The Government Privacy Apocalypse
The last few years have seen massive leaks of government electoral rolls and other sensitive citizen information. We are witnessing a government privacy apocalypse.
Half Of Turkey
In 2016 alone more than half the citizens of Turkey had their personal details leaked on the internet, including “their names, addresses, parents’ first names, cities of birth, birth dates, and a national identifier number used by the Turkish government.”
The Philippine Commission on the Elections was hacked, that included personal information, including fingerprint data and passport information, belonging to around 70 million.
And in Mexico, “a database reportedly containing roughly 93.4 million Mexican voter registration records was discovered on an Amazon cloud server without any password protection and includes everything from home addresses to ID numbers.”
No Privacy For Secret Agents
That was just 2016. In 2015, the OPM hack came to light, in which the numbers were lower, 21 million, but the information much more damaging. The database/s that were hacked contained the background information from FBI investigations into people wanting a security clearance in the US Government.
No biggie, just a generation of the nation’s entire spy force, FBI agents, their families and known associates. And every financial, personal or otherwise compromising tidbit.
US Voter Rolls For Sale
Not to be left out of the voter roll mess, this report [PDF] from the early 2000s has a good run down on the information on voter rolls in the USA and who can access it. Don’t want to click, here’s the TL;DR version: Everyone can access it.
The Internet Needs a Seatbelt
Five years ago, I wrote that The Internet Needs Less ‘Big Brother’ And More ‘Concerned Mum’ when it comes to security. At the time I was writing about the massive and completely avoidable hacks of large corporations and all your data that goes with it.
The internet has moved on; now it is government data, verified, unique and very personal that is getting hacked.
The solution now as it was then, is government regulation. Private companies have been shown not to care or be good at security, why would we involve them now?
OPM was hacked, in a small part, because one of the important server accounts didn’t have two-factor authentication installed/enabled.
When I am talking ‘government regulation’ I am not talking ‘billions of dollars,’ I am talking basics. Get the basics right. Use two-factor, install updates regularly, in fact, governments could do worse than taking my advice and adapting it at scale.