passing the DMA did European officials finally make moves to assess the cybersecurity dangers that its mandates create. This is the kind of poor planning that one expects to see from characters in a C-list horror film.
The Monsters Lurking Behind Right to Repair Laws
Some legislatures think the government should force tech companies to make products that anyone (not just authorized technicians) can do maintenance on. The problem with this policy, often called “right to repair,” is that unauthorized and unvetted repair shops often turn out to be of a very creepy sort.
To investigate, CBC News installed tracking software on devices and dropped them off at Canadian repairs stores of all sizes. CBC discovered that techs at nine of the 16 monitored stores snooped on sensitive and private information. One even copied photos onto a USB drive.
This investigation’s findings aren’t unusual. And as the TPAF’s Courtney Mattison argued earlier this year, these risks are especially acute for women.
“A quick internet search will tell you women have been made to feel unsafe during repair of their devices,” Mattison wrote. “From a user on Reddit who saw her password used to access photos and sensitive conversations during repair to this Ars Technica report that shows empirically women are at much higher risk of data compromise during repair.”
Americans Have a Sweet Tooth for Cybersecurity
Consumers love cybersecurity! As highlighted in a report from trade group CCIA, poll respondents say they want the government to strengthen cybersecurity — not weaken it. They say cybersecurity should be a higher priority than antitrust crusades to cripple the largest tech companies.
This affection is also apparent in consumers spending habits. They routinely show a preference for relatively close and relatively safe systems. Apple has largely built its brand on an ultra-secured “walled garden,” and device manufacturers often rush to copy their competition’s security innovative measures. For example, after Apple began blocking apps from tracking users’ data across the phone (an incredibly effective measure that cost Meta billions of dollars in 2022 alone), Google moved quickly to institute a similar feature.
These protections aren’t perfect, but they’ve come a long way, and tech companies continue to improve them.
Consumers should beware because Congress may take the sweet taste of cybersecurity protection and turn that into a sour taste of vulnerabilities if misguided legislation is passed.
Encryption Is the Garlic for Vampiric Data Snoopers
From governments, criminals, and anybody else who wants to snoop, end-to-end encryption protects users’ messages from the ghosts in the airwaves. It’s indispensable to basic personal privacy, and the most plausible originalist interpretation of the Fourth Amendment protects it.
But many policy makers want desperately to break encryption so that allow government can monitor Americans’ communications. These efforts often come from an noble desire to crack down on online sexual predators, but breaking encryption won’t be as effective as advocates think and could even create a legal loophole that would allow criminals to go free.
Also, officials often say that creating a “backdoor” to encryption for law enforcement can be done without otherwise damaging user privacy. This is nonsense. In the United Kingdom, where the government is in the process of mandating such a backdoor, officials have admitted that scanning for illegal images can’t be achieved without violating the privacy rights of all internet users.
Happy Halloween from the App Security Project! Remember to be safe while you walk around your digital neighborhood!
Published on October 30, 2023