In a society based around computers, we entrust these devices a lot of personal and professional data. To maintain these valuable items, we entrust companies such as Avast, AVG, Kaspersky Lab, McAfee, Webroot, and other antivirus companies to not only protect our computers from malware and viruses but to also maintain a level of privacy when accessible to them. In a recent report from AV-Comparatives (an antivirus testing and comparison organization), they found that your antivirus product may have a list of web pages you’ve visited along with your sensitive personal documents!
Released in May 2014, AV-Comparatives performed a study that analyzed the antivirus products running in the background of a computer and what they sent to the antivirus company. Another aspect they inspected was the End User License Agreements (EULA) that many users, like myself, neglect to read. Lastly, a questionnaire was sent to antivirus company, so they can fully explain the extent of their products and their purpose.
As a result, companies answered with unfitting answers that contradicted what their products actually did! For instance, some companies will assign your system a unique identification number and transmit a list of visited websites, whether they are malicious or safe. Companies can also transmit your computer’s name, local IP address, language, running processes, and Windows username to the antivirus company. More importantly, these companies can also access documents or sensitive items that may be private for you, if they deem it as ‘suspicious’.
[For specifics on this study, click here!]
With this situation being an issue of privacy, there are a few laws geared toward cybersecurity and privacy. The Electronic Communications Privacy Act (ECPA), passed in 1986, allows the U.S. government to access digital communications such as email, social media messages, and information on public cloud databases. With a subpoena, the government is allowed to access more information. This can apply to different companies, such as Google, Facebook, Avast, etc.
A more recent law that has passed was the Children’s Online Privacy Protection Act (COPPA). Originally passed in 2000, it was the first U.S. privacy law written for the internet. Implemented in 2013, It requires websites that collect information on children under the age of 13 to comply with the Federal Trade Commission (FTC). The FTC is a federal agency that administers consumer legislation and ensures a fair and free commerce. The purpose of this law is to determine whether a website is geared towards children by reviewing its content, graphics, audience, language and features, and advertising. This law can also collect information from children, whether websites’ operators intentionally or intentionally do so.
Lastly, in Nevada, NRS 603A- Nevada Personal Information Data Privacy Encryption Law was passed in 2010 to mandate customers’ encryption and stored personal information. This primarily applies to business who collect personal information but requires them to encrypt any and all personal information that is given to the company by the customer.
————————–
Questions:
1) Do you think that sending of personal information/files should be pointed out/requested during setup, or should it remain disclosed in the EULA?
2) Should companies specify what they do with the information and how they dispose of it?
3) Should the government impose limitations to accessing sensitive information?
Be sure to provide full explanations for each of your answers. For more details, you can read the article this piece was sourced from here:
https://www.makeuseof.com/tag/antivirus-tracking-youd-surprised-sends/
Contributed by – J. Pennington