Site icon IT World Canada

The Panama Papers: What does this data breach mean for IT and cybersecurity?

The Panama Papers were released by a hacker who broke into the servers of Mossack Fonseca.  So those papers are stolen property. The media does not seem to mind, but perhaps the members of the IT community should.

Information is our business. People look to us to secure their personal information, and if my personal data is stolen I certainly expect those who find it to still respect my privacy.

I once had a neighbour return some credit card statements that I had erroneously recycled. Apparently they had blown out of the recycle truck into his yard. He assured me he had not looked at the information on those statements. I think he was more upset than I was. He handled it all very well for me.

The CBC recently did a piece they called “The Age of Robin Hood Hackers” on its flagship national television news program The National. We can sympathize with Robin Hood or these hackers, but Robin Hood was an outlaw and people received stolen goods from him. Section 354 of the Canadian Criminal Code forbids possessing any property or thing obtained by crime.

So if you possess information that was obtained by an illegal hack, should you go to jail?

Information is a little different than the jewels that Robin Hood was stealing. If you have information, it does not preclude that the owner can keep the information, or that others might have gotten the information some other way that is not illegal. This week the police found many shredded documents at Mossack Fonseca that were bound for recycling.  Assembling those pieces would get you the same information as a digital copy. You don’t even need the copy. You can obtain information just by looking at it. Most different of all is the fact that Robin Hood can never just give these jewels back. Distributing information using our digital networks makes a breach of privacy a permanent worldwide event.

A 2014 RCMP report lists fraud, identity theft and intellectual property infringements as cybercrimes they need to focus on. This idea of crime motivated by the “right of the public to know” instead of the usual personal and monetary motivations is low on their radar. Or it was. You can bet the high profile people who were impacted by the Panama Papers will add their weight to the American government who were so impacted by Snowden.

We may secretly hope that private information about bad people gets found and the truth gets out. But we certainly do not want our own information posted where others can use it or question us about it. As this kind of “leak” gets more common, the persecution and the penalties will increase. So you may not want to be found in possession of stolen information. So what are you supposed to do the next time someone tries to show you the Panama Papers? Don’t Look?

I like that there is becoming a set of protocols when a privacy breach happens. Everyone who is affected is notified. They are told what the thieves found, and what steps the company is taking and what they as an individual should take. I’m thinking Mossack Fonseca will have their hands full doing that.

Can we, as the Information Management community, recommend anything else that would protect the good guys and not the bad guys?

 

Exit mobile version