Cybersecurity Policy

Cybersecurity Policy

A group of Duke researchers at Sanford School of Public Policy and the Duke Office of Information Technology (OIT) are collaborating on a project with The Media Trust (TMT), a private company that scans websites to determine what malicious third party content those websites deliver to their visitors. This third party content includes any code delivered by a domain other than the domain the individual expected they were visiting, such as by online advertisers or trackers.

Six months after it went into effect at the start of 2020, legal enforcement of the California Consumer Privacy Act (CCPA) finally began on the first of July.

At the beginning of this year, Google announced that by 2022, the Chrome web browser will drop support for third-party tracking cookies, which – until now – have allowed advertisers to collect information from online users and follow them around the web to deliver more personalized messages.

third-party code, candidate websites

The integrity of our political process and national security requires taking a look at the broader digital ecosystem to better understand how foreign powers can easily track and exploit U.S citizens through digital channels.

How Unregulated Third-Party Code Threatens the Internet-of-Things (IoT)

We live in an increasingly connected world, and while technological developments like the Internet-of-Things (IoT) create new resources for convenience, automation, and efficiency, they also create new security and privacy risks for both people and organizations. Combined with unregulated third-party code (3PC), IoT throughout businesses and homes is an all-too-easy target for malware and attackers.

In the announcement, Google clearly stated its intention to “phase out support for third-party cookies in Chrome”. While the development came as a surprise to some, others saw the writing on the wall last August when Google announced the privacy sandbox. Historically, third-party cookies have been an essential tool for advertisers to track users and tailor their targeted messages.

Legal teams have increasing responsibility to protect consumers

In America’s famously litigious business culture, it’s no surprise that every Fortune 500 company has a formidable legal team backing them. The job of a legal team does not begin when the judge rises, nor does it end when the gavel falls: for years, the responsibility of a corporate lawyer has consisted in the creation of contracts and non-liability agreements that clearly distinguish an organization from its partners.

Today’s online publishers and global organizations are faced with a serious problem: third-party code (3PC) now makes up more than 80% of the code executing across websites and mobile apps, including Alexa 500 domains. While much of this code is benign and even necessary for UX, some of it steals personal information, drops payloads, or redirects the user to malicious pages.

foreign third-party code

For years, it has been clear that code written by the United States’ foreign adversaries executes across millions of our computers and mobile devices via websites and mobile Apps. This code, many linked to critical infrastructure and communication technologies, ensures a backdoor for cyber attacks, IP and data theft, and subversion of the political process.

Google is throwing its hat in the ring with Safari and Mozilla Firefox by offering users of Chrome the chance to disable or remove third-party tracking cookies. Last week, the company announced three protections that will soon be coming to the world’s most widely used web browser: