Data Leaks Rise in Numbers - Yet Leaks Can Easily Be Prevented with Encryption

Data leaks are becoming more and more common - small leaks don't even make it into the news anymore. Recently, there has been an enormous data leak, though, that could have been easily prevented with encryption: A US marketing firm has stored data of 198 million US voters for an unknown period of time easily accessible in the cloud.

This particular breach, discovered by researcher Chris Vickery, exposed 1.1 terabytes of personal information compiled by Deep Root Analytics. The 1.1 terabytes of data includes birthdates, home addresses, telephone numbers and political views of nearly 62% of the entire US population. The data was publicly available on an Amazon cloud server. Anyone having the right link could access the data easily.

Only one data leak among many

The troubling part here is not just the amount of data that was leaked, but also that this leakage is only one among many. With Big Data on the rise since over a decade there is so much information about all of us available already, it is now more than ever that this data is being collected, traded and used.

However, companies are not capable - or not willing enough - to secure this data. Even though Deep Root Analytics could easily have encrypted those files before storing them in the cloud, which would obviously have been a very plausible thing to do, they chose not to.

Why don't they encrypt the data?

The US voter data breach illustrates how poorly many organizations safeguard sensitive information. But why is that? Why don't they simply encrypt the data? The easiest answer to this is probably: because they are lazy. The more detailed one boils down to the same thing: laziness. It is not part of their business to secure people's data. Their business is to use people's data to make money. The data they have is immensely valuable to them, yet, securing the data does not benefit their core business.

Companies must be held responsible for data leaks

It is outrageous that a company can collect very sensitive data on individuals, including not just people's political views and beliefs, but also making predictions about their future behaviour. This is highly sensitive, it's intimate information that those people might not want to share with anybody. Even worse, the leaked data can be used with malicious intents, from identity theft to the intimidation and harassment of people who hold an opposing political view.

Leaking such highly sensitive data can be very troublesome, if not dangerous, to the individuals concerned. Yet, the companies that do not secure people's data hugely go unharmed. Companies must be held responsible for data leaks. Companies must pay for any and all damages caused by a data leak - only then will they take care of people's data responsibly.

One step in the right direction: GDPR

Fortunately, with data leakages becoming more and more common everywhere, politicians are slowly catching up. In May 2018, the EU law GDPR will force companies' operating in Europe to better secure their users' data. Not complying with the law, ie not protecting their users' data from data leaks could cost companies heavy fines.

The GDPR requires all companies to process and store users' data in a pseudonymized form so that it cannot be attributed to a specific person. The law explicitly states encryption as one of the preferred methods to reach GDPR compliance for businesses handling user data.

Encryption must become the standard everywhere

Today many people perceive scandals about data breaches as the norm. Since almost all companies are affected, no company is to blame. This attitude has to change: All companies that do not protect people's data are to blame. Tools like end-to-end encryption are nowadays very easy to implement if the company wants to secure their customers' data. Unfortunately, most companies don't want to. Laws such as the GDPR will force companies to protect people's data, and ultimately everybody's right to privacy.

We at Tutanota believe this is the minimum that companies making money off our data should be doing. There is hope that in the future data leaks will become less in scale and numbers.

Protect your data whenever you can

Even now, everyone of us has a choice: Use a data-mining service, or use a privacy-focused service that already features end-to-end encryption of all data. You can find lots of tools that value your right to privacy on this site.

Free your data from mass spying!

and get your encrypted mailbox for free now.

Arne is co-founder and developer of Tutanota. I fight for privacy because that’s the cornerstone of freedom and democracy.

Posted on: 2017-07-31