AXEL.org

data security

The Fallout of Edward Snowden and his Leaked Documents, Eight Years Later

On June 21, 2021, Edward Snowden celebrated his 38th birthday in Russia. He’s been in the country for over eight years, having been granted permanent residence in the country in October 2020 [1]. Snowden, an American, has not returned to his native country since leaking millions of classified documents detailing the massive surveillance programs that the United States undertook.

While many have heard Edward Snowden’s name, the programs that he uncovered have seemingly faded in the public consciousness in recent years. Snowden’s reveal of massive global surveillance programs in 2013 was a wake-up call for many Americans, when modern technology and digital communication were truly becoming everyday tools at work and home. His leaked documents highlighted how so many Internet activities are never truly private.

Snowden’s Career Beginnings and Disillusionment

Snowden began his career by joining the Army in May 2004, but was discharged four months later due to broken legs he suffered in a training accident [2]. Following his short time in the Armed Forces, he gained a position as a “security specialist” at an NSA-contracted facility, beginning his time in the intelligence community. He then joined the CIA in 2006 until 2009, years that disillusioned his faith in America’s intelligence community [3]. He described an incident where the CIA purposefully intoxicated a Swiss banker and encouraged him to drive home. When the banker was arrested for drunk driving, the CIA offered him help in exchange for becoming an informant. 

Following his resignation from the CIA, Snowden worked as an NSA contractor in Japan with high-level security clearance for three years before moving to Hawaii to join Booz Allen Hamilton, another private contractor. He joined Booz Allen Hamilton with the sole intent of gaining clearance to new classified files. After just a few weeks on the job, Snowden gained access to the classified material, downloaded it on a flash drive, and fled the United States shortly afterward. Finally, he distributed the materials to media outlets he trusted, particularly The Guardian, with the first revelations posted publicly in June 2013.

What Programs Did Snowden Reveal?

The biggest revelation in Snowden’s leaked documents was the existence of a National Security Agency program called PRISM. Under the program, the NSA had direct access to the servers of the biggest tech companies, including Google, Apple and Facebook without their knowledge [4]. Using this direct access, the NSA could collect users’ emails, search history, and file transfers without a court order. Even if you were an American citizen, you could have been subject to this surveillance if your messages ever touched a non-American server.

Snowden explained the horrifying simplicity of the NSA’s programs, stating “I, sitting at my desk, [could] wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email [5].” This allegation was initially denied by government officials, yet leaked documents showed a program called XKeystore allowed analysts to search enormous databases with just one piece of identifying information [5].

In addition, Snowden revealed NSA phone-tapping of allied leaders, including German Chancellor Angela Merkel and then-Israeli Prime Minister Benjamin Netanyahu [6]. These revelations caused an uproar among American allies, particularly in Europe. The NSA also monitored various charity organizations and businesses including UNICEF, the United Nations’ agency dedicated to providing aid to children worldwide and Petrobras, Brazil’s largest oil company.

The Legal Justification

All of these programs were justified by Section 702 of the FISA Amendments Act, a bill signed in 2008 that amended the original Foreign Intelligence Surveillance Act of 1978. The 2008 amendment rid FISA of its warrant requirement, allowing the NSA to spy on any foreign communications without a court order. In practice, this meant any communications that touched a foreign server were legally allowed to be collected.

Snowden explained “Even if you sent [a message] to someone within the United States, your wholly domestic communication between you and your wife can go to New York to London and back and get caught up in the database [7].” Because the data had reached a foreign server, no matter how short of a time, the NSA was able to collect, store and potentially analyze that data through Section 702’s legal framework. 

The Effects

A Washington Post investigation found that approximately 90% of account holders in a leaked data cache were ordinary Internet users, with just a tenth of the account holders being NSA targets [8]. These account holders were subject to daily tracking, with NSA analysts having access to intimate conversations unrelated to national security. Put simply, the NSA had access to millions of Americans’ personal data, able to be perused by low-level analysts with little more than an email address.

In addition, government officials’ responses to Snowden’s leaks were swift and severe. Then-Secretary of State John Kerry stated that Snowden’s leaks “told terrorists what they can now do to (avoid) detection [9].” Various other officials agreed with Kerry’s assessment, stating that suspected terrorists had begun changing their communication tactics following Snowden’s revelations [10]. While the NSA claimed that digital surveillance helped prevent over 50 “potential terrorist events,” then-President Obama stated that other methods could have prevented those attacks [11].

Data Privacy vs. Protection

Above all, the NSA has been criticized for conducting digital surveillance beyond the scope of national security. While government officials have stated that the surveillance saved countless lives by preventing terrorist attacks, claims that these programs solely stopped potential terror attacks are dubious. The inappropriate collection of everyday Americans’ data, however, is undeniable. Millions of Americans’ emails, video calls and search histories were readily available to low-level NSA analysts. While Edward Snowden remains a highly controversial figure today, his revelations of mass global surveillance undoubtedly increased Americans’ concern for data privacy. And while some still view Snowden as a criminal or traitor, some see him as a brave whistleblower who revealed just how exposed our data, and our lives, can be.

  1. Ilyushina, Mary. “Edward Snowden Gets Permanent Residency in Russia – Lawyer.” CNN. October 22, 2020. https://edition.cnn.com/2020/10/22/europe/edward-snowden-russia-residency-intl/index.html.
  1. Ackerman, Spencer. “Edward Snowden Did Enlist for Special Forces, US Army Confirms.” The Guardian. June 10, 2013. https://www.theguardian.com/world/2013/jun/10/edward-snowden-army-special-forces.
  1. Harding, Luke. “How Edward Snowden Went from Loyal NSA Contractor to Whistleblower.” The Guardian. February 01, 2014. https://www.theguardian.com/world/2014/feb/01/edward-snowden-intelligence-leak-nsa-contractor-extract.
  1. Greenwald, Glenn, and Ewen MacAskill. “NSA Prism Program Taps in to User Data of Apple, Google and Others.” The Guardian. June 07, 2013. https://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data.
  1. Greenwald, Glenn. “XKeyscore: NSA Tool Collects ‘nearly Everything a User Does on the Internet’.” The Guardian. July 31, 2013. https://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data.
  1. Ball, James, and Nick Hopkins. “GCHQ and NSA Targeted Charities, Germans, Israeli PM and EU Chief.” The Guardian. December 20, 2013. https://www.theguardian.com/uk-news/2013/dec/20/gchq-targeted-aid-agencies-german-government-eu-commissioner.
  1. Sanders, Katie. “PolitiFact – Fact-checking John Oliver’s Interview with Edward Snowden about NSA Surveillance.” Politifact. April 9, 2015. https://www.politifact.com/factchecks/2015/apr/09/edward-snowden/fact-checking-john-olivers-interview-edward-snowde/.
  1. Gellman, Barton, Julie Tate, and Ashkan Soltani. “In NSA-intercepted Data, Those Not Targeted Far Outnumber the Foreigners Who Are.” The Washington Post. July 05, 2014. https://www.washingtonpost.com/world/national-security/in-nsa-intercepted-data-those-not-targeted-far-outnumber-the-foreigners-who-are/2014/07/05/8139adf8-045a-11e4-8572-4b1b969b6322_story.html.
  1. “Kerry: Edward Snowden Should “man Up” and Come Home.” CBS News. May 28, 2014. https://www.cbsnews.com/news/sec-kerry-edward-snowden-should-man-up-and-come-home/.
  1. Nakashima, Ellen, and Greg Miller. “U.S. Officials Worried about Security of Files Snowden Is Thought to Have.” The Washington Post. June 24, 2013. https://www.washingtonpost.com/world/national-security/us-officials-worried-about-security-of-files-snowden-is-thought-to-have/2013/06/24/1e036964-dd09-11e2-85de-c03ca84cb4ef_story.html.
  2. Gerstein, Josh. “NSA: PRISM Stopped NYSE Attack.” POLITICO. June 19, 2013. https://www.politico.com/story/2013/06/nsa-leak-keith-alexander-092971.

The Ethical Responsibility for Data Security in Finance, Law, and Healthcare

Axel - Data Security Ethics

It’s difficult to argue that the vast majority of businesses today don’t have an ethical responsibility to adequately protect and secure their customers’ data. However, it’s an even more crucial aspect for organizations with known fiduciary duties to their clients or consumers, such as those in the Finance, Legal, Healthcare, and Insurance sectors. Let’s dig into each of these industries in the United States, look at their unique ethical demands regarding data security, and find some common solutions.

Finance

The financial industry includes banks, investment firms, real estate companies, and insurance organizations. According to the International Monetary Fund, it is the sector targeted most by hackers[1]. It makes sense. In a 2020 survey by Verizon Communications, researchers found that 86% of data breaches are primarily for money[2]. Who has more money than the financial industry?

Hackers target these institutions in a variety of ways. One of their most common tactics is attempting to gain access to customer login info. Direct attacks against an organization’s reserves gain immediate attention and mitigation, but hackers can take over a user account and move around smaller sums for much longer periods.

Another method they use is stealing sensitive financial documents. It provides the malicious agents with a treasure trove of confidential data to use for identity theft.

So, what ethical obligation do they have to their clients for securing this data? Since they’re such huge targets, financial institutions tend to employ data protection strategies that are more sophisticated than average. In 2020, the Federal Trade Commission proposed amendments to the Safeguards Rule and the Privacy Rule in the Gramm-Leach-Bliley Act. Under these proposals:

  • Financial institutions would need to safeguard customer data more robustly, such as utilizing encryption for all information.
  • Customers could opt-out of data sharing policies between banks and third-parties.
  • Banks would require employees to pass multi-factor authentication (MFA) to access client data.

The FTC has not ratified these amendments yet, but they would serve as a much-needed update to the current regulatory framework.

Law

Legal professionals now face an even greater risk to their clients’ personal information. Being the processors of strictly confidential information always put large targets on them. But, the COVID-19 pandemic forced many lawyers out of the office and courtroom and into their den. Working from home is the new normal for legal pros, and that means more cybersecurity risks. Whereas they probably worked in a closed system at the office that IT experts monitored daily, it’s much more challenging to evaluate weaknesses in everyone’s home networks. Coupled with the fact that lawyers, on the whole, aren’t the most technically literate people in the world, and you’ve got a recipe for data breaches.

The American Bar Association gives broad ethical expectations for data security throughout its Model Rules of Professional Conduct[3]. A recent formal opinion published by the organization outlines them in greater detail[4], specifically for those engaged in a virtual practice. This opinion has the following provisions:

  • Lawyers must make “reasonable efforts to prevent inadvertent or unauthorized access [to client data].” Today, a reasonable attempt goes well beyond attaching a confidential document to an email and sending it off with nothing but the hope that it doesn’t fall into the wrong hands.
  • Virtual practitioners should look into setting up Virtual Private Networks (VPNs), keeping the computer’s operating systems updated so that security patches stay current, utilizing file encryption, using MFA, setting strong passwords, and changing them regularly.
  • Legal professionals must vet software and hardware providers to ensure proper security.
  • Lawyers should never use smart speakers (Alexa, Google Home, etc.) or virtual assistants (Siri) when conducting confidential business. These “helpers” listen to every word that is said and can be hacked easily by malicious agents.

Hopefully, The ABA codifies the recommendations given in this opinion into its formal standards.

Healthcare

The medical industry also deals with extremely private, confidential information and is susceptible to drawing attention from hackers. 2020 was an especially bad year for this, as the rise of COVID-19 caused a 55% spike in data breaches compared to 2019[5]. It’s a chilling reminds of how opportunistic threat actors can be. Sensing healthcare providers were stretched to the max and short on resources, they attacked.

Common reasons to target the healthcare industry include stealing patient medical records for resale on the Dark Web, identity theft purposes, or extortion schemes, and ransomware attacks to cripple critical systems until the organizations pay a hefty fee.

The United States Department of Health and Human Services set national regulations about healthcare data security through the HIPAA Security Rule. Here are some of the guidelines:

  • Organizations must have physical and technical security measures enacted for hosting sensitive health data. Examples include facility access limits, computer access controls, and strict limitations on attempts to transfer, remove, or delete patient records.
  • Technical systems must have automatic log-off settings, file encryption capabilities, regular audit reporting, and detailed tracking logs of user activity.

With COVID cases declining and vaccinations increasing, the healthcare sector could soon return to normal and start allocating more cybersecurity resources. At least for the first time in over a year, there’s cause for optimism.

Conclusion

With cyberattacks on the rise, there’s still much room for improvement in these industries. Organizations should go above and beyond legal requirements if adequate cybersecurity is a priority. Combining the right technical solutions with a plan of ongoing education is crucial. Usually, the weakest links in a network are the employees themselves. Train them regularly on the basics of phishing techniques and how to spot them. You’ll have a more resilient workforce who won’t fall for common scams that can put your organization at serious risk.

AXEL Go

Part of the equation is still using suitable technical systems. If your company transfers or stores confidential data, you need to ensure it’s locked down. AXEL Go is a decentralized, private and secure file-sharing and storage platform. It offers industry-leading security features that set it apart from the typical Big Tech applications. It uses blockchain technology, advanced file sharding, the InterPlanetary File System, and military-grade encryption to keep important documents away from hackers. Try AXEL Go and gain access to all of its premium features for only $9.99/mo. It’s the safest way to share and store online.

 

[1] Jennifer Elliott and Nigel Jenkinson, “Cyber Risk is the New Threat to Financial Stability”, IMF.org, Dec. 7, 2020, https://blogs.imf.org/2020/12/07/cyber-risk-is-the-new-threat-to-financial-stability/

[2] “2020 Data Breach Investigations Report”, Verizon, May. 19, 2020, https://enterprise.verizon.com/resources/reports/dbir/?CMP=OOH_SMB_OTH_22222_MC_20200501_NA_NM20200079_00001

[3] American Bar Association, “Model Rules of Professional Conduct”, Americanbar.org, https://www.americanbar.org/groups/professional_responsibility/publications/model_rules_of_professional_conduct/model_rules_of_professional_conduct_table_of_contents/

[4] American Bar Association Standing Committee On Ethics And Professional Conduct, Formal Opinion 489, Americanbar.org, March 10, 2021, https://www.americanbar.org/content/dam/aba/administrative/professional_responsibility/aba-formal-opinion-498.pdf

[5] “Healthcare Breach Report 2021: Hacking and IT Incidents on the Rise”, Bitglass, Feb. 17, 2021, https://pages.bitglass.com/rs/418-ZAL-815/images/CDFY21Q1HealthcareBreachReport2021.pdf?aliId=eyJpIjoiOE54NGRRTkhCZDY3aUxGMiIsInQiOiJ0RTZ1QVZXbnFPUGRhZXhVbmhyMmVnPT0ifQ%253D%253D

Phishing: Not as Relaxing as it Sounds

Phishing: Not as Relaxing as it Sounds

Phishing is a common form of cybercrime that has been around for decades. While there have been many permutations throughout the years (nobody wants your AOL passwords anymore), the basic concept remains the same.

For such a prominent tactic, it still works well enough for criminals to send off three billion phishing emails every day in hopes of catching the big one[1]! So, dust off the oars and make sure the rowboat isn’t leaking because it’s time to visit the phishing hole.

The basics of phishing

The term “phishing” refers to when cybercriminals deceive unsuspecting people to extract sensitive personal information or deploy malicious software payloads. It relates to traditional fishing in that a fisherman tricks the fish into thinking they will get a delicious meal, when in fact, they are the meal!

There are two main end goals for phishing attacks. These are:

Identity theft. In 2019, over 5% of consumers experienced some form of identity theft and suffered nearly $17 billion in losses due to it[2]. That’s more than the total GDP of Jamaica! Phishing attacks can procure the necessary information (names. addresses, social security numbers, etc.) for thieves to open fraudulent credit cards or apply for loans under their victims’ names.

Malware infection. Many phishing attempts lure unsuspecting victims into clicking a malicious link containing a virus or ransomware. Your computer could even be taken over entirely and added to a botnet to carry out DDOS attacks.

Different types of phishing

Spear phishing. These are more advanced, targeted phishing attacks. Whereas a typical phishing attempt may be mass-emailed out to millions of people hoping to snag a few victims, spear phishers strike specific companies, departments, or individuals. They send tailored messages designed to appear authoritative and legitimate. It has a much higher chance of success but takes more research to develop.

Vishing. Also known as Voice Phishing, here, the scammer calls the intended individual and poses as an authority figure. A common example is a visher calling an employee of a company as someone from IT. They try to get the employee to install “security updates,” which actually end up being malware.

It doesn’t have to be related to business, however. Another popular scenario is contacting older people as law enforcement to gain personal information for identity theft or extort payments for fake fines.  Sadly, criminals go to great lengths to achieve their fraudulent intentions.

Smishing. Since spam emails are frequent and well-documented, many people have caught on to blatant email phishing attempts. That must mean the swindlers have accepted defeat, right? No way. They are always coming up with different ways to deceive. That includes smishing, where phishers utilize SMS text messaging to carry out their schemes. People think text messages are more trustworthy than emails and are therefore more likely to click a bad link.

Whaling. Whaling is a subcategory of spear phishing where the mark is a high-level executive at a company. They have access to the most confidential data, and therefore, make for attractive targets.

Clone phishing. If a hacker accesses one person’s email, they can see who they’ve emailed. Clone phishing is where the bad actor sends an email to someone that’s identical to one they’ve already received. Except, the cloned email contains a malicious link or attachment.

Signs of phishing

Strange URLs from trusted brands. Phishers disguise themselves as trusted brands. Always check to make sure the links you’re following from brand emails are legitimate. We recommend copying and pasting links into your web browser bar instead of clicking them directly. This way, you have a better idea about whether or not the link looks suspicious.

Personal information requests. Companies and government agencies usually won’t require anyone to provide personal information via email or text. Err on the side of caution and refuse any such requests. If necessary, find the organization’s legitimate contact information from their verified website and call a representative.

Urgent, time-sensitive language. Phishers sometimes utilize scare tactics to make their targets feel like they need to act or risk enormous consequences. This is especially common when the phishers pose as law enforcement or legal professionals. Never pay for “fines” or “settlements” you had no idea about previously.

Too good to be true claims. Another classic phishing strategy! We’ve all likely received an email claiming we’ve won a lottery we never participated in, or been contacted by a “Nigerian Prince” who wants to reward us with untold riches. The old adage “If it sounds too good to be true, it probably is,” applies here.

Poor grammar or spelling. Many phishing attacks originate from outside the Western world. If the recent email from your boss is riddled with spelling or grammatical errors, you need to verify it came from a legitimate sender before you reply.

High-profile phishing incidents

Phishing has higher stakes than your Grandmother paying a fake parking ticket over the phone (as unfortunate as that is.) Here are a few high-profile incidents that made national news throughout the years.

Ukrainian Power Grid Attack. In December 2015, a spear phisher gained control of a portion of Ukraine’s power grid and caused an outage for over 225,000 people. Russian hackers were suspected to be the culprits[3].

Mia Ash. Throughout 2016-2017, a state-sponsored hacker group in Iran used the fake LinkedIn and Facebook profiles of Mia Ash to spear phish high-priority targets. Posing as a British photographer, the group friended senior employees in the region’s energy, tech, and telecommunications sectors. After lengthy conversations, “Mia” would send excel documents disguised as surveys that secretly contained malware[4].

The Walter Stephan Incident. In 2016, a major aerospace parts manufacturer, FACC, lost $47 million due to phishing. The malicious agent posed as FACC CEO, Walter Stephan, and demanded an employee transfer the enormous sum to a new account for an “acquisition project.” The project was fake, and the phisher made off with the largest known payout ever. Unsurprisingly, FACC later fired the CEO and CFO for the mishap[5].

How to prevent phishing

Never click strange links. If there’s even a passing thought of “Hmm. I wonder if I should click this,” Don’t! Hackers can compromise trusted friends and colleagues. Call and talk in person for verification if there’s a hint of fraud.

Ensure URL is https with a lock beside it. When browsing the internet, ensure the sites you visit are HTTPS (the “S” stands for “Secure”) and that there is a lock icon to the left of the web address. This means the site is safe. Stay away from websites still using the outdated HTTP protocol.

Use firewalls and antivirus software. Modern operating systems come standard with antivirus and firewall software. Use them and keep them updated to the most current versions. Hackers can breach older versions with known vulnerabilities, so it’s a good idea to activate their “auto-update” options.

Don’t put personal info online publicly. Spear phishers and whalers use readily available information found online to plan their attacks. This is why it’s important to consider everything you’re putting out to the world. Social media is a part of our lives, but being too transparent is dangerous. Find the right balance.

Block popups. Popups can be more than minor annoyances. Sometimes, ads with malware or cryptocurrency miners can sneak through and infect the devices of people who click them. Luckily, popular browsers have extensions that block all popups. Less annoyance. Less chance of a malware infection.

Secure your data

Phishing attacks won’t stop until they become ineffective. Hopefully, through education on the tactics phishers use, more people can protect themselves from identity theft and malware. Mistakes happen, however, and it’s challenging to account for all potential methods of attack. That’s why it’s vital to safeguard your data in other ways as well.

AXEL specializes in securing data at rest and in motion. Our file storage and sharing platform, AXEL Go, utilizes a system of decentralized servers to transfer your documents. This means there is no single point of failure like there is in a traditional server farm. It’s harder to pinpoint areas to attack in a decentralized system, and even if a particular node is compromised, we remove it from the system without affecting your files. Content can also be password protected using AES 256-bit encryption to provide an additional layer of security. Hackers can’t crack the encryption and thus aren’t able to access useful data. It’s the safest way to store and share your files. Visit axelgo.app today to learn more and signup for a  free, full-featured account with 2GB of storage.

[1] “More Than Three Billion Fake Emails are Sent Worldwide Every Day”, Security Magazine, June 11, 2019, https://www.securitymagazine.com/articles/90345-more-than-three-billion-fake-emails-are-sent-worldwide-every-day

[2] Krista Tedder, John Buzzard, “2020 Identity Fraud Study: Genesis of the Identity Fraud Crisis”,  Javelin Strategy, April 7, 2020, https://www.javelinstrategy.com/coverage-area/2020-identity-fraud-study-genesis-identity-fraud-crisis

[3] Kim Zetter, “Inside the Cunning, Unprecedented Hack of Ukraine’s Power Grid”, Wired, March 3, 2016, https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/

[4] Danny Palmer, “How these fake Facebook and LinkedIn profiles tricked people into friending state-backed hackers”, ZDNet, July 27, 2017, https://www.zdnet.com/article/how-these-fake-facebook-and-linkedin-profiles-tricked-people-into-friending-state-backed-hackers/

[5] Reuters Staff, “Austria’s FACC, hit by cyber fraud, fires CEO”, Reuters, May 25, 2016, https://www.reuters.com/article/us-facc-ceo-idUSKCN0YG0ZF

AXEL Go Receives Update with “Secure Fetch” Feature

AXEL Go Receives Update with “Secure Fetch” Feature

AXEL developers never stop coming up with ways to improve our privacy-focused file-sharing platform. Sometimes, we wonder when they have time to sleep! They must dream of computer code.

Snooze schedules aside, they’ve outdone themselves with the latest addition to AXEL Go. The feature is called Secure Fetch, and it allows anyone to share on our secure network.

Now, AXEL Go users can request files from anybody -even those that do not have AXEL accounts. All they have to do is send a Secure Fetch to the intended recipient. It’s an open link the recipient clicks. They then upload the requested documents and send them back safely and privately.

Finally, you can stop relying on dodgy email attachments and insecure cloud services to get the files you need. We like to think of it as a digital courier service. Except our couriers don’t stop off for a latte on the way to retrieve your confidential materials.

A feature for professionals

Secure Fetch is an excellent way for professionals to receive documents from clients and colleagues. The ease of use, the flexibility to send anyone a request, and the secure nature of the underlying file-transfer program make it the best choice. Everyone can take advantage of the three remarkable technologies that make AXEL Go an industry leader in data protection.

First, AXEL Go utilizes a decentralized network of servers throughout the world. We call these servers Masternodes, and they use the IPFS protocol to enact peer-to-peer file transfers. The IPFS has significant advantages over traditional HTTP, such as better performance, persistent availability, higher data integrity levels, and decreased likelihood of duplicate content.

The second technological pillar of AXEL Go is blockchain. Known for its inherent security and transparency, blockchain was an obvious inclusion to our platform. Our blockchain produces the AXEL Tokens needed to fuel shares throughout the network. Timestamps are added to each block so that transactions are stored immutably by date. This allows for simple verification of all transfers while keeping files private. It’s the best of both worlds.

The third component of our secure network is optional encryption. When sharing, the sender can password protect the files with AES-256 bit encryption. It is a robust encryption algorithm that safeguards your documents from unwanted viewers.

Using all three in conjunction makes AXEL Go the best way to send files securely and confidentially. Secure Fetch is a bridge that allows non-tech-savvy individuals to gain the benefits of AXEL Go without signing up for an account. We recommend all AXEL Go users to make good use of this revolutionary new feature.

Try it now

AXEL Go is available on Windows, Mac, Android, and iOS devices. If you’re interested in sharing and storing securely wherever, whenever, try it out today. Sign up for our free, full-featured Basic account and receive 2GB of private storage with enough AXEL tokens to fuel thousands of shares.

Why Data Breaches are so Damaging and how the Law has Failed Consumers

Very few times in history have a group of people sat down with the purpose of writing a set of new laws to improve society. Instead, what usually happens is that laws are written to solve specific problems. This leads to a litany of laws piling up over the decades. While it could always be debated how effective a particular law might be at accomplishing its goal, the rapid pace of technological advancement over the past 20 years – especially as compared to the pace of the lawmaking process – has introduced new challenges as laws become quickly outdated, sometimes even by the time they take effect.

The results of this are acutely apparent in the cross-section between the fields of cybersecurity and consumer protection, namely data breaches.

The magnanimity of consumer protection laws in the United States were written for a society concerned with immediate product safety and compensation for resulting injuries, not for the nebulous and incalculable injuries that may be sustained by potential millions when private records are exposed.

Why are data breaches so damaging?

The unique problem of data breaches stems from the fact that the breach of privacy carries in of itself no specific harm. Instead, it is the later misuse of information that has been breached that may lead to ensuing harm. However, with data breaches occurring on a near-daily basis, the causality of specific financial or reputational damage is nigh impossible to link to a single breach causally; with our laws written around the concept of calculable damages being the source of justified remuneration, we are left constantly and increasingly victimized but unable to seek just compensation.

Some would argue that even more problematic is the irreparable nature of many of the most severe data breaches. Once a name and social security number are leaked, that identity is permanently and irreversibly at risk for being used fraudulently. While one could always apply for a new social security number, the Social Security Administration is extremely reluctant to issue new identities, and while that is a debate for another time, it goes to show just how difficult it can be to recover from a breach. Victims are permanently marred and at increased risk for future injuries resulting from a single breach, no matter how much time has passed.

Because of the damage resulting from a data breach being so far removed temporally and causally from the actual breach itself, adequate compensation is rarely won, if it is even sought. Was it the Equifax breach, the MoviePass breach, or one of the innumerable other breaches this year that resulted in your identity being stolen and used to take out fraudulent loans a decade from now?

Moreover, even if you should find that it was MoviePass’ negligence that leads to your identity being stolen, what compensation can you seek from a company that has been defunct for years? Our laws were not written to address these issues adequately. Our legal system often does not ponder questions of uncertainty and possibility, and that’s the perfect summary of what victims face in the aftermath of a breach; uncertainty and possibilities.

For all the uncertainty victims face, the solutions going forward as a country are equally opaque.

It would be easy to write some draconian law to punish companies for exposing private data, but as is often the case, that could have unintended consequences, such as pushing data overseas where even looser security and weaker privacy laws may exacerbate the problem. Instead, it’s going to take a significant shift in our collective-consciousness over how data is handled.

Laws written for managing telecommunications and transmissions in that era are being used to handle complex cybersecurity and data privacy cases.

This can’t come just from one party though; companies need to seriously consider what data they need to collect, and what information needs to be retained on a long-term basis. Consumers have to take ownership of their data and demand a higher quality of service from corporations and governments over how their data is collected and used.

As a whole, we must recognize the value of data, and the dangers we expose ourselves to by collecting it (and why it might even be best to not collect data at all in many circumstances).

Just like holding valuables such as gold and art entails a security risk, so too does data. If people started treating data like the digital gold it really is, maybe then we could all come together to work out a solution.

But until then, I’ll be keeping my data to myself.