A matter of privacy and security
Google provides free services in exchange for access to our data, which it uses for ads that fund the service. Over the years since that model was implemented we’ve seen an impressive industry develop around the model. As a web developer and citizen of the global community, I am now worried about trusting Google and other companies with my data.
Over the course of my career I’ve witnessed countless incidents of disregard, of lack of diligence, when it comes to privacy and security. Commercial concerns continue to overrule even the most dire and critical issues; experts ignored in favour of management directive or whoever is paying the bills. As many fellow tech professionals know, this seemingly pragmatic business approach actually creates risk and technical debt — sometimes one staff members mistake can destroy an entire company.
Libraries to track consumers are installed on much of the web and they have exponentially increased the hardware required to render each website. Consumers are now forced to upgrade their smartphones and laptops because websites are becoming so heavy with marketing libraries (and lack of engineering, but that’s a topic for another day). On top of wearing down your device battery, these libraries also open you up to an exponential amount of risk.
When working on any website or app, a developer has to curate frameworks and libraries that will aid in the development process and meet their companies requirements. The pressures of deadlines and work culture can cause oversights in this important process. After a project is complete these 3rd party libraries have to be supported with updates and urgent fixes. A lack of budget and/or organisational understanding can cause the unfortunate circumstance where a key website or application is left vulnerable — opening the company and its customers up to being compromised.
The regulations for software development in Australia, and globally, are woefully inadequate for protecting the national and individual interest. The fact that the Australian banking sector now has multiple incidents of breach is a dire sign of where our business community and political leaders need to pay attention. I applaud our Prime Minister for highlighting the important issue of cyber security this year, however there is so much more needed than education and labour. As I’ve discussed in this article, experts are already deployed in companies which have been compromised and/or are at risk of a serious privacy/security incident.
Here’s my wishlist for IT laws in Australia (feel free to correct me if these exist in some form)
1. No system may store a customer password in text form, it should only store an imprint (such as MD5).
Many users re-use passwords and unfortunately no security awareness campaign is going to change that overnight. A call to create an account for a retail point system should not result in a banking password being stored in clear text in the retail database. The retail company has no way to prevent the user from re-using a password, but it can at least prevent themselves from being a source of breach.
2. Expand the powers of The Privacy Act to enforce auditing of companies that collect customer information.
Currently sensitive information such as medical and personal documents are stored without oversight and regulation. The GDPR in the EU is a great example of what we could do.
3. Any installed software that runs in the background such as a phone app must adequately warn the user that it will consume resources even when not in use.
The current iOS and Android permission screens are not good enough when warning users that their phone is about to get drained halfway through the day because of a “free game”. Idle stand-by use would of course need to be accounted for in a law like this; it’s to prevent background apps from consuming more than reasonable and for the user to understand what that app is really doing to their device.
4. Impose fines for negligent privacy and security practises to guide business.
Sometimes putting a price tag on something is the only way to convey its cost to decision makers within a business. We are now well into relying on the web for key government and business interaction. It’s time to stop talking about trends in tech and start looking at the consequences. Tech is not a trend, new software needs to be treated as more than just fashion in the minds of business leaders. We will only see more occurrences and increasingly serious breaches as time goes on; we cannot afford to wait for natural generational change in attitude to correct this.
5. Form an expert panel of industry and community representatives to set industry standards for software and website development
Australia has some of the finest building codes in the world and we shouldn’t stop there. The 21st century is a services oriented one and implementing an expertly defined framework to follow when developing software will improve outcomes across the board. Consumers will be better protected with faster applications, developers will be happier with the work they produce and business leaders can proudly stand by their world leading product which will improve our competitiveness on the world stage.
I recently finished an internal audit of my own practices and decided to make a few changes. I switched to Duck Duck Go as my main search engine and started using Firefox again (even though I don’t like the way tabs pop out). I still use Gmail, Android and many other Google products so I’m in no hurry to drop it all just yet. I just wanted to make sure I wasn’t 100% in because I don’t work for Google. Some Google products work for me, but my experience has grown less positive over the years. Google Search is now a spaghetti bowl of ad driven content with a Parmesan sprinkling of real results, similarly the Chrome browser and ecosystem has become such a sewer of bad 3rd code and lack of control that I dropped it after 11 years of use since its launch.
I urge everyone to reconsider their tech stack — not just because of my opinion here or your own concerns about security and privacy — but simply from a user experience and outcomes point of view. Is this software easy to use? Do you know how to customise it? If your answer is no to either question, it’s definitely time to do some research. Here’s a link to “comparison of software” on Wikipedia, all you have to do is add your keyword and you’ll be on your way.
If you have any questions about this topic feel free to leave a comment here or contact me via my website.
Thank you for reading! Want more content? Follow me on
- Medium: https://medium.com/@paulbrzeski
- LinkedIn: https://www.linkedin.com/in/paul-b-23620b209/
- Website: https://www.paulbrzeski.com
- YouTube: https://www.youtube.com/@paulbrzeski4237/
