Categories
Articles Cloud Cloud News Hosting Legal News Technology Web Security

The U.S. Cloud Computing Industry Stands to Lose $22 to $35 billion as a Result of PRISM Exposé

The recent revelations about the extent to which the National Security Agency (NSA) and other U.S. law enforcement and national security agencies have used provisions in the Foreign Intelligence Surveillance Act (FISA) and USA PATRIOT Act to obtain electronic data from third parties will likely have an immediate and lasting impact on the competitiveness of the U.S. cloud computing industry if foreign customers decide the risks of storing data with a U.S. company outweigh the benefits, according to the statistics revealed by the latest report of the Information Technology and Innovation foundation (ITIF).

If European cloud customers cannot trust the United States government, then maybe they won’t trust U.S.cloud providers either. If I am right, there are multibillion-euro consequences for American companies. If I were an American cloud provider, I would be quite frustrated with my government right now.
– Neelie Kroes, European Commissioner for Digital Affairs.

The United States has been a global leader in providing cloud computing services globally and a big chunk of the US Cloud industry’s revenue comes from companies outside the North America. Of late, however, other countries, especially Europeans, are trying to play catch-up to the United States’ early success, and are even taking their governments’ help to do so. France, for example, has invested €135 million in a joint venture in cloud computing.

As shown in table 1 below, the global enterprise public cloud computing market will be a $207 billion industry by 2016. While much of this projected growth was until recently up for grabs by U.S. companies, the disclosures of the NSA’s electronic surveillance may fundamentally alter the market dynamics.

“Whoever fears their communication is being intercepted in any way should use services that don’t go through American servers,” declared Hans-Peter Friedrich, German Interior Minister publicly. German Justice Minister Jörg-Uwe Hahn has also called for a boycott of U.S. companies.

How much do U.S. cloud computing providers stand to lose from PRISM?

The Cloud Security Alliance conducted a survey in June and July of 2013 amongst its members who are industry practitioners, companies, and other cloud computing stakeholders, about their reactions to the NSA leaks.

10 percent of non-US respondents indicated that they had cancelled a project with a U.S.-based cloud computing provider; 56 percent said that they would be less likely to use a U.S.-based cloud computing service. 36 percent of the U.S. residents indicated that the NSA leaks made it more difficult for them to do business outside of the United States.

Cloud Security Alliance PRISM Survey
Soruce: Cloud Security Alliance

Thus given the current conditions, on the low end, U.S. cloud computing providers might lose $21.5 billion over the next three years. This estimate assumes the U.S. eventually loses about 10 percent of foreign market to European or Asian competitors and retains its currently projected market share for the domestic market.

US Cloud Industry Share Post-Prism
Table 1: Low estimate of losses from NSA revelations, in $ billions.

On the high end, U.S. cloud computing providers might lose $35.0 billion by 2016. This assumes the U.S. eventually loses 20 percent of the foreign market to competitors and retains its current domestic market share.

US Cloud Industry Share Post-Prism-1
Table 2: High estimate of losses from NSA revelations, in $ billions.

What should the U.S. government do?

The economic consequences of national security decisions should be part of the debate, and this cannot happen until more details about PRISM have been revealed. The U.S. government needs to proactively declassify information about the PRISM program and allow companies to reveal more details about what information has been requested of them by the government.

Also, the U.S. government should make it is clear what information U.S.-based and non-U.S.-based companies are disclosing to both domestic and foreign governments. U.S. trade negotiators should work to include transparency requirements in trade agreements, including the Transatlantic Trade and Investment Partnership (TTIP) currently being negotiated with the EU.

If the U.S. government continues to impede U.S. cloud computing providers, other nations are more than willing to step in to grow their own industries at the expense of U.S. businesses.

To see the full report by Daniel Castro, a Senior Analyst with the Information Technology and Innovation Foundation and Director of the Center for Data Innovation, click here.

Categories
Articles Cloud Cloud Datacenter Legal News Technology Web Security

PRISM Exposé Boosts Swiss Data Center Revenues

The stringent laws which govern Swiss banks are derivative of the nation’s privacy legislation, and now – thanks to the PRISM scandal – the country is fast becoming the ideal location for those turning their back on the cloud.

Recent leaks of the American National Security Agency’s (NSA) PRISM surveillance program have sparked growing concern over data privacy, with implications for global corporations using US-controlled cloud services, such as AWS, Azure and Dropbox. As a result, businesses are now turning to Switzerland for their data hosting needs.

Swiss ‘private’ hosting companies are seeing huge growth because privacy in Switzerland is enshrined in law. As the country is outside of the EU, it is not bound by pan-European agreements to share data with other member states, or worse, the US. Artmotion, for example, has witnessed 45 per cent growth in revenue amid this new demand for heightened privacy.

Until now the PRISM scandal has focused on the privacy of the individual, but the surveillance undertaken by NSA and Britain’s own GCHQ has spurred corporate concern about the risks associated with using American based cloud providers to host data. It is especially troubling for businesses with data privacy issues, such as banks or large defence and healthcare organisations with ‘secret’ research and development needs.

Before PRISM, the US was at the forefront of the cloud computing industry and companies worldwide flocked to take advantage of the scalable benefits of cloud hosting, as well as the potential cost savings it offered.

However the scandal has unearthed significant risks to data for businesses, as well as for their customers. With US cloud service providers, the government can request business information under the Foreign Intelligence Surveillance Act (FISA) without the company in question ever knowing its data has been accessed.

For businesses large and small, data vulnerabilities and the threat of industrial espionage from US hosting sites can present real security risks or privacy implications, and it’s causing a real fear. Business owners are worried that by using US based systems, private information could potentially be seen by prying eyes.

The desire for data privacy has therefore seen a surge in large corporations turning to ‘Silicon’ Switzerland to take advantage of the country’s renowned privacy culture, which helps them host data without fear of it being accessed by foreign governments.

Categories
Articles Legal News Technology Web Security

A New Virus, Suspected Variant of ‘Ramnit’ Malware Family, Spreads Fast in Indian Cyber Space

A new virus has been found to be “spreading widely” in the Indian cyberspace. The said virus  is a  suspected variant of malware family called ‘Win32/Ramnit’ and steals bank account details and passwords of the user once it is clicked.

Ramnit worm spreads by infecting or modifying files existing on target systems such as (EXE, dll or html) and creating a new section so as to modify the entry point to that section.

The malware steals credentials like file transfer protocol passwords, bank account logins, infects removable media, changes browser settings and downloads and executes arbitrary files.

The virus so is extremely deadly and potent because of two facts:

  • It has ability to hide itself from anti-virus solutions and acquires various aliases to attack a genuine system or Internet-based connection which works to play emails and other user services.
  • It infects the removable media by copying itself to its recycle bin and creates an autorun.inf file.

Once the system is infected, the malware injects its code into windows executable  html files or dlls to communicate with its command and control server, thereby compromising the security of the online system.

Counter Measures in this regard:

  1. Users should not download and open attachments in emails received from untrusted users or unexpectedly received from trusted users.
  2. One should exercise caution while visiting links to web pages and not visit untrusted websites.
  3. Enable firewall at desktop and gateway level and disable ports that are not required.
  4. Avoid downloading pirated software.
  5. Keep up-to-date patches and fixes on the operating system and application softwares.
  6. Keep up-to-date anti- virus and anti-spyware signatures at desktop and at gateway level.

Law Perspective:
If any person, without permission of the owner or any other person who is in charge of a computer, computer system of computer network, downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network, he is guilty under Section 43(b) of  the amended Information Technology Act, 2000.

Spreading of virus is  a cognizable crime under the section 43(c), which  imposes compensation for unauthorized introduction of computer contaminants or computer virus.  Since section 43 does talk on the exact amount of compensation, one remains on mercy of Courts and intelligence of lawyers, because data being intangible asset, the worth can run into millions or trillions of denominations.

Spreading of virus is also  a cognizable crime  under  section 66 of The IT Act, 2000 in India. It attracts up to 3 Years of imprisonment or up to Rs. 5 Lakhs of fine or both.

Categories
Articles Legal Technology Web Security

How to Install an SSL Certificate on Internet Information Services (IIS) – 9 Easy Steps Tutorial

Installing an SSL Certificate on IIS (Internet Information Services) is not a daunting task for those who aren’t technically sound or have a detailed idea about it. This tutorial will guide you through the complete process of SSL certificate installation on different versions of IIS.

SSL Overview

Secure Socket Layer (SSL) Certificates secure the customer’s information worldwide through state-of-the-art encryption methods. At the time of writing this article, there are an almost infinite number of websites using different types of SSL Certificates from a variety of brands in order to protect their customer’s privacy. SSL Certificates are specifically used to encrypt customer information as it travels between a browser and web server. Through SSL Certificates websites gain the genuine trust of their customers as they are assured that their data will be secured. While the purpose of SSL Certificates ultimately remains the same there are some minor differences in the installation process often between the different types of servers and SSL Certificates out there. Prior to installation it’s of the utmost importance that one meets the server requirement (have a server available and know what kind) as well as have a dedicated IP address.

The following are 9 Essential Steps to Install an SSL Certificates on an IISx:

Step 1:

When installing an SSL Certificate the first step is to generate the Certificate Signing Request (CSR) through your Internet Information Services (IIS) Manager. After generating the CSR you must then submit it to a Certificate Authority (CA). The site administrator may be able to obtain the certificate directly; otherwise they must contact the web host to gain access to the certificate. Once the CSR File is created and obtained, the file containing the certificate must be opened then saved to the proper server under the new name “Your Web Site.csr”. This file is an encrypted document that contains the information related to the SSL Certificate.

Step 2:

Select the “Start >> Administrator Tools >> Internet Information Service (IIS) Manager” and then simply proceed to left-click on the server’s name.
How to install SSL Certificate on IIS

Step 3:

After you have completed all the steps above find the “security” section from the server’s menu. Select the “server certificates” menu button. Left-click on the “complete certificate request” menu option, which then launches the Certificate Wizard. Continue to install the certificate, and don’t worry if it at all sounds complicated since the wizard performs the majority of the work. When prompted, select the .cer file saved to the server during “Step 1” and enter the requested name that refers to the certificate located on the server.Guide for SSL Certificate Installation on IIS 7 Web Server

Step 4:

Click the “OK” button to complete the request. This point of the installation is complete and the certificate is successfully installed. After installation of certificate on the server, assign Certificate to the appropriate website using IIS.Assigning SSL Certificate to the appropriate website using IIS

Step 5:

To Assign the certificate to the appropriate website:

Select “IIS >> Connections”, select the name of the server to which the certificate was installed and under “Sites”, select the site to be secured with SSL.

Step 6:

Right click on “Bindings” from the “Actions” menu.
How to SSL Certificate on IIS – 9 Easy Steps
Step 7:

In “Site Binding” click on “Add”, this will open the “Add Web Site Binding” window.

SSL Certificate Installation on IIS 7 Web Server

Step 8:

Select https under “Type”. The IP Address should be the IP address of the website, or it should be default as “All unassigned”. The port is usually 443, by which traffic will be secured by SSL.
SSL installation guide

Step 9:

Click “Ok”, and you must restart the IIS to complete this operation.
SSL Certificate Installation on IIS 7 Web Server
Now that the installation of the SSL Certificate has been completed your website is completely ready to provide encrypted security to your virtual customers.

Was this guide helpful? Have I missed something? Please share in the comments section below.

Categories
Articles Legal News Technology Web Security Web Security

Frequently Asked Questions about EV SSL Certificates answered by RapidSSLonline

RapidSSLonline, an SSL security specialist, addresses some valuable questions and answers, which according to them are most frequently asked on the web.

What is an EV SSL Certificate Security?
EV SSL or Extended Validation SSL certificate is one of the most toughest and trusted SSL certificates, which is especially produced to protect wide level e-Business web servers and their users’ information, while it is being transferred between web browsers and servers.

What type of validation does an EV SSL certificate contain?
An EV SSL certificate issued  to any web organization contains complete Domain and Business Authentication details.

What are some major advantages Extended Validation SSL certificate has when compared to a Standard SSL?
One of the greatest advantages of obtaining an EV SSL certificate is getting the green address bar status, which immediately alerts consumers that the site they are visiting offers the highest level of security.

Extended validation certificates offer online businesses the highest level of encryption, generally between 128-256 bit encryption. This ensures that all data transmissions are encrypted to the maximum, with virtually no chance of sensitive information falling into the hands of a third party.

What is a Legal Opinion Letter of EV Certificate?
It is a professional opinion letter from Certified or Licensed Attorney for Extended Validation SSL certificate issuance. All major Certificate Authorities such as Symantec, GeoTrust, and Thawte require Legal Opinion Letter before EV issuance to any organization.

What encryption level does EV SSL contain?
EV has the toughest protection encryption such as 256 bit with 2048 bit CSR key generation.

How much time is needed for issuance of an EV SSL certificate?
It needs 10 to 15 business days for issuance of an EV SSL certificate.

What all web browsers are compatible with an Extended Validation SSL Certificate?
Here is the list of web browsers, which are the most compatible to EV cert.

  • Firefox 1+, 2+, 3+
  • IE 5+, 6+, 7+, 8+
  • Netscape 4+
  • Opera 7+
  • AOL 5+
  • Safari

How much warranty amount does an  EV SSL certificate contain?
An EV SSL certificate contains  a minimum of $500,000 and maximum of $1,500,000 warranty.

Does EV security support mobile devices?
Yes it does! Secure site pro with EV security from Symantec supports mobile devices, which is also the toughest security solution on the web.

What is the difference between EV SSL and WildCard SSL?
EV SSL certificate is a complete domain authentication which protects single qualified domain only on a single server and IP, whereas  WildCard SSL is domain authenticated security, which protects sub domains and as well as main domains on single server and IP.

Categories
Articles Domain Legal News Web Security Web Security Website Development

What is a Multi Domain EV SSL Certificate?

Maintaining a  high level of online trust and security in compliance with industry-wide security regulations can be a daunting task for organizations  as it requires timely updates to the IT security infrastructure which are sometimes very expensive. To keep a sense of trust and security intact in the minds of website visitors and at the same time keeping expenditure within manageable limits is thus a very herculian task. This is where a  Multi Domain EV SSL security certificate comes in.

 Multi Domain EV SSL security certificateis a ‘best of both worlds’ product in a way that it provides stringent and tough authentication at par with  industry standard EV SSL (Extended Validation) certificate, and has the ability to package multiple domains , thereby effectively cutting down the costs for the buyer. For example, a single EV SSL MDC can secure- domainA.com, domainB.com, secure.domainA.com, login.domainB.com and anydomainunderthesky.any-tld. The most important thing to note here is that a EV Multi Domain SSL certificate covering all these five domains will cost significantly lesser than the cost for five separate security certificates for the same five domains.

A  Multi Domain EV SSL certificate also saves a lot of time as even though it requires each domain to  go through the domain authentication process separately, the identity of the website owner has to be authenticated only once. This makes it the perfect security solution for small and medium scale business  looking to secure their online transactions.

How do I choose the best  Multi Domain EV SSL certificate for me?
Like every other security solution, the selection of a  Multi Domain EV SSL certificate best suitable for you also depends on a number of factors, such as  price, the number of domains needed initially and flexibility in adding new ones during the time period covered by the certificate. For example, you plan to secure only 5 domains now under the Multiple Domain EV SSL, but anticipate a healthy growth of your business in future and hope to secure 10 domains in an year or so, then you must go for a provider who is flexible in adding new domains under a single certificate and has sales representatives/support available for live chat 24*7. You must also do a proper research on the provider and look for online reviews of their products online.

A detailed article to choose the best SSL provider is here, but these are  some vital features one must surely check while buying a Multi Domain EV SSL security certificate:

  • Security Level: Complete Business or Organization Validation.
  • Encryption Level: The Toughest 256 Bit SSL Encryption.
  • Serve License: Unlimited Server Licenses. (Without Any Extra Charges)
  • Issuance Speed: Within 1 to 10 working days.
  • Compatibility: 99.99% the latest web browsers and mobile device compatibility.
  • Assortment: SAN / Multi-Domain / UCC option obtainable.
  • Additional Plus: Order www.domain.com & additional plus secure.domain.com.

The multiple domain packages offered by SSL security certificate authorities differ considerably. For Example, GeoTrust offers five additional multiple domains with its starting package and provides an option to  add additional domains in increments of five, up to a total of 25. This is completely different from Comodo, while offers only three additional multiple domains with its starting package but gives an option to  add up to 100 total domains, one at a time. Every Multi Domain EV SSL certificate package thus has it’s own pluses and minuses depending on their price, difficulty of installation etc., the key lies in choosing one which best suits your needs.

Categories
Articles Legal News Web Security Web Security

How New Privacy Laws will Affect Digital Commerce: Legislation of Privacy- (Part 2)

In my last post, I discussed how many of the newer and upcoming laws regarding privacy in the United States can heavily effect your life, from how you buy insurance to which bits of personal information are gathered while you shop online, go to the bank, or talk on the phone. While the first post of this four part series dealt with the effect of these laws on your digital life; this post, in particular, will focus on the effects of the same on Digital commerce.

Much like your social activities, your consumer habits and activities are also subject to privacy violations, especially when they occur online or through a mobile device. The following are laws that seek to address a number of major issues related to consumer privacy rights.

Cyber Intelligence Sharing and Protection Act (CISPA)Proposed by Rep. Michael Rogers and co-sponsored by 111 other House members, CISPA is designed to help the government better investigate cyber threats and ensure that large networks are secure against the threat of cyberattack. To do that, the act would allow for the sharing of Internet traffic information between the U.S. government and certain technology and manufacturing companies. While noble in its intention, the act has been widely criticized for endangering privacy and civil liberties, though some large technology companies (Microsoft and Facebook) favor it as a simple and effective way of sharing important cyber threat information with authorities. Read about CISPA in detail here.

  • How It Will Affect You: If CISPA becomes law, it would make it harder for cyber criminals to execute major attacks on networks. However, it may also mean that the government could also easily, and without warrant, track any individual’s browsing history. As the bill is presently worded, there are few limits on when or how the government can monitor an individual, and it may even make certain kinds of spyware legal if it is being used in good faith for a cybersecurity purpose.
  • Timeline: CISPA was introduced in late 2011 and was passed by the House of Representatives in mid-2012. While gaining early support, Obama’s advisors have argued that the bill could be a major risk to confidentiality and civil liberties and it is likely he would veto it if it passes.

CISPA-PDF (Maximize for better readability

Commercial Privacy Bill of Rights On April 12, 2011, Senators Kerry and McCain introduced the Commercial Privacy Bill of Rights to establish a baseline code of conduct for how personal information can be used, stored, and distributed. The bill of rights has since been picked up by the Obama administration and adapted in a report titled “Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy.” In both instances, the bill of rights lays out principles that would work to protect personal data and to improve consumer security. It is not a piece of legislation in itself, but a guideline for building and enacting future regulations and laws that will impact tech companies and online retailers.

  • How It Will Affect You: While nothing has been passed yet, this outline could help protect your personal data from abuse by retailers and ensure that it’s not sold to a third party or in any other way compromised.
  • Timeline: First proposed in early 2011, it could be quite some time before this bill of rights is translated into any real kind of legislation, especially if there is major pushback from Congress or tech companies themselves. If companies begin to better self-regulate privacy issues, no additional legislation may be needed.

Commercial Privacy Bill of Rights PDF (Maximize for better readability)

Application Privacy, Protection, and Security Act of 2013 Congressman Hank Johnson proposed the APPS Act early this year. The act is designed to address concerns with the data collection being done through applications on mobile devices and would require that app developers provide greater transparency about their data collection practices, ensure reasonable levels of data security, and allow users to opt out of data collection or have the option to delete data that has been collected on them.

  • How It Will Affect You: The APPS Act would ensure that apps on your phone aren’t gathering, storing, or sharing information about you without your knowledge or consent. It doesn’t mean that data can’t or won’t be collected, just that consumers will have greater knowledge and potentially the ability to opt out of certain aspects of this process.
  • Timeline: The draft of the bill was released in January 2013 and is currently just a discussion draft, meaning that it hasn’t been formally introduced for passage just yet. It’s likely that discussions with app developers and consumer advocates will help to shape the final draft and it could be a couple of years before any final decisions are made on the legislation.

Application Privacy, Protection, and Security Act of 2013 PDF (Maximize for better readability)

Location Privacy Protection Act of 2011 Worried about the potential risks for stalking posed by cell phones loaded with GPS and apps that gather information about a user’s location, Senator Al Franken, along with several co-sponsors, proposed this bill to fill in loopholes in federal law that allow companies to obtain location-based information on consumers and to share that information with third parties. While some app developers have complained that this hinders location-based advertising, others agree that privacy needs to be protected and that location-based tracking should only be allowed within apps that consumers have given consent to do so.

  • How It Will Affect You: The Location Privacy Protection Act, if passed, with protect you from having mobile data on your whereabouts tracked, stored, or shared without your knowledge or consent. It would not eliminate the ability of mobile technologies to track your location but would only ensure transparency and greater security, though it may be cumbersome with some existing systems of location-based advertising.
  • Timeline: The bill has been under development since 2011 and is still being refined and tailored take into consideration the needs of all involved parties. Franken is expected to push the measure later this year and if passed the bill could see enforcement as early as 2014.

Location Privacy Protection Act of 2011 PDF (Maximize for better readability)
This is part 2 of a 4 part series. The part 1 illustrated in detail Privacy Laws related to Digital life and their effect on the same. Links to part 3 and 4, which will elaborate on effects of privacy laws on Work & Employment and Personal information will be updated soon.
Update: The part 3, which illustrates in detail Privacy Laws related to Work and Employment and their effect on the same has now been updated.
Categories
Articles Legal News Web Security

How New Privacy Laws will Affect Your Digital Life: Legislation of Privacy- (Part 1)

Technology is changing how we do everything, from connecting with friends to investigating our family history. While most of these changes are for the better, the reality is that many of these new technologies expose us to serious privacy risks, especially as legislation has struggled to keep up. Yet both here in the U.S. and around the world, that could soon change. There are numerous new and pending laws that are starting to seriously tackle the challenges posed by modern technology, helping close gaps in legislation and enforcement that open you up to online stalking, medical data breaches, and disclosure of your online data. Even if you don’t realize it, many of these laws can have a major impact on your life, from how you buy insurance to which bits of personal information are gathered while you shop online, go to the bank, or talk on the phone. What follows is a brief guide to many of the newer and upcoming laws regarding privacy in the United States. You’ll learn what the bills propose, how they’ll affect your life, and when they’ll go into effect, if they haven’t already.

How New Privacy Laws will Affect Your Digital Life:
These laws and proposals are designed to protect your privacy in the online and mobile spheres, ensuring that you and those you care about aren’t tracked, subject to data seizures, or the victims of online predators.

The Protecting Children from Internet Pornographers Act of 2011:
Proposed by Rep. Lamar Smith of Texas, this bill is designed to increase the enforcement of laws related to child pornography and child sexual exploitation, specifically by requiring Internet service providers (ISPs) to provide data about subscribers to law enforcement officials. While still on the table for debate, the law has attracted a lot of attention from those who believe it has serious implications with regard to consumer privacy.
  • How It Will Affect You: This law doesn’t just affect those who create and distribute child pornography. If passed, all Internet users would see a reduction in privacy. The law would require ISPs to retain user IP addresses and subscriber information for one year, even in the event service is cancelled. This information would include names, addresses, telephone numbers, and account numbers, with no limits on the scope of subscriber information that can be retained and accessed by the government. What’s more, this collected information could be used to prosecute for any issue with probable cause and a warrant. This not only poses problems for the misuse of data by law enforcement; it could also result in serious security issues if information is hacked. It also opens up that information to gross violations of personal privacy and security.
  • Timeline: The bill passed the United States House Judiciary Committee on July 28, 2011, but hasn’t gone much further since then, despite garnering 39 co-sponsors by January 2012. It seems to have stalled, and little has been heard of it since it garnered widespread backlash. That’s no guarantee, however, that similar legislation won’t pop up in the future.

The Protecting Children from Internet Pornographers Act of 2011 PDF (Maximize for better readability)
Electronic Communications Privacy Act:
The Electronic Communications Privacy Act is almost 30 years old, so why does it appear on this list? Because it’s likely going to see some major revisions to reflect the increased variety and prevalence of electronic communications. The original act was designed to help expand federal wiretapping and electronic eavesdropping provisions, as well as protect communications that occur via wire, oral, and electronic means and to balance the right to privacy of citizens with the needs of law enforcement. In the years since, the law has been under increased scrutiny for being out of date and failing to protect all communications and consumer records. For example, under current law, government agencies can demand ISPs hand over personal consumer data stored on their servers that is more than 180 days old without a warrant. This wasn’t an issue in the past, when most emails were downloaded to individual computers, but with the advent of webmail programs like Gmail and Yahoo, now nearly all consumer email communications are fair game. Major tech companies, like Google, Facebook, Verizon, and Twitter, have advocated for greater privacy and reform of the law.

  • How It Will Affect You: If reforms to the ECPA go through, law enforcement and government officials will no longer be able to access your personal emails stored on a server without a warrant, regardless of their age. This is a strong first step towards updating the bill and ensuring the privacy concerns are addressed for present day technology.
  • Timeline: No changes have gone through to update ECPA yet, but in November 2012, the Senate Judiciary Committee approved a bill that would strengthen privacy protection for emails by requiring a warrant to access them. It is set to debate in the Congress early this year. Other legislation will likely be needed to deal with privacy issues related to mobile phones, text messages, and social media but no bills reflecting this type of data have been proposed.

Electronic Communications Privacy Act PDF (Maximize for better readability)

Children’s Online Privacy Protection Act:
COPPA isn’t new, either, but it has seen some significant amendments over the past year that are worth mentioning. COPPA, which went into effect in early 2000, protects children under 13 from the online collection of personal information. As a result, many sites today often disallow children under 13 from using their services or require parental permission for disclosure of any personal information. In September 2011, the FTC announced proposed revisions to COPPA that expand the definition of what it means to collect data from children. These new rules would include regulations on data retention and deletion and would require any third parties to whom a child’s information is disclosed to have policies in place to protect the information.

  • How It Will Affect You: You will likely only be directly affected by this law if you own or operate a website or have children under 13 who use the Internet. The new amendment is largely positive for parents and children, preventing abuses of data, laying out guidelines for stricter parental approvals, and ensuring that children’s information stays secure. A number of tech giants, however, have pushed back against this legislation. Apple, Facebook, Google, Microsoft, and Twitter, as well as Viacom and Disney, have all objected to several aspects of the new FTC rules stating that they make it nearly impossible for companies to create and disseminate child-focused material.
  • Timeline: In late 2012, nearly a year after revisions were proposed, the FTC adopted the final amendments to COPPA, and they are currently in effect.

Children’s Online Privacy Protection PDF (Maximize for better readability)


The GPS Act: The GPS Act, proposed by Representative Jason Chaffetz and Senator Ron Wyden, seeks to give government agencies, commercial entities, and private citizens specific guidelines to when and how geolocation information can be accessed and used. At present, there are no U.S. laws that directly address GPS tracking data, and with the proliferation of trackable devices like cell phones and GPS systems, the act is aiming to update regulations and guidelines to reflect modern sources of privacy concerns.

  • How It Will Affect You: If passed, the act will detail the legal procedures and protections that apply to electronic devices that use GPS, will require warrants for the release of GPS data, will make it illegal for individuals to be tracked without their knowledge, and will create criminal and civil penalties for violating these new GPS regulations. This could be a big boon to protecting your personal privacy and security, as it will make it illegal for others to track you (including family members) and will prevent data about your activities from being disseminated without your knowledge, consent, or a court order.
  • Timeline: The GPS Act was introduced to the Senate on June 15, 2011. It has not passed, in part because of opposition to two major court decisions, United States v. Jones and United States v. Knotts, which have ruled in favor of allowing law enforcement to place GPS trackers on cars, as well as opposition from the Obama administration. Yet a more recent case addressed by the Supreme Court, United States v. Jones , found that such measures violated the Fourth Amendment, which may help strengthen its passage as it waits to be considered by the Senate Judiciary Committee and the House.

The GPS Act PDF (Maximize for better readability)

This is part 1 of a 4 part series. Links to part 2, 3 and 4, which will elaborate on effects of privacy laws on Digital Commerce, Work & Employment and Personal information will be updated soon.

Update: The part 2, which illustrates in detail Privacy Laws related to Digital Commerce and their effect on the same has now been updated.

Update 2: The part 3, which illustrates in detail Privacy Laws related to Work and Employment and their effect on the same has now been updated.

Categories
Articles Legal News Web Security Web Security

Green Address Bar SSL- A Secret of Online Success

While SSL certificates are the current gold standard for online businesses and e-commerce websites, many people remain unaware that there are a number of different types of these certificates. In fact, there are a few different SSL certificates available to these online business sites, with the extended validation (EV) SSL certificate providing the highest level of online security.

Green Address Bar SSL- A Secret of Online Success

The security capabilities of a SSL certificate are directly related to the level of encryption used. Extended validation certificates offer online businesses the highest level of encryption, generally between 128-256 bit encryption. This ensures that all data transmissions are encrypted to the maximum, with virtually no chance of sensitive information falling into the hands of a third party.

One of the greatest advantages of obtaining an EV SSL certificate is getting the green address bar status, which immediately alerts consumers that the site they are visiting offers the highest level of security. The video below will help you get a better hold of the idea:

The main advantage of an EV SSL Certificate is “Trust & highest assurance” to your customers as an SSL certificate authority conducts strong business validation for issuing EV SSL Certificates. EV certificates offer the highest data encryption and browser compatibility. They supply complete business information of the entity along with business name, locality, contact info and the validating certificate authority name. This increases a potential customer’s confidence and makes it more likely that they do business on that particular site. It also increases conversions online. Below are the images showing that how your website address bar will become different in all major browsers if your website carries an EV SSL Certificate.

The EV SSL certificate not only actively combats phishing attacks, but also increases consumer trust, reduces shopping cart abandonment and helps build a business’s long-term revenue. While all SSL certificates provide encryption, the EV SSL certificate provides the ultimate online security and significantly boosts consumer confidence. The green address bar is the ultimate internet standard for online businesses, book bloggers in India, and e-commerce sites.

About Author:
James Labonte, is a Retail Director at The SSL Store™.The SSL Store™ is an one of the largest SSL Certificate Providers in the World & authorized platinum partner of Symantec. You can reach James on Google+, Twitter and Facebook.