AMU Homeland Security Opinion Public Safety

Protecting Personal Information from Theft in Digital America

Brett Daniel Shehadey
Special Contributor for In Homeland Security

It is certainly an interesting time where personal data is increasingly being sucked up everywhere. This is instigated against the general public by governments, thieves and crackers and hackers; and sometimes all of them together simultaneously.

NSA leaks covered the USA but overlook the many more sinister programs in operation by foreign governments. Many of those are tied directly into criminal networks of those countries and around the world via underground syndicates and mafia (e.g. Russia).

Cyber security is often taunted as a critical national security objective now, but it is also a vital national public safety concern. Instead of prioritizing the search for active terrorists through retrieving big data, the US government must assure the people that it can defend them against other people and nations raking their financial and identity information. To do this we need better encryption standards that the outdated 128 or 256 bit. The common clever digital thief, the complex criminal syndicate and the insidious foreign government cyber divisions are right now demonstrating that they remain one step ahead. The only thing keeping them back is the fear that they are one step behind.

The Target credit card and personal data theft of as many as 110 million exposes the negligence, latency and control corporations exert over American citizens- and again the threat from overseas [Russians] digital thieving masterminds. Punishing Target is being considered by US authorities, but this is not enough. The same thing will happen again. Too much information out there; too many devices, points of transaction and potential of thieves working on the inside.

Malware can easily be installed not just sent via the internet by manufacturers’ of credit card readers and other digital electronic devices or the third-parties that work with American companies to produce the. According to the Chicago Tribune, the FBI identified 20 malware threats like that of Target this last year.

Not to get xenophobic or anything but the real cyber threats tend to be coming from overseas and this is where Washington and US companies must work closer together in protecting personal and financial information. The government might issue warnings or more aggressively pursue international digital thieves or excellent Russian teenage hackers.

Moreover the US government has no right seeing any private financial information without warrant and probable cause. Technically the crime has passed but in reality it is still ongoing. In the investigations like Target, however, such information could be up for grabs by various law enforcement agencies (LEAs) who have no legal right or access to them and that such information is not pertinent to the investigation of this case. Then the information floats around even more.

What are the holding and discarding procedures of an entire LEA or network of LEAs handling such financial and personal information in such a massive case of financial, credit and personal theft? Thus the post-incident response is also highly questionable and will become an even greater issue unless resolved and assured early on.

Congress could focus their energies on passing laws conducive to the massive public financial and personal vulnerabilities instead of turning this into a condemnation trial against Target to appease public tension.

The Coca-Cola incident just struck with company stolen laptops effecting the personal information of 74,000 employees. This included names, social security numbers, addresses and so forth. And of course, the laptops from the headquarters were not encrypted.

This might make the American public realize the jeopardy their information is in as it is spread to more and more locations and held by more entities from the employer, the government bureaucracies at all levels, the banks to the cable guys. Too much sensitive identity information is required and vulnerable. This is especially true over time. The longer and the more places ones birthdate, name and social security travel, the better the chances of identity theft. Once assumed, an identity thieve can effectively take everything you have and conduct all sort of intelligence activities for foreign governments to other crimes in the states.

To prevent this, the private sector has stepped up to help secure American privacy but the government could and should be doing more. Why should non-essential services be permitted by law to even ask your social security number? Why should a private service other than credit cards and financial institutions that place and transfer or lend money be legally permitted to anything other than cash, deposit or routine credit transaction?

Other ways of more rigorous credit checks and financial verification could also be explored as alternatives. Biometrical systems that were once so promising are all just as faulty now in the digital age. If a programmer has the skills to capture cards, what would prevent him or her from obtaining finger prints, eye prints, DNA and other bio-signatures?

Mail, Phone and e-scams are also becoming common place. Bio-metrics would do nothing substantial here. It might be possible to find out exactly who is talking to who and that information might appear on as a warning flag via a text message on a third-party mobile ap. But the same verification can be done now.

Once such “full-proof” systems where eventually put in place, there would be even more personal information about you in complete control of the people that know more about the capture and reading devices than you do.

Better than purely biometrics will be the implementation of common public security practices using a personal digital security assistant. Such could be an AI program created by trusted anti-virus firm or self-generated to warn and monitor in a more sophisticated manner regarding the real-time events taking place. To do this, many of the laws would have to empower the individual to monitor and spy on the corporation just the corporation records, tracks and monitors the individual to an increasing skill and capability at this time via the internet, the phone’s audible messages and so forth. Thus private surveillance laws among a score of others would have to be altered.

Better and more modernized digital laws, not just technology are needed to resolve the above American e-problems. Rather than just empowering firms that protect privacy, the US must engage in a precedent that allows private digital individual citizens the legal framework and tools to empower their own added security measures for financial and personal information.

Comments are closed.