89739646_3053987991287702_3317342502167511040_o.jpg
Privacy and Cybersecurity Today

The need for this study arose from the League of Women Voters of Oregon’s lack of a position to support Oregon’s identity theft bill, HB 1551, addressing the 2017 Equifax data breach. Policymakers debate existing legislation—a fragmented regulatory framework which fails to provide comprehensive cybersecurity—in an effort to balance personal information privacy with accountability, transparency (information disclosure), and responsible oversight (Craig, Shackelford, & Hiller, 2015). Individuals have limited recourse to protect their personal privacy (Bamberger & Mulligan, 2013). Stakeholders must thoroughly consider regulatory actions to avoid unintended consequences (Messer, 2019) and try to future-proof laws in anticipation of the inevitable technological changes ahead (Kerry, 2018).

cropped-Privacy-and-Cybersecurity-Cover-

Amid compelling daily ongoing developments, this study addresses:
 

  1. Privacy, cybersecurity, and election security

  2. Privacy and cybersecurity protocols now in effect

  3. Current legislation: privacy, cyber, and security, and election security

  4. “Cyber hygiene”, or privacy and transparency protection, a glossary, and other resources are included in appendices.

shutterstock_680761540.jpg
 
In the Media
Privacy and Cybersecurity Media Headlines links
  1. Privacy and Cybersecurity Study League of Women Voters Oregon

  2. The Supply of Disinformation Will Soon Be Infinite. DiRestra, 2020

  3. Hackers thrive on the weak link in cybersecurity: Washington Post

  4. Should law enforcement be using AI and cell phone data to find rioters? Big Think

  5. Robot Police Dogs are Here. Should We be Worried? ACLU

  6. Civil rights groups ask Biden administration to oppose facial recognition Washington Post

  7. University of Utah pays more than $450,000 in ransomware attack on its computers  Salt Lake Tribune

  8. Anti-Vaxxer Hijacks QR Codes at COVID-19 Check-In Sites Threat post

  9.  Deepfakes Are Getting Closer to Reality Trendmicro

  10. Former Trump Official Calls Current Election Security Measures Inadequate The Hoya

  11. Georgia’s Voting Law Will Make Elections Easier to Hack Slate

  12. BRIDGING THE GAPS: A path forward to federal Brookings

  13. Facebook Dials Down the Politics for Users NYTimes

  14. Election Results: Tracking Viral Disinformation NYTimes

  15. Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks Threat  post

  16. New research highlights an expanding pool of victims of Iranian hackers  Washingtom Post

  17. Coronavirus pandemic renews debate for hacker-proof IDs Washington Post

  18. Smart home devices with known security flaws are still on the market Washington Post

  19. Experts push Biden to establish presidential commission to boost trust in elections  Washington Post

  20. Police let most Capitol rioters walk away. But cellphone data and videos could now lead  to more arrests. Washington Post

  21. The FTC’s Privacy Agenda: 
    The new list of troubled federal programs is longer than ever, watchdog reports
    FTC

  22. Major Hack of Camera Company Offers Four Key Lessons on Surveillance
    Sometimes what's sold as progress is anything but
    ACLU

  23. Civil rights groups ask Biden administration to oppose facial recognition Washington  Post

  24. Foxconn electronics giant hit by ransomware, $34 million ransom Bleeping Computer

  25. Don’t ignore ransomware. It’s bad. NYTimes

  26. DoppelPaymer Gang Leaks Files from Illinois AG After Ransom Negotiations Break Down Threatpost

  27. The US is readying sanctions against Russia over the SolarWinds cyber attack. Business  Insider

  28. Malware Increasingly Using TLS to Hide Communication Cyware

  29. Election Integrity Activist Says Georgia’s New Voting Law Is Unnecessary NPR

  30. Why Kentucky Just Became the Only Red State to Expand Voting Rights NYTimes

  31. Oregon woman received ‘multimillion-dollar’ settlement from Apple after repair techs  posted intimate photos from her phone Oregonian

  32. The Biden administration will prioritize cybersecurity in the distribution of $1 billion in  federal IT funding Washington Post

  33. Banking, Social Security info of more than 1.4 million people exposed in hack involving  Washington state auditor The Seattle Times

  34. Billions for broadband but not a penny for cybersecurity The Seattle Times

  35. The Incredible Rise of North Korea’s Hacking The New Yorker

  36. How Memes become Money The New Yorker

  37. Why you should opt out of Amazon Sidewalk — and which devices it’s on CNN  Underscored

  38. What Hackers Can Learn About You From Your Social-Media Profile WSJ

  39. Google is totally changing how ads track people around the Internet. Here’s what you  need to know. Washington Post

  40. GoDaddy hack exposes accounts of 1.2 million customers    Bitdefender

 

Advocacy Position

 

Position Statement: Cybersecurity Adopted: January 8, 2021

Amended: January 19, 2021

 

Cybersecurity is the prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation. This position statement addresses Elections, Information Security, Personal Information Protection, and Electronic Business and Social Media.

 

Elections Security

 

The election process is the foundation of our representative form of government. Election integrity, accuracy, transparency and trustworthiness require vigilance to ensure security protections. Security requirements include and are not limited to:

 

  • verifiable ballots;

  • ballots that can be recounted and audited;

  • up-to-date hardware and software, supported by venders, tested, and secure;

  • protected voter registration databases;

  • election staff/volunteers with cybersecurity expertise;

  • cyber-damage contingency plans;

  • risk-limiting audits;

  • attention to disinformation and misleading ads.

     

Protect voters’ ability to exercise an informed opinion on electoral matters. Explore limiting the unfettered electronic circulation and amplification of election misinformation (e.g., targeted disinformation campaigns, manipulated media, anonymous disinformation, and algorithmic and robotic disinformation campaigns).

 

Information Security

 

Government, individuals, and organizations (including private sector and critical infrastructure), all require strong cybersecurity protections and effective deterrents to assure national security, economic and social stability, and personal information integrity.

 

  • Create consistent information privacy laws and regulations across all organizations (government, private, for-profit, and non-profit) that eliminate gaps, inconsistencies, and overlaps.

  • Regulate all technology-enabled organizations (e.g., internet platforms, online intermediaries, business-to- consumer platforms), not shifting sectors, so that organizations are subject to a uniform set of laws and regulations.

  • Regulate all categories of information in the same way, regardless of the type of organization or sector that collects that information.

  • Apply a baseline set of regulations to all types of information, regardless of type of organization or sector collecting that information.

  • Apply regulatory requirements to organizations according to their size and complexity, the nature of data covered, and the risk posed from exposing private information.

  • All information (including third-party data transfers) needs sufficiently flexible protections to address emerging technologies and scientific evidence while serving the common good by balancing the demands of stakeholders and vested interests.

 

The ubiquitous information and communication technologies (ICT) of today’s pervasive digital services, platforms, and

marketplaces require a global governance perspective to address their societal and economic impacts:

 

  • Harmonize laws and regulations across jurisdictions to protect individuals and assure trustworthy flow of information across all boundaries—government, organizations, industry sectors, states, and countries.

  • Aim to develop flexible regulatory structures that can quickly adapt to social and scientific realities and technical and economic policy challenges.

  • Use forward-looking, collaborative mechanisms such as experimentation and learning, test-and-evolve, and post-hoc effectiveness reviews. Incentivize specific outcomes that facilitate anticipating and adapting to rapid changes.

 

State laws which become inconsistent with future comprehensive federal privacy standards may be preempted, while more stringent laws may remain. At a minimum, citizens' information protection rights should be comparable to those of citizens around the world—both current and future protections that may be established. Current European Council personal information protections include the ability to:

 

  • be informed of what personal information is held and why

  • access information held by an entity

  • request updating or correcting of information

  • request manual processing in lieu of automated or algorithmic processing

  • request transfer of information to another entity

  • withdraw prior consent to process data or object to specific situation consent

  • request deleting personal information.

 

Personal Information Protection

 

Uniform privacy rights need to protect personal privacy and prevent known harms.

 

  • Establish uniform information protections for personal and behavioral data that can be linked to an individual or devices.

  • Prevent harmful uses of personal information by all information processors who collect, store, analyze, transfer, sell, etc.

  • Expand the legal definition of “harm” to include physical, monetary, reputational, intangible, future, or other substantial injuries and to provide individuals the right to legal remedy.

  • Assure that personal information collection, use, transfer and disclosure for economic or societal purposes is consistent with the purpose for which individuals provide their data, and does not cause them harm.

  • Shift the focus of information protection from individual self-management when submitting data (e.g., opt- in, obscure notice, and choice disclosures) to organizational stewardship in protecting individuals’ personal privacy.

  • Expand personal information privacy definition to address rapidly changing information and communication technologies, accelerated networking between businesses, and automated collection and dissemination of data, which together subvert personally identifiable information, de-identification, re-identification, and data anonymization.

 

Electronic Business and Social Media: Cybersecurity Responsibilities

 

Organizations conducting electronic business and social media commercializing personal information both bear the responsibility for protecting information and must be liable for failure to protect individuals from harm.

 

All organizations--including third-party receivers:

 

  • Must protect individuals’ transferred information across multiple organizations to ensure end use accountability.

  • Have a duty to safely collect, use, and share personal, sensitive information.

  • Should use comprehensive information risk assessments, take proactive measures to implement information security measures, and be held accountable for fulfilling these risk management obligations.

  • Are held accountable for misuse of personal information by strengthening both state and federal laws, rule- making, and enforcement powers.

 

We support the right of free speech for all. The digital tools of information and communication technology (such as algorithms and artificial intelligence) can selectively distort or amplify user generated content. The resulting disinformation, digital manipulation, false claims, and/or privacy violations may endanger society or harm others.

 

  • Compel private internet communication platforms (applications, social media, websites, etc.) to be responsible for moderating content.

  • Define liability for damages and provide for enforcement for failure to moderate content.

shutterstock_1421314628.jpg
 

Videos

PRIVACY & CYBERSECURITY OVERVIEW

LWVUS Convention 2020

PRIVACY & CYBERSECURITY POSITION PRESENTATION

PRIVACY & CYBERSECURITY PRESENTATION

 
 

Study Committee
Mary Sinclair, Chair

Rebecca Gladstone
Sheila McGinnis


Technical review and commentary
Peter Alcorn, digital media and publishing consultant
Rick Bennett, LWVOR, retired AARP
McKenzie Funk, author, journalist
Sarah E. Igo, historian and author
Judith Knudson, LWV Williamsburg Area
Sean McSpaden, Oregon Legislative Fiscal Office
Stephanie Singer, Ph.D., Research Assistant Professor, Portland State University
Former Chair, Philadelphia County Board of Elections
Ellen Smith, LWV Palo Alto, retired editor
Steven Trout, Oregon Director of Elections, US Elections Commission