SECURITY AND PRIVACY IN AN IT WORLD: Managing and Meeting Online Regulatory Compliance in the 21st Century

Title Page

Copyright © 2017 by Craig MacKinder

All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher.

Published in 2017 by Kinetics Design, KDbooks kdbooks.ca, linkedin.com/in/kdbooks

ISBN 978-1-988360-14-0 (paperback)ISBN 978-1-988360-15-7 (ePUB)ISBN 978-1-988360-16-4 (ePDF)

Note for librarians: Canadian Cataloguing in Publication Data for this book is available from Library and Archives Canada at www.collectionscanada.ca/amicus/index-e.html.

Edited by Michael Carroll, [email protected]

Book design: Daniel Crack, Kinetics Design, kdbooks.ca, linkedin.com/in/kdbooks

Copyright

This book is dedicated to my children. I hope they will look back at this book and laugh a little at how far technology has advanced from the time of its writing to their adulthood.

Dedication

Contents

˚

Title Page

Copyright

Dedication

Contents

Introduction

˚

1 The Business Cost of Internet Freedom

Monday Morning in Japan

Examining the Biggest Threats to Global E-Commerce

Trade Made Global E-Commerce Possible

Global E-Commerce Requires Broad Internet Access

Six Main Factors Contributing to Protectionism

Trade Agreements Matter to Network Managers

˚

2 Breaking Down the Trans-Pacific Partnership (TPP)

Pros and Cons of the TPP, but an Important First Step

What the Critics Have Said

What the Advocates Have Said

The Need for a TPP-Like Agreement on Internet Technology

˚

3 New Regulations Governing Global Internet Business

The Dreaded SOX 404 Update

Dealing with Complex and Conflicting Internet Regulations

Existing Laws

˚

4 Are New Internet Regulations Helping or Hurting Business?

Measuring the Effectiveness of New Regulations

Individuals and Hackers Get Around Regulations

Policing International Cybercrimes

Ways Regulations Governing the Internet Help Businesses

Ways Regulations Governing the Internet Hurt Businesses

Protecting Privacy Helps and Hurts

Measures to Protect Privacy Online

Industry Self-Regulation Versus Government Regulation

Protecting Intellectual Property Helps and Hurts

Data Localization Could Help but Mostly Hurts

Combative Relationship Between Governments and Businesses Mostly Hurts

Oppressive Content Takedowns Only Hurt

Complications Arising from Regulations on Cloud Computing

Hybrid Cloud Systems Complicate Regulatory Compliance

Open Discussions Help Make Regulations Better

˚

5 The Cost of Protectionism on Global E-Commerce

The Global Economy Creates New Opportunities for Innovation

Regulatory Hurdles for Disruptive Businesses

New Opportunities Create More Global Wealth

Ways Growing Protectionism Could Hurt Global E-Commerce

Dangers of Cross-Border Data Restrictions

Ten Ways Protectionism Threatens Global E-Commerce

Creating the Legal Global Framework to Encourage E-Commerce

˚

6 Business Abroad in a Changing IT Regulatory Environment

Dangers of Internet Protectionism by Democracies on Global Business

Trade Imbalances That Lead to Protectionism

Complying with Restrictive Access Laws

Small and Medium-Sized Enterprises (SMEs) Liable for Compliance, Too

Countries Where Emotional Firewalls Hinder Internet Freedom

World’s Worst Violators of Internet Freedom

Protecting IP and IT in Authoritarian China

War and Lack of Internet Access Hinder Business in Middle East and North Africa (MENA) Nations

Corruption Dissuades Business Investment in Brazil, Russia, India, and China (BRIC)

Best Practices for U.S. Businesses Operating Abroad

˚

7 Third-Party Versus In-House IT Compliance Management

Change Is the Only Certainty for IT Policymakers

New Regulations Are Coming Fast and Furiously

Liability Is Shifting to Compliance Officers

Third-Party Versus In-House IT Compliance Management — Which Is Better?

In-House IT Regulatory Management — Legal or IT’s Job?

Using Third-Party Providers with Caution

˚

8 Meeting IT Regulatory Obligations

Which Regulatory Obligations Should Apply to a Business?

Managing Conflicting and Overlapping Regulations

Developing Internal IT Protocols to Ensure Compliance

Planning Internet Security for Future Global Businesses

Geopolitical Realities Will Affect Future IT Regulatory Obligations

Costs of Network Security Will Only Rise

Some Outsourced IT Providers Are Diversifying and Growing

New Technologies Will Affect Regulatory Policy

Accounting for the Internet of Things (IoT) in Global Regulations

The Role of Distributed Ledger Technology in Future E-Commerce

Steps to Meet IT Compliance Obligations Successfully

˚

9 Is a Uniform Global IT Strategy Possible?

The Future Will Bring More Technological Interconnectedness

Uniformity Requires Broader Global Internet Access

Coordinated Global Information Sharing Can Help

Concerted Internet Security Strategies Can Help Combat Cybercrime

Rising Number of Nation-State Hacks Prevents Cooperation

Creating the Global Legal Framework to Encourage E-Commerce

Areas Where Change Can Be Made Now

Will America Close Its Doors?

·

Notes

Glossary

Acknowledgments

Contents

·

·

·

Introduction

·

·

The European Union has a digital privacy act, as does Canada, the United States, and countries around the world. Every day it seems nations are enacting new laws meant to protect their citizens and their government networks from other nations.

In a world ever more dependent on technology to function, protectionism and cybersecurity fears threaten global commerce. So how is cybersecurity managed while also respecting privacy laws and meeting the many new and emerging regulations governing data collection domestically and abroad?

First, this book will examine the root cause of this insecurity around the world. What has led to a reversal of the free and open Internet for e-commerce even among European partners? Will laws such as the European Union Data Protection Directive (EUDPD), Personal Information Protection and Electronic Documents Act (PIPEDA), and Federal Information Security Modernization Act (FISMA) end up hurting the free flow of business online?

Second, this book will take a look at the effectiveness of these laws in their attempt to thwart, hinder, or prevent cyberattacks. Could it be that these disparate and sometimes conflicting laws are creating more vulnerabilities than a unified global regulatory strategy could achieve?

Finally, and most important, this book will discuss what these regulatory changes mean for business information technology (IT). Some businesses are hiring IT regulatory experts in-house as part of their legal team, while others are turning to third-party providers to ensure they are in compliance. Which strategy works best and should compliance issues be left to a chief information officer (CIO)?

Every company is different, and business goals will dictate what kind of investments need to be made to meet compliance obligations. The goal is that by the end of this book the reader will know how best to navigate the changing regulatory landscape and have a much better understanding of its legal implications.

·

1

The Business Cost of Internet Freedom

·

The Internet is the first thing that humanity has built that humanity doesn’t understand, the largest experiment in anarchy that we have ever had.

— Eric Schmidt, Executive Chairman of Alphabet, Inc.¹

·

·

Monday Morning in Japan

·

It was uncommon to have a cell phone back in 1999. It was even more uncommon when my cell phone rang at 11:00 p.m. on a Sunday night. But as the systems administrator in a growing manufacturing company, I knew what the ringing meant.

It was the director of information technology calling. His monotone instructions came through the tiny speaker: Grab your keys. I need you to meet me at the office. I haven’t been able to access the accounting systems for the past two hours.

After arriving at the office and checking only a handful of computers, I found something similar in every system. The Happy99 e-mail virus had penetrated and infected several computers, and those computers were shutting down the limited capacity of our network.

"Okay, well, let’s turn off the Internet and everyone will just have to stop using e-mail!" shouted the director in his most sarcastic tone. We knew very well that shutting off the Internet and e-mail might have been acceptable a decade earlier. But in 1999 at this American subsidiary of a Japanese manufacturing behemoth the Internet and e-mail systems were the lifeblood of the entire operation.

Although the company manufactured heavy equipment, everything outside of the assembly floor — accounting, sales, customer service, human resources, and executive management — required Internet connectivity and communications. Keeping these systems running was mission-critical, and it was the reason we were standing in the office at one in the morning!

It took several hours, but finally we removed the last remnants of the infection and blocked the incoming infected e-mails. Our security policies had failed to block this new threat, but our security response procedures gave us a clear and effective path to recovery.

Our co-workers started their Monday morning without interruption. The main office in Japan could send over sales leads, work orders, and invoices and continue normal business operations … while the other world governments allowed it.

Today, in the scenario above, it might not be as simple as removing a virus from a foreign subsidiary’s network. Regulatory hurdles might be preventing doing the job.

There might not be access to important network data because of data localization. In fact, it might even be the host country that sent the attack. A growing sense of protectionism across the globe is now threatening the free and open commerce the Internet has enabled.

All advanced nations are coming up with new regulatory strategies for protecting their own IT networks and forcing all other nations to comply. How can IT professionals and business decision-makers prevent these new measures from making global e-commerce too costly? Can the Internet stay free, or will the costs of protectionism be too great?

·

Examining the Biggest Threats to Global E-Commerce

·

Free trade, globalism, and e-commerce all have something in common: they are intricately and perhaps indivisibly tied to the Internet. It is what helped make the Internet free and open for all these years. However, this level of Internet freedom is now being challenged by protectionism on multiple fronts:

·

• Global and domestic Internet security.

• Intellectual property rights.

• Individual privacy rights.

• National sovereignty.

• Business expansion.

• International trade.

• The concept of freedom itself.

·

At the heart of these challenges are underlying insecurities. China feels threatened by U.S. dominance in cyberspace, so now its leaders have begun instituting protectionist measures to tip the playing field in their favor, particularly against U.S. technology firms. Russia, as well as other nations such as Iran, Turkey, and Pakistan, is mostly unnerved by America’s technological military capabilities. U.S. citizens are feeling threatened by cyber criminals and hackers who are constantly finding new ways to disrupt, damage, and destroy their cyber lives. And businesses in general are always afraid their innovations and business growth will be stifled by onerous regulations that end up causing more problems than they solve. Meanwhile, all of this is happening against a background of a virtually lawless digital landscape that is constantly being shaped by a confluence of geopolitics, business interests, and consumer demands.

·

Trade Made Global E-Commerce Possible

·

Politics is inextricably tied to the Internet because it was trade policy surrounding Internet technology that made the current global economy possible. Furthermore, corporate interest is also inherently tied to the Internet, and it was business interests that helped push policies to open up commerce through a free and open Internet.

At the forefront of this push were American business and government leaders. Seeing the practically immediate benefits of this new technology, the United States realized that the productivity gains and wealth creation brought about by the Internet would only increase with broader access resulting in a rapid expansion of Internet accessibility through the late 1990s and first decade of the 21st century.

Building on the decades-old infrastructure created during the previous technological boom in radio and transportation technology, new inroads were laid that facilitated global e-commerce. Markets where business investment was once fruitless suddenly became viable with new opportunities for business expansion.

Along with those changes came calls from a few corners to slow down the pace of technological revolution, but those calls were drowned out by the voices of business, governments, and individual consumers. Quite the contrary, the United States and other industrialized nations that were reaping huge rewards from these changes helped press for global trade agreements that encouraged more