Rollback of FCC privacy requirements could have broad repercussions

Last week the United States Congress made the rather unsettling decision to roll-back FCC privacy regulations that prohibited ISPs from selling customers' browser history and other personal information without their permission.  This decision could impact enterprise cybersecurity, experts say.

Maria Korolov, of CSO, exmaines these repercussions.

Read an excerpt below from CSO's Maria Korolov that features Jeff Williams, the CTO and Co-founder of Contrast Security.  Or, click here to read her full article.

"...One particularly worrisome aspect is the rollback of breach notification requirements, said Jeff Williams, CTO and cofounder at Contrast Security.

"The idea that ISPs don’t have to disclose breaches is just irresponsible," he said. "And with the cybersecurity threat higher than ever, the timing couldn’t be worse. I’ve argued for years that the best path to better cybersecurity is more visibility."

"Companies make better cybersecurity decisions when they have to be transparent about their security practices and breaches, he said. "Breach disclosure has worked and should be expanded – perhaps even establishing stronger federal rules," he said.

"Meanwhile, companies can no longer rely on security provided by their ISPs, or the security at the other end of the connection from the ISPs used by their customers, employees and business partners, he said. That means that all communications everywhere should be using encrypted channels."

"I’m concerned that this is all a smokescreen to help undermine the use of encryption and allow law enforcement to gain access to internet communications," he added. "I’m hopeful that this will backfire completely and encourage increased use of VPNs."