AXEL.org

Privacy

Your Privacy and The Internet of Things

The Internet of Things is a remarkable push to bring data collection to a broader range of devices. As technology becomes cheaper, smaller, and more powerful, the internet has found its way into unlikely places. The Internet of Things brings conveniences and insights into the lives of the layperson and the daily dealings of businesses all around the world. What can we gain from the Internet of Things? What happens when the Internet of Things turns its back on us?

What is the Internet of Things?

The Internet of Things is a distributed method of connecting mundane objects, or things, to smart devices and the internet at large. This is done by attaching sensors and transceivers to these objects and directing them to share information that may make end-user lives more convenient[1].

The classic example of an IoT-enabled device is a smart refrigerator. The utility of a refrigerator is bolstered by the inclusion of a few sensors and the ability to communicate. We can extend the lifespan of these refrigerators by predicting service needs and reporting points of failure as soon as they arise. Consumers are able to streamline their grocery shopping, saving time in their increasingly busy lives. 

The benefits of the Internet of Things on a consumer level are numerous. On a commercial grade, they are unparalleled. We can use IoT-enabled devices to drive down overhead costs by taking preventive measures when our servers and production devices ask for regular maintenance. Data points can be gathered from clients at trade shows or in our stores that can further create comfortable and lucrative transactions. Security methods such as intrusion detection and loss prevention can once again be in the hands of the business owner with IoT connectivity.

What are some common IoT Risks?

The Internet of Things relies on the deployment of additional points of internet access, a haphazard deployment of IoT-enabled devices in a workplace can result in easily-missed holes in the digital security fence of your workplace. Password protection and shoddy firmware can lead a savvy hacker directly into a company’s most private data. Ransomware attacks could ironically arrive through an unsecured security camera[2]

Beyond security issues, privacy itself may be at risk when adopting IoT-enabled devices. Smart doorbells, for example, give local law enforcement nearly unrestricted access to the video data passing through the connection between the camera and the end user. Bringing on a device that promises to bring the conveniences of the Internet of Things needs to be a process taken on carefully and with a careful eye on end-user agreements.

Inviting the internet into your company creates an interesting set of vulnerabilities that may not have existed before. One thing to be said about simple machines is that they are entirely secure from a digital standpoint. Adding sensors to the devices running your production infrastructure or connecting devices that previously could not communicate with the internet eventually requires more infrastructure than before.

The Internet of Things relies on edge computing solutions[3]. These are solutions that bring computing power and storage away from the cloud and closer to the place of business. This distributed method of computing brings power and stability to IoT-enabled devices, allowing them to gather and process more data without losing speed or increasing latency. Edge computing solutions come in hardware form, like additional servers, or a software form, like bespoke applications or computing protocols. By virtue of existing near your private data, these secondary computing solutions open up a workplace to cyber-attacks and privacy concerns.

How Does AXEL Go Protect You? 

The shortcomings of the Internet of Things should not scare workplaces away from the conveniences and the massive data-related insights that can come from the clever integration of sensors and transceivers. Like anything else, informed decision-making and a safety-first mindset will prevent the Internet of Things from eroding the privacy and security of a workplace.

Adding additional points of failure to a network means that a business’s privacy and security will find themselves quickly under fire. AXEL Go is a file sharing and storage service that is dedicated to protecting privacy and security wherever possible. Our decentralized server structure and cutting-edge AES 256-bit encryption offer top-of-the-line security in the face of ransomware and brute force attacks. AXEL Go also guarantees your privacy when using our IPFS servers. Only authorized users have access to the contents of your storage. Not even AXEL is able to peer into your end-to-end encrypted storage. 

As technology moves forward in innovative directions, AXEL Go is ready to provide the security and privacy required to keep making the internet a safe and convenient place. 

Try AXEL Go Today

AXEL Go is an incredibly versatile tool in the fight for cyber security. Implementing our decentralized, encrypted storage into a workplace will create a robust bulwark between sensitive workplace data and any clever exploits hackers can slip through the cracks.
AXEL Go is a file storage and sharing service designed to revolutionize how we think about security online. Our user experience design is focused on handing top-of-the-line security to any business of any size. Our AES-256 bit encryption and decentralized server structure thwart cyber attacks on big businesses as competently as it protects local operations. No matter how tight the budget for your practice may be, we are the perfect fit for secure, intuitive storage and file sharing. You can try AXEL Go premium for free for 14 days. See what security backed by our $10,000 guarantee can do for your business.

Citations

[1]Fruhlinger, Josh. 2022. “What Is Iot? The Internet Of Things Explained”. Network World. https://www.networkworld.com/article/3207535/what-is-iot-the-internet-of-things-explained.html.

[2]Iredale, Gwyneth. 2022. “Security & Privacy Issues In The Internet Of Things (Iot)”. 101 Blockchains. https://101blockchains.com/security-and-privacy-in-iot.

[3]Gold, Jon, and Keith Shaw. 2022. “What Is Edge Computing And Why Does It Matter?”. Network World. https://www.networkworld.com/article/3224893/what-is-edge-computing-and-how-it-s-changing-the-network.html.

Personal Vehicle Telematics and Privacy Oversights

Our cars are collecting data without our consent. As vehicles have become more sophisticated, tracking information via the onboard diagnostic system (OBD) and built-in GPS has become commonplace. This data is loosely regulated, and that can create a massive privacy hole for consumers. This information can be pulled by insurance companies, mechanics, and whoever else has the authority to demand information from your car. This is rapidly becoming a privacy blindspot upon which we should shine a bright light and direct legislation.

Telematics, Privacy, and Your Vehicle

Telematics is the process of sending and receiving data related to the location and destination of vehicles on the move. In the past, this was typically reserved for fleet vehicles so companies could better track and direct workers to maximize productivity and minimize fuel consumption. Today, as the technology has become more affordable and personally helpful, telematics has found its way into newer vehicles. 

On its face, this information and coordination is a boon to the automotive world. Insurance companies could identify safe drivers, cities could better direct traffic, and the days of being lost on the road could disappear into history overnight. However, like with any technology, a more pernicious reality lies just beneath the surface. If unrestricted access to telematic data is given to too many parties, the vehicles trusted to shuttle us to and from work can easily become intrusive bundles of data weaponized against the driver or any passengers they may have had. Any private activity at any time can be extrapolated from the mere presence of a vehicle. Without oversight, insurance companies, civil courts, and law enforcement will pounce on this opportunity. Hackers plucking this information from servers holding onto this data for later use can easily dangle it over the heads of their targets with frightening precision and expedience.

Buckle Up Your Data

Anybody with a car will immediately understand how much information their vehicle can reveal about them. Everything from their home address to their grocery shopping habits can easily be laid bare once someone has access to location data. This information is sensitive and woefully under-legislated. 

Telematics law is a burgeoning legal framework since the innovations leading to the technology in vehicles have only recently been regularly included in automobiles heading to market. Many states simply defer to the Federal Trade Commission (FTC) and its already existing rules and regulations related to buying and selling the data of internet users. Clearly, this is insufficient. Many similarities exist between internet data and the telematic information collated by a private vehicle. Still, the degree to which drivers rely on their personal vehicles is entirely unlike the relationship they may have with their smartphones. It should also be noted that the collection and distribution of this private data, in many cases, may not be as simple to opt out of as data collection on the internet. Insurance companies and their massive lobbying power are also incentivized to obscure these oversights and push for legislation that will give them broader access to a driver’s private data than they already have. 

Citizens, privacy-minded or not, should push for legislation that covers these holes in privacy law. Telematic data belongs to more than just the driver of a vehicle. Passengers, family members, and children are inextricably tied to this data once they step foot in a car. Their privacy should not be waived simply because they decided to travel inside a vehicle. 

Protecting Your Privacy

AXEL understands that privacy comes first. Without privacy in the modern era, people are subjected to undue scrutiny from bad actors. Hackers, corrupt authority figures, and competitors always look for data that will give them a leg up on their perceived enemies. Any privacy oversights left unaddressed by legislation will inevitably turn against civilians and their best interests. 

When insurance companies offer customers discounts on premiums in exchange for unfettered access to private location data, eyebrows should be raised. Massive insurance companies act to maximize their profit by any means necessary. The overreach into their customers’ personal lives is not simply a business practice that trades the right to privacy for an opportunity to deny their customers’ claims. This represents a broader trend towards the unacceptable commodification and reduction of privacy.

AXEL Go is committed to protecting the privacy of its users and the interests of the internet at large. Our end-to-end encryption, password-protected secure fetch, and decentralized server structure are engineered to provide personal privacy from every angle. AXEL Go will never request access to private data in exchange for discounts, and our servers are designed to keep prying eyes out of our client’s storage no matter what.

Create a Private Space Online

AXEL Go is an incredibly versatile tool in the fight for cyber security. Implementing our decentralized, encrypted storage into a workplace will create a robust bulwark between sensitive workplace data and any clever exploits hackers can slip through the cracks.

AXEL Go is a file storage and sharing service designed to revolutionize how we think about security online. Our user experience design is focused on handing top-of-the-line security to any size business. Our AES-256 bit encryption and decentralized server structure thwart cyber attacks on big businesses as competently as it protects local operations. No matter how tight the budget for your practice may be, we are the perfect fit for secure, intuitive storage file sharing. You can try AXEL Go premium for free for 14 days. See what security backed by our $10,000 guarantee can do for your business.

Citations

“Research Shows Data Privacy Concerns For Telematics Policies”. 2022. Actuarialpost.Co.Uk. https://www.actuarialpost.co.uk/article/research-shows-data-privacy-concerns-for-telematics-policies-18317.htm.

Leefeldt, Ed. 2022. “The Witness Against You: Your Car”. Forbes Advisor. https://www.forbes.com/advisor/car-insurance/telematics-data-privacy/.

“The Surveillance State Has Invaded Our Cars. Why Don’T We Care?”. 2022. Fast Company. https://www.fastcompany.com/90389104/the-surveillance-state-has-invaded-our-cars-why-dont-we-care.

After the Cyberattack: What Happens to your Data Following a Breach?

In 2022, cybercrime seems like everyday news. And in a way, it literally is. Simply search “data breach,” and you’ll find a wealth of businesses across the country dealing with the fallout of cybercrime. Businesses large and small fall victim to these attacks every day, putting more and more people’s personal information in jeopardy. And for consumers, your information leaking isn’t something you have to worry about for a few weeks, then move on. Because of the unique way personal data is stolen and sold, victims of data breaches have to keep an eye on their social media and bank accounts for years. 

On the business side, you’ve likely heard the horror stories of businesses losing millions of Social Security Numbers, or even having confidential documents leaked. From retail stores like Target to digital forums like Facebook, businesses from every industry have fallen victim to cybercrime. Unfortunately, this digital devilry has only become more prevalent. 2021 was the worst year on record for businesses and consumers, with nearly 6 billion accounts breached by cybercriminals[1]. There’s a decent chance even some of your personal information has been leaked without your knowledge. But if nearly 6 billion accounts across the Internet have been compromised, well, where is that information?

Where Does Your Personal Data Go?

When a data breach is reported, the most reported statistic is the number of accounts affected. Data breaches can have anywhere from a few victims, all the way up to 3 billion. When news of a breach breaks, reporters like saying that consumer data has been “leaked” or “published.” However, a more accurate term to describe a breach is that consumer data has been “auctioned off.” This is because the perpetrators of cyberattacks rarely use the data that they just stole. Rather, they simply sell your information to a multitude of low-level digital scammers, who try to make their money through simple phishing scams and the like, rather than complex cyberattacks.

Of course, stolen data can’t be sold on traditional commerce websites. And any public website that tried to sell the data would be taken down quickly for distributing a stolen good. After all, you can’t really Google “stolen data near me” and find what cybercriminals looking for. So, once all that data is stolen, where does it go on sale? On a section of the Internet few know about, and even fewer have visited: the Dark Web. 

The Dark Web is a “layer” of the Internet that can only be accessed through special software. Estimated to be almost 500 times larger than the standard web, the Dark Web is a hub for cybercriminals and their illegal activities[2]. After a data breach, the hackers will typically post about their haul on a Dark Web forum and offer the data to other users for a specific price. Depending on the price and quality of the stolen data, there could be anywhere from a few to hundreds of buyers. Even just hours after a data breach, your personal information could be in the hands of dozens of scammers all across the globe.

How Valuable is My Personal Data?

Not all data breaches are created equal, and not all information is equal either. Think about it: If you were a cybercriminal, would you want three million Twitter usernames and passwords, or one million credit card numbers? Considering Twitter logins are worth just USD $35, and credit card numbers are worth up to $240, most would choose the credit card numbers[3]. Some pieces of information are simply more valuable than others, and cybercriminals know this. That’s why, when a data breach occurs, measuring the impact solely on the number of affected accounts is inaccurate. A leaked Facebook password could cause headaches, but besides a few spam posts, it probably won’t affect your life too much. A leaked passport number, however, could lead to something as serious as identity theft.

This showcases how stolen data itself isn’t particularly valuable, and is only valuable if you know what to do with it. After all, if you hand a random passerby your Social Security Number, it’s unlikely they’ll know how to steal your identity. Unfortunately, these Dark Web cybercriminals have all the knowledge they need to cause chaos in victims’ lives. Even information as simple as phone numbers and corresponding names can be a cash cow for scammers. The disparity in value between pieces of information highlights just how wide-ranging the damage from a data breach can be. So next time there’s a major data breach in the news, don’t just look at the number of accounts affected to judge the severity. Look at what was stolen to truly determine how damaging a cyberattack is.

What About Stolen Documents?

Of course, personal information isn’t the only data that is put at risk during a cyberattack. If cybercriminals target a business, law firm, or government agency, confidential documents could be leaked as well, especially in ransomware attacks. The problem, however, is that this confidential information simply isn’t valuable to cybercriminals. Therefore, when these documents are stolen, cybercriminals often demand a ransom and threaten to publish the confidential information unless it’s paid. For businesses that suffer this type of attack, they typically only have two choices: Pay the ransom, or face a public relations (or even legal) nightmare. 

However, not all cyberattacks are typical. Some cybercriminals couldn’t care less about the money, and only seek to embarrass specific businesses. In one case, a Swiss hacker published confidential data from dozens of companies and government agencies as a protest against mass surveillance[4]. For these companies and agencies, once the hacker gets the data, it’s gone, regardless of the ability to pay a ransom. This highlights how no two cyberattacks are exactly the same. Although most hackers are in it for the money, some simply seek to make a statement, regardless of the financial consequences. That’s why, when it comes to cybersecurity, it’s important to be prepared for anything and everything.

Protect Yourself from Cybercrime

Ultimately, the best way to protect yourself from cybercrime is to prepare. Thankfully, there are simple, inexpensive ways to greatly minimize the risk of a cyberattack on you or your employer. First, encryption is everything when it comes to cybersecurity. Encryption is like splitting your files into thousands of different puzzle pieces, so even if hackers got into your network, your documents are completely illegible to the attackers. Next, updating your security software is the easiest way to mitigate risk. Cybercriminals are always on the lookout for security holes, and those holes are much more prevalent in older versions of software. Keeping your software up-to-date could be the difference between safety, and one of the worst cyberattacks in history. Just ask Equifax.

Finally, one of the best ways to consistently prevent cyberattacks is to encourage a culture of security. This means educating all employees on the risks of cybercrime and how to minimize those risks. From teaching employees how to spot phishing emails to creating an incident response plan, simply prioritizing cybersecurity before a breach is one of the best ways to prevent cybercrime. Prioritizing cybersecurity doesn’t have to be expensive or time-consuming, but it’s the key to protecting your most valuable documents and data.

About AXEL

If you and your business are ready to prioritize cybersecurity, AXEL Go is the solution for you. AXEL Go uses military-grade encryption, blockchain technology, and decentralized servers to ensure it’s the most secure file transfer software on the market. Whether you need to transfer large files or send files online, AXEL Go is the best cloud storage solution. At AXEL, we believe that privacy is a human right and that your information deserves the best protection. To try the most secure file-sharing app for PC and mobile devices, get two free weeks of AXEL Go here.

[1] Mello, John P. “Data Breaches Affected Nearly 6 Billion Accounts in 2021.” TechNewsWorld, January 18, 2022. https://www.technewsworld.com/story/data-breaches-affected-nearly-6-billion-accounts-in-2021-87392.html

[2] “After the Data Breach – What Happens to Your Data?” BlackFog, May 6, 2021. https://www.blackfog.com/after-the-data-breach-what-happens-to-your-data/

[3] Sen, Ravi. “Here’s How Much Your Personal Information Is Worth to Cybercriminals – and What They Do with It.” PBS. Public Broadcasting Service, May 14, 2021. https://www.pbs.org/newshour/science/heres-how-much-your-personal-information-is-worth-to-cybercriminals-and-what-they-do-with-it

[4] “U.S. Charges Swiss ‘Hacktivist’ for Data Theft and Leaks.” NBCNews.com. NBCUniversal News Group, March 19, 2021. https://www.nbcnews.com/tech/security/us-charges-swiss-hacktivist-data-theft-leaks-rcna448

National Data Privacy Day: The Internet isn’t Anonymous Anymore

In the late 1990s, when the Internet truly hit the mainstream, people were often struck with a mixture of wonder and fear when they sat down at their computer desk. Back then, the Internet offered limitless information and global communication instantly, two things simply unheard of just a decade prior. When users browsed the Internet, it felt like an adventure, with websites acting as friendly navigators. Although the early Internet certainly had its problems, it didn’t feel like a business tool or high-tech gizmo. It felt like a toy for grown-ups.

As the Internet matured, this wonder eventually turned to familiarity. Gone were the days of simple AOL chat rooms and catching up on news. Businesses started to harness the Internet’s power, and the mystery of the Internet began to fade. The Internet wasn’t a toy anymore; it was a necessary tool that we had to use if we wanted to keep up with work, friends, and the world in general. And with the Internet becoming more ingrained in everyday lives, the anonymity of online spaces disappeared as well.

January 28th is National Data Privacy Day, and AXEL is celebrating by highlighting the importance of digital privacy and why stronger privacy protections are required for a safe, secure Internet.

Digital Privacy in the Early Internet

In the early days of the Internet, websites were radically different than they are today. In the late 1990s, nearly every site was built only using HTML and images, with no tracking capabilities. Because of how simple these websites were, few sites offered personal accounts, so users simply weren’t motivated to give information up. Simply put, users knew little about websites, and websites knew little about their users.

The Internet remained this way for a few years, offering simple services in exchange for a hefty fee. For example, AOL charged users over USD $20 per month to use its Internet software.[1] In the late 1990s and early 2000s, the Internet was widespread, but there was still a significant barrier to entry. However, the invention of a delicious digital tool would soon change the business model of Internet-based companies: Cookies.

Cookies are small text files that are sent from website servers to a user’s computer, allowing a server to identify and remember a specific user.[2] While this sounds simple, Cookies spearheaded a massive change to website design and user accessibility. From remembering website preferences to revolutionizing online shopping, cookies offered a multitude of benefits to users. While cookies undoubtedly offered intuitive features for early Internet users, they also were a turning point in the prioritization of online privacy. After the widespread adoption of cookies, the Internet ceased being anonymous.

In addition to cookies, the rise of social media in the early 2000s radically changed how users approached the Internet. In the late 1990s, Internet users were typically wary of revealing personal information online, and for good reason. However, the rise of early social media sites like Friendster, MySpace, and Facebook changed the way users approached the Internet. No longer were people confined to anonymous AOL usernames; users could simply search their friends’ names in order to communicate with them online. While this was certainly an exciting feature in the early 2000s, it led to the normalization of digital footprints.

Online Privacy Today

Today, nearly everyone in the world has a digital footprint. Try it! Search your name and see what comes up. Websites and images from years ago regularly appear, even from posts and webpages that have been deleted. Worst of all, even if you delete all of your online accounts, those images are likely to stay there forever. While this de-anonymization does have benefits, say, looking people up for job interviews or first dates, it also represents a complete dissolution of online privacy.

While these digital footprints can be unnerving for some, they ultimately don’t have a massive effect on overall online privacy. After all, a few posts and images are nothing for Big Tech. What Big Tech can use, however, is data. And the vast majority of that data comes from cookies. Unfortunately, today’s cookies don’t just auto-fill URLs or remember your shopping cart. Modern cookies are built to track and analyze every single click we make. Using these cookies, Big Tech companies like Google, Amazon, and Facebook are able to collect massive amounts of information on us. For example, Google likely knows if you have a medical problem, your current address, and what political party you support.[2] All of this information is then used for one purpose: Delivering hyper-targeted digital ads.

These pesky advertisements are the lifeblood of Internet-based companies. Think about it: Many of the web’s most used applications are completely free. Useful sites like Gmail, Facebook, and Twitter are completely free for all users, yet these companies are worth billions. This is Big Tech’s dirty little secret: They’re not selling their products and services to you. They’re selling you and your data to advertisers.[3] And the more data they have on you, the more they can charge advertisers. This is why companies like Amazon and Google typically sell many of their products at a loss. For example, when Amazon prices an Echo Dot at USD $20 during the holidays, Amazon isn’t making a profit off the sale of the hardware; it’s making a profit from all the new, personal data that users give to the device. Ultimately, Big Tech is financially motivated to collect more and more personal data, putting everyone’s digital privacy to the side.

What Should Be Done?

First, increased regulation of hyper-targeted advertisements would be a massive victory for digital privacy. The amount of data that Big Tech companies have on us is staggering, and they’re encouraged to collect as much as possible to sell to advertisers. Selling data about extremely sensitive subjects like medical history ought to be banned. After all, advertisers shouldn’t have access to people’s sensitive health information. Additionally, allowing users to opt-out of tracking would be another win for privacy advocates. Cookies do offer legitimate features for users, so most would still accept tracking. However, simply offering a choice to opt-out would be incredible progress for digital privacy in the 2020s.

Big Tech corporations make billions by trivializing our digital privacy and prioritizing advertisers over people. Unfortunately, these companies are financially motivated to collect as much data as possible, so without regulation, this trivialization of privacy is likely to continue. Fortunately, there is hope: The European Union has a law that allows users to opt-out of tracking cookies,[4] and similar legislation is possible in the United States. Although Big Tech would certainly fight back with shady tactics, an opt-out law would be the biggest victory for privacy of the 21st century.

About AXEL

Time and time again, Big Tech has prioritized its profits over privacy, putting their users at risk. At AXEL, we’ll never sell your data to third-party advertisers because we believe that your private information should stay private. That’s why we created AXEL Go. AXEL Go uses military-grade encryption, blockchain technology and decentralized servers to ensure it’s the best file transfer software on the market. Whether you need cloud video storage or cloud file management, AXEL Go is the secure file hosting solution. If you’re ready to try the best file sharing app for PC and mobile devices, try two free weeks of AXEL Go here.

[1] “AOL Hikes Price to US$21.95.” Wired. Conde Nast, February 9, 1998. https://www.wired.com/1998/02/aol-hikes-price-to-us21-95/

[2] Hill, Simon. “The History of Cookies and Their Effect on Privacy.” Digital Trends. Digital Trends, March 29, 2015. https://www.digitaltrends.com/computing/history-of-cookies-and-effect-on-privacy/

[3] King, Bertel. “Why Targeted Ads Are a Serious Threat to Your Privacy.” MUO, April 1, 2019. https://www.makeuseof.com/tag/targeted-ads-threat-privacy/

[4] Lomas, Natasha. “Europe’s Cookie Consent Reckoning Is Coming.” TechCrunch. TechCrunch, May 31, 2021. https://techcrunch.com/2021/05/30/europes-cookie-consent-reckoning-is-coming/

The State of Privacy Laws in the United States

In recent decades, privacy has become one of the most important issues on the minds of lawmakers. With the rise of digital devices that can track our every move, the desire for privacy is growing in an increasingly public society. And while many Americans have a general desire for “privacy,” the amount you receive is heavily dependent on where you live. While there are some federal privacy laws, most consumer privacy comes from state-level bills. And while some states have thorough, fair privacy laws on the books, the vast majority simply do not.

America’s focus on state-led privacy laws is in contrast to Europe’s lawmaking; the European Union’s main privacy law is the General Data Protection Regulation. Because of this, privacy in the E.U. is governed by this one law, and 92% of companies believe they can comply with every aspect of the law [1]. Because Europe has one overarching privacy law, it is much simpler to understand your privacy rights, whether as an individual or a business. Unfortunately, in the United States though, it is quite the opposite. Privacy laws in the country are currently a mishmash of federal and state laws that confuse and harm individuals simply trying to protect themselves.

A Barrage of State Bills

Simply put, U.S. privacy laws are so unorganized because there are so many of them. Even at the federal level, there isn’t an all-encompassing privacy law, but a collection of specialized laws. For example, the Health Insurance Portability and Accountability Act (HIPAA) protects medical privacy, and the Family Educational Rights and Privacy Act (FERPA) protects students, educators, and schools. When it comes to privacy rights, at least at the federal level, it really depends on your specific situation. Although laws such as HIPAA and FERPA do an adequate job of protecting privacy, they are far too specific to offer comprehensive privacy rights that extend to every facet of life.

While federal-level laws are specific to industries, some state-level laws provide all-encompassing privacy protections. Unfortunately, those state laws are few and far between. Only California, Colorado and Virginia have comprehensive data privacy laws [2]. These laws give consumers notice and choice regarding their data. For example, under these laws, a company must tell consumers if it is selling their data, and must allow consumers to access, move, or entirely delete that data. However, while these laws are certainly a good starting point for true consumer privacy, even these three bills are quite limited in effect.

Why are Privacy Protections so Poor?

While those three states have “all-encompassing” privacy laws, they still have glaring holes in protection. In every state except California, privacy laws specifically exclude a “private right of action,” or the ability to sue a business for privacy violations as an individual. Additionally, Virginia’s law has no civil rights protections and allows businesses to continue the status quo of collecting and selling consumer data [2]. It’s no wonder that Amazon lobbyists wrote the first draft of Virginia’s privacy bill [3].

For other states, the situation is even grimmer. States like Florida, Georgia, and others don’t allow consumers to opt out of data sharing. These two states also don’t even require government entities to ever dispose of your data [4]. Ultimately, most states have few genuine protections for consumers. For the most part, businesses can do whatever they please once they have your data. 

And due to strong lobbying by tech companies, it will likely remain this way in many states [2]. Big Tech companies pay millions each year to lobby lawmakers to write and support laws favorable to them. For example, Facebook spent nearly USD $20 million in lobbying in 2020, while Amazon spent USD $18 million [5]. And while this lobbying doesn’t come cheap, it’s a lot cheaper than allowing consumers to opt out of data sales. Ultimately, the reason why so many states don’t offer comprehensive privacy laws is because Big Tech doesn’t want them. Put simply, Big Tech is willing to pay big money to keep strong privacy laws off the books. 

So, What Can We Do?

In most states, it’s now up to individual businesses and firms to protect consumer data. And while Big Tech is unlikely to change any time soon, other businesses can still fight for consumer privacy. Taking simple steps like encrypting documents and backing up your data offline can substantially better protect your clients’ data. After all, Americans want privacy. By taking steps to protect customers and their data, businesses and firms can offer what Big Tech can’t: True privacy protections for their customers.

At an individual level, supporting businesses and firms that prioritize privacy is the best way to show support for strong privacy laws. Additionally, simply supporting federal or state laws that give genuine privacy rights to consumers is another great way to stand up for privacy rights. Since Big Tech wants to continue the status quo of endless data collection and sales, it’s up to individuals to support businesses and firms that offer what Big Tech can’t.

AXEL Supports Your Privacy

At AXEL, we believe privacy is a right. And unlike the Big Tech companies, we’ll never sell your data to third parties, ensuring your data is only yours. Our file-sharing and storage application, AXEL Go, uses blockchain technology and AES 256-bit encryption to provide the most secure file-sharing system in the industry. Whether for business or personal use, AXEL Go helps protect your (and your clients’) most important files.

Sign up here to receive a free 14-day trial of AXEL Go Premium. After the trial period, you can choose to continue your Premium account for just $9.99/month or use our Basic service free of charge. After all, our business is protecting your data, not collecting it. Together, we can help prioritize privacy rights across the country.

[1] Gooch, Peter. “A New Era for Privacy GDPR Six Months on.” Deloitte. 2018. https://www2.deloitte.com/content/dam/Deloitte/uk/Documents/risk/deloitte-uk-risk-gdpr-six-months-on.pdf.

[2] Klosowski, Thorin. “The State of Consumer Data Privacy Laws in the US (And Why It Matters).” The New York Times. September 06, 2021. https://www.nytimes.com/wirecutter/blog/state-of-privacy-laws-in-us/.

[3] Birnbaum, Emily. “From Washington to Florida, Here Are Big Tech’s Biggest Threats from States.” Protocol. February 19, 2021. https://www.protocol.com/policy/virginia-maryland-washington-big-tech.

[4] McNabb, Joanne, and Paul Bischoff. “Internet Privacy Laws by US State: Does Yours Protect Online Privacy?” Comparitech. July 29, 2021.  https://www.comparitech.com/blog/vpn-privacy/which-us-states-best-protect-online-privacy/.

[5] Tracy, Ryan, Chad Day, and Anthony DeBarros. “Facebook and Amazon Boosted Lobbying Spending in 2020.” The Wall Street Journal. January 24, 2021. https://www.wsj.com/articles/facebook-and-amazon-boosted-lobbying-spending-in-2020-11611500400.

The Fallout of Edward Snowden and his Leaked Documents, Eight Years Later

On June 21, 2021, Edward Snowden celebrated his 38th birthday in Russia. He’s been in the country for over eight years, having been granted permanent residence in the country in October 2020 [1]. Snowden, an American, has not returned to his native country since leaking millions of classified documents detailing the massive surveillance programs that the United States undertook.

While many have heard Edward Snowden’s name, the programs that he uncovered have seemingly faded in the public consciousness in recent years. Snowden’s reveal of massive global surveillance programs in 2013 was a wake-up call for many Americans, when modern technology and digital communication were truly becoming everyday tools at work and home. His leaked documents highlighted how so many Internet activities are never truly private.

Snowden’s Career Beginnings and Disillusionment

Snowden began his career by joining the Army in May 2004, but was discharged four months later due to broken legs he suffered in a training accident [2]. Following his short time in the Armed Forces, he gained a position as a “security specialist” at an NSA-contracted facility, beginning his time in the intelligence community. He then joined the CIA in 2006 until 2009, years that disillusioned his faith in America’s intelligence community [3]. He described an incident where the CIA purposefully intoxicated a Swiss banker and encouraged him to drive home. When the banker was arrested for drunk driving, the CIA offered him help in exchange for becoming an informant. 

Following his resignation from the CIA, Snowden worked as an NSA contractor in Japan with high-level security clearance for three years before moving to Hawaii to join Booz Allen Hamilton, another private contractor. He joined Booz Allen Hamilton with the sole intent of gaining clearance to new classified files. After just a few weeks on the job, Snowden gained access to the classified material, downloaded it on a flash drive, and fled the United States shortly afterward. Finally, he distributed the materials to media outlets he trusted, particularly The Guardian, with the first revelations posted publicly in June 2013.

What Programs Did Snowden Reveal?

The biggest revelation in Snowden’s leaked documents was the existence of a National Security Agency program called PRISM. Under the program, the NSA had direct access to the servers of the biggest tech companies, including Google, Apple and Facebook without their knowledge [4]. Using this direct access, the NSA could collect users’ emails, search history, and file transfers without a court order. Even if you were an American citizen, you could have been subject to this surveillance if your messages ever touched a non-American server.

Snowden explained the horrifying simplicity of the NSA’s programs, stating “I, sitting at my desk, [could] wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email [5].” This allegation was initially denied by government officials, yet leaked documents showed a program called XKeystore allowed analysts to search enormous databases with just one piece of identifying information [5].

In addition, Snowden revealed NSA phone-tapping of allied leaders, including German Chancellor Angela Merkel and then-Israeli Prime Minister Benjamin Netanyahu [6]. These revelations caused an uproar among American allies, particularly in Europe. The NSA also monitored various charity organizations and businesses including UNICEF, the United Nations’ agency dedicated to providing aid to children worldwide and Petrobras, Brazil’s largest oil company.

The Legal Justification

All of these programs were justified by Section 702 of the FISA Amendments Act, a bill signed in 2008 that amended the original Foreign Intelligence Surveillance Act of 1978. The 2008 amendment rid FISA of its warrant requirement, allowing the NSA to spy on any foreign communications without a court order. In practice, this meant any communications that touched a foreign server were legally allowed to be collected.

Snowden explained “Even if you sent [a message] to someone within the United States, your wholly domestic communication between you and your wife can go to New York to London and back and get caught up in the database [7].” Because the data had reached a foreign server, no matter how short of a time, the NSA was able to collect, store and potentially analyze that data through Section 702’s legal framework. 

The Effects

A Washington Post investigation found that approximately 90% of account holders in a leaked data cache were ordinary Internet users, with just a tenth of the account holders being NSA targets [8]. These account holders were subject to daily tracking, with NSA analysts having access to intimate conversations unrelated to national security. Put simply, the NSA had access to millions of Americans’ personal data, able to be perused by low-level analysts with little more than an email address.

In addition, government officials’ responses to Snowden’s leaks were swift and severe. Then-Secretary of State John Kerry stated that Snowden’s leaks “told terrorists what they can now do to (avoid) detection [9].” Various other officials agreed with Kerry’s assessment, stating that suspected terrorists had begun changing their communication tactics following Snowden’s revelations [10]. While the NSA claimed that digital surveillance helped prevent over 50 “potential terrorist events,” then-President Obama stated that other methods could have prevented those attacks [11].

Data Privacy vs. Protection

Above all, the NSA has been criticized for conducting digital surveillance beyond the scope of national security. While government officials have stated that the surveillance saved countless lives by preventing terrorist attacks, claims that these programs solely stopped potential terror attacks are dubious. The inappropriate collection of everyday Americans’ data, however, is undeniable. Millions of Americans’ emails, video calls and search histories were readily available to low-level NSA analysts. While Edward Snowden remains a highly controversial figure today, his revelations of mass global surveillance undoubtedly increased Americans’ concern for data privacy. And while some still view Snowden as a criminal or traitor, some see him as a brave whistleblower who revealed just how exposed our data, and our lives, can be.

  1. Ilyushina, Mary. “Edward Snowden Gets Permanent Residency in Russia – Lawyer.” CNN. October 22, 2020. https://edition.cnn.com/2020/10/22/europe/edward-snowden-russia-residency-intl/index.html.
  1. Ackerman, Spencer. “Edward Snowden Did Enlist for Special Forces, US Army Confirms.” The Guardian. June 10, 2013. https://www.theguardian.com/world/2013/jun/10/edward-snowden-army-special-forces.
  1. Harding, Luke. “How Edward Snowden Went from Loyal NSA Contractor to Whistleblower.” The Guardian. February 01, 2014. https://www.theguardian.com/world/2014/feb/01/edward-snowden-intelligence-leak-nsa-contractor-extract.
  1. Greenwald, Glenn, and Ewen MacAskill. “NSA Prism Program Taps in to User Data of Apple, Google and Others.” The Guardian. June 07, 2013. https://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data.
  1. Greenwald, Glenn. “XKeyscore: NSA Tool Collects ‘nearly Everything a User Does on the Internet’.” The Guardian. July 31, 2013. https://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data.
  1. Ball, James, and Nick Hopkins. “GCHQ and NSA Targeted Charities, Germans, Israeli PM and EU Chief.” The Guardian. December 20, 2013. https://www.theguardian.com/uk-news/2013/dec/20/gchq-targeted-aid-agencies-german-government-eu-commissioner.
  1. Sanders, Katie. “PolitiFact – Fact-checking John Oliver’s Interview with Edward Snowden about NSA Surveillance.” Politifact. April 9, 2015. https://www.politifact.com/factchecks/2015/apr/09/edward-snowden/fact-checking-john-olivers-interview-edward-snowde/.
  1. Gellman, Barton, Julie Tate, and Ashkan Soltani. “In NSA-intercepted Data, Those Not Targeted Far Outnumber the Foreigners Who Are.” The Washington Post. July 05, 2014. https://www.washingtonpost.com/world/national-security/in-nsa-intercepted-data-those-not-targeted-far-outnumber-the-foreigners-who-are/2014/07/05/8139adf8-045a-11e4-8572-4b1b969b6322_story.html.
  1. “Kerry: Edward Snowden Should “man Up” and Come Home.” CBS News. May 28, 2014. https://www.cbsnews.com/news/sec-kerry-edward-snowden-should-man-up-and-come-home/.
  1. Nakashima, Ellen, and Greg Miller. “U.S. Officials Worried about Security of Files Snowden Is Thought to Have.” The Washington Post. June 24, 2013. https://www.washingtonpost.com/world/national-security/us-officials-worried-about-security-of-files-snowden-is-thought-to-have/2013/06/24/1e036964-dd09-11e2-85de-c03ca84cb4ef_story.html.
  2. Gerstein, Josh. “NSA: PRISM Stopped NYSE Attack.” POLITICO. June 19, 2013. https://www.politico.com/story/2013/06/nsa-leak-keith-alexander-092971.