Op-Ed

Photo: CC, Wikileaks

Microsoft move highlights need for transparency on security breaches

Microsoft announced last month that the company would begin alerting users of their e-mail service, Outlook, when a government is responsible for a security notification on their account.

With major tech companies paving the way, this practice might eventually become an industry standard—a move that is long overdue. This isn’t a disruption to industry standards, seeing as major companies like Google have been alerting clients since 2012. Yahoo, Facebook and Twitter have also begun warning users in recent years. Users have a right to be told when the security of their online accounts is in question so they can take necessary steps to recover any important files lost, deal with damage and increase the security of their account.

According to Symantec, a software security program, there were 552 million identities exposed in 2013 by security breaches and 29 billion spam emails sent per day. As large as those numbers are, the number of security breaches are growing as more and more companies move online. According to Cisco, the number of threat alerts grew 14 per cent from 2014-2015.

With such an increasing amount of attacks there’s an increasing need to keep users up to date with their account security. The most important time to alert users is when an attack originates from a government.

With increased rates of government surveillance online it’s more important than ever for citizens to know the strength of their virtual identities, especially because of the potentially murky legality of online tracking.

Files released by whistleblower Edward Snowden last year showed that the Communications Security Establishment (CSE) holds onto millions of emails sent to the Canadian government according to the CBC. There were also incidents of Canadian security organizations exploiting weak links in mobile browser UC to acquire personal information.

Citizens are under more and more online scrutiny than ever and companies have an obligation to alert users if they have the information to do so.