Connect with us

Intelligence

The Geographical Lynchpin: Great Power Jockeying in the Caspian

Published

on

Zbigniew Brzezinkski defined “Eurasia” as one of the most important geopolitical concepts. He observed, “Ever since the continents started interacting politically, some five hundred years ago, Eurasia has been the center of world power. A power that dominates “Eurasia” would control two of the world’s three most advanced and economically productive regions.

A mere glance at the map also suggests that control over “Eurasia” would almost automatically entail Africa’s subordination, rendering the Western Hemisphere and Oceania geopolitically peripheral to the world’s central continent. About 75 per cent of the world’s people live in “Eurasia”, and most of the world’s physical wealth is there as well, both in its enterprises and underneath its soil. “Eurasia” accounts for about three-fourths of the world’s known energy resources.”               

In the Western sense, when political scientists talk about “Eurasia”, they generally mean Russia. Russia has been marginalized at the edge of a Western-dominated political and economic system and in recent years has begun to stress a geopolitics that puts Russia at the center of a number of axes: European-Asian, Christian-Muslim-Buddhist, Mediterranean-Indian, Slavic-Turkic, and so on. A strategy towards Eurasia is paramount in deterring any Russian aggression in Eurasia. Russia is one of three states running interference against American objectives in Eurasia, the other two being Iran and China. Russia poses the biggest threat against American objectives in the region due mainly to a supposed historical security imperative to control the Eurasian landmass. However, this explanation doesn’t fully fit the evidence. Russia does not act the way it does based on centuries-old habits. Instead the strategy lies in the much newer habit of senior Russian policymakers who belonged to the all-Union elite before 1991 and have the tendency to see the post-Soviet Eurasian states as though they were still Soviet Socialist Republics, that is, still largely geopolitically beholden to the power of Russia.

Probably the biggest and often most overlooked region in Eurasia is the Caspian Sea. If the U.S is to have a grand strategy to deal with Russia and an emboldened Iran, policymakers in Washington cannot ignore the Caspian region for the sake of convenience. The Caspian Sea is important for many reasons and beyond a doubt Russia and Iran are the two biggest actors in the region. Furthermore, China has invested heavily in a number of infrastructure projects in Central Asia and Moscow is keeping a close eye on Beijing’s motives in the region and views Beijing as a potential competitor for influence in the region in the same way Russia sees Iran. They are Russian partners, but partners with a tinge of rivalry and tension.

The United States has four primary goals in the Caspian region: assisting the Caspian in becoming a stable and secure transit and production zone for energy resources; checking Russian and Iranian meddling in the region so the countries in the region are stable, sovereign, and self-governing; keeping radical Islam out; and resolving the frozen conflicts in the region because Moscow exerts most of its influence through these conflicts. However, even with these interests, U.S. engagement in the region remains minimal. Due to the proximity of the Caspian Sea, out of the five Caspian littoral states of Russia, Azerbaijan, Iran, Turkmenistan, and Kazakhstan, it is easy to see how the regional powers of Iran and Russia are able to exert significant influence in the region. Even Turkey, who is not a Caspian littoral country, is able to exert significant influence. What are China’s motives in the region and how do they compare to those of Iran and Russia?

China is always looking for new economic and energy opportunities and that is the main motivation behind its presence in the region. However, as the country becomes increasingly embedded in the Caspian region, the U.S. can expect Beijing to exert considerable influence in the future. Beijing is investing billions of dollars in projects, not only to upgrade and modernize rail networks, pipelines, and roads, but also to encourage cultural exchanges-all with the goal of maximizing Chinese influence in the region. Iran, Russia, and China, in their quest for dominance in the region, are increasingly marginalizing Western influence.

For the most part the actions of these three “quasi-adversarial” states are individualistic. The goals of Moscow in the Caspian today and for the foreseeable future are the following: marginalize Western influence in the region; integrate the countries in the region into Russian-backed organizations; discourage outside investment in Turkmenistan, Azerbaijan, and Kazakhstan that could facilitate the flow of oil and gas to Western markets by bypassing Russia; increase economic activity with the other Caspian states; and maintain regional hegemony over Iran. Iran is less active here than it is elsewhere in the Middle East but Tehran is not idle in terms of activity in the Caspian region. Tehran’s policy toward the region relies on three things: more financial resources; less dependency on Russia; and more confidence on the international stage. Now that Iran and the U.S. have reached a compromise on a nuclear deal in Vienna, Iran will have the resources to increase its influence in the Caspian region. Also this will mean less dependency on Russia for support, undermining Russia’s interest in the region.

Without a doubt, Russia has a more visible presence in the Caspian region. Russia has the strongest navy and military activity in Caspian waters tends to reflect its strength. Russia participates in virtually every military drill and operation there and much of the equipment used is made by Moscow. The strategic importance and hydrocarbon interest of the Caspian Sea brings all nations involved into semi-tense conflict with each other. As the interest of the countries involved diverge, so too do their naval strategies. Caspian Sea states can and will lead to imminent conflict but the states will also always try to maintain stability as best they can because they understand that instability could invite external intervention-something none of them want. Luke Coffey, an expert from the Heritage Foundation, offers a list of steps that America can take to safeguard its political, economic and security interests in the region. He states the U.S. should:

  • Show a more visible presence in the region
  • Support a peaceful and speedy resolution of Caspian Sea ownership
  • Strike a balance between promoting human rights and safeguarding other U.S. strategic interests
  • Offer political support for the construction of the TAPI
  • Offer political support for the construction of the Trans-Caspian Gas Pipeline and the Southern Gas Corridor project
  • Encourage Caspian countries to diversify their economies
  • Encourage countries in the region to stay away from Russian-dominated organizations
  • Promote economic freedom in the region
  • Engage more with Azerbaijan
  • Help regional countries to improve their security and defense capabilities
  • Counter the rise of Islamist extremist in the region
  • Monitor the situation in Nagorno-Karabakh and Armenia’s close ties with Russia
  • Discourage Europe from becoming dependent on Iranian oil and gas
  • Provide military and security assistance to all deserving allies in the region

As implied, Russia and Iran have the most influence in the region. Beijing, in its quest for economic and energy opportunities in the region, will soon have considerable influence in the region given its growing status in the world. Russia and Iran have different priorities but both share the same goal of reducing the influence of the West. The Caspian region has been, is, and will continue to be an area of geopolitical importance and competition. If the U.S. is to have a grand strategy to deal with a resurgent Russia and an emboldened Iran and to improve Europe’s energy security, policymakers in Washington must recognize that the geographical lynchpin of this future hinges in the Caspian.

Continue Reading
Comments

Intelligence

The global strategy of computer hacking

Giancarlo Elia Valori

Published

on

Whoever operates on the Web and has even interesting or relevant data sooner or later will always be hacked by someone or by some organizations.

 Usually “economic” hackers take the data of interest from the victim’s network and resell it in the dark web, i.e. the system of websites that cannot be reached by normal search engines.

Currently, however, after the Bayonet operation of July 2017 in which many dark web areas were penetrated, we are witnessing a specialization of the dark web and an evolution of web espionage methods against companies and States.

 These operations which, in the past, were carried out by web amateurs, such as youngsters at home, are currently carried out by structured and connected networks of professional hackers that develop long-term projects and often sell themselves to certain States or, sometimes, to some international crime organizations.

As often happens in these cases, the dark web was born from research in the military field. In fact, in the 1990s, the Department of Defense had developed a covert and encrypted network that could permanently protect the communications of the U.S. espionage “operatives” who worked abroad.

Later the secret network became a non-profit network that could be used for the usual “human rights” and for protecting privacy, the last religion of our decadence.

 That old network of the State Department then intersected with the new TOR Network, which is the acronym of The Onion Router, the IT “onion” covering communication with different and often separable encryption systems.

 TOR lives on the Internet edge and it acts as the basic technology for its dark web.

 Like the “Commendatore” vis-à-vis Don Giovanni in Mozart’s opera.

 TOR, however, is a free browser that can be easily extracted from the Web.

Obviously, the more the anonymity of those who use TOR and go on the dark web is covered by effective encryption systems, the more unintentional signals are left when browsing the dark web.

Moreover, the farther you have to go, the more pebbles you need to go back, as in the Thumbelina fairy tale.

 TOR and the Dark Web were born to allow the communications of U.S. secret agents, but were later downgraded to “free” communication system to defend Web surfers from “authoritarian governments”. Currently the dark web hosts a wide underground market where drugs, stolen identities, child pornography, jihadist terrorism and all forms of illegal business are traded.

Moreover, if these dark web services are paid with uncontrollable cryptocurrencies, it is very difficult to track any kind of dark web operations.

Nowadays, about 65,000 URLs operate in the dark web, which means Internet websites and Universal Resource Locators that operate mainly via TOR.

A recent study of a company dealing with cybersecurity has demonstrated that about 15% of all dark web URLs facilitate peer-to-peer communication between users and websites usually by means of chat rooms or websites collecting images, pictures and photos, which are often steganographic means and transmit hidden and concealed texts, but also for the exchange of real goods via specialized websites for peer-to-peer trading that are also encrypted, as can easily be imagined.

 Moreover, a further study conducted by a U.S. communication company specialized in web operations has shown that at least 50% of the dark websites is, in fact, legal.

 This means they officially deals with things, people, data and pictures that, apparently, also apply to “regular” websites.

  In other words, the dark websites have been created by means of a regular request to the national reference office of ICANN, which grants the domains and registers the permitted websites, thus communicating them to the Californian cooperative that owns the web “source codes”, although not in a monopolistic way.

Currently all the large web organizations have a dark “Commendatore” in the TOR area, such as Facebook, and the same holds true for almost all major U.S. newspapers, for some European magazines but also for some security agencies such as CIA.

Nevertheless, about 75% of the TOR websites listed by the above stated IT consultancy companies are specialized URLs for trading.

 Many of these websites operate only with Bitcoins or with other types of cryptocurrencies.

Mainly illegal pharmaceuticals or drugs, items and even weapons are sold in the dark web. Said weapons are often advanced and not available in the visible and overt networks.

 Some URLs also sell counterfeit documents and access keys for credit cards, or even bank credentials, which are real but for subjects other than those for whom they were issued.

In 2018 Bitcoin operations were carried out in the dark web to the tune of over 872 million US dollars. This amount will certainly exceed one billion US dollars in late 2019.

It should be recalled that the total amount of money “laundered” in the world accounts for almost 5% of the world GDP, equal to 4 trillion US dollars approximately.

Who invented the Bitcoin?

 In 2011, the cryptocurrency was used for the first time as a term of trade only for drug traffickers operating in the dark web, mainly through a website called Silk Road.

 The alias used for those exchanges was called Satoshi Nakamoto, that was also filmed and interviewed, but was obviously another.

We should also recall web frauds or blackmails: for example, InFraud, a U.S. organization specialized in the collection, distribution and sale of stolen credit cards and other personal data.

Before being discovered, InFraud had illegally made a net gain of 530 million US dollars.

 Another group of illegal operators, Fin7, also known as Carbanak, again based in the United States, has collected over a billion US dollars on the web and has put in crisis, by blackmailing them, some commercial organizations such as Saks Fifth Avenue and Chipotle, a widespread chain of burritos and other typical dishes of Mexican cuisine.

 Obviously the introduction of new control and data processing technologies, ranging from 5G to biometric sensors, or of personal monitoring technologies, increases the criminal potential of the dark web.

Hence the dark web criminals will have an even larger mass of data from which to derive what they need.

 The methods used will be the usual ones, such as phishing, i.d. the fraudulent attempt to obtain or to deceive people into sharing sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication possibly with a fake website, or the so-called “social engineering”, which is an online scam in which a third party pretends to be a company or an important individual in order to obtain the sensitive data and personal details of the potential victim,  in an apparently legal way, or blackmail by e-mail and finally the manipulation of credentials.

With a mass of additional data on their “customers”, the web criminals will be able to perfect their operations, thus making them quicker and more effective. Or the new web technologies will be able to accelerate the time needed for blackmail or compromise, thus allowing a greater number of frauds for more victims.

 Biometrics certainly expands the time for the use of data in the hands of cybercriminals. Facial detection or genetic and health data are stable, not to mention the poor security of data held by hospitals. Or we have to do with the widespread dissemination of genetic research, which will provide even more sensitive data to web swindlers.

 According to some recent analyses carried out by the specialized laboratories for the Web, 56% of the data most used by web criminals comes from the victims’ personal data, while 44% of the data used by swindlers comes from financial news.

 Moreover, specific types of credit cards, sold by geographical area, commercial type and issuing bank, can be bought in the dark web.

 85% of them are credit cards accredited for a bank ceiling, while 15% of “customers” asks for debit cards.

The web scammers, however, always prefer e-mail addresses even to passwords.

Furthermore, less than 25% of the 40,000 dark web files have a single title.

  In the “dark” web there are over 44,000 manuals for e-frauds, available for sale and often sold at very low prices.

The large and sometimes famous companies are the mainly affected ones. In 2018 the following companies were the target of cyberattacks in the United States: Dixus, a mobile phone company which was stolen 10 million files; the Cathay Pacific airline, with 9.4 million files removed, but also the Marriott’s hotel chain (500 million data/files removed) and finally Quora, a website of scientific documents and generic data. Over 45 million files were removed from Quora.

 How can we know whether we are the target of an attack from the Dark Web? There is certainly the presence of ransomware, such as the recent Phobos, which uses the Remote Desktop Protocols (RDP) that allow to control computers remotely.

 Then there is the Distributed Denial of Service (DDoS), which is a temporary block of the Web, apparently accidental, and finally there is the traditional malware, the “malicious” software that is used to disrupt the victims’ computer operations and collects the data present on their computers.

 However, the Dark Web ambiguity between common crime and the defence of “human rights” and safe communications in “authoritarian regimes” always remains.

The United States, Iran, China and other countries have already created a “fourth army”, composed only of hackers, that operates with cyberattacks against the enemies’ defence and civilian networks.

 The US Cyber Command, for example, is estimated to be composed of as many as 100,000 men and women, who operate 24 hours a day to hit enemy servers (and also allies’ ones, when they contain useful information).

Just think also of the private group Telecomix, which supported the 2011 Arab rebellions and, often, also the subsequent ones.

Also in these months both Telecomix and Anonymous are working to permit the free use of the Syrian computer network.

 There is often an operative interface between these groups and the Intelligence Agencies, which often autonomously acquire data from private networks, which, however, soon become aware of the State operations.

 There is also cyber-rebellion, which tries – often successfully – to strike at the victims’ data stored, by deleting them.

 DDoS, the most frequent type of attack, often uses a program called Low Orbit Ion Cannot (LOIC) which allows a large number of connections to be established simultaneously, thus leading to fast  saturation of the enemy server.

The attacking computers can be used remotely and some groups of hackers use thousands of computers simultaneously, called “zombie machines”, to hit the database in which they are interested to delete it or to remove its files.

 This type of “fourth army” can inflict greater damage on a target country than a conventional armed attack. The faster the attack, the easier is to identify the origin of the operation.

It is currently estimated that the “zombie” computers in the world are over 250 million – a greater network than any other today present in the military, scientific and financial world.

Hence a very dangerous military threat to critical infrastructure or to the economic resources of any country, no matter how “advanced” it is technologically or in terms of military Defence.

 There have been reports of hackers linked to global drug organizations, especially Mexican cartels, and to jihadist or fundamentalist terrorist groups.

Financial hacking, which often supports all these initiatives, remains fundamental.

 The South Korean intelligence services’ operative Lim was found “suicidal” after having purchased a program from the Milanese Hacking Team.

A necessary tool for these operations is often a briefcase containing circuits which mimic the towers of cellular repeaters and store in the briefcase itself all the data which is transferred via cetel or via the Internet Network.

The Central Bank of Cyprus, the German CDU Party and many LinkedIn accounts – a particularly favourite target of hackers – some NATO websites and, in Italy, some business and financial consultancy companies were attacked in this way.

 It is a completely new war logic, which must be analysed both at technical and operational levels and at theoretical and strategic levels.

Continue Reading

Intelligence

The Failures of 737 Max: Political consequences in the making

Sisir Devkota

Published

on

Last month, as Boeing scaled new contracts for the 737 Max, horrific remains in Bishoftu, from the crashed Ethiopian Airlines Flight 302, witnessed the Dubai Air show in despair; the plane manufacturer had sealed another 70 contracts for the future. Still, the dreaded MCAS software is looking for a resolution at last. Two of the fatal Max 8 crashes have been reportedly caused by censor failures, accounted to software malfunctions. Hundred and fifty-seven people died inside flight 302, only months after Lion Air 610 crashed into the Java Sea with 180 passengers on board.

Both accidents are predisposed towards the highly sophisticated Maneuvering Characteristics Augmentation System (MCAS), an algorithm that prevents 737 aircrafts from steep take offs; or de-escalates the vehicle at its own will. However, there is more to Boeing accidents than just a co-incidental MCAS failure. Largely, it is only a consequence of political and economic interests.

While Boeing’s European competitor, Airbus, relaunched its A320’s in 2010, there were fewer changes in the operating manual. Airbus 320 Neo, as it was re-named, had larger engines on the wings, primarily designed for fuel efficiency. The Neo models claimed a whopping 7% increment in the overall performance; inviting thousands of orders worldwide. Consequently, Boeing’s market share of more than 35% was immediately under threat after Lufthansa introduced it for the first time in 2016. Despite of major competition from the A320, 737’s lack of ground clearance space, hindered for a major engine configuration. Nevertheless, Boeing responded to the mechanical challenge and introduced the MCAS for flight safety. As bigger engines in 737 was increasing the take-off weight, the MCAS would automatically re-orient the aeroplane’s steepness to avoid stall. Boeing’s lust to stay afloat in the competitive market, led by a robotic intrusion in flight controls did not fare too long. Flight investigations claimed that although Lion Air 610 was gaining altitude in normal circumstances, the MCAS read it wrongly; hence, pulling the aircraftlower, beyond the control of physical pilots. It was a design flaw, motivated by the need to overcome dwindling sales profits.

Neither is Airbus enjoying smooth performances over the years; it however has not performed as miserly as the 737. Indigo, a major Indian airline is the largest importer of A320 Neo; despite new technologies, it has been warned of repeating problems like momentary engine vibration. Months back, an Indigo flight stalled on its way from Kolkata to Pune, before being forced to return to its departure. Unlike the Boeing 737, Airbus malfunctioning does not lead to a major disaster. There is an element of mechanical interference available to pilots flying the European prototypes. Still, it is not everything that separates the two giants.

The Ethiopian disaster, scrutinized Boeing’s leadership at home; a congressional hearing concluded that after repeated attempts to warn the airline manufacturer to present information as transparently as possible, deaf ears have persisted. As the statement read, Boeing was hiding significant information away from airline companies and pilots. While it plans to resume sales in 2020, progress has been waning, in terms of improving the knowledge behind operating the 737 Max. The investigative hearing concluded that Boeing was manufacturing flying coffins.

Unsurprisingly, there is little amusement towards the development of airline sales around the world. Visibly, there is a band of companies, preferring the American manufacturer to the other. The politics is simple; it is merely about technological superiority, but more related with subsidies and after sales services. Regardless of whether Boeing will scrap the 737 Max or improve the software configuration, doubts have presided over choosing to fly altogether with choosing to fly a specific model. Air travel could not be safer in 2020. That claim is in serious trouble.

Continue Reading

Intelligence

Digital Privacy vs. Cybersecurity: The Confusing Complexity of Information Security in 2020

Dr. Matthew Crosston

Published

on

There is a small and potentially tumultuous revolution building on the horizon of 2020. Ironically, it’s a revolution very few people on the street are even aware of but literally every single corporation around the globe currently sits in finger-biting, hand-wringing anticipation: is it ready to meet the new challenge of the California Consumer Privacy Act, which comes into full effect on January 1, 2020. Interestingly, the CCPA is really nothing more than California trying to both piggy-back AND surpass the GDPR (General Data Protection Regulation) of the European Union, which was passed all the way back in 2016. In each case, these competing/coincident pieces of regulation aim to do something quite noble at first glance for all consumers: to enhance the privacy rights and data protection of all people from all digital threats, shenanigans, and malfeasance. While the EU legislation first of all focuses on the countries that make up the European Union and the California piece formally claims to be about the protection of California residents alone, the de facto reality is far more reaching. No one, literally no one, thinks these pieces can remain geographically contained or limited. Instead, they will either become governing pieces across a far greater transregional area (the EU case) or will become a driving spur for other states to develop their own set of client privacy regulations (the California case). Despite the fact that most people welcome the idea of formal legal repercussions for corporations that do not adequately protect consumer data/information privacy, there are multiple confusions and complexity hidden within this overly simple statement. As we head into 2020, what should be chief for corporations is not trying to just blindly satisfy both GDPR and CCPA. Rather, it should be about how to remedy these confusions first. However, that elimination is not nearly as easy to achieve as some might think.

First off, a not-so-simple question: what is privacy? It is a bit awe-inspiring to consider that there are many ways to define privacy. When considering GDPR and CCPA, it is essential to have precise and explicit definitions so that corporations can at least have a realistic chance to set goals that are manageable and achievable, let alone provide them with security against reckless litigation. Failure to define privacy explicitly carries radically ambiguous legal consequences in the coming CCPA atmosphere, something all corporations should rightly avoid like the plague. Perhaps worse, no matter how much time you spend defining consumer privacy beforehand, trying to create this improved consumer protection digitally becomes almost hopelessly complicated. The high-technology, instant-communication, constant-access, massively-diversified world we live in today makes some argue that ‘digital privacy’ in any real sense is dead and buried without the possibility for resurrection. If this is true, then how quixotic will it be for corporations to try to meet the regulation demands of legislative projects like GDPR and CCPA if they do not first try to establish both clarity and transparency of terms and goals?

This is not a nihilistic argument just trying to have every corporation around the world throw up its hands in despair and give up on improved consumer privacy and data protection. But note the word ‘improved.’ In order for corporations to realistically provide consumer data protection, the irony of ironies may be that the first successful step will be finally embracing transparency in admitting that ‘perfect digital privacy’ will not and cannot exist. Realistic cyber expectations mean admitting that external threats always have an upper hand over internal defenders. Not because they are more talented or more committed or more diligent. But because what it takes to successfully perpetrate a threat is far simpler, quicker, cheaper, and easier than what is necessary to successfully enact a comprehensive defense program that can answer those threats and remain agile, flexible, and adaptive far into the future.

The broken glass analogy helps illustrate this conundrum. I am in charge of protecting 100 windows from being broken. But I must protect them from 1000 people coming toward me with rocks. Ultimately, it is far easier for the 1000 to individually achieve a single success (breaking a window) than it is for me to achieve success in totality (keeping all 100 windows intact). The resolution, therefore, is transparency: there is greater chance of ‘success’ for the chief actors (namely, me as defender and the client as owner of the windows) if I can be liberated from the impossible futility of ‘perfect protection’ and set a more realistic definition of protection as ‘true success.’ As long as there are recovery/restitution processes in place (replacing/repairing a broken window), then ‘success’ should be legitimately defined as a percentage less than 100. This is the same for corporations dealing with clients/consumers in the new world of 2020 CCPA: if the idea is that these pieces of legislations finally make corporations commit to perfect digital privacy and such perfection is the only definition of success against which they can measure themselves, then 2020 will be nothing but a year of frustration and failure.

The funny thing in all of this is that the EU legislation somewhat admits the above. Consider the seven principles of data protection as laid out by GDPR:

  • Lawfulness, fairness, and transparency.
  • Purpose limitation.
  • Data minimization.
  • Accuracy.
  • Storage limitation.
  • Integrity and confidentiality.
  • Accountability.

Nothing in these seven principles would bring about the establishment of perfect digital privacy or sets the expectation that failures in consumer protection must never occur. But they do hint at a darker secret underlying the European concept of client privacy that sits in contradiction to the very essence of American economics.

When people call CCPA the ‘almost GDPR,’ it is hinting at how the spirit of the two legislations are somewhat diametrically opposed to one another. The EU crafted GDPR under strong social democratic norms that encompass many of the core member governments. As such, it is most decidedly not legislation engineered to first protect the sacred right to free market business enterprise and a fundamental belief in the market to solve its own problems. Rather, GDPR has within it, implicitly, a questioning skepticism about the core priorities of major corporations and the belief that governance is the only way to make free-market economics work fairly. As such, GDPR is not just about protecting consumer data and information privacy from hackers, outside agents, and foreign actors: it is alsoabout protecting consumers from “untrustworthy corporations” themselves. This is something that should not infuse the CCPA (whether it does or not is yet to be determined and 2020 will therefore prove to be a very interesting judgment year). Because while California is staunchly to the left on the American political spectrum, it still operates as a constituent member of the US, the most fiercely protective country of its capitalist roots and belief in the sanctity of the free-market system. As such, government regulation in the EU that works for consumer privacy protection will not be looking at corporations as a willing or even necessarily helpful partner in a joint initiative. American government regulation should and must. As time progresses, if CCPA proves itself to be too close to GDPR, to European as opposed to American market norms, expect to see other states in the US create competing legislation. And even if those competing pieces aim to create a more ‘American’ conceptualization of consumer digital privacy as opposed to ‘European,’ what it means in real terms for corporations is yet more competing standards to try to synergize and make sense of. Thus, executive leaders in charge of information security in 2020 are going to need to have critical reasoning and analytical research skills far more than they ever have in the past.

In the end, protecting consumer privacy and providing client data protection is an essential, proper, and critical element for doing business in 2020. Legislation like GDPR and CCPA are meant to help provide an acknowledged framework for all actors to understand the expectations and consequences of the success/failure of that mission. Having such protocols is a good thing. But when protocols do not recognize reality, skip over crucial elements of clarity and transparency, hide some of the futility that likely cannot be overcome, and ignore their own competing contradictions, then those protocols might end up providing more problems than protection. What corporations must do, as they head into 2020, is not blindly follow CCPA. Nor should they facetiously do superficial work to achieve ‘CCPA compliance’ while not really providing ‘privacy.’ What is most crucial is innovative executive thinking, where new analytical minds are brought in to positions like CISO (Chief Information Security Officer) that are intellectually innovative, entrepreneurial, adaptive, and agile in how they approach the mission of privacy and security. Traditionally, these positions have often been hired from very rigid and orthodox backgrounds. The enactment of CCPA in 2020 means it might be time to throw that hiring rulebook out. In real terms, the injection of new thinking, new intellectualism, new concept agility, and new practical backgrounds will be crucial for all information security leadership positions. Failure to do so will not just be the death of privacy, but the crippling of corporate success in the client relationship experience.

Continue Reading

Latest

Trending