THE STORY
This story is about all of us. Those who use the Internet
to pay bills, buy stuff, provide information as well as
those who provide the Internet venues such as e-commerce
sites, credit, information from your bank and other
financial institutions, legal, medical facilities, government,
retail entities, gaming, service organizations, non-profit, and
social media platforms just to name a few. There are
different kind of organizations including many
self-employed artisans whether you build, create, paint, and
every type entrepreneur using the Internet. You advertise your craft, your
offerings, and you do your best to keep everyone informed.
Those of us you reach out to find you via multiple means
such as newspapers, TV, Radio, the Internet, printed
material either stuck on our doors, door knobs, even
business cards and inserts into anything imaginable.
Most all of what we read and/or produce to catch the eye of
a potential seller or buyer is regulated in some form.
How we do business whether we are the consumer or the
seller, one important aspect of our profile, as businesses
doing business regardless of reason, is TRUST.
When that TRUST is exploited or broken, we loose faith thus
how do we gain it back and how can we learn to play by the
rules? Many methods and in this story, we'll talk and
write about how it is done with Security Certificates and
why they are important for everyone - buyers and sellers all
over the world.
The story involves research, months of it from many other
countries as well as within the USA. Nevertheless, there is
much information that if one digs into the bowls of legal
documents, newspaper articles on-line and written/printed,
and listening then the writer of this story is required to provide a disclaimer of the information
because this writer is not a legal expert as
defined by the legal establishment. The story is about information
which is being simplified (no legalize and no hidden
agendas) so that you have a chance to
understand the complexities of the Internet as it is today.
The writer has decades of experience with many facets of
business including degrees, self-employment, owning and
operating businesses, doing stuff on the Internet for-hire
by many industries both service and manufacturing, medical
and financial, profit and non-profit, as well as working in
many of the industries through the years. The writer
has written thousands of legal documents working with a
myriad of legal professionals and has a fairly decent sense
of what makes it all tick.
THE INDUSTRY
The industry of the Internet does not regulate itself
primarily because what makes it work is money
and money tends to create illegal activities and a rationalization of why things are done one way versus
another way. Because the industry
does not regulate itself uniformly nor at all,
government - all governments - have or will be getting into
the mix to make sure
the industry IS SAFE for you and your friends to use regardless of where you
live, work, play, and pray. Governments everywhere are in the process or have actually passed
very tough laws including heavy fines as well as potential
imprisonment for failure to protect the citizens of their
countries, states, wherever any viewer has access to a
website within and without their borders.
As an
example, the writer lives in Indiana. The website(s),
the writer owns, are hosted in Arizona with portions of it
(some of our brands) in Switzerland, California, Canada, and
other countries. We don't have a physical presence in
any of those locations such as an office though our reach is
there because of the Internet. Our email servers can
be anywhere including California. We have numerous legal
agreements with hundreds of organizations for various kinds
of stuff that we do. We're not huge by any means and
we are in a business environment doing our best to make sure
we do it right and attempting to keep up with a changing
world of information including the legal stuff.
THE INTERNET ADDRESS
Some of us see an address for a website and some of us do
not. The address is called an URL (Uniform Resource Locator,
colloquially termed a web address, is a reference to a web
resource that specifies its location on a computer
network)**, much like your street address where you live or
where you work. They are unique. Those of us who cannot see
the URL may be pressing iconic buttons to find websites. If
you cannot verify the address then you are trusting an
unknown entity when you access any kind of a website, even
the cloned ones as well as the fake and dangerous ones
without knowing you may be
in danger or having your life destroyed by potential bad
characters stealing your identities. The Internet, as we
know it today, can be very very dangerous without
regulation. All this brings us to a refinement of Internet
rule changes (much of it brought on by pressure from
regulation as well as an effort by many in the Internet
community to implement self-regulation to a point). It's not
perfect though it is getting better through technology and
regulation. The writer's story covers some of the regulation that is
purported to
be the toughest in the free world. The "unfree" parts of the world have
their
own issues thus the story will not include those
areas, such as China, Russia, Syria, Viet Nam, and other
non-democratic regimes.
FENCES OR NO FENCES
PARALELS
Some homes have fences, decorative and otherwise, around
their properties. Others are wide open. Anybody and
everybody, even though it is not right, trespass the open
properties - mail carriers, kids cutting across the lawns,
cats and dogs getting onto the properties, and other
situations occur. Those with fences can keep just about
everyone including animals from intruding. The same can be
similar to what a security certificate provides for a
website as well as your private information which you might
share with a website; such as your driver's license, credit
card info, date of birth, sex, ethnic background, and other
stuff. It is done with encrypting the data in such a
way that it is difficult to nearly impossible for the bad
actors to break through the security.
Websites with no security certificate are wide open for
hacking and stealing any information you share with them;
not that dissimilar to property without fences. Their
URL begins with http:// notice there is no 's' after the
'p'. This isn't a big deal unless the website asks you for
information. The rules change once a contact form
is placed on their website, try to sell stuff and asking for your
credit card information, drop "cookies" onto your computer
for tracking what you do, and any other time when you fill
in a form. The new rules are mandatory because of
legislation from many states and International countries.
CONTROLLING/REGULATING
BAD CHARACTERS
Because of bad characters in the world, the new rules are
actually laws. Laws from the European Union (GDPR***) for anyone who
is a citizen. Laws from the State of California (CCPA****) for anyone
who is a resident of California. The EU laws went into
effect on May 25, 2018 with a two year prior notice after it
was passed into law in 2016. The California law went into
effect on January 1, 2020. How do these laws affect us?
Again, you can have a website without a security certificate
provided YOU NEVER ask for information from your viewers for
any reason whether in the code (such as cookies) and on any
page within the website. This includes dropping cookies on their home/office
computers as well as tracking what your viewers do on their
computers. The laws apply to all of us thus, if you are a
resident of Germany, for example, and you see a website
selling something in the USA, then let's hope you NEVER
violate the European Unions laws on privacy. Because they
can, if anyone checks your website, begin legal proceedings
on behalf of any of their citizens. The same with
California. That's what the research is showing. However, to
be sure, you should contact a lawyer who is well versed in
Internet Privacy Legislation to find out if you are
vulnerable to legal action either by the EU or the State of
California for violating their Privacy legislation because 1) You don't
have a comprehensive website Page stating how you use your
viewers website experience - remember your website is
available world wide and 2) You do not have a security
certificate for your website because your website is
only accessible via http:// . However, many companies do have
security certificates though what they do to insure you get
to the website which has the Security Certificate is something they
know how to do within the coding. If you do your own website
and you know nothing about coding, then the chances of you
making it correct could be a problem. What many companies do
is make it easy for their viewers who use the iconic method
or don't bother using the full address. One way is to
translate
(via coding) http:// to https:// (it's called redirecting
your browser to the correct address much like what you do
when you send in a change of address request to the USPS so
you get all your mail after a move) which assumes they have the
actual Certificate authorized for their website. It's done because 99% of
the population who use the Internet need that kind of help
for, hopefully you figured it out by now, to protect you
from the bad characters. Web browsers
are programmed to read those certificates and if the web
browser can't find one or if what is on your website does
not match what is on the security certificate, the browser
will not allow you access. Sometimes, if a bad
character is attempting to trick the system, the browser can
be changed to forbid you from reaching anything and you'll
be notified with a substantial number of warnings as well as
red flags stating you will not be connected. You'll get several warnings to
that effect.
WHO KNEW WHAT, WHEN,
AND WHY
Many companies, including the mom and pop organizations
and many local governmental entities, don't know about these
rules as they rely on others to do their work for them. The
unfortunate part of this kind of processing is the
regulations from the State of California as well as the
European Union will hold the owners and chief executive
officers responsible for violation of their laws as well as
sub-contractors you hire to do your work. Remember,
if you have a website for any reason, you are required by
law to make sure you are protected from any liability
related to that website. This means you need to ask direct
questions and make sure the person who is telling you that you are
"legal" will need to
prove it to you. Otherwise, you may be wide open to stiff fines and
possible prison time for neglecting that responsibility.
By the way, legal representation which specializes in these
situations is not cheap. Rates generally start at $200
per hour with substantial retainers required up front.
Keep that in mind if you don't want to be bothered by all
this responsibility as an owner or officer of a corporation.
WHERE DOES
RESPONSIBILITY STOP (WHERE THE BUCK STOPS)
You need to know that many small companies/individuals
who do websites for a fee, even for free, don't know about
all of the above and really don't care to know. If you are a
business owner and you have people working for you that are
not trained in the legal stuff nor have any idea about it,
then you need to rethink how you are doing your business. If
you are someone visiting a website and it doesn't have a
security certificate, you need to understand that you may
loose your identity as well as your money because of the
lack of security. Not that it will happen though the
likelihood that it could is a higher risk. If you refuse to
get a security certificate then it could become a serious
liability for you if any of your customers are harmed
because of your negligence. That's part of the language***** in
the California law. Remember, your website is world wide and
anyone from any country and state can access your website.
Now, your business is changing just like it would for any
other legal reason.
COST - FREE TO $$$
What do security certificates cost? Up until these last
two significant laws went into effect, the certificates
were expensive. However, many of the hosting businesses which provide the
servers for websites didn't want to loose customers so they
got together with the Certificate Authority and created a basic security certificate signed by the
designated Certificate Authority for you to use for
BASIC NEEDS for FREE. Like Contact and other kinds of forms.
There are better certificates though roughly 95% of all
websites don't have a need for the ones which cost money and
provide more security for such things as a website that
sells goods and collects money from credit cards. As a
result, this write-up is for the 95% who do not require a
paid security certificate. To get that FREE security
certificate you have to ask for it. It has to have your name
and/or business name and must be assigned a unique number -
meaning that no one else can use it as that would be illegal
the way some of the laws are written. Notice the URL
of this website, assuming you can see it? It's one of
those Free Security Certificates.
COMING UP - THE NEXT
STORY
Our next article, coming soon, will be about the Pages
that are required by these laws to explain how you will be
using the information you ask visitors to share with you.
Or, you can look at this website (ours) via the menus and
see for yourself what we have done to protect our interests
as well as your interests. Our pages are evolving as
we learn more and more of the details required. Plus,
the GDPR and the CCPA are also evolving. And we
haven't even begun to investigate the Canadian legislation.
The USA legislation via the Federal government isn't as
tough though our resources have indicated that Congress is
in the process of rewriting that code so that all Federal
websites meet the GDPR and the CCPA; it's speculated that
portions if not all of it will become part of the Federal
changes Congress is going to make.
RESOURCES
**
https://en.wikipedia.org/wiki/URL
***
https://gdpr-info.eu/
****
https://ccpa-info.com/
*****
https://ccpa-info.com/home/1798-150-civil-actions/
paragraph 1798.150 - Civil actions