укр eng рус est


Recent news
Chambers Europe

“The team was recently visible advising on a number of pharmaceutical cases. Sources agree that the team is “moving in the right direction” and are particularly impressed by its work in the pharmaceutical sector”.


How to Protect Yourself from E-Espionage


By: Zhanna Bilenko
Source: The Obozrevatel

In the wake of a scandal involving National Security Agency contractor Edward Snowden who leaked details of several top-secret mass surveillance programs administered by the NSA, the importance of personal data security has gained a new momentum.

Jumping on the bandwagon, Ukrainian NGOs and social activists said they planned to sue Google and have the Internet giant review its privacy policy. And Ukrainian MPs proposed to set up an ad-hoc inquiry committee to detect potential threats to Ukraine’s national security by surveillance programs of United States secret services.

The Obozrevatel offers some tips on protecting yourself from data collection and malware delivered by our experts.

Big Brother’s watching

Ukrainian Association for Personal Data Protection announced its intention to file a privacy lawsuit in California against Google and Russian social network VKontakte.

The lawsuit will be brought after the State Service for Personal Data Protection presents its findings on how Google and VKontakte care for the privacy of their Ukrainian users.

In turn, Ukrainian Cabinet said it will request the representative offices of the two companies to review their privacy policies following the audit of their advertising activities.

The State Service for Personal Data Protection has recently voiced its official stance. It believes that personal data of Ukrainian users are underprotected. Notably, both companies process personal data for advertising purposes but omit to advice the users that they can complain to the authorities.

Ukrainians are not first to sue Google. On July 11 earlier this year, French human rights advocates have promised to bring legal action against two Internet giants, Google and Facebook. According to the Agence France-Presse, human rights activists believed that both of them provided servers to US intelligence services to collect personal data.

However, Google itself had to fight for privacy. This June, in a closed-to-the-public hearing held in San Francisco Google challenged FBI’s authority to access the data it holds on behalf of its users. According to CNET, every year Google receives from FBI the so-called National Security Letters demanding it to disclose information on certain users. What’s worse, these demands are warrantless and require no court approval. In response, both FBI and NSA referred to the USA PATRIOT Act allowing them to demand disclosure of user details without judicial review as long as it is relevant to a national security investigation.

Google attempted to resist by challenging nineteen FBI disclosure requests but lost the suit. The judge explained that it could try again, stressing that the company had only raised broad arguments, not ones «specific to the nineteen Security Letters at issue».

The all-seeing eye of Uncle Sam

Adding to the noise, Ukrainian MPs went to criticize NSA and FBI, the «all-seeing eye» of the United States. So, for example, MP Vadym Kolesnichenko suggested setting up a committee of inquiry to identify threats to Ukraine’s national security posed by US surveillance programs aimed at collecting personal data.

The inquiry committee, he said, would be scrutinising the security of various databases during a year. Kolesnichenko also told the media that the US knew everything about Ukraine since all Ukrainian technology used chips designed in the United States.

Obviously though, his greatest concern is the Parliament’s database that can be downloaded by U.S. intelligence.

The end of privacy era

The privacy era is over, that’s what Yuri Syvitsky, a member of the Supervisory Board of Intecracy Group consortium, told the Obozrevatel. He came up with some tips on how to protect yourself from various secret services, from marketing firms that prey for you on the Web, hackers and business and political rivals.

Not everyone is of interest to intelligence services, Syvitsky argues, and when it happens it must be for a good reason like an investigation. If you have no criminal record and are not linked to terrorists, you are unlikely to be tracked. It just does not make sense – people can’t process that lot of information. Personalization is the keyword for intelligence agencies: they need to make sure that data are personalized and the user himself is identified as a real person.

«The danger is that you can be interrogated only on the basis that you have posted some controversial photos or hobbies on your page in a social network or stated, even as a joke, that you hold membership in an ultra-extremist organization or share their views», Syvitsky told the Obozrevatel.

To avoid trouble with secret services, be sure not to send any really sensitive information via the Internet in the first place, particularly if the connection is unsecured (e.g., free internet services and hosting sites). And, importantly, do not to disclose any extra information about yourself such as hobbies, political views, sexual preferences, health and any other data that you want to keep in secret, says the expert.

Another kind of threat is marketing firms who make the so-called «digital portraits». They do not care for your personal details such as name, ID or a social security number. What they are really interested in is the user’s behavior, they want to know what sites you visit and how much time you spend on this or that page, what you are typing into search engines, what pictures does you are on and to which other users you are connected.

«This kind of information is to personalize advertising – Syvitsky says. – Say, you search «buy digital camera in Kiev» on Google, in less than a week digital camera ads will flash on the pages you visit. The danger is that you do not know how these data will be used in future and who is going to get them. After all, what matters for digital sales is not the price difference but the outreach with maximum personalization. Providers who have collected enough user profiles sell them in bulk to other merchants».

There is a way to fight marketing firms, Syvitsky says. In the settings of your browser, check that you don’t want to be tracked you and to see any pop-up ads. It is also useful to disable cookies. On top of that, you may consider installing an extension like AdBlock. Another option is a paid subscription to an anonymizer. In addition to anonymity, it allows to buy online from American sites that block access to overseas users.

There is another dangerous kind of folk called «intruders». They collect any information they can sell. In particular, they are interested in passwords to social networks and free Internet services (e-mail, instant messengers, file sharing services) than can be used to send spam. Computers are often infected with viruses and used for DDOS attacks.

To keep off cyber-criminals, an Internet Security class antivirus is required.

«It is worth noting that many antivirus software developers offer free versions for home use. These also provide good protection», Syvitsky said. «Remember that using counterfeit or «warez» software is risky: «cracked» programs often come infected with viruses – pirates are not doing it out of love for humanity.»

Most dangerous criminals collect information to access credit and debit cards, so it’s better not to store your card number, validity and CCV2 code on your computer. Use a separate card for online payments with only a small amount on it so that in case of theft the damage is minimal, the expert recommends. Remember that, with today’s state of technology, making a clone of a SIM-card and successfully signing in to the bank’s payment system has never been easier.

Business competitors and political rivals often resort to the so-called «competitive espionage». Most of them are interested in private correspondence, especially if it involves sensitive documents and confidential information, to obtain incriminatory evidence.

«Virtually every serious-minded company has those IT guys who watch over sensitive information,» Syvitsky said. «In some cases, an integrated data security system can be required by law. However, this one is completely useless if the employees bring their own devices or make use of free Web-based services. A spectacular example was a hacked free mailbox of a celebrated Ukrainian attorney Sergei Vlasenko. In the meantime, a paid secure business-class mailbox will cost you as little as UAH 100 a month. For public notaries, secured mailbox is also an option to consider».

According to the expert, a research done by his company in Kiev showed that 97% of public notaries use free email services to send their clients’ documents. When asked if they would like to shift to paid services, all of them said no. Obviously, they are not aware of the risk their clients are facing.

Another soft spot is smartphones. Smartphones often come with malware that records conversations and sends them to bad guys via Internet.

«To avoid this, always be sure to have an antivirus / antispyware software installed on your mobile device or tablet. This kind of programs track any unauthorised data transmissions», Syvitsky says. «It is also important to get software only from trusted sources such as application stores where it is verified by the developer of the operating system (e.g., Google or Apple). Never accept any downloads via Bluetooth if it comes from an unknown or unidentified device. Never follow unknown links and respond to SMS soliciting. And better keep your Wi-Fi, GPS and Bluetooth off whenever you don’t need them».

Remember that all SMS messages are saved and stored forever. So are your comments on forums, websites and social networks. They are not only stored but also analyzed. Accordingly, before you speak, write or share a picture, think carefully what implications it might have in a few years or under different circumstances, the expert said.

«Say, you posted a negative review about a company, and some time later you get hired by that company. One silly phrase said years ago can affect you career», he continued. «It’s the same with people: you don’t know when you come across with a news commentator you once clashed with».

Taras Utiralov, an attorney with Ilyashev and Partners, encouraged the readers of the Observer to be very cautious when signing in to various Internet services, including foreign ones.

«Virtually every registration requires you to provide some personal information», Utiralov told the Observer. «Typically, users must agree to the terms of use which include handling of personal data. In case of foreign websites, their rules for processing personal information may differ from Ukrainian requirements as they are based on foreign law. Of course you can claim that the dispute is governed by Ukrainian laws when filing a personal data protection lawsuit abroad, but there is little chance are it will work.»

Websites’ terms of use that we accept during registration are in fact adhesion contracts. They provide little or no opportunity to negotiate the terms, and if the user finds some provisions unacceptable, he cannot suggest changes and must do without the service. In effect, you find yourself facing a choice: «take it or leave it», he said.

«Everyone therefore decides for himself», Utiralov concluded. «Of course the intervention of the State Service for the Protection of Personal Data and numerous user requests can make some of the service providers change their policies. However, the best way of protecting your personal data on foreign sites is to think well before submitting this or that information while you register, and whether it is worth it».

© 2021 Ilyashev & Partners / Mobile version