Skip to main content
banner image
venafi logo

Do You Recognize These Consumer Privacy Rights? They Could Be Yours [Encryption Digest 37]

Do You Recognize These Consumer Privacy Rights? They Could Be Yours [Encryption Digest 37]

consumer privacy rights
April 16, 2020 | Katrina Dobieski

 

It's 2020, and the two-year-old TLS 1.3 is still the best encryption protocol out there. Why aren’t we all using it? A few more reminders on the finer points of TLS 1.3 and why it’s successfully replaced all former protocols as the security standard of the internet. Whether we upgrade or not is a different story. And, at a time when privacy and civil rights are called into question by proposed legislation, data handovers and tracking techniques, we offer up for review a plagued history of the digital consumer privacy rights movement. And where it is now.


 

TLS 1.3 – The Best Thing We Still Haven’t Done


Pegged pants. Formica tabletops. HTTP. And now, TLS 1.2.
 

These things are out of date, but while curating your lava lamp collection won’t hurt anybody, not using TLS 1.3 just might.
 

We all rise together

With TLS 1.3 deriving its value from widespread adoption, we may have yet to realize the full safety of the internet as not everyone has made the transition. And, even those who have upgraded to TLS 1.3 may still be susceptible to downgrade attacks when dealing with other browsers, technologies, endpoints that haven’t. So we should all step up and adopt the latest standard.
 

What TLS 1.3 brings to the table

  • TLS 1.3 does not use RSA key exchanges, which are vulnerable because they don’t support forward secret. "If the attacker acquires its key at any point, even years later, they can then decrypt that ciphertext,” explains Kim Crawley.
     
  • TLS 1.3 exclusively uses Diffie-Hellman, a forward secret protocol, utilizing asymmetric encryption to ensure that only the message receiver can decrypt the intended message with their private key.
     
  • TLS 1.3 ditched weaker technologies such as the RC4 cipher and CBC-mode ciphers, (present in TLS 1.2) which are susceptible to plaintext recovery and “Lucky 13” attacks.
     
  • TLS 1.3 is compatible with DNS over HTTPS (DoH)
     

In addition, TLS 1.3 is faster and smoother than previous TLS iterations at authenticating the asymmetric “handshake” between client and server, and it may help circumvent censorship laws, as ISPs can no longer block access to certain websites. For more on the benefits of TLS 1.3, read up on Kim Crawley’s “Why TLS 1.3 is a huge improvement”.


Now that safer internet protocols are out there (TLS 1.3 has been around since 2018), it’s up to us to use them. Like shelter in place, we’re all safer if we do it.
 

Related Posts


 

Could These be Your Privacy Rights?




Maybe someday.
 

In 2012, the Obama administration released “Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Economy,” which included the Consumer Privacy Bill of Rights. A good idea, the issue was largely ignored until the White House drafted up its own version in 2015. The Federal Communications Commission passed internet data regulations in 2016, only to get them repealed in 2017 by a Congressional Review Act. Telecoms said it treated them unfairly against large social platforms. Upon leaving the White House, President Obama left a review and recommendation to the incoming President Trump regarding furthering of the initiative, which was promptly discarded. A year later, Ro Khanna (D-CA) released his Internet Bill of Rights in another attempt to seal data protections into law.
 

Bringing the issue to Congress, Senator Edward J. Markey (D-MA) introduced his Privacy Bill of Rights Act last year, and it was “Read twice and referred to the Committee on Commerce, Science, and Transportation.” As far as we know, it’s still there.
 

While the fight may be ongoing, it’s not over yet. Both the EARN IT Act and Sen. Markey’s Bill of Rights are still up for debate.
 

Just to remind us, these were the principles behind the original 2012 Privacy Bill of Rights, as summarized by the Electronic Privacy Information Center (EPIC).
 

  • “Individual Control: Consumers have a right to exercise control over what personal data companies collect from them and how they use it.
  • Transparency: Consumers have a right to easily understandable and accessible information about privacy and security practices.
  • Respect for Context: Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.
  • Security: Consumers have a right to secure and responsible handling of personal data.
  • Access and Accuracy: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate.
  • Focused Collection: Consumers have a right to reasonable limits on the personal data that companies collect and retain.
  • Accountability: Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.”
     

The more you know.
 

In 2018, Senator Markey and fellow Massachusetts Senator Richard Blumenthal both sponsored the CONSENT Act, a pro-privacy reaction to the Cambridge Analytica scandal.
 

Now, Sen. Markey is leading the Privacy Bill of Rights and Sen. Blumenthal is on the opposing side, sponsoring the pro-backdoor EARN IT Act.


A poetic plot twist in a twisted saga.






 

Related Posts:

 

Like this blog? We think you will love this.
solarwinds-lawsuit-cios-cisos-concerned-unprotected-code-signing
Featured Blog

CIOs in Hot Seat: SolarWinds Sued by Investors for Supply Chain Attack

SolarWinds lawsuit claims company officia

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Katrina Dobieski
Katrina Dobieski

Katrina writes for Venafi's blog and helps optimize Venafi's online presence to advance awareness of Machine Identity Protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more