Congress finally earns their keep?

 

Finally the US Congress (Senate & House of Representatives) have the opportunity to pass some meaningful legislation – Senate Bill 536 aka The Cybersecurity Disclosure Act of 2017. Like most new legislation this is far from perfect, but it is a good starting point. You see, just about every month we here at UTB Blogs report about a hack or vulnerability which has put hundreds of thousands or millions of people at risk as their name, address, age, phone number and perhaps personal financial or medical information is spread on the Dark-Web by ne’er do wells. Many times it’s not due to the consumers’ oversight but to an employee at a large corporation not being properly trained or not following the training they were provided. Most data breaches are due to employees leaving a laptop unattended and it gets stolen or by an employee falling for a phishing scam. Not only does the consumer waste hours upon hours of their time trying to rectify things with credit reporting agencies, companies lose goodwill as they have lost the public trust. Some of you may think that goodwill is a nebulous concept but look no further than the recent Yahoo! deal and you can see the direct impact of this management oversight (a reduction of $350,000,000 in sales price!!).

The reason I consider the bill a good a good start but far from ideal is that it lifts the veil concerning corporate cybersecurity but in all actuality it has no teeth. Not until legislation is passed that hits corporations where it hurts most – in their pocketbook. Hopefully former New York City Mayor Rudy Giuliani who serves as the White House Cybersecurity Advisor for the Trump administration can exert some influence resulting in BlackBerry’s UEM getting front and center by Making our Data Great Again!

Rob

kayaker co-pilot Tucson, it's a dry heat!

  • anthogag

    There needs to be another Bill for consumer devices.

    App permissions people check-off need to be much more specific about what that app will do and access and where this information will go. Currently it’s vague and app developers are using this to their advantage.

    There needs to be a specific sentence stating why the app is “free”. If it’s free because the developer plans to sell your information to 3rd parties the user needs to acknowledge it with a checkbox.

    The EULA should contain specific boxes the user has to check-off explaining in detail how the app will access your device and where this information will go and who will use it and if it will be sold to 3rd parties.

    There should be a specific box to check-off which states you let that app use your data to do its behind the scenes accessing of your device.

    Also, a device that can be rooted, like iToy and most current Hemdroids, should be curtailed.

    • Robert Friedman

      Couldn’t agree with you more!

      Though whether an app is free or not devs may still collate, bundle and sell your data. This needs to be disclosed and as you had mentioned, the user should have the ability to opt out and still retain full app functionality

    • theCHIVERChance

      I also agree. Although it would be great if the app stores and people making the apps would take things into their own hands and implement things like this, but we know that will almost certainly not happen. However, I have seen a good handful of devs, in the BlackBerry World at least, actually explain the permissions.

  • If Giuliani gets BlackBerry some well-deserved attention for their security capabilities, that would be YUGE!

Top