Why should digital security matter to you?
If there is anything the year 2020 has taught us, it is the reality that much of our lives have now moved online. Digital security has never before become more important. Because our online and offline lives are now intertwined, digital security must matter to us.
In March 2020 when most of the world woke up to the reality that COVID-19 had become a pandemic, governments around the world took an array of control measures, the most visible one being social distancing. First, countries closed their borders, but then it became apparent that it wasn’t just international travel that spread the novel coronavirus but there was now in-country and community spread. This meant further social distancing measures which included total lockdown in some countries or various kinds of movement restriction in other countries. The common feature in these measures was how quickly the workplace moved online with most people working from home which means working remotely.
Digital security has never before become more important. We are now doing practically everything online- from mundane things like catching up on news to serious issues like working and studying online. We are doing major purchases online. In short, our digital footprints have grown whether we like it or not. And as our digital footprint grows, so does our digital presences and ultimately digital identity. While those who have been working online long before Covid-19 have always been aware of the need for digital security, many of those who are just getting into the digital space on a more regular basis are only coming to terms with the idea that their digital life is an extension, if not, is part of their real life.
A lot of cybercrime activities have been reported, such as children who go missing after being lured by predators. But it is not just cybercrime that one has to worry about. Now, practically anything you want to do requires that you give away information about yourself. These include an ID number, date of birth, signed documents, contact details (sometimes including where you live), photo ID, in some cases, biodata like your fingerprints etc. This is a lot of information and it is crucial that whoever collects this information from you can guarantee its security. Question is, once you give away that information, how can you ensure that your information is secure?
Cybercrime is not the only challenge to think about. In countries with less democratic governments, human rights defenders, and really, anyone who speaks out against unpopular government actions are well aware of state surveillance. When we turn to doing practically everything online, state surveillance is also heightened under these circumstances. Sometimes it is not just state surveillance that is of concern but also well-meaning poorly thought through government initiatives that clearly violate the right to privacy. In a number of countries, governments are implementing controversial digital biometric registration systems in the name of better service delivery. These include projects like India’s Aadharor Kenya’s Huduma Namba.
The Kenyan government came up with a new digital identification system known as the National Integrated Identity Management System (NIIMS), where all citizens and foreigners living in Kenya will be assigned a Unique Identification Number (UID) or the Huduma Namba (in Kiswahili). According to the Kenyan government, NIIMS is a national population register, which will be the “single source of information about Kenyan citizens and foreigners resident in the country”. While there are concerns of further marginalization among Kenya’s ethnic and religious minority communities who claim that are facing more stringent rules to procure documents that are needed to get a Huduma Namba, another big issue is data privacy with high risk of identity theft. The Kenyan High Court ruled that the program violated people’s privacy without a data protection law in place. While acknowledging that the move was constitutional as long as that information was properly protected, at the time of the ruling Kenya did not have a data protection law. As extensive personal details would be available at the click the button, they said that Kenyans would be at risk of suffering irreversible damage if the information was misused. The Court also ruled that any collection of DNA and the use of GPS to record the precise location of a person's home was intrusive and unconstitutional. And in typical Kenyan style, the legislators quickly passed the Kenya Data Protection Act which they had been reluctant to do for years. NIIMS makes it easy for government surveillance.
This is where you begin to appreciate data protection legislation. If you live in Europe, specifically within the European Union countries or the European Economic Area you have the regional data protection General Data Protection Regulation (GDPR) Europe’s new data privacy and security law which came into effect in 2018 offers you some respite. It makes provision for data collection, handling, usage, storage and disposal which somehow gives you some control over your data and some assurance that your data will not fall into wrong hands and if it does, the penalty for infraction is so high that it may be a deterrent for criminal usage of data. A number of countries have passed data protection laws that sort of echo the GDPR, albeit with less stringent penalties or sometimes lacking the necessary fundamentals to give the law effect.
Government issues aside, often we voluntarily give our information in order to access a service. Companies like Google, Yahoo or Microsoft offer us free email services as do the social media platforms that we use. Except, there is nothing for free. It is a known fact, the tech giants that own these platforms make their money from selling your data to third parties. You have no recourse in such cases because those are their terms of service to which you either agree or forget using their platforms. Most of us do not even bother to read those 90page terms and conditions fine print before we agree to them. Some of these conditions include third party marketing there goes our information. How often have you been approached with loan offers or services you did not even sign up to? Or seen products targeted at you? These are some of the things we can’t escape for now as things stand.
However, there are also other cases where we can put our digital security in our own hands. You probably have heard of password hygiene. How often do you change your passwords? How difficult and unpredictable do you make your passwords? Some passwords are so easy to guess that hackers have a field day with them. What about leaving documents lying around? Whether working from home or at the office, a clean desk policy is essential to ensure sensitive information does not fall into the wrong hands. Finally, as more people than before are now online, we have more people with little digital literacy online. Some of these people are vulnerable people like children or older people who are using the internet for the first time. Who takes time to educate them not to just click on links or open links sent via emails?
Because our online and offline lives are now intertwined, digital security must matter to us.