Latest news with #MikeChapple
Japan Today
22-07-2025
- Japan Today
Your data privacy is slipping away – here's why, and what you can do about it
By Mike Chapple Cybersecurity and data privacy are constantly in the news. Governments are passing new cybersecurity laws. Companies are investing in cybersecurity controls such as firewalls, encryption and awareness training at record levels. And yet, people are losing ground on data privacy. In 2024, the Identity Theft Resource Center reported that companies sent out 1.3 billion notifications to the victims of data breaches. That's more than triple the notices sent out the year before. It's clear that despite growing efforts, personal data breaches are not only continuing, but accelerating. What can you do about this situation? Many people think of the cybersecurity issue as a technical problem. They're right: Technical controls are an important part of protecting personal information, but they are not enough. As a professor of information technology, analytics and operations at the University of Notre Dame, I study ways to protect personal privacy. Solid personal privacy protection is made up of three pillars: accessible technical controls, public awareness of the need for privacy, and public policies that prioritize personal privacy. Each plays a crucial role in protecting personal privacy. A weakness in any one puts the entire system at risk. The first line of defense Technology is the first line of defense, guarding access to computers that store data and encrypting information as it travels between computers to keep intruders from gaining access. But even the best security tools can fail when misused, misconfigured or ignored. Two technical controls are especially important: encryption and multifactor authentication. These are the backbone of digital privacy – and they work best when widely adopted and properly implemented. Encryption uses complex math to put sensitive data in an unreadable format that can only be unlocked with the right key. For example, your web browser uses HTTPS encryption to protect your information when you visit a secure webpage. This prevents anyone on your network – or any network between you and the website – from eavesdropping on your communications. Today, nearly all web traffic is encrypted in this way. But if we're so good at encrypting data on networks, why are we still suffering all of these data breaches? The reality is that encrypting data in transit is only part of the challenge. Securing stored data We also need to protect data wherever it's stored – on phones, laptops and the servers that make up cloud storage. Unfortunately, this is where security often falls short. Encrypting stored data, or data at rest, isn't as widespread as encrypting data that is moving from one place to another. While modern smartphones typically encrypt files by default, the same can't be said for cloud storage or company databases. Only 10% of organizations report that at least 80% of the information they have stored in the cloud is encrypted, according to a 2024 industry survey. This leaves a huge amount of unencrypted personal information potentially exposed if attackers manage to break in. Without encryption, breaking into a database is like opening an unlocked filing cabinet – everything inside is accessible to the attacker. Multifactor authentication is a security measure that requires you to provide more than one form of verification before accessing sensitive information. This type of authentication is more difficult to crack than a password alone because it requires a combination of different types of information. It often combines something you know, such as a password, with something you have, such as a smartphone app that can generate a verification code or with something that's part of what you are, like a fingerprint. Proper use of multifactor authentication reduces the risk of compromise by 99.22%. While 83% of organizations require that their employees use multifactor authentication, according to another industry survey, this still leaves millions of accounts protected by nothing more than a password. As attackers grow more sophisticated and credential theft remains rampant, closing that 17% gap isn't just a best practice – it's a necessity. Multifactor authentication is one of the simplest, most effective steps organizations can take to prevent data breaches, but it remains underused. Expanding its adoption could dramatically reduce the number of successful attacks each year. Awareness gives people the knowledge they need Even the best technology falls short when people make mistakes. Human error played a role in 68% of 2024 data breaches, according to a Verizon report. Organizations can mitigate this risk through employee training, data minimization – meaning collecting only the information necessary for a task, then deleting it when it's no longer needed – and strict access controls. Policies, audits and incident response plans can help organizations prepare for a possible data breach so they can stem the damage, see who is responsible and learn from the experience. It's also important to guard against insider threats and physical intrusion using physical safeguards such as locking down server rooms. Public policy holds organizations accountable Legal protections help hold organizations accountable in keeping data protected and giving people control over their data. The European Union's General Data Protection Regulation is one of the most comprehensive privacy laws in the world. It mandates strong data protection practices and gives people the right to access, correct and delete their personal data. And the General Data Protection Regulation has teeth: In 2023, Meta was fined €1.2 billion (US$1.4 billion) when Facebook was found in violation. Despite years of discussion, the U.S. still has no comprehensive federal privacy law. Several proposals have been introduced in Congress, but none have made it across the finish line. In its place, a mix of state regulations and industry-specific rules – such as the Health Insurance Portability and Accountability Act for health data and the Gramm-Leach-Bliley Act for financial institutions – fill the gaps. Some states have passed their own privacy laws, but this patchwork leaves Americans with uneven protections and creates compliance headaches for businesses operating across jurisdictions. The tools, policies and knowledge to protect personal data exist – but people's and institutions' use of them still falls short. Stronger encryption, more widespread use of multifactor authentication, better training and clearer legal standards could prevent many breaches. It's clear that these tools work. What's needed now is the collective will – and a unified federal mandate – to put those protections in place. Mike Chapple is Teaching Professor of IT, Analytics, and Operations, University of Notre Dame. The Conversation is an independent and nonprofit source of news, analysis and commentary from academic experts. External Link © The Conversation
Yahoo
03-07-2025
- Sport
- Yahoo
Medal for sailing coach's 'remarkable' achievement
A sailing coach from Guernsey has been presented with a British Empire Medal (BEM) by the island's lieutenant-governor for his services to youth sailing. Mike Chapple has nurtured the island's young sailing talent for 30 years, leading them to success at international competitions. His students include an Under-21 European bronze medallist, who was also selected for the 2020 Tokyo Olympic trials, and Island Games gold medallists. Gen Richard Cripwell presented the medal on behalf of King Charles III and said Mr Chapple's "dedication to young people is quite remarkable". "For me, his greatest achievement lies in the great number of young islanders who have furthered their confidence, fitness, competitive spirit and love of the sea. All thanks to him," he added. Mr Chapple was awarded the medal in the King's New Year's Honours List. More news stories for Guernsey Listen to the latest news for Guernsey It was presented by Gen Cripwell in a formal ceremony at Guernsey's Government House on Thursday evening, watched by members of Mr Chapple's family, along with friends and colleagues. "I was truly delighted to present him with the BEM today on behalf of His Majesty The King," Gen Cripwell said. Mr Chapple's involvement with sailing began as a father who wanted to ensure young people in Guernsey had the facilities and training to compete. He said: "I didn't go into the sport or teach with the hope I would get something, but recognition is very nice. My late wife would have been really proud." Mr Chapple said he "really enjoys sailing and the competitive side of sailing", adding it had been "an honour" to coach the island's young people. Other students of Mr Chapple have been selected by the Royal Yachting Association to train and compete in dinghy fleets with regional and national junior youth squads. He also launched Pirates in the Pond with the Guernsey Sailing Trust, a programme to teach five-year-olds and up sailing on the model yacht pond in St Peter Port. Mr Chapple is now retired, but he still funds off-island coaching trips from his own pocket, the Government House said. Follow BBC Guernsey on X and Facebook and Instagram. Send your story ideas to Islanders recognised in King's Birthday Honours Guernsey to welcome 150 yachts in sailing events Young sailing crews to race across Channel Government House
BBC News
03-07-2025
- Sport
- BBC News
British Empire Medal for sailing coach's 'remarkable' achievement
A sailing coach from Guernsey has been presented with a British Empire Medal (BEM) by the island's lieutenant-governor for his services to youth Chapple has nurtured the island's young sailing talent for 30 years, leading them to success at international students include an Under-21 European bronze medallist, who was also selected for the 2020 Tokyo Olympic trials, and Island Games gold Richard Cripwell presented the medal on behalf of King Charles III and said Mr Chapple's "dedication to young people is quite remarkable". "For me, his greatest achievement lies in the great number of young islanders who have furthered their confidence, fitness, competitive spirit and love of the sea. All thanks to him," he Chapple was awarded the medal in the King's New Year's Honours List. It was presented by Gen Cripwell in a formal ceremony at Guernsey's Government House on Thursday evening, watched by members of Mr Chapple's family, along with friends and colleagues."I was truly delighted to present him with the BEM today on behalf of His Majesty The King," Gen Cripwell said. Funded coaching trips Mr Chapple's involvement with sailing began as a father who wanted to ensure young people in Guernsey had the facilities and training to compete. He said: "I didn't go into the sport or teach with the hope I would get something, but recognition is very nice. My late wife would have been really proud."Mr Chapple said he "really enjoys sailing and the competitive side of sailing", adding it had been "an honour" to coach the island's young students of Mr Chapple have been selected by the Royal Yachting Association to train and compete in dinghy fleets with regional and national junior youth also launched Pirates in the Pond with the Guernsey Sailing Trust, a programme to teach five-year-olds and up sailing on the model yacht pond in St Peter Chapple is now retired, but he still funds off-island coaching trips from his own pocket, the Government House said.
Al Jazeera
21-02-2025
- Al Jazeera
Apple, in a first, drops end-to-end cloud encryption for UK users
Apple has said it will stop offering an advanced data security option for British users after the government reportedly demanded that the company provide backdoor access for any data those users have stored in the cloud. The iPhone maker said on Friday its Advanced Data Protection encryption feature is no longer available for new users in the United Kingdom and will eventually be disabled for existing users. Advanced Data Protection, which Apple started rolling out at the end of 2022, is an opt-in feature that protects iCloud files, photos, notes and other data with end-to-end encryption when they're stored in the cloud. British security officials demanded in a secret order that the United States tech giant create so-called backdoor access so that they could view fully encrypted material, The Washington Post reported earlier this month, citing anonymous sources. Apple 'can no longer offer Advanced Data Protection' in the UK, the company said in a statement. 'We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy,' Apple said, without referring to the government demand. The Washington Post report said the British government served Apple with what's known as a 'technical capability notice', ordering it to provide access under a sweeping law called the Investigatory Powers Act of 2016, which has been dubbed the snoopers' charter. The law officially gives British spies the ability to hack into devices and harvest vast amounts of bulk online data, much of it from outside the UK. It contains provisions to compel companies to remove encryption to allow for electronic eavesdropping, while making it a criminal offence to reveal that the government has issued such demands. 'We do not comment on operational matters, including, for example, confirming or denying the existence of any such notices,' the UK. Home Office said in a brief statement. 'Reduced security' Apple did not reveal how many users in the UK have been using Advanced Data Protection. It said the feature would still be available to users in the rest of the world. Some types of data will still be end-to-end encrypted in the UK by default, Apple said, including passwords on the iCloud Keychain, information on the Health app, and communications on services including iMessage and FaceTime. End-to-end encryption means that messages are scrambled so that only the sender and recipient can see them. If anyone else intercepts the message, all they will see is a garble that can't be unscrambled without the key. The episode illustrates 'one of the fundamental flaws in government efforts to undermine encryption,' said Mike Chapple, an IT professor at the University of Notre Dame's Mendoza College of Business. Faced with having to choose between security and complying with government regulations, companies like Apple tend to remove security features entirely, said Chapple, a former computer scientist at the National Security Agency. 'The net effect is reduced security for everyone. If other governments follow the UK's lead, we risk a future where strong encryption is functionally outlawed, which puts all of us at risk not just to government surveillance but also to eavesdropping by other bad actors.'
Yahoo
21-02-2025
- Business
- Yahoo
Apple drops encryption feature for UK users after government reportedly demanded backdoor access
LONDON (AP) — Apple said Friday it will stop offering an advanced data security option for British users after the government reportedly demanded that the company provide backdoor access for any data those users have stored in the cloud. The iPhone maker said its Advanced Data Protection encryption feature is no longer available for new users in the United Kingdom and will eventually be disabled for existing users. Advanced Data Protection, which Apple started rolling out at the end of 2022, is an opt-in feature that protects iCloud files, photos, notes and other data with end-to-end encryption when they're stored in the cloud. See for yourself — The Yodel is the go-to source for daily news, entertainment and feel-good stories. By signing up, you agree to our Terms and Privacy Policy. British security officials demanded in a secret order that the U.S. tech giant create so-called backdoor access so that they could view fully encrypted material, The Washington Post reported earlier this month, citing anonymous sources. Apple 'can no longer offer Advanced Data Protection' in the U.K., the company said in a statement. 'We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy,' Apple said, without referring to the government demand. The Washington Post report said the British government served Apple with what's known as a 'technical capability notice" ordering it to provide the access under a sweeping law called the Investigatory Powers Act of 2016, which has been dubbed the snoopers' charter. The law officially gives British spies the ability to hack into devices and harvest vast amounts of bulk online data, much of it from outside the U.K. It contains provisions to compel companies to remove encryption to allow for electronic eavesdropping, while making it a criminal offense to reveal that the government has issued such demands. 'We do not comment on operational matters, including for example confirming or denying the existence of any such notices," the U.K. Home Office said in a brief statement. Apple did not reveal how many users in Britain have been using Advanced Data Protection. It said the feature would still be available to users in the rest of the world. Some types of data will still be end-to-end encrypted in the U.K. by default, Apple said, including passwords on the iCloud Keychain, information on the Health app, and communications on services including iMessage and FaceTime. End-to-end encryption means that messages are scrambled so that only the sender and recipient can see them. If anyone else intercepts the message, all they will see is a garble that can't be unscrambled without the key. The episode illustrates 'one of the fundamental flaws in government efforts to undermine encryption," said Mike Chapple, an IT professor at the University of Notre Dame's Mendoza College of Business. Faced with having to choose between security and complying with government regulations, companies like Apple tend to remove security features entirely, said Chapple, a former computer scientist at the National Security Agency. 'The net effect is reduced security for everyone. If other governments follow the UK's lead, we risk a future where strong encryption is functionally outlawed, which puts all of us at risk not just to government surveillance but also to eavesdropping by other bad actors.'
