Position Paper #2 | Cybersecurity

 Cybersecurity

In March of 2023, President Biden and his Administration updated their National Cybersecurity Strategy document. In the document, the proposal suggests that privacy protection will no longer be required by all big tech companies. They will be required to prioritize privacy. Companies like Apple already employ this kind of approach to cybercrime. This isn’t a problem for businesses that do not collect wholesale and user information. The best way to keep information private is to not collect it at all. 

Apple does recognize some information from users, but most of your personal information is not recorded. Recently, Apple extended its protections to make iCloud reflect some of the updates seen in the NCS document. The App Store apps are already required to disclose privacy policies and admit what they do with users' information, but the new updates require them to take a lot more responsibility if they are doing anything unethical. 

In a White House briefing statement this was said:

“We must rebalance the responsibility to defend cyberspace by shifting the burden for cybersecurity away from individuals, small businesses, and local governments, and onto the organizations that are most capable and best positioned to reduce risks for all of us.”

Apple has been a prime example for showing that it’s possible to build and maintain a secure platform. Its system isn’t perfect, but it does everything it can to make its technology safe. Other businesses should take notes and follow suit. 

CISO at Apple-focused MDM and security company Jamf, Aaron Kiemele had this to say on the topic of cybersecurity:

“All software is vulnerable in some way to future exploitation. If a new issue arises and causes widespread impact, that doesn’t mean that the software vendor was negligent. You can do everything right and still be impacted by a security incident. That being said, there are plenty of old vulnerabilities that remain unpatched for years as well as companies that are truly not prioritizing security and privacy. The most interesting piece for me continues to be that this sounds like a good-faith effort to impose appropriate liability on software companies who are not currently doing the right thing to protect their data and their customers.” 

These kinds of people working in technology are the type of people that give me hope when it comes to having ethical intentions. The company Jamf is a company that automates repetitive management tasks and boosts security by eliminating human error. They’re remote IT pros that help small businesses manage their devices. They don’t collect personal information, they just go in and fix what needs to be done so users don’t have to stress. Right now they are Apple’s leading mobile device management solution. 

In 2014, Apple released its homekit. Even though Apple insisted on manufacturers meeting security standards, it never really took off because other companies took advantage and abused the trust of consumers. Even Apple was accused of snooping with Siri. National security extends beyond home speakers in today’s age.

The White House NCS document proposes to look for future threats. Some of the threats include the impact of quantum computing on traditional perimeter and endpoint security protection. Quantum computing is basically a new type of processor that is really big and really fast. IBM’s Quantum Condor processor is a good example of this new computer. It is expected to be released at the end of 2023. 

Because this product is so new it’s hard to predict future issues it’ll have. Starting to try and target those issues now stops so many future hazards that could come up later and affect millions of people. Endpoints are the most popular kind of attacks on technology. They include phishing, malware, crypto-jacking, ransomware, and other various attacks. With modern technology, endpoint security is essential. We have programs that provide firewalls, such as NordVPN, McAfee, Norton, and Bitdefender. The proposal takes inspiration from Apple, so rather than using third parties to protect the hard drive companies would focus on making their own products more secure. 

Another part of the document encourages software and service providers to take more responsibility. For example, is the regulatory drive compatible with all app stores, and are they consistent across all those boards? They didn’t present a solution to this problem, but it offers a strong starting point for businesses to jump off of. Social media firms are another area that will see a lot of scrutinies. Everyone has those weirdly specific ads on their Instagram or Facebook. People already point it out so the odds of social media applications using cookies to target users will definitely come up in the near future. 

The US National Telecommunications and Information Administration (NTIA) called for antitrust action against Apple and Google to make changes to their mobile app store. The principal advisor on the team argues that Google and Apple’s “gatekeeper” positions put consumers at risk by raising prices and reducing innovation. Right now, Apple and Google are the only ones benefiting from in-app payments. President Biden released a statement calling for Big Tech firms to start using a bipartisan approach when it comes to how they use personal data. 

The report listed these changes: 

1. “Consumers should be able to select their own default apps, choose different mobile app stores and delete or hide pre-installed apps.”
2. “App store operators should not be able to highlight their own apps first or discriminate against those that perform similar functions to the ones they make.”
3. “They should not be able to insist on developers using in-app payment systems."

The idea is that fair competition will encourage more developers and innovations. It would also foster more competition, along the lines of quality, curation, privacy, and security. Critics argue that making security optional would be harmful. It just means that big firms like Apple and Google will always be in control of the regulations. Maybe one day consumers will no longer have to worry about the option between safe technology and big companies exploiting their personal information.