It’s been over a month since the Federal Communications Commission repealed an Obama-era protection in the technology industry: Net neutrality. Along with the end to net neutrality came a termination of security and data privacy rules. Critics were immensely concerned with the effects this repeal would have on cyber security, but is that concern still there?
Representatives in the industry say that there is no link between security efforts and regulatory moves, and they say that cyber security work that has already been done will help the industry remain private and protect users. Critics, on the other hand, say that there is now a reduction in the amount of transparency among internet service providers which, in turn, limits the information provided about their security. One of those critics is retired Adm. David Simpson, a former security chief with the FCC and the author of the regulations that have been repealed.
Last year, Simpson said, “The obligation for ISPs to engage in reasonable security practices is eliminated.” He also said that the risk of cyber exposure was heightened.
Tom Wheeler, a former chairman of the FCC, said it’s a ruse. He said that ISPs have been reclassified as Title I in the Communications Act and still have “plenty of room” to set their own security standards. Title I covered the industry before it was reclassified as Title II.
What you believe at this point really depends on who you are listening to and what you already know. The repeal is too new for there to have been any solid effects yet for people to base their opinions on. As we move forward, here are the things that people are keeping an eye out for when it comes to the repeal of net neutrality, and how it affects cyber security:
Targets for Hackers
Internet providers make money when you browse. To do this, they have to collect information. They determine which websites you visit, who you’re talking to and potentially the search terms you are entering. They have to store that information somewhere. There have already been breaches, as evidenced by Comcast’s payout of $33 million for releasing information about their customers, albeit unintentionally.
That breach was a mistake on the part of Comcast and only involved phone numbers. It is presumed that with a lack of net neutrality and transparent security procedures, our personal and business information would be ripe for hacking.
Lack of Encryption
Before the repeal, ISPs could only see your traffic that wasn’t encrypted. That means that if you visited a site that began with https, no one could see what you were looking at. They could see the domain, and that was it. This was frustrating because it limited the ways in which ISPs could build ads based on your browsing preferences.
ISPs have proposed a new standard, ETP or Explicit Trusted Proxies, that would allow them to remove the encryption and read the data. They would then encrypt it again before it was sent. It doesn’t seem like a big deal until you are aware that it ends in a weaker encryption, exposing you to risk of a cyber attack.
According to some, one of the biggest threats is the insertion of ads into your browsing. To insert an ad into the web page you are browsing, there has to be new code. That could break the security of any code that is already in place and according to one security expert, “…you no longer know as a website developer precisely what code is running in browsers out there.”
What that means to you is this: Security features that are in place could be broken by the automated insertion of new code. A hacker could potentially take advantage of those breaks.
You enable Incognito mode. You delete your browser’s cookies. You’re still tracked. That is a very real danger when it comes to cyber security. Third-parties can already track you but with limitations. It is feared that with this repeal, those limitations will be lifted.
ISPs are voicing the desire to insert ID numbers into all unencrypted connections. When a website you visit wants to know more about you and your habits, they can pay your ISP for the information. Think those Facebook ads are annoying now? It could get worse.
Spyware… and Malware
One more risk, as if there aren’t enough. This risk involves your ISP pre-installing spyware onto your mobile devices. In order for this spyware, like Carrier IQ, to be inserted, it has to have access to the systems of your phone. All of these systems would ordinarily be secure but with the addition of spyware, your mobile device becomes vulnerable.
Here’s the problem. Internet service providers are claiming that they will not be changing the way they do business in a major way, but can we believe them? The FCC privacy rules have been repealed, giving ISPs what some call free reign to do what they like in order to increase their bottom line. How this will affect private citizens and small businesses remains to be seen in the coming months and years.
Get Cyber Security Help from Company.com
If you are interested in ways to increase your cyber security or operate your business more efficiently, reach out to Company.com. We have the tools small business owners need and we are happy to discuss your specific needs with you. Call our team today to learn more about how we can help you protect your small business from cyber attacks, or to sign up for a risk-free account.