Written by Miguel Ángel Culiáñez
Índice
Some recent security developments
On Tuesday, February 5, as every year since 2004, the Safer Internet Day (SID) took place. It is a day promoted by the European Commission to raise awareness and generate debate in society about the need to enjoy an increasingly safer Internet.
Since its creation, the SID has spread to more and more countries thanks to the collaboration of different national authorities, and is now widely used in more than 100 countries. In the case of Spain, this day is supported by the National Institute of Cybersecurity (INCIBE).
From Human Level we have considered it appropriate to join this initiative by reminding you of some of the most recent developments that have arisen in order to have a secure and reliable Internet.
We consider it very important for economic and social development to be able to enjoy access to information through the Internet in a secure manner, ensuring the dissemination of content that is both enriching and truthful. Similarly, no one now doubts the enormous potential that online commerce represents for economic growth. Reliance on reliable and transparent commercial exchanges is a key element in enabling this and other opportunities linked to the development of the Internet to take hold in the coming years and decades.
Here are some of the most significant developments in relation to security and trust in the use of the Internet:
HTTPS protocol
Google’s efforts to please and to make its services attractive to the end user are constant, and this includes offering the most reliable information search and browsing experience possible. It is therefore not surprising that few websites have not yet implemented one of the technology giant’s basic security requirements: HyperText Transfer Protocol Secure(HTTPS).
By implementing this protocol, we will be making the information transferred between the device from which the user is browsing and our website confidential, as it is an encrypted data exchange.
We will also be authenticating that our website is hosted on a trusted server by showing the browser a certificate that certifies it as a secure provider. In this sense, the most common type of certificate is called SSL(Secure Sockets Layer). If you want to know how to implement an SSL certificate in a simple way for your website, we recommend you to learn more by reading the article Let’s Encrypt, free SSL certificates for your website with HTTPS by our colleague María Navarro.
Finally, another advantage of the HTTPS protocol lies in the fact that the data transferred between your website and the user will always be kept intact, i.e., not only will they be encrypted, but they cannot be damaged or modified.
The Trust Project
Another aspect that cannot be overlooked when it comes to generating trust is the accuracy and veracity of the information that we can access through the Internet. Logically, some of the actors most concerned in this regard are the media, whose success or failure depends to a large extent on the trust they have managed to build with their audience.
The network of networks has meant great access to information and this has brought with it the emergence of such current phenomena as the so-called fake news. The excess of information and the ease with which it can be disseminated has sometimes allowed the infiltration of unverified news. News that, without having gone through the corresponding verification filters, have managed to gain a foothold in public opinion and have been assumed to be true.
This problem has recently led to the launching of interesting initiatives such as The Trust Project. This project consists of the creation of an international consortium of media outlets, which have pooled standards to ensure the reliability of the information disseminated on the Internet. Concepts such as transparency, accuracy and impartiality of information make up the purpose of this ambitious project.
In Spain, media outlets such as El Pais and El Mundo have already joined The Trust Project’ s commitment, and external collaborators such as Google, Facebook, Twitter and Microsoft have also contributed to the project.
The collaboration between the media involved in the project and the “distributors” of information on the Web (search engines and social networks) can be summarized as follows definition of a series of confidence indicators, created to establish and accredit in an automated manner the reliability of the medium that signs a specific piece of information.
We encourage you to find out more about The Trust Project through the official website of El País, which provides detailed information about the project.
Medical Update from Google
One of the updates to Google’s algorithm that has been the most talked about during the second half of the past year 2018 has been the so-called “Medical Update“.
At the beginning of August 2018 the Mountain View announced tersely (as usual on the other hand) the third update in the algorithm so far this year. An update closely related to aspects of trust in the use of the Internet, and more specifically with the use of the information provided from its search engine. The reason for this can be deduced from the name of the update itself, and that is that with this change Google implemented a strict review of the positioning of health-related websites (hence the name medical). However, the truth is that the algorithm update went further and affected not only sites dedicated to health information, but also those related to financial aspects.
It should be noted that the reality is that sites with a link not so close to both sectors (health and finance) have also been affected worldwide to a greater or lesser extent, but the focus of the change in the algorithm was clearly placed on the two sectors mentioned above.
In summary, Google has taken into account that the information offered through its search engine can affect important aspects of its users’ lives, such as their health and pocketbook.The company’s algorithm has therefore begun to scrutinize the information transmitted and how rigorously those websites that deal with such sensitive and transcendental topics. In Google’s own words, these are websites called YMYL(Your Money or Your Life).
We are therefore faced with a clear example of responsibility and involvement in matters of security and trust on the part of such an important player in everything related to the dissemination of information on the Internet as Google.
Regulatory developments (GDPR and PSD2)
The voluntary initiatives of the different participants in the Internet ecosystem in favor of security and trust in shared information have also been accompanied by official regulations. Thus, the institutions have also proposed to take part in this matter and to support the reliable use of the network by means of the law.
Recent examples of this can be seen in the European harmonization of legislation on data protection and online payments. We are referring to the General Data Protection Regulation (GDPR) and thePayment Services Directive 2 (PSD2).
After two years of transition, last May 25, 2018, the GDPR came into force in Spain. The aim of this regulation is to ensure that the countries that make up the EU apply a common regulation in key safety aspects.
It highlights the change of doctrine with respect to the main law that governed in our country in this area (LOPD) before the entry into force of the RGPD, because from a model consisting of compliance with a series of standard security measures to an approach in which each company must play a more active role. depending on the sensitivity of the information it handles. Data protection should no longer be understood as a mere bureaucratic formality, but as something fully integrated into the organization’s philosophy and procedures.
Each organization must establish the level of risk associated with the information it handles. As a general rule, the fundamental and most common risks to watch out for are the unlawful and unauthorized processing of all personal data we collect, as well as the loss or damage (to some extent) of such data.
In other words, any organization or professional handling personal data must proactively ensure the protection and integrity of such data as diligently as possible. To this end, both organizational and technical measures must be put in place.
The second major development in security regulation that 2018 brought with it was the entry into force in our country of PSD2. The history of this regulation dates back to 2007 with the creation of the first European-wide Payment Services Directive. In November 2015, the European Commission put forward a revision of the Directive, giving rise to the emergence of the current PSD2(Payment Services Directive 2).
In essence, the mission of PSD2 is to promote the development of a common electronic payments market for all the countries that make up the European Union. Its entry into force in Spain was scheduled for January 2018, but due to different vicissitudes of the political agenda the truth is that its arrival did not become a reality until November 24 last year.
The interesting thing about this new regulation is that it defines certain security aspects for the user that are aimed at reinforcing confidence in electronic payment transactions. In this regard, we could highlight the establishment of 15 days as a maximum period for entities to resolve any user complaint in relation to an online payment process. Similarly, PSD2 makes it mandatory for financial institutions to set up a strong authentication system when the user accesses his account or makes a payment over the Internet. Therefore, implementing the so-called two-step verification to ensure that an online payment transaction is actually made by the user becomes mandatory.
However, it should be noted that the entry into force of this mandatory two-step authentication will not be enforceable by regulators until September 2019.
Security, a key aspect for the future of the Internet
In conclusion, efforts by technology companies, media and government agencies to build an increasingly secure Internet continue to make progress. Here we have shown you some recent examples of this, but at Human Level we are convinced that, with the efforts of all parties involved, the measures and technical advances in this regard will continue to grow year by year, until we consolidate increasingly reliable and secure commercial and information exchanges through the network.