AXEL.org

data privacy

2021 Cybersecurity Year in Review

Throughout 2021, cybersecurity incidents have grabbed headlines across the world. Although the topic may not have been at the forefront of most people’s minds in 2021, cybersecurity has greatly affected everyone’s life in some way. From vicious cyberattacks to genuine progress on user privacy, cybersecurity has undoubtedly had a long, eventful year. And although exciting progress has been made in some areas of cybersecurity, cybercrime and other online attacks will, unfortunately, continue into 2022 and beyond.

2021 has been a long year for many, particularly for cybersecurity experts. Here are all the ways cybersecurity has changed for the better (and worse) throughout the past year.

COVID Phishing

Near the beginning of 2021, COVID-19 vaccinations became readily available to people in the United States. While this helped minimize the negative effects of the pandemic, it also offered a new opportunity for scammers. As businesses and governments began to mandate COVID vaccinations, cybercriminals responded by creating phishing emails that disguised themselves as genuine business emails [1]. From fake vaccine-record upload sites to emails from phony public health organizations, scammers used the uncertainty and anxiety of COVID to make a quick buck off of unsuspecting people.

Unfortunately, phishing emails aren’t the trick cybercriminals are using. COVID scams are coming from all angles, including texts, social media posts, and robocalls. In fact, the Federal Trade Commission (FTC) has logged over 600,000 complaints in 2021 regarding COVID-related scams. In all, these scams have cost consumers over USD $600 million [2]. And with COVID remaining in the public spotlight into 2022, these scams are likely to continue. With this in mind, it’s important to brush up on cybersecurity tips. Check out AXEL’s blog, The History of Internet Spam, to learn how to protect yourself from phishing emails, social media spam, and more.

Colonial Pipeline Attack

In May, the Colonial Pipeline, an oil pipeline that supplies much of the gasoline to the Southeastern United States, was struck by a ransomware attack. Interestingly, the cybercriminals attacked the pipeline’s billing system, rather than its operational systems [3]. Because of this, Colonial itself shut down its own pipeline, as the company would have been unable to bill customers with the ransomware. Soon after the sheer scale of the attack was realized, Colonial Pipeline paid the nearly USD $5 million ransom.

While Colonial Pipeline quickly paid the ransom, the negative consequences of the attack were felt by consumers for weeks. States from New Jersey to Texas faced severe gas shortages, causing price jumps and panic buying [4]. In all, the Colonial Pipeline attack affected millions of consumers, and caused a severe breach of trust in Colonial Pipeline. Undoubtedly, 2021’s most memorable cyberattack was a doozy.

Ransomware is Evolving

When thinking of ransomware, many people picture a single offender, causing digital chaos while hunkered in a dark basement. However, this stereotype of modern cybercriminals is far from the truth. In 2021, ransomware groups are practically businesses, regularly recruiting new hackers to join criminal enterprises. Nowadays, just a handful of organizations are the perpetrators of most ransomware attacks [5]. And these shady organizations have ransomware down to a science.

Some ransomware organizations even offer customer service help desks to help victims pay the ransom and receive the decryption key. This is possible because of skyrocketing ransom demands. In fact, the average ransom payment was over USD $310,000 last year [5]. But because there’s little action that can be taken after being struck with ransomware, businesses and firms are usually forced to pay the extraordinary cost. In 2021, cyberattacks aren’t just individuals wreaking havoc; they’re carried out by well-funded, well-organized criminal syndicates. That’s why it’s vital to stay up to date on the latest strategies to protect yourself, your business, or your firm.

Crackdowns on Russian Cybercrime

One of the most notorious ransomware organizations is REvil, a Russian-based cybercrime syndicate responsible for many of the most expensive ransomware attacks. REvil had a successful first half of 2021, attacking JBS Foods and extracting USD $11 million from the meat-processing giant [6]. However, following this attack, REvil finally began to face crackdowns from law enforcement.

In September, the FBI hacked into REvil’s servers, obtaining a universal decryption key. Even worse for the group, the FBI remained hidden even after gaining access to REvil’s information, giving law enforcement more time to prowl around the servers of the shadowy criminal enterprise [7]. With this information, the United States Department of Justice coordinated arrests against two alleged REvil members, along with retrieving USD $6 million in cryptocurrency from the group [8]. This action greatly impaired REvil’s work, highlighting the strategies law enforcement can take in the future to shut down similar criminal organizations.

The Rise of Multi-Factor Authentication

Whenever you log in to Google, Facebook, or nearly any other secure website, a password simply isn’t enough anymore. Multi-Factor Authentication (MFA) has become the norm among most sites, requiring anything from text authentication to security questions to successfully log in. While this can be a headache for some users, it undoubtedly prevents countless cyberattacks each year. After all, passwords just aren’t the same as they used to be.

In fact, Microsoft is even allowing users to simply not have passwords. Instead, the company offers a mixture of authenticators including security keys, SMS verification, and email verification [9]. While the traditional password is unlikely to go away soon, the pivot to MFA highlights the extra security measures that companies are taking to protect users (and themselves). MFA is one of the cheapest, easiest, and quickest ways to protect user privacy, and its widespread adoption is a positive step toward a more secure digital future.

What to Expect in 2022

While there have been both positive and negative developments for cybersecurity in 2021, the problems that have plagued individuals and businesses are likely to continue into 2022. Ransomware isn’t going away any time soon, even with the crackdown on REvil. Phishing emails will remain, and will simply take advantage of other current events to harm individuals. Finally, MFA will remain widespread, and will hopefully lead businesses to take even more precautions against cybercrime. In 2022, cybersecurity will remain a vital issue for businesses and individuals alike. However, if appropriate precautions are taken by all, we can make 2022 a disastrous year for cybercriminals.

About AXEL

In today’s chaotic Digital Age, hacks, data breaches and ransomware attacks are an everyday occurrence. That’s why data security and user privacy remain as important as ever. At AXEL we believe that privacy is a human right, and that your information deserves the best protection. That’s why we created AXEL Go. AXEL Go uses 256-bit encryption, blockchain technology and decentralized servers to ensure it’s the best file transfer software on the market. Whether you need cloud video storage or cloud file management, AXEL Go is the secure file hosting solution. If you’re ready to try the best file sharing app for PC and mobile devices, try two free weeks of AXEL Go here.

[1] Hunter, Tatum. “That Email Asking for Proof of Vaccination Might Be a Phishing Scam.” The Washington Post. WP Company, September 24, 2021. https://www.washingtonpost.com/technology/2021/08/24/covid-vaccine-proof-scam-email/

[2] Waggoner, John, and Andy Markowitz. “Coronavirus Scams – Beware Fake Claims, Phony Websites.” AARP, December 6, 2021. https://www.aarp.org/money/scams-fraud/info-2020/coronavirus.html

[3] Bertrand, Natasha, Evan Perez, Zachary Cohen, Geneva Sands, and Josh Campbell. “Colonial Pipeline Did Pay Ransom to Hackers, Sources Now Say.” CNN. Cable News Network, May 13, 2021. https://edition.cnn.com/2021/05/12/politics/colonial-pipeline-ransomware-payment/index.html

[4] Bair, Jeffrey, and Javier Blas. “Petrol Shortages Sweep Us as Colonial Pipeline Remains Down.” Oil and Gas News | Al Jazeera. Al Jazeera, May 11, 2021. https://www.aljazeera.com/economy/2021/5/11/petrol-shortages-sweep-us-as-colonial-pipeline-remains-down

[5] Bajak, Frank. “Ransomware, Explained: How the Gangs That Shut down Colonial Pipeline, JBS USA Operate.” USA Today. Gannett Satellite Information Network, June 3, 2021. https://www.usatoday.com/story/tech/2021/06/03/how-does-ransomware-work-colonial-pipeline-jbs-usa-attacks-explainer/7520704002/

[6] Montalbano, Elizabeth. “JBS Paid $11m to Revil Gang Even after Restoring Operations.” Threatpost English, June 10, 2021. https://threatpost.com/jbs-paid-11m/166767/

[7] De Chant, Tim. “FBI, Others Crush Revil Using Ransomware Gang’s Favorite Tactic against It.” Ars Technica, October 22, 2021. https://arstechnica.com/tech-policy/2021/10/fbi-others-crush-revil-using-ransomware-gangs-favorite-tactic-against-it/

[8] “Revil: Day of Reckoning for Notorious Cyber Gang.” BBC News. BBC, November 8, 2021. https://www.bbc.com/news/technology-59215167

[9] Warren, Tom. “Microsoft Accounts Can Now Go Fully Passwordless.” The Verge. The Verge, September 15, 2021. https://www.theverge.com/2021/9/15/22675175/microsoft-account-passwordless-no-password-security-feature

Big Tech’s Big Secret: Why Google and Apple Want Your Data

Two of the biggest tech companies in Silicon Valley have long been rivals. Whether it be iPhone vs. Android or Chrome vs. Safari, Apple and Google have never been on the friendliest of terms. Except for one, massive partnership. This year, Google is expected to pay Apple USD $15 billion to have Google be the default search engine on Safari [1]. At first, this deal seems like a head-scratcher. After all, why would Google pay its biggest rival billions when most already prefer Google as their search engine of choice? Put simply, Google outbids others to ensure other corporations (namely, Microsoft) can’t have their search engines become the default.

In addition to the two companies’ rivalry, there is another reason why Apple and Google’s lucrative partnership is so puzzling. Specifically, the two corporations’ stance on data privacy. In recent years, Apple has highlighted its privacy features extensively, with entire marketing campaigns dedicated to showcasing Apple’s (seemingly) hard-line stance on user privacy. On the other hand, Google’s revenue depends on advertising, and thus, user data. Over 80% of Google’s revenue comes from targeted advertising [2]. Overall, Apple and Google’s partnership shows how Big Tech companies that claim to prioritize your privacy may sacrifice that right for a big payday.

Apple’s Stance on Privacy

Just a few months ago, Apple launched a marketing campaign with the tagline “Privacy. That’s iPhone [3].” Clearly, Apple knows that privacy is something that the public wants, particularly in today’s Digital Age. In fact, Apple even states that “Privacy is a fundamental human right” on its website. On Apple’s site that details its privacy features, the company touts that Maps “doesn’t associate your data with your Apple ID” and that “your Apple ID isn’t connected to Siri.” Finally, Apple states that Safari “helps stop advertisers that follow you from site to site [4].” Clearly, Apple wants its users to believe their data is protected with them. Put simply, Apple wants to market itself as the Big Tech company that actually cares about your privacy. But is that the case?

Well, not really. While Apple is certainly better with privacy than most other Silicon Valley giants, that’s not a particularly high bar to clear. Apple still collects data in aggregate and keeps your exact maps locations for 24 hours [5]. While Apple may say that the benefits of this data collection vastly outweigh the harms, they’re still collecting the data. But worst of all, Apple still allows apps that don’t care about privacy at all. All of Apple’s privacy features are only on its own software. If you use more popular apps, such as Google Maps, Gmail, Facebook, YouTube, and others, you’re not protecting your data, even if you’re using the apps on an iPhone.

So while Apple talks a big game, and has certainly made positive steps toward a more private future, it’s still misleading to say Apple truly cares about your privacy. By still allowing data-hungry apps on its App Store, your data is still exposed on Apple’s hardware. Of course, Apple is a business, and simply not allowing these popular apps would be a massive change. However, the implication that all of your data is protected on Apple devices is simply misleading.

Google and User Privacy

While Apple has taken some steps to protect user data, Google’s entire business model depends upon the collection and sale of data. Google collects, among other things, website histories, Gmail data (including email drafts), and specific location data, even when the Google Maps app isn’t open [6]. Google then takes that personal data and sells it, allowing companies to target their ads to specific audiences. With this hyper-specific information, Google can line its pockets with revenue, while your data is exposed to advertisers.

In fact, Google’s entire business model is the sale of user data. That’s why nearly all of Google’s products are completely free. From Google Maps to YouTube, Gmail to Drive, Google offers all of these services for free. And many have wondered how Google can offer such complicated software for no cost. The answer? Google’s software isn’t their main product. You are their main product.

For Big Tech, It’s All About Ads

Unfortunately, Google is just one of many corporations whose main product isn’t software or programs. It’s you and your data. Similar to Google, Facebook makes the vast majority of its revenue through ads. Facebook learns as much as possible about you, then uses that data to deluge your timeline with hyper-specific ads [7]. Additionally, the goal of Amazon’s expansion into smart speakers and grocery stores isn’t just to offer a wider suite of products. It’s about gathering even more information about its customers and sharing that with advertisers [8]

While Facebook and Amazon both carefully state that they don’t “sell” your data to third parties, they do “share” your data with third parties. In practice, this still means advertisers can pay for access to your data. And, unfortunately, that is how most Big Tech companies operate. While these mega-corporations may offer a variety of free software and products to customers, those aren’t their main business. If they aren’t selling products or services, they’re selling you.

AXEL is Different

At AXEL, we also believe that privacy is a human right. Unlike other companies though, we don’t hide behind our slogans. AXEL takes steps to ensure your data is protected from cybercriminals and advertisers alike. From military-grade encryption to blockchain technology, AXEL offers the most stringent security for your most important data.

Additionally, with AXEL, you’re not the product. That’s why we never sell your data to any third party. We don’t offer any “too good to be true” deals while selling your data on the side. AXEL Go is a secure file-sharing and storage software that puts you in control of your data. If you’re ready to take back control of your data, try two weeks of AXEL Go for free here. After the free trial, AXEL Go is just $9.99 per month. After all, our business model is offering the best, most secure file-sharing service to all; not offering your private data to the highest bidder.

[1] Ion, Florence. “Google Continues to Pay Apple Billions to Keep You From Using… Bing?” Gizmodo. August 26, 2021. https://gizmodo.com/google-will-continue-to-pay-apple-billions-to-keep-you-1847564608.

[2] Graham, Megan, and Jennifer Elias. “How Google’s $150 Billion Advertising Business Works.” CNBC. May 21, 2021. https://www.cnbc.com/2021/05/18/how-does-google-make-money-advertising-business-breakdown-.html.

[3] Apple. YouTube. May 20, 2021.

https://www.youtube.com/watch?v=8w4qPUSG17Y.

[4] “Privacy.” Apple. 

https://www.apple.com/privacy/.

[5] “Apple Delivers a New Redesigned Maps for All Users in the United States.” Apple Newsroom. August 06, 2021. https://www.apple.com/newsroom/2020/01/apple-delivers-a-new-redesigned-maps-for-all-users-in-the-united-states/.

[6] Haselton, Todd. “How to Find out What Google Knows about You and Limit the Data It Collects.” CNBC. December 06, 2017. https://www.cnbc.com/2017/11/20/what-does-google-know-about-me.html.

[7] Gilbert, Ben. “How Facebook Makes Money from Your Data, in Mark Zuckerberg’s Words.” Business Insider. April 11, 2018. https://www.businessinsider.com/how-facebook-makes-money-according-to-mark-zuckerberg-2018-4.
[8] M, Laura. “Does Amazon Sell Your Personal Information?” DeleteMe. August 21, 2020. https://joindeleteme.com/blog/does-amazon-sell-your-personal-information/.

Data Privacy and Security Increase Profitability in the Cannabis Industry

Experts estimate that the cannabis industry is currently worth $60 billion, and that number is predicted to grow to $100 billion by 2030. As this industry grows and the customer base gets larger, so too does the need for modern data custody technologies. It might not be obvious at first glance, but data custody and security are critical components of running a successful cannabis business. Here are four reasons why.

The Importance of Data Security in the Cannabis Industry

First, medical dispensaries could be considered “healthcare providers” under the Health Insurance Portability and Accountability Act (HIPAA). Under HIPAA, healthcare providers must implement safeguards to prevent the incidental disclosure of any patient’s “protected health information.” Disclosures could result in a fine of up to $50,000 per disclosure. 

Second, each cannabis company has numerous trade secrets to protect. These could include growing processes, distribution plans, recipes for edibles, extraction techniques, soil mixtures, etc. The theft of any of these trade secrets could be disastrous to a company.

Third, cannabis companies must comply with (sometimes conflicting) state laws. For example, in California, the Medicinal and Adult-Use Cannabis Regulation and Safety Act (MAUCRSA) requires cannabis delivery companies to maintain records of every person who receives a delivery. At the same time, the California Consumer Privacy Act (CCPA) gives customers the right to demand that companies delete any records pertaining to them.

Fourth, data breaches result in damage to a company’s reputation. Dispensaries often sell T-shirts and other merchandise stamped with the company logo to foster customer loyalty, but a newsworthy data breach could shake that loyalty. Further, data breaches could damage the industry’s image as a whole and become a roadblock to legalization efforts at the federal level.

Room for Improvement

Last year, a group of ethical “white hat” hackers located a breach in the THSuite point-of-sale system, which is used by many dispensaries. Through the breach in THSuite, the hackers were able to access roughly 85,000 unencrypted files containing the personally identifying information of 30,000 people, including names, phone numbers, addresses, emails, birthdays, images of state-issued IDs, signatures, quantities of cannabis purchased, and medical ID numbers. 

This breach, and all the reasons discussed above, highlight the need for modern technological solutions. The International Cannabis Bar Association (INCBA) and AXEL are working together to bring these solutions to Bar members. INCBA members will now receive a 20% discount when they sign up for Premium or Business Plan subscriptions of AXEL Go. AXEL Go is the safest way to collect, store and share files during in-office, hybrid and remote work situations.

AXEL’s patented blockchain technology and AES-256 encryption help attorneys collect, store, and share client files in a user-friendly manner that is impervious to hackers, unauthorized access, and ransomware attacks. The decentralized nature of the network ensures that there is no single point of failure. Further, files uploaded to the AXEL network are heavily encrypted, sharded, and scattered between 400+ different global servers, providing a high level of security without sacrificing speed. Sensitive files and shifting regulatory frameworks in the cannabis industry call for an abundance of caution permitted by AXEL Go. INCBA members can sign up for a 14-day trial of AXEL Go and redeem discounts here.

Data Breaches are Here to Stay (For the Unprepared)

On August 18, T-Mobile announced that a recent data breach has affected over 40 million customers. Thankfully, it appears that no financial information was leaked. However, in a statement, T-Mobile stated “While our investigation is still underway and we continue to learn additional details, we have now been able to confirm that the data stolen from our systems did include some personal information.” Those responsible for the breach targeted T-Mobile credit applications, putting names, phone numbers and social security numbers at risk [1].

This massive data leak is just one of many that have occurred in recent years. From banks to superstores, data breaches have affected businesses in every industry, putting customers at risk. With this never-ending barrage of data breaches occurring, it’s fair to ask: When will they stop?

Well, we simply don’t know. If businesses continue to neglect cybersecurity, data breaches will remain common and catastrophic. However, there are ways to minimize this risk. Simply taking the time to protect your data is the key to preventing these massive, costly data breaches. After all, protecting your data is a lot easier than dealing with a massive data breach. Just ask Equifax.

The Equifax Data Breach

In 2017, Equifax, a consumer credit reporting agency, fell victim to a massive cyberattack and data breach. In the attack, over 160 million customers’ personal information was leaked, including names, phone numbers, social security numbers, driver’s license numbers and more [2].

In addition to the massive security breach, Equifax’s response to the attack was criticized as well. Although Equifax learned of the attack in July 2017, it was not announced publicly until September 2017. Additionally, Equifax social media directed customers to unofficial sites not owned by Equifax, putting clients further at risk of phishing attacks [3]. Put simply, the Equifax data breach showed what a business should not do in the event of a data breach. From poor communication to a lackadaisical response to the sheer scale of the breach, Equifax was largely unprepared for the breach and its consequences.

But how did the breach occur? While some data breaches can be the consequence of an honest mistake, this was anything but. Equifax was targeted because of its refusal to update its security software. In March 2017, an update for Equifax’s security software was released, but the update was not immediately installed. Quickly, cybercriminals realized there was a security hole in the older version of the software. Then, in May 2017, cybercriminals found that Equifax’s dispute portal still used the flawed security software. They gained access to documents that contained customers’ personal information, and slowly extracted the data over 76 days to avoid detection. As the attackers continued to extract the data, Equifax learned of the breach on July 29, and quickly shut off access. However, by the time Equifax cut off access to the criminals, the damage had already been done.

Why do Criminals Want Your Data?

While data breaches can be catastrophic to consumers, they can lead to big paydays for hackers. For the T-Mobile breach, the release of phone numbers can lead to increased phishing attempts among victims. And because the criminals have access to each phone number’s accompanying name, they can craft a much more convincing phishing text message. If customers fall for the trick, it puts the rest of their data, including financial information, at risk.

If cybercriminals gain access to financial information in a data breach, the consequences can be even more severe. Using this financial information, the hackers (or those who buy the data from the hackers) can open new credit lines, receive loans, or file false tax returns. And because these financial agreements are under your name, you could be on the hook for paying it back.

How do Data Breaches Happen?

While the cause of T-Mobile’s breach is not immediately apparent, Equifax’s cause certainly is clear: Negligence of cybersecurity. Treating cybersecurity as an afterthought is the main cause of many data breaches. Attackers often use phishing techniques and malware in order to gain access to valuable data. For example, when Target was the victim of a data breach in 2013, the attackers stole credentials and installed malware to Target’s software to extract names and credit card numbers [4]

In addition to outside cybercriminals, insider attacks pose a threat to businesses as well. In fact, employee error is the main cause of most data breaches [5]. While most of these breaches are small and have few negative consequences, it shows that outside actors are not the only cybersecurity risk. 47% of business leaders say that human error has caused a data breach in their organization. From losing a device to unintentionally sending confidential emails, internal data breaches certainly pose a threat. Thankfully, there are ways to minimize this risk.

How to Minimize the Risk of a Data Breach

One of the best ways for businesses to prevent a data breach is to encrypt confidential files. With strong encryption, files are unintelligible to unauthorized attackers, making your data useless to cybercriminals. So even if attackers gain access to your documents, encryption blocks the attackers from understanding the data. This ensures that your documents are usable for you, but worthless to criminals.

For individuals, there are easy strategies to minimize harm if your data is leaked. One easy technique to protect yourself is to use different passwords for different accounts. If you use the same password for all of your accounts, just one leak can make all of your accounts at risk. Therefore, it’s important to use different passwords for all your online accounts to ensure one leaked password doesn’t compromise all of your accounts. Additionally, simply checking your credit card history and credit reports can help stop identity theft after a data breach. If you catch fraud early, it can be stopped. Simply using these two techniques can help minimize the damage of a data breach if your information is compromised.

AXEL Offers Unparalleled Protection

AXEL believes that privacy is a human right. With this in mind, we created AXEL Go, a secure file-sharing and storage software. Offering industry-leading encryption and decentralized blockchain technology, AXEL Go is the best way to protect yourself or your business from unauthorized cybercriminals. Put simply, personal information deserves the best protection. If you’re ready to try the best protection, get two free weeks of AXEL Go here

[1] Schwartz, Mathew J., and Ron Ross. “T-Mobile: Attackers Stole 8.6 Million Customers’ Details.” Data Breach Today. August 18, 2021. https://www.databreachtoday.com/t-mobile-attackers-stole-86-million-customers-details-a-17314?rf=2021-08-19_ENEWS_ACQ_DBT__Slot1_ART17314&mkt_tok=MDUxLVpYSS0yMzcAAAF-_hUkPD9ryUOmFe0rRKxJ3eQA_mnHG9wpo_qAsffgZRgbqIV4FLolYFKr0A7f0CcMmHSwwy3ta4adyJhcjljmHueKFGYuyCT0ezu_kdFj7GYGdCBegA.

[2] Ng, Alfred. “How the Equifax Hack Happened, and What Still Needs to Be Done.” CNET. September 07, 2018. https://www.cnet.com/tech/services-and-software/equifaxs-hack-one-year-later-a-look-back-at-how-it-happened-and-whats-changed/.

[3] Morse, Jack. “Equifax Has Been Directing Victims to a Fake Phishing Site for Weeks.” Mashable. June 10, 2021. https://mashable.com/article/equifax-twitter-phishing-site-facepalm

[4] McCoy, Kevin. “Target to Pay $18.5M for 2013 Data Breach That Affected 41 Million Consumers.” USA Today. May 23, 2017. https://www.usatoday.com/story/money/2017/05/23/target-pay-185m-2013-data-breach-affected-consumers/102063932/.

[5] Reinicke, Carmen. “The Biggest Cybersecurity Risk to US Businesses Is Employee Negligence, Study Says.” CNBC. June 21, 2018. https://www.cnbc.com/2018/06/21/the-biggest-cybersecurity-risk-to-us-businesses-is-employee-negligence-study-says.html.

The Fallout of Edward Snowden and his Leaked Documents, Eight Years Later

On June 21, 2021, Edward Snowden celebrated his 38th birthday in Russia. He’s been in the country for over eight years, having been granted permanent residence in the country in October 2020 [1]. Snowden, an American, has not returned to his native country since leaking millions of classified documents detailing the massive surveillance programs that the United States undertook.

While many have heard Edward Snowden’s name, the programs that he uncovered have seemingly faded in the public consciousness in recent years. Snowden’s reveal of massive global surveillance programs in 2013 was a wake-up call for many Americans, when modern technology and digital communication were truly becoming everyday tools at work and home. His leaked documents highlighted how so many Internet activities are never truly private.

Snowden’s Career Beginnings and Disillusionment

Snowden began his career by joining the Army in May 2004, but was discharged four months later due to broken legs he suffered in a training accident [2]. Following his short time in the Armed Forces, he gained a position as a “security specialist” at an NSA-contracted facility, beginning his time in the intelligence community. He then joined the CIA in 2006 until 2009, years that disillusioned his faith in America’s intelligence community [3]. He described an incident where the CIA purposefully intoxicated a Swiss banker and encouraged him to drive home. When the banker was arrested for drunk driving, the CIA offered him help in exchange for becoming an informant. 

Following his resignation from the CIA, Snowden worked as an NSA contractor in Japan with high-level security clearance for three years before moving to Hawaii to join Booz Allen Hamilton, another private contractor. He joined Booz Allen Hamilton with the sole intent of gaining clearance to new classified files. After just a few weeks on the job, Snowden gained access to the classified material, downloaded it on a flash drive, and fled the United States shortly afterward. Finally, he distributed the materials to media outlets he trusted, particularly The Guardian, with the first revelations posted publicly in June 2013.

What Programs Did Snowden Reveal?

The biggest revelation in Snowden’s leaked documents was the existence of a National Security Agency program called PRISM. Under the program, the NSA had direct access to the servers of the biggest tech companies, including Google, Apple and Facebook without their knowledge [4]. Using this direct access, the NSA could collect users’ emails, search history, and file transfers without a court order. Even if you were an American citizen, you could have been subject to this surveillance if your messages ever touched a non-American server.

Snowden explained the horrifying simplicity of the NSA’s programs, stating “I, sitting at my desk, [could] wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email [5].” This allegation was initially denied by government officials, yet leaked documents showed a program called XKeystore allowed analysts to search enormous databases with just one piece of identifying information [5].

In addition, Snowden revealed NSA phone-tapping of allied leaders, including German Chancellor Angela Merkel and then-Israeli Prime Minister Benjamin Netanyahu [6]. These revelations caused an uproar among American allies, particularly in Europe. The NSA also monitored various charity organizations and businesses including UNICEF, the United Nations’ agency dedicated to providing aid to children worldwide and Petrobras, Brazil’s largest oil company.

The Legal Justification

All of these programs were justified by Section 702 of the FISA Amendments Act, a bill signed in 2008 that amended the original Foreign Intelligence Surveillance Act of 1978. The 2008 amendment rid FISA of its warrant requirement, allowing the NSA to spy on any foreign communications without a court order. In practice, this meant any communications that touched a foreign server were legally allowed to be collected.

Snowden explained “Even if you sent [a message] to someone within the United States, your wholly domestic communication between you and your wife can go to New York to London and back and get caught up in the database [7].” Because the data had reached a foreign server, no matter how short of a time, the NSA was able to collect, store and potentially analyze that data through Section 702’s legal framework. 

The Effects

A Washington Post investigation found that approximately 90% of account holders in a leaked data cache were ordinary Internet users, with just a tenth of the account holders being NSA targets [8]. These account holders were subject to daily tracking, with NSA analysts having access to intimate conversations unrelated to national security. Put simply, the NSA had access to millions of Americans’ personal data, able to be perused by low-level analysts with little more than an email address.

In addition, government officials’ responses to Snowden’s leaks were swift and severe. Then-Secretary of State John Kerry stated that Snowden’s leaks “told terrorists what they can now do to (avoid) detection [9].” Various other officials agreed with Kerry’s assessment, stating that suspected terrorists had begun changing their communication tactics following Snowden’s revelations [10]. While the NSA claimed that digital surveillance helped prevent over 50 “potential terrorist events,” then-President Obama stated that other methods could have prevented those attacks [11].

Data Privacy vs. Protection

Above all, the NSA has been criticized for conducting digital surveillance beyond the scope of national security. While government officials have stated that the surveillance saved countless lives by preventing terrorist attacks, claims that these programs solely stopped potential terror attacks are dubious. The inappropriate collection of everyday Americans’ data, however, is undeniable. Millions of Americans’ emails, video calls and search histories were readily available to low-level NSA analysts. While Edward Snowden remains a highly controversial figure today, his revelations of mass global surveillance undoubtedly increased Americans’ concern for data privacy. And while some still view Snowden as a criminal or traitor, some see him as a brave whistleblower who revealed just how exposed our data, and our lives, can be.

  1. Ilyushina, Mary. “Edward Snowden Gets Permanent Residency in Russia – Lawyer.” CNN. October 22, 2020. https://edition.cnn.com/2020/10/22/europe/edward-snowden-russia-residency-intl/index.html.
  1. Ackerman, Spencer. “Edward Snowden Did Enlist for Special Forces, US Army Confirms.” The Guardian. June 10, 2013. https://www.theguardian.com/world/2013/jun/10/edward-snowden-army-special-forces.
  1. Harding, Luke. “How Edward Snowden Went from Loyal NSA Contractor to Whistleblower.” The Guardian. February 01, 2014. https://www.theguardian.com/world/2014/feb/01/edward-snowden-intelligence-leak-nsa-contractor-extract.
  1. Greenwald, Glenn, and Ewen MacAskill. “NSA Prism Program Taps in to User Data of Apple, Google and Others.” The Guardian. June 07, 2013. https://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data.
  1. Greenwald, Glenn. “XKeyscore: NSA Tool Collects ‘nearly Everything a User Does on the Internet’.” The Guardian. July 31, 2013. https://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data.
  1. Ball, James, and Nick Hopkins. “GCHQ and NSA Targeted Charities, Germans, Israeli PM and EU Chief.” The Guardian. December 20, 2013. https://www.theguardian.com/uk-news/2013/dec/20/gchq-targeted-aid-agencies-german-government-eu-commissioner.
  1. Sanders, Katie. “PolitiFact – Fact-checking John Oliver’s Interview with Edward Snowden about NSA Surveillance.” Politifact. April 9, 2015. https://www.politifact.com/factchecks/2015/apr/09/edward-snowden/fact-checking-john-olivers-interview-edward-snowde/.
  1. Gellman, Barton, Julie Tate, and Ashkan Soltani. “In NSA-intercepted Data, Those Not Targeted Far Outnumber the Foreigners Who Are.” The Washington Post. July 05, 2014. https://www.washingtonpost.com/world/national-security/in-nsa-intercepted-data-those-not-targeted-far-outnumber-the-foreigners-who-are/2014/07/05/8139adf8-045a-11e4-8572-4b1b969b6322_story.html.
  1. “Kerry: Edward Snowden Should “man Up” and Come Home.” CBS News. May 28, 2014. https://www.cbsnews.com/news/sec-kerry-edward-snowden-should-man-up-and-come-home/.
  1. Nakashima, Ellen, and Greg Miller. “U.S. Officials Worried about Security of Files Snowden Is Thought to Have.” The Washington Post. June 24, 2013. https://www.washingtonpost.com/world/national-security/us-officials-worried-about-security-of-files-snowden-is-thought-to-have/2013/06/24/1e036964-dd09-11e2-85de-c03ca84cb4ef_story.html.
  2. Gerstein, Josh. “NSA: PRISM Stopped NYSE Attack.” POLITICO. June 19, 2013. https://www.politico.com/story/2013/06/nsa-leak-keith-alexander-092971.

Apple and Facebook Fight Over Privacy

Apple and Facebook are currently ranked 1 and 6 respectively in the list of biggest companies by market cap[1]. These tech behemoths wield immense influence in both the business and social spheres. They also have different, seemingly opposing views on the nature of privacy in today’s society. These disparate philosophies have increased tensions between the two tech giants, and recently it’s escalated. We’ll break down the history and the sources of the standoff.

A brief history

Things weren’t always so frosty between the organizations. In fact, according to a 2012 biography, Apple CEO Steve Jobs admired Facebook CEO, Mark Zuckerberg[2]. So much so, it was a driving force in the reluctance of Apple to start a competing social network. However, after the death of Jobs in 2011, things cooled off considerably when current CEO Tim Cook took over.

Perhaps sensing the way things were going in the industry, Cook came out in 2014 with an open letter that took indirect jabs at Facebook and Google[3]. In it, he claimed Apple was not in the business of creating detailed user profiles on individuals through the use of data mining. While he did not mention his competitors directly, it was obvious who he was denouncing.

That same year, Zuckerberg fired back in an interview with TIME Magazine[4], stating

“A frustration I have is that a lot of people increasingly seem to equate an advertising business model with somehow being out of alignment with you customers. I think it’s the most ridiculous concept. What, you think because you’re paying Apple that you’re somehow in alignment with them? If you were in alignment with them, then they’d make their products a lot cheaper!”

We’d recommend reading this article. Perhaps everyone was a bit naïve at the time, but re-reading it through the lens of 2021 with an understanding of the path Facebook took, the plan Zuckerberg outlined seems much more nefarious and a good example of real-life supervillainy. What could go wrong with the CEO of the world’s most invasive social platform wanting to bring internet connection to the entirety of the world?

We digress. Throughout the next seven years, the two CEOs traded barbs on issues such as the Cambridge Analytica scandal and Apple’s monopolistic control of its App Store. In the end, the arguments usually boiled down to Tim Cook accusing Facebook of invading users’ privacies and Zuckerberg saying Apple products cost too much or that the company is an unfair gatekeeper.

We tend to fall on Cook’s side of the argument. It’s true Apple products cost significantly more than competing hardware solutions. But, as we outlined in a previous blog about free software, trading privacy for free or cheap products has serious drawbacks. Now, back to the feud.  

Tensions boil over

Fast-forward to today. In late 2020, Apple started requiring software on the App Store to come with informative “privacy labels” that clearly state the data the app collects on its users. This was great news for AXEL, but not so much for Facebook. Facebook Messenger alone has a privacy label that reads more like a novel than a brief overview[5].

The labels, combined with the most recent update, have sent Facebook reeling for solutions. The latest update goes a step farther than labels and provides users with the oft-talked-about ‘Opt-In’ scenario regarding data collection[6]. ‘Opt-In’ is a concept that requires users to agree to corporate data collection formally. This is a major step forward in the fight for digital privacy rights. It’s much better than current United States privacy regulations in states such as California and Virginia. Those pieces of legislation mandate companies provide an ‘Opt-Out’ option. While better than nothing, the fact is that consumers are busy. They don’t have the knowledge or desire to scroll through layers of confusing websites to exercise their right to opt-out.

This makes Opt-In the preferred way to offer privacy. It makes privacy the default, which will vastly increase the number of people exiting the corporate surveillance scheme. Unsurprisingly, companies like Facebook are not happy about this! Personalized advertising is the company’s lifeblood, and without user data to gather and analyze, ad revenues will likely fall.

Facebook’s response

Facebook hasn’t taken these changes lying down. Their argument centers around the effects felt by small businesses due to Apple’s changes. Facebook frames its data collection around its usefulness to small businesses. Without the ability to target people most likely to buy, these companies will feel the brunt of the impact, causing many of them to close.

Facebook started a public relations blitz, using television commercials and full-page ads in popular newspapers[7] to drive home the point. It has received some mockery for this in the mainstream media. It certainly does appear to be a rather transparent way to further its own goals while seeming to have more profound principles.

Facebook also raised another issue, and though it didn’t receive as much attention from the media, it probably has more merit. They claim that Apple’s recent privacy push isn’t out of any benevolent intentions for consumers but rather greed. Apple receives anywhere from 15-30% of App Store sales, depending on the developers’ overall revenue. By giving consumers the choice to opt into data collection, they must know that most users will decline. This could cause a shift from free apps that generate revenue based on advertising to more paid apps. In turn, Apple receives more money from downloads since more of them are paid. If true, it’s a very sneaky way for the tech manufacturer to make more money while playing the good guy.

The reality is that both Facebook and Apple are profit-driven mega-corporations looking to protect their businesses. You can’t blame either of them for this feud, although it seems obvious that Apple comes out ahead from a public utility perspective. Whatever the root cause, any initiative to substantially increase digital privacy is a good thing in our book.

AXEL’s commitment

AXEL is dedicated to fighting for digital privacy rights for everyone. The concept of data custody and forging lasting trust between consumers and technology is embedded into our corporate philosophy. We develop our products and services to live up to these lofty ideals.

If you are looking for a privacy-focused cloud storage and file-sharing platform, try AXEL Go free for 14-days. During the trial period, you receive all Premium features, including removing file-size restrictions, Secure Fetch functionality, and storage encryption. AXEL never collects personal information to sell to third parties or mines your content for advertising. We’re an alternative tech company you can trust. Secure your files. Secure your digital future with AXEL.

[1] “Largest Companies by Market Cap”, CompaniesMarketCap.com, April 30, 2021, https://companiesmarketcap.com/

[2] Emil Protalinski, “Steve Jobs admired Zuckerberg too much to compete with him”, CNET.com, July 17, 2012, https://www.cnet.com/news/steve-jobs-admired-zuckerberg-too-much-to-compete-with-him/

[3] Steve Musil, “Tim Cook explains Apple’s privacy policies in open letter”, CNET.com, Sept. 17, 2014, https://www.cnet.com/news/tim-cook-explains-apples-privacy-policies-in-open-letter/

[4] Lev Grossman, “Inside Facebook’s Plan to Wire the World”, Time.com, Dec. 15, 2014, https://time.com/facebook-world-plan/

[5] Ben Lovejoy, “App privacy labels show stark contrasts among messaging apps”, 9to5mac.com, Jan. 4, 2021, https://9to5mac.com/2021/01/04/app-privacy-labels-messaging-apps/

[6] Ian Sherr, “Apple’s privacy battle with Facebook just became all-out war”, CNET.com, April 26, 2021, https://www.cnet.com/news/apples-privacy-battle-with-facebook-just-became-all-out-war/

[7] Megan Graham, “Facebook blasts Apple in new ads over iPhone privacy change”, CNBC, Dec. 16, 2020, https://www.cnbc.com/2020/12/16/facebook-blasts-apple-in-new-ads-over-iphone-privacy-change-.html