Good.
Every time data is shared it increases the risk of nefarious actors gaining access.
In fact, people, companies and governments that have information about individuals should be ring-fenced and isolated. With the servers air-gapped* so there is no direct connection to the internet. If they can't do that they aren't competent to have the data in the first place.
Too clumsy? Too onerous? Then stop the data collection.
From the New York Times, May 23:
Nations are accelerating efforts to control data produced within their perimeters, disrupting the flow of what has become a kind of digital currency.
Every time we send an email, tap an Instagram ad or swipe our credit cards, we create a piece of digital data. The information pings around the world at the speed of a click, becoming a kind of borderless currency that underpins the digital economy. Largely unregulated, the flow of bits and bytes helped fuel the rise of transnational megacompanies like Google and Amazon and reshaped global communications, commerce, entertainment and media.
Now the era of open borders for data is ending.
France, Austria, South Africa and more than 50 other countries are accelerating efforts to control the digital information produced by their citizens, government agencies and corporations. Driven by security and privacy concerns, as well as economic interests and authoritarian and nationalistic urges, governments are increasingly setting rules and standards about how data can and cannot move around the globe. The goal is to gain “digital sovereignty.” Consider that:In Washington, the Biden administration is circulating an early draft of an executive order meant to stop rivals like China from accessing American data.
In the European Union, judges and policymakers are pushing efforts to guard information generated within the 27-nation bloc, including tougher online privacy requirements and rules for artificial intelligence.
In India, lawmakers are moving to pass a law that would limit what data can leave the nation of almost 1.4 billion people.
The number of laws, regulations and government policies that require digital information to be stored in a specific country more than doubled to 144 from 2017 to 2021, according to the Information Technology and Innovation Foundation.While countries like China have long cordoned off their digital ecosystems, the imposition of more national rules on information flows represents a fundamental shift in the democratic world and alters how the internet has operated since it became widely commercialized in the 1990s.
The repercussions for business operations, privacy and how law enforcement and intelligence agencies investigate crimes and run surveillance programs are far-reaching. Microsoft, Amazon and Google are offering new services to let companies store records and information within a certain territory. And the movement of data has become part of geopolitical negotiations, including a new pact for sharing information across the Atlantic that was agreed to in principle in March.
“The amount of data has become so big over the last decade that it has created pressure to bring it under sovereign control,” said Federico Fabbrini, a professor of European law at Dublin City University who edited a book on the topic and argues that data is inherently harder to regulate than physical goods.
For most people, the new restrictions are unlikely to shut down popular websites. But users might lose access to some services or features depending on where they live. Meta, Facebook’s parent company, recently said it would temporarily stop offering augmented reality filters in Texas and Illinois to avoid being sued under laws governing the use of biometric data.
The debate over restricting data echoes broader fractures in the global economy. Countries are rethinking their reliance on foreign assembly lines after supply chains sputtered in the pandemic, delaying deliveries of everything from refrigerators to F-150s. Worried that Asian computer chip producers might be vulnerable to Beijing’s influence, American and European lawmakers are pushing to build more domestic factories for the semiconductors that power thousands of products.
Shifting attitudes toward digital information are “connected to a wider trend toward economic nationalism,” said Eduardo Ustaran, a partner at Hogan Lovells, a law firm that helps companies comply with new data rules.
The core idea of “digital sovereignty” is that the digital exhaust created by a person, business or government should be stored inside the country where it originated, or at least handled in accordance with privacy and other standards set by a government. In cases where information is more sensitive, some authorities want it to be controlled by a local company, too....
Just ten years ago the neo-Luddite approach was easier than it is today when even air-gapped servers with zero connections to the web can be monitored.We mentioned this in the introduction to 2018's "Science Academies Urge Paper Ballots for all US Elections":Following on the MIT Technology Review piece immediately below.But taking the grid offline can and probably should be done.
Back in the dark ages, 2010 or so, the gold standard of network security was physically isolating a computer from any other and from intranets and internets, so called air-gapping.
Sweet innocent days gone by.
Over the last five or ten years that ultimate security approach, a literal air-gap surrounding the target computer, has been beaten with at least a half-dozen different approaches.
So the advice in the piece below is already behind the times if the polling place is relaying voting numbers over the internet but at least it is a start.
Seriously, we used to say the only secure computer was one not connected to the internet, ha!
Lifted in toto from the journal Nature, September 6....