Who Will Protect You From Yourself?
Microsoft immediately informs its users should they suspect that an unauthorized entity might be attempting to access their Outlook email or files on their OneDrive cloud storage service. Now Microsoft VP Scott Charney has disclosed that the company will be going a step further by also notifying the consumer if the hacker is sponsored by a Government.
We're taking this additional step of specifically letting you know if we have evidence that the attacker may be "state-sponsored" because it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others.
This news has obviously delighted free-speech activists and security experts who have been campaigning for more specified warnings that promote behavioral changes from everyday users. Microsoft also provided important steps to help everyone keep their online personal information secure in a blog post including the increasingly important two-step verification that users often find frustrating but is often their best defense against online hackers.
Critics will be quick to point out that this announcement conveniently arrived on the same day that Reuters reported how Microsoft failed to warn victims of a Chinese email hack and were accused of looking the other way while the alleged state campaign continued. This was promptly denied by Microsoft that reached out to Engadget to set the record straight:
Neither Microsoft nor the U.S. Government was able to identify the source of the attacks.
The announcement could either be a well-intended move that could end up being welcomed by consumers or a perfectly timed PR exercise depending on how you look at it. However, with Facebook and Twitter revealing earlier this year, that they would also warn users if they believed that state-sponsored hackers were trying to access their accounts, it’s clear that tech companies are starting to form an unlikely alliance with the intent of protecting their users from Governments’ prying eyes or at the very least, give that impression.
Many critics will point out that this is nothing more than clever corporate PR, paying lip service to unsuspecting users. For example, the FBI, NSA or CIA, would simply need to send a National Security Letter (NSL) to obtain access to anyone they deem as a person of interest. Wikipedia explains this NSL as
A national security letter (NSL) is an administrative subpoena issued by the United States federal government to gather information for national security purposes. NSLs do not require prior approval from a judge. The Stored Communications Act, Fair Credit Reporting Act, and Right to Financial Privacy Act authorize the United States federal government to seek such information that is "relevant" to authorized national security investigations. By law, NSLs can request only non-content information, for example, transactional records and phone numbers dialed, but never the content of telephone calls or e-mails. NSLs typically contain a nondisclosure requirement, frequently called a "gag order", preventing the recipient of an NSL from disclosing that the FBI had requested the information.
Unsurprisingly there is no shortage of accusations of this system being abused by authorities, but equally in these dangerous times, difficult decisions do need to be made in the interests of overall security. There is growing conflict of interest that is dividing sentiments across the globe on a citizen’s right for privacy and anonymity. On the one hand some have an open door policy with an “if you don’t have anything to hide, what's the problem” attitude while others will fiercely defend their right not to have their every movement tracked and stay off the grid so to speak. Meanwhile, whatever your opinions on this subject may be, there is however an understanding that certain measures are essential to preventing terrorist attacks or criminal activity.
In many ways, it’s ironic how passions fly on both sides of the aisle about our rights to privacy and anonymity especially online. Having said that, I know many people who will happily share every aspect of their lives through social media where almost anyone could create a detailed social profile of a person in not so much as an hour, armed only with a laptop and Google search. Now anyone can drop an individual’s photo into Google image search to find out exactly what websites the person appears on, and verify his or her identity, all of which further illustrates how much of a digital footprint we all leave behind.
In many instances, online privacy advocates across the world who might be angry at the notion that authorities can access their online profiles, are blissfully unaware that most of their life is online anyway for one to see if one is really that interested. Name, date of birth, family details and geo tagged tweets or Facebook check-ins all make it very easy to form a profile of almost anyone.
The big question is not about who can and cannot access our personal online information nor is it about expressing resentment towards Government’s prying programs. The big question is when we will all take personal responsibility for creating, publishing and managing our own digital footprint that everyone is able to access and see. It is only then that the quality of privacy can really be addressed.
Thank you for reading. I write and publish weekly via www.Blogbrain.org, the dedicated repository for my articles, essays and blogs on all things business, digital, life, management & technology. I am grateful that the list of followers has grown to a respectable 100K+ across LinkedIn, Twitter, and Facebook. If my blogs help you and you'd like to consider nominating me for the LinkedIN Top Voices List then please fill out this short form. With gratitude.