Viewing the Protection of National Private Information Security Starting from the Edward Snowden Event
On December 1st, just a few days earlier, Edward Snowden had taken the oath to officially become a Russian citizen and obtained a Russian passport. This former CIA technician has become the focus of major news media reports about 10 years ago, because he exposed some evidence about the NSA’s collection of user information through large service providers and more other secret information. It is not only Snowden’s behavior and his subsequent experience that really sparked international discussions, but also the concerns of citizens all over the world that their private information exposed to the Internet and major service providers may be leaked out. Bill Gates, the founder of Microsoft, once said that computers will become the general service station for users to store information and create documents. The Internet and the software provided by major telecommunication service providers have been rooted in modern life. When a user registers a social software account, he or she will be required to enter personal information such as mobile phone number, real name and age, which will be used to protect the only access to the personal account . Furthermore, when users are browsing their favorite web pages at will, private data are produced. Personal data should be used for software bug fixes and personalized service research, but if they are obtained by an organization other than the service provider, obviously a threat to users appears as well.
Data security experts summarize the causes of data leakage into six major parts: hackers, website vulnerabilities, database vulnerabilities, public databases, unauthorized access, and “traitors” among employees. From a regulatory point of view, most of the time, data leakage is only aimed at non-regulators, but regulators themselves lack supervision on the acquisition and use of data. Even the government are not allowed by some existing laws to collect users’ private data in various ways without their consent. Currently, in the United States, the Data Security and Breach Notification Act requires private and government entities to promptly notify affected customers of incidents involving personal information breaches. In June 2017, Anthem Inc., the largest insurance company in the US, signed a $115 million settlement agreement after the personal data breach of 80 million customers, agreeing to pay each plaintiff $235 in compensation. The injured class will be compensated up to $10,000. In Europe, the General Data Protection Regulation (GDPR) is considered by the media to be a sign of a new era of big data regulation. This act defines a data breach broadly, including “a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data transmitted, stored or otherwise processed”. Thus, the definition of a data breach is not just limited to hackers gaining access to IT systems, but also includes lost or stolen smartphones, laptops, USB sticks and malware infections.
In short, the construction of communication security requires multiple efforts from individuals, enterprises, governments, and laws, and any attempt to steal and illegal use of users’ information will be subject to increasingly severe sanctions.
By Tao Cheng