Apple, Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. Experts say the changes should help defeat many types of phishing attacks and ease the overall password burden on Internet users, but caution that a true passwordless future may still be years away for most websites.

The tech giants are part of an industry-led effort to replace passwords, which are easily forgotten, frequently stolen by malware and phishing schemes, or leaked and sold online in the wake of corporate data breaches.

Apple, Google and Microsoft are some of the more active contributors to a passwordless sign-in standard crafted by the FIDO (“Fast Identity Online”) Alliance and the World Wide Web Consortium (W3C), groups that have been working with hundreds of tech companies over the past decade to develop a new login standard that works the same way across multiple browsers and operating systems.

According to the FIDO Alliance, users will be able to sign in to websites through the same action that they take multiple times each day to unlock their devices — including a device PIN, or a biometric such as a fingerprint or face scan.

“This new approach protects against phishing and sign-in will be radically more secure when compared to passwords and legacy multi-factor technologies such as one-time passcodes sent over SMS,” the alliance wrote on May 5.

Sampath Srinivas, director of security authentication at Google and president of the FIDO Alliance, said that under the new system your phone will store a FIDO credential called a “passkey” which is used to unlock your online account.

“The passkey makes signing in far more secure, as it’s based on public key cryptography and is only shown to your online account when you unlock your phone,” Srinivas wrote. “To sign into a website on your computer, you’ll just need your phone nearby and you’ll simply be prompted to unlock it for access. Once you’ve done this, you won’t need your phone again and you can sign in by just unlocking your computer.”

As ZDNet notes, Apple, Google and Microsoft already support these passwordless standards (e.g. “Sign in with Google”), but users need to sign in at every website to use the passwordless functionality. Under this new system, users will be able to automatically access their passkey on many of their devices — without having to re-enroll every account — and use their mobile device to sign into an app or website on a nearby device.

Johannes Ullrich, dean of research for the SANS Technology Institute, called the announcement “by far the most promising effort to solve the authentication challenge.”

“The most important part of this standard is that it will not require users to buy a new device, but instead they may use devices they already own and know how to use as authenticators,” Ullrich said.

Steve Bellovin, a computer science professor at Columbia University and an early internet researcher and pioneer, called the passwordless effort a “huge advance” in authentication, but said it will take a very long time for many websites to catch up.

Bellovin and others say one potentially tricky scenario in this new passwordless authentication scheme is what happens when someone loses their mobile device, or their phone breaks and they can’t recall their iCloud password.

“I worry about people who can’t afford an extra device, or can’t easily replace a broken or stolen device,” Bellovin said. “I worry about forgotten password recovery for cloud accounts.”

Google says that even if you lose your phone, “your passkeys will securely sync to your new phone from cloud backup, allowing you to pick up right where your old device left off.”

Apple and Microsoft likewise have cloud backup solutions that customers using those platforms could use to recover from a lost mobile device. But Bellovin said much depends on how securely such cloud systems are administered.

“How easy is it to add another device’s public key to an account, without authorization?” Bellovin wondered. “I think their protocols make it impossible, but others disagree.”

Nicholas Weaver, a lecturer at the computer science department at University of California, Berkeley, said websites still have to have some recovery mechanism for the “you lost your phone and your password” scenario, which he described as “a really hard problem to do securely and already one of the biggest weaknesses in our current system.”

“If you forget the password and lose your phone and can recover it, now this is a huge target for attackers,” Weaver said in an email. “If you forget the password and lose your phone and CAN’T, well, now you’ve lost your authorization token that is used for logging in. It is going to have to be the latter. Apple has the infrastructure in place to support it (iCloud keychain), but it is unclear if Google does.”

Even so, he said, the overall FIDO approach has been a great tool for improving both security and usability.

“It is a really, really good step forward, and I’m delighted to see this,” Weaver said. “Taking advantage of the phone’s strong authentication of the phone owner (if you have a decent passcode) is quite nice. And at least for the iPhone you can make this robust even to phone compromise, as it is the secure enclave that would handle this and the secure enclave doesn’t trust the host operating system.”

The tech giants said the new passwordless capabilities will be enabled across Apple, Google and Microsoft platforms “over the course of the coming year.” But experts said it will likely take several more years for smaller web destinations to adopt the technology and ditch passwords altogether.

Recent research shows far too many people still reuse or recycle passwords (modifying the same password slightly), which presents an account takeover risk when those credentials eventually get exposed in a data breach. A report in March from cybersecurity firm SpyCloud found 64 percent of users reuse passwords for multiple accounts, and that 70 percent of credentials compromised in previous breaches are still in use.

A March 2022 white paper on the FIDO approach is available here (PDF). A FAQ on it is here.

Read More

Like most things in life, online privacy is a 2-way street. As consumers, we expect the companies we deal with online to manage and safeguard our data to a super professional level however we also have a role to play here too. So, this Privacy Awareness Week (PAW), let’s focus on what we can do to ensure our personal information is kept as secure, and private as possible. 

Privacy Awareness Week 

There’s nothing like a dedicated ‘week’ to renew our focus and in my opinion, this year’s PAW does just that. This year’s theme is – The Foundation of Trust – we all have a role to play, a great reminder of how it’s up to all of us to ensure we manage online privacy. There’s no doubt that managing our privacy is low on the to-do list for many. And I get it – we’re all strapped for time, and we don’t ever think privacy breaches will affect us. Well, my friends, I’m here to tell you that privacy breaches do happen. Identity theft is a reality of living life online. In fact, in 2020/21, nearly 155,000 Aussies had their identities stolen and they were the cases that were reported. But the good news is that if you take a proactive approach, you can minimise the risk of this ever happening. 

What You Can Do to Protect Your Online Privacy 

Believe it or not, most of your privacy action plan involves small steps that are, I promise, relatively painless. The most important thing here is that you need to commit to doing them. The last thing you want is to spend months dealing with the fallout from having your identity stolen. It’s exhausting, stressful, and absolutely worth avoiding. 

Without further ado, here’s your action plan: 

1. Passwords 

Strong and complex passwords are essential to keeping your online information tight. Ideally, a password should have between 8-10 characters and be a combination of letters – both lower and uppercase, numbers and symbols. Each online account should also have its own password too – which is a very overwhelming concept! Consider using a password manager such as McAfee’s TrueKey to help generate and manage passwords.   

2. Conduct An Audit of Your (and Your Kids’) Privacy Settings 

Ensure all the family checks their social media accounts to ensure they are set to private. This will mean that only their chosen friends can see their private information. Each social media platform will have its own ‘help’ page which provides specific steps on how to do this.  

3. Use Public Wi-Fi With Caution 

If you are serious about your online privacy, then you need to use public Wi-Fi sparingly. Unsecured public Wi-Fi is a very risky business. Anything you share could easily find its way into the hands of cybercriminals. So, avoid sharing any sensitive or personal information while using public Wi-Fi. If you travel regularly, consider investing in a VPN. A VPN (Virtual Private Network) encrypts your activity which means your login details and other sensitive information is protected. A great insurance policy!  

4. Use 2-Factor Authentication 

Adding an additional layer of security to protect yourself when accessing your online accounts is another great way of guarding your online privacy. Turn on two-factor authentication for Google, Dropbox, Facebook and whatever other site offers it. For those new to this option, this means that in addition to your password, you will need to provide another form of identification to ensure you are who you say you are. Most commonly, this is a code sent to your mobile phone or generated by a smartphone app. 

5. Consider a Search Engine that Doesn’t Track Your Every Move Online 

Most web surfers rely on Google for their searching but why not use a search engine that doesn’t collect and store the information? And there are loads of more ‘privacy focussed’ options to choose from. Check out DuckDuckGo, that doesn’t profile users or track or sell your information to third parties. 

6. Protect Your Digital Life 

Comprehensive security protection software is an easy way to help firm up your online privacy too as it does a great job of keeping malicious software (malware) at bay. Malware can wreak absolute havoc: from installing pop ups to scanning for personal information. And if you’re likely to click dodgy links (we’re all human after all), then this is a no brainer! Super-duper security software will also guard you against viruses and online threats, direct you away from risky websites and dangerous downloads and protect your smartphones and tablets too, it can also back up your files. McAfee’s LiveSafe protection software comes with a 100% guarantee to protect you against viruses. 

So, this Privacy Awareness week, please take the time to ensure you are doing all you can to nail your online privacy. And of course, please get your kids involved too. Do your research and find some stories of ‘real life’ people who have had their identity stolen to share around the dinner table because identity theft can absolutely happen to anyone! 

Till next time, 

Stay Safe! 

Alex   

The post Are You Playing A Role In Protecting Your Online Privacy? appeared first on McAfee Blog.

Read More

Video of oval squid (Sepioteuthis lessoniana) changing color in reaction to their background. The research paper claims this is the first time this has been documented.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Read More

Mac computers have long enjoyed a well-earned reputation for having robust security. Apple’s closed ecosystem, coupled with the built-in security features found on Macs and iPhones, has led many users to believe that Apple products are immune to viruses. And while MacBooks are arguably more secure than Microsoft Windows PCs, they aren’t without vulnerabilities. 

This article goes over some of the known malware threats that can affect Macs and explores some security measures you can take to help safeguard your Apple devices. 

6 types of malware that can affect Macs

There are a lot of benefits to being a Mac user, including built-in security features that allow you to enjoy the Apple ecosystem without too much worry. However, if your Mac has a security flaw or you’ve experienced a social engineering attack, like phishing, it could put the device at risk. 

It’s a good idea to be aware of the different types of malware that can affect Mac security and functionality.  

Adware

Adware is software that displays several types of online advertising, with pop-up ads being the most common. Adware infects computer systems when users download programs that are loaded with it or when hackers take advantage of a security vulnerability to insert it. 

Potentially unwanted programs

Potentially unwanted programs (PUPs) are software applications that most users would deem unnecessary. These programs are often bundled with wanted programs installed by the user. The unwanted program might be malicious software that displays intrusive advertising, tracks the user’s activity, or compromises personal data. 

Ransomware

Ransomware is any malware that threatens to leak the user’s data if a ransom isn’t paid. To achieve this, ransomware renders files unusable by encrypting them. The user is then pressured into paying the ransom in exchange for decryption.  

Spyware

Spyware is any program that collects a user’s data and forwards it to a third party without authorization. Keep in mind that any software — including legitimate ones — can be classified as spyware if it’s downloaded to the user’s device without permission. 

Phishing 

Phishing is an umbrella term for various scams involving sending a fraudulent message designed to mislead a user into exposing personal data or to embed a malicious program into their system. As of 2021, phishing was the most common form of cyberattack. 

Trojans

Trojans refer to a type of malware that tricks users into downloading it by masquerading as a legitimate program. These malicious programs spread by misleading users into doing simple tasks, such as completing a fill-in form or clicking on fake ads. 

How do viruses affect Macs?

Viruses can affect Macs in a variety of ways. Depending on the type of malware that infects the Mac, symptoms might range from mild ones that could go undetected for weeks to ones that are instantly noticeable.  

Here are some signs that you might see if your Mac is infected with a virus:  

The operating system is running slower than usual. 
Pop-up ads are frequently appearing. 
Website pages aren’t displaying properly.  
New extensions are added to your browser without your permission.  
You can’t access personal files.  

A Mac that’s been infected with a virus puts your personal data at risk. Among these risks is the possibility of passwords being compromised and personal files being deleted from the hard drive. 

How to check your Mac for viruses

Apple’s built-in security system makes checking for viruses a relatively simple process. Follow these steps to make sure all bases are covered: 

Checking for Mac malware

To check if your Mac is infected with a virus, start by monitoring your system’s memory usage. To access the Activity Monitor, go to Applications > Utilities > Activity Monitor > CPU. 

 Sort the CPU percentage from high to low and look for unusually high CPU use. If a particular process stands out, do a quick search to determine whether it’s malicious. 

Checking for suspicious applications

While viruses are rarely found in the Applications folder, it’s still a good idea to check since Trojans can be embedded in a wide range of apps. Go to your Applications folder and look for any you don’t remember installing.  

If a search reveals illegitimate apps, delete them from the folder and empty your trash. 

Checking your login items

Since malware tends to load automatically when you start your Mac, there’s a good chance it will show up in your macOS login items list. To check the list, go to Users & Groups in System Preferences and go through the list after clicking on the Login Items tab.  

Select any item that stands out as suspicious and remove it by clicking the minus (-) button. 

Do Macs have built-in antivirus protection?

While Macs don’t come with conventional antivirus protection, they do boast several internet security features. Here are the main ones:  

XProtect

XProtect is an anti-malware system built into Mac OS X. XProtect stores all known malware definitions in a file and prevents any application with these definitions from being installed on the system. If you try to open an infected file, XProtect will display a warning message and tell you what type of malware it is. 

Gatekeeper

As the name implies, Gatekeeper is a macOS built-in security feature that verifies all downloaded apps before allowing them to be installed. In essence, Gatekeeper prevents unrecognized third-party applications from running on the system, reducing the possibility of malware infiltration. 

Sandboxing

Sandboxing is a mechanism that restricts third-party apps from making changes to the system or accessing files stored by other apps. This helps limit damage to the device and protects the user’s data in case an app is compromised. 

Malware Removal Tool

Apple’s Malware Removal Tool (MRT) is a built-in malware removal software that removes any malicious software that manages to infiltrate your system. This process occurs automatically whenever XProtect detects malware on a file or app. 

6 tips to keep your Mac safe from viruses

Now that you’re familiar with the security threats that Macs can experience, the next step is prevention. Here are some best practices to keep your Mac safe from viruses. 

Keep your operating system updated 

Using an outdated version of the operating system (OS) can pose a risk to your Mac, as hackers may exploit a known vulnerability in the system. Getting a software update allows you to benefit from the latest security updates that help mitigate these vulnerabilities. 

The good news is that Apple makes it easy to keep your OS in working order with automatic updates. Simply open System Preferences > Software Update. Then, check the Automatically keep my Mac up to date box.  

You can also do manual updates by clicking Advanced in the Software Update section and choosing: 

Check for updates 
Download new updates when available 
Install macOS updates 
Install app updates from the Mac App Store 

Double-check your privacy and security settings

Staying on top of your privacy and security settings can go a long way in protecting your Mac from viruses. To make sure that no suspicious apps can be installed on your system, head over to the preference pane in the Security & Privacy section in System Preferences and select App Store and App Store and Identified Developers as the only sources from which software can be installed. 

Consider using a VPN on public Wi-Fi networks

Many Wi-Fi hot spots don’t require authentication to establish a network connection. This can make them vulnerable to hackers looking to infiltrate unsecured devices.  

To secure your connection when using public Wi-Fi, be sure to use a virtual private network (VPN) like McAfee’s Secure VPN. Our VPN technology allows you to connect safely to public Wi-Fi by encrypting (in other words, scrambling) your data. You’ll stay anonymous and secure from advertisers and prying eyes, and the VPN will turn on automatically when you connect to an unsecured network. 

Install antivirus software

As effective as some of Apple’s built-in security features are, the ever-changing landscape of cybersecurity threats may require the use of an antivirus program like the award-winning antivirus software included in McAfee Total Protection. 

This program was designed with Mac-specific vulnerabilities in mind and offers three different ways to scan your system:  

Real-time scanning 
On-demand scanning 
Scheduled scanning 

It also comes with customizable firewall protection and a wide range of privacy and identity tools and features. While the antivirus software protects your Mac from online threats, you can enjoy enhanced peace of mind. 

Ensure your firewall is turned on

A firewall is a built-in security system that protects your Mac by blocking suspicious internet traffic. Keep your firewall enabled at all times to benefit from this protection.  

McAfee’s robust firewall protection that comes with our antivirus software puts you in control of the data that comes in and goes out through your network. 

Back up your Mac regularly

Backing up files is a simple yet effective way to protect you from data loss in case your system is compromised. You can use the Time Machine feature to back up your Mac to an external hard drive and restore it when the need arises.  

To back up your Mac, follow these steps: 

Plug an external hard drive into your Mac. 
Click the Apple icon in the upper-left menu. 
Select System Preferences. 
Click Time Machine. 
Click Select Backup Disk. 
Pick the drive and select Use Disk. 
Check the Back Up Automatically box. 

Add additional protection to your Mac with McAfee

As cybersecurity threats continue to grow in scale and complexity, Apple’s built-in security features are a good place to start. For comprehensive protection against these threats, though, consider adding another layer of defense with McAfee Total Protection. 

Our all-in-one protection suite helps keep your personal information and privacy safe with a secure VPN, premium antivirus software, identity monitoring, and other top-of-the-line features. Malware doesn’t have to be a concern when you’ve got McAfee in your corner.  

See the difference McAfee Total Protection can make when it comes to living your best life online.  

The post Do Macs Need Antivirus Software? appeared first on McAfee Blog.

Read More

Like most things in life, online privacy is a 2-way street. As consumers, we expect the companies we deal with online to manage and safeguard our data to a super professional level however we also have a role to play here too. So, this Privacy Awareness Week (PAW), let’s focus on what we can do to ensure our personal information is kept as secure, and private as possible. 

Privacy Awareness Week 

There’s nothing like a dedicated ‘week’ to renew our focus and in my opinion, this year’s PAW does just that. This year’s theme is – The Foundation of Trust – we all have a role to play, a great reminder of how it’s up to all of us to ensure we manage online privacy. There’s no doubt that managing our privacy is low on the to-do list for many. And I get it – we’re all strapped for time, and we don’t ever think privacy breaches will affect us. Well, my friends, I’m here to tell you that privacy breaches do happen. Identity theft is a reality of living life online. In fact, in 2020/21, nearly 155,000 Aussies had their identities stolen and they were the cases that were reported. But the good news is that if you take a proactive approach, you can minimise the risk of this ever happening. 

What You Can Do to Protect Your Online Privacy 

Believe it or not, most of your privacy action plan involves small steps that are, I promise, relatively painless. The most important thing here is that you need to commit to doing them. The last thing you want is to spend months dealing with the fallout from having your identity stolen. It’s exhausting, stressful and absolutely worth avoiding. 

Without further ado, here’s your action plan: 

1. Passwords

 Strong and complex passwords are essential to keeping your online information tight. Ideally, a password should have between 8-10 characters and be a combination of letters – both lower and uppercase, numbers and symbols. Each online account should also have its own password too – which is a very overwhelming concept! Consider using a password manager such as McAfee’s TrueKey to help generate and manage passwords.   

2. Conduct An Audit of Your (and Your Kids’) Privacy Settings 

Ensure all the family checks their social media accounts to ensure they are set to private. This will mean that only their chosen friends can see their private information. Each social media platform will have its own ‘help’ page which provides specific steps on how to do this.  

3. Use Public Wi-Fi With Caution 

If you are serious about your online privacy, then you need to use public Wi-Fi sparingly. Unsecured public Wi-Fi is a very risky business. Anything you share could easily find its way into the hands of cybercriminals. So, avoid sharing any sensitive or personal information while using public Wi-Fi. If you travel regularly, consider investing in a VPN. A VPN (Virtual Private Network) encrypts your activity which means your login details and other sensitive information is protected. A great insurance policy!  

4. Use 2-Factor Authentication 

Adding an additional layer of security to protect yourself when accessing your online accounts is another great way of guarding your online privacy. Turn on two-factor authentication for Google, Dropbox, Facebook and whatever other site offers it. For those new to this option, this means that in addition to your password, you will need to provide another form of identification to ensure you are who you say you are. Most commonly, this is a code sent to your mobile phone or generated by a smartphone app. 

5. Consider a Search Engine that Doesn’t Track Your Every Move Online 

Most web surfers rely on Google for their searching but why not use a search engine that doesn’t collect and store the information? And there are loads of more ‘privacy focussed’ options to choose from. Check out DuckDuckGo which doesn’t profile users or track or sell your information to third parties. 

6. Protect Your Digital Life 

Comprehensive security protection software is an easy way to help firm up your online privacy too as it does a great job of keeping malicious software (malware) at bay. Malware can wreak absolute havoc: from installing pop-ups to scanning for personal information. And if you’re likely to click dodgy links (we’re all human after all), then this is a no-brainer! Super-duper security software will also guard you against viruses and online threats, direct you away from risky websites and dangerous downloads and protect your smartphones and tablets too, it can also back up your files. McAfee’s LiveSafe protection software comes with a 100% guarantee to protect you against viruses. 

So, this Privacy Awareness week, please take the time to ensure you are doing all you can to nail your online privacy. And of course, please get your kids involved too. Do your research and find some stories of ‘real life’ people who have had their identity stolen to share around the dinner table because identity theft can absolutely happen to anyone! 

Till next time, 

Stay Safe! 

Alex   

The post Are You Playing A Role In Protecting Your Online Privacy? appeared first on McAfee Blog.

Read More

Compromised data included customer names, email addresses and phone numbers

Read More

Updates advise organizations to consider vulnerabilities in components of products they’re considering using

Read More

Tech giants Apple, Google, and Microsoft have announced extended support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. Expanded implementation will make faster, easier and more secure sign-ins available to consumers across leading devices and platforms, the firms stated. The move comes as the risks of password-only authentication continue to cause security threats for organizations and users.

It also follows the FIDO Alliance’s publication of a whitepaper in March 2022 describing how it will facilitate true passwordless support for consumer authentication. The organization’s focus had previously been on the enterprise.

To read this article in full, please click here

Read More

The Paris Call for Trust and Stability in Cyberspace is an initiative launched by French President Emmanuel Macron during the 2018 UNESCO’s Internet Governance Forum. It’s an attempt by the world’s governments to come together and create a set of international norms and standards for a reliable, trustworthy, safe, and secure Internet. It’s not an international treaty, but it does impose obligations on the signatories. It’s a major milestone for global Internet security and safety.

Corporate interests are all over this initiative, sponsoring and managing different parts of the process. As part of the Call, the French company Cigref and the Russian company Kaspersky chaired a working group on cybersecurity processes, along with French research center GEODE. Another working group on international norms was chaired by US company Microsoft and Finnish company F-Secure, along with a University of Florence research center. A third working group’s participant list includes more corporations than any other group.

As a result, this process has become very different than previous international negotiations. Instead of governments coming together to create standards, it is being drive by the very corporations that the new international regulatory climate is supposed to govern. This is wrong.

The companies making the tools and equipment being regulated shouldn’t be the ones negotiating the international regulatory climate, and their executives shouldn’t be named to key negotiation roles without appointment and confirmation. It’s an abdication of responsibility by the US government for something that is too important to be treated this cavalierly.

On the one hand, this is no surprise. The notions of trust and stability in cyberspace are about much more than international safety and security. They’re about market share and corporate profits. And corporations have long led policymakers in the fast-moving and highly technological battleground that is cyberspace.

The international Internet has always relied on what is known as a multistakeholder model, where those who show up and do the work can be more influential than those in charge of governments. The Internet Engineering Task Force, the group that agrees on the technical protocols that make the Internet work, is largely run by volunteer individuals. This worked best during the Internet’s era of benign neglect, where no one but the technologists cared. Today, it’s different. Corporate and government interests dominate, even if the individuals involved use the polite fiction of their own names and personal identities.

However, we are a far cry from decades past, where the Internet was something that governments didn’t understand and largely ignored. Today, the Internet is an essential infrastructure that underpins much of society, and its governance structure is something that nations care about deeply. Having for-profit tech companies run the Paris Call process on regulating tech is analogous to putting the defense contractors Northrop Grumman or Boeing in charge of the 1970s SALT nuclear agreements between the US and the Soviet Union.

This also isn’t the first time that US corporations have led what should be an international relations process regarding the Internet. Since he first gave a speech on the topic in 2017, Microsoft President Brad Smith has become almost synonymous with the term “Digital Geneva Convention.” It’s not just that corporations in the US and elsewhere are taking a lead on international diplomacy, they’re framing the debate down to the words and the concepts.

Why is this happening? Different countries have their own problems, but we can point to three that currently plague the US.

First and foremost, “cyber” still isn’t taken seriously by much of the government, specifically the State Department. It’s not real to the older military veterans, or to the even older politicians who confuse Facebook with TikTok and use the same password for everything. It’s not even a topic area for negotiations for the US Trade Representative. Nuclear disarmament is “real geopolitics,” while the Internet is still, even now, seen as vaguely magical, and something that can be “fixed” by having the nerds yank plugs out of a wall.

Second, the State Department was gutted during the Trump years. It lost many of the up-and-coming public servants who understood the way the world was changing. The work of previous diplomats to increase the visibility of the State Department’s cyber efforts was abandoned. There are few left on staff to do this work, and even fewer to decide if they’re any good. It’s hard to hire senior information security professionals in the best of circumstances; it’s why charlatans so easily flourish in the cybersecurity field. The built-up skill set of the people who poured their effort and time into this work during the Obama years is gone.

Third, there’s a power struggle at the heart of the US government involving cyber issues, between the White House, the Department of Homeland Security (represented by CISA), and the military (represented by US Cyber Command). Trying to create another cyber center of power within the State Department threatens those existing powers. It’s easier to leave it in the hands of private industry, which does not affect those government organizations’ budgets or turf.

We don’t want to go back to the era when only governments set technological standards. The governance model from the days of the telephone is another lesson in how not to do things. The International Telecommunications Union is an agency run out of the United Nations. It is moribund and ponderous precisely because it is run by national governments, with civil society and corporations largely alienated from the decision-making processes.

Today, the Internet is fundamental to global society. It’s part of everything. It affects national security and will be a theater in any future war. How individuals, corporations, and governments act in cyberspace is critical to our future. The Internet is critical infrastructure. It provides and controls access to healthcare, space, the military, water, energy, education, and nuclear weaponry. How it is regulated isn’t just something that will affect the future. It is the future.

Since the Paris Call was finalized in 2018, it has been signed by 81 countries — including the US in 2021 — 36 local governments and public authorities, 706 companies and private organizations, and 390 civil society groups. The Paris Call isn’t the first international agreement that puts companies on an equal signatory footing as governments. The Global Internet Forum to Combat Terrorism and the Christchurch Call to eliminate extremist content online do the same thing. But the Paris Call is different. It’s bigger. It’s more important. It’s something that should be the purview of governments and not a vehicle for corporate power and profit.

When something as important as the Paris Call comes along again, perhaps in UN negotiations for a cybercrime treaty, we call for actual State Department officials with technical expertise to be sitting at the table with the interests of the entire US in their pocket…not people with equity shares to protect.

This essay was written with Tarah Wheeler, and previously published on The Cipher Brief.

Read More

Trainee solicitor handed two-year suspended sentence

Read More