Laws and regulations governing cybersecurity

With the use of information and communication technologies and the ever-increasing volume of data published by users, there have necessarily been requests for the suppression or deletion of data that are out of date or that in some way harm a user.

The vision that the digital world and its users will become anonymous is, in my view, a utopia. The various possibilities of anonymisation in the form of, for example, TOR network services[1], etc. will not change anything in this statement as there will always be interactions with the real world. Moreover, there will always be users in the digital world who are fallible and who make mistakes no matter how well they try to conceal information about their activities. It is also a utopia to think that technology will forget. Data will continue to be collected about users. What will happen will be another technical setting of who will see the data and who will not.

Undoubtedly, the interconnection of individual offered services and the possibility of passing information about users to third parties, as well as the Internet of Things (IoT), contribute to the “deanonymisation” of users.

For example, Facebook came up with an interesting solution for “deanonymisation” of users, developing the DeepFace method, which is based on the creation of a 3D model of the face based on defined starting points in a photograph.[2] Based on this method, it is also possible to identify persons who do not have a Facebook account and have only been marked (identified) as a specific person. The DeepFace method is intentionally mentioned here as the possibility of using this method is enshrined in the Facebook Terms of Service and allows, even if a user does not wish to do so (e.g. does not intentionally mark himself/herself under a photo), his/her identification.

As for IoT, the intervention of new technologies and our “deanonymisation” is even more apparent. As an example, I will mention a “smart TV”[3], which during the actual installation will again offer the Terms of Service for approval and immediately afterwards “ask” about the possibility of connecting to the Internet. For example, a closer look at the Terms of Service may indicate that this TV is authorised to provide a record of confidential and in-person calls or activities that you “make at it”, provided you use voice or motion control. As part of the Terms of Service, you will also be notified that the recorded data are passed on to the manufacturer and third parties. The only solution to prevent this information from being passed on is to turn off voice or motion recognition. The question is whether this is really the solution. Personally, I think that the solution would be to turn off or restrict the transfer of data, or to identify the entity with which I am willing to share this personal data.

As for the right to be forgotten, I can imagine a hypothetical situation where a user will request that the company that produced the television or other computer system with similar Terms of Service delete the call record, for example, from 1 March 2016. The court applies the right to “be forgotten” also in this case, but the question is who will actually guarantee the user that his data have been deleted from all data repositories.

Excerpt from Samsung EULA:

There is no anonymity on the Internet and certainly will not be in the near future. Users often, quite logically, justifiably intensively fight against the intervention of the state in their privacy, but on the other hand, they themselves offer this private information voluntarily and much more willingly to everyone around them (e.g. on social media, cloud services, etc.).

I do not think the gap between the real and digital world is so huge. Maybe that is why I often do not understand the thoughtless behaviour of users when it comes to the services offered by ISPs. Yes, as users, we will receive a service under the Terms of Service we enter into. The question is whether this deal is advantageous and whether the price we pay for this service is reasonable.

Personally, I am fully aware of the fact that my freedom, including a degree of “anonymity” on the Internet, is already a utopia. I believe that in the near future, thanks to IoT and the ever-increasing interconnection of all “services”, this utopia will be brought almost into a situation, not unlike the one in the Minority Report. On the other hand, I believe, or rather I want to believe, that I am still free and have the right to choose.

This right of my choice then at least lies in my decision whether, or what services I want to use and under what conditions. I think that users should become the real defining authority of the Internet, at least in the form that they show their will and try to gain their rights to the service provider because, in the case of state intervention in their privacy, in many cases they succeed.

After all, to evaluate how “aggressive” the service is, or how much it interferes with your privacy, can be found, for example, on the website: Terms of Service, Didn’t Read: https://tosdr.org/. If nothing else (although it is possible to use the analogy of “Digital Dementia”), then at least checking the basic terms on this page can help users to be better informed in the issue.

We live in a time when information and communication technologies are already inextricably linked to every aspect of our being. A certain paradox is that we essentially do not have the opportunity to avoid this penetration and mutual interaction with ICT, which at the same time makes us more vulnerable.

Due to information and communication technologies and interconnected services, we create a reflection of our identity or personality in the virtual world.

Our digital “me” has all the prerequisites to be “much more durable” than our physical body. Information about our activities in cyberspace, our cyber personalities, accounts and digital footprints will live on after our death thanks to the archiving of data and information about us.

As the volume of data and information stored in individual ISPs grows, the issues of their effective security, transfer or deletion are increasingly being addressed, not only on the basis of a contract entered into between the service provider and the end user but also on the basis of emerging legislation.

States, organisations and individuals are increasingly aware that information and data represent significant potential, which is increasingly attacked by cyberattacks, whether with the aim of theft, damage, inaccessibility or deletion of data.

If we want to live in today’s society and take advantage of its benefits, it is not possible to get rid of ICT, and it definitely does not make sense to stop using these technologies. It is necessary to start learning how to use these technologies and services and how to avoid, or at least eliminate, the consequences of cyberattacks.

In cyberspace, as in the real world, there is no single type of security or protection that can be universally applied to everyone. If we want to address security, we need to address it comprehensively, and we need to tailor it to each individual.