By Daniel J. Solove
Co-authored by Professor Paul Schwartz
This post is part of a post series where we round up some of the interesting news and resources we’re finding. For a PDF version of this post, and for archived issues of previous posts, click here. We cover health issues in a separate post.
Mayer Brown survey of executives: 25% of organizations lack both a CPO and CIO (March 2015)
By Daniel J. Solove
“We’re building privacy into the architecture from the ground up,” various companies and government entities often say when designing products, programs, and services.
by Daniel J. Solove
In a recent report (link no longer available), MIT security experts critiqued calls by government law enforcement for backdoor access to encrypted information. As the experts aptly stated:
“Political and law enforcement leaders in the United States and the United Kingdom have called for Internet systems to be redesigned to ensure government access to information — even encrypted information. They argue that the growing use of encryption will neutralize their investigative capabilities. They propose that data storage and communications systems must be designed for exceptional access by law enforcement agencies. These proposals are unworkable in practice, raise enormous legal and ethical questions, and would undo progress on security at a time when Internet vulnerabilities are causing extreme economic harm.”
The report is called Keys Under Doormats: Mandating Insecurity by Requiring Government Access to all Data and Communications and is by Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael Specter, and Daniel J. Weitzner.
by Daniel J. Solove
I’ve really been enjoying the new TV series Mr. Robot on USA. Network. It presents highly-engaging depictions of hacking and social engineering, and it is great entertainment for privacy and security geeks.
The protagonist is Elliot Alderson (played by Rami Malek), a tech who works at a cybersecurity firm in New York City. The show is narrated with voiceover by Elliot, and we get a glimpse into the mind of this reclusive and quiet person. Voiceover can often falter as a technique, but here it works wonderfully — and all the more impressive because Elliot speaks softly, often in monotone. But Elliot is such a fascinating character and Malek delivers Elliot’s monologue so effectively, that it becomes surprisingly engaging.
Elliot is very smart and clever, and he sees many around him as idiots. He suffers from severe bouts of depression, is a recluse who wants to be invisible, and he is very awkward around other people. He lives most of his life inside his head. The show presents the stark contrast between what he says to others and what he is thinking. In one scene, we see him speaking to his psychiatrist, telling her hardly anything. But we hear his thoughts and know that he is pondering quite a lot.
Continue Reading
By Daniel J. Solove
A recent New York Times article discusses the issue of what happens to your personal data when companies go bankrupt or are sold to other companies:
When sites and apps get acquired or go bankrupt, the consumer data they have amassed may be among the companies’ most valuable assets. And that has created an incentive for some online services to collect vast databases on people without giving them the power to decide which companies, or industries, may end up with their information.
This has long been a problem, and I’m glad to see it receiving some attention. The issue arose in one of the early FTC cases on privacy about 15 years ago.
by Daniel J. Solove
According to a study, the number of cybersecurity job listings increased 74% from 2007 to 2013. This was more than double the growth rate of IT jobs.
In a survey earlier this year of ISACA members, 86% stated that there is a “global shortage of skilled cybersecurity professionals.”
According to a salary survey, CISO salaries climbed 7.1% in the past year, from a range of between about $126,000 – $190,000 to a range between $134,000 – $205,000.
by Daniel J. Solove
I recently created a new resource page for the TeachPrivacy website: HIPAA Training Requirements: FAQ.
By Daniel J. Solove
What is privacy? This is a central question to answer, because a conception of privacy underpins every attempt to address it and protect it. Every court that holds that something is or isn’t privacy is basing its decision on a conception of privacy — often unstated. Privacy laws are also based on a conception of privacy, which informs what things the laws protect. Decisions involving privacy by design also involve a conception of privacy. When privacy is “baked into” products and services, there must be some understanding of what is being baked in.
Far too often, conceptions of privacy are too narrow, focusing on keeping secrets or avoiding disclosure of personal data. Privacy is much more than these things. Overly narrow conceptions of privacy lead to courts concluding that there is no privacy violation when something doesn’t fit the narrow conception. Narrow or incomplete conceptions of privacy lead to laws that fail to address key problems. Privacy by design can involve throwing in a few things and calling it “privacy,” but this is like cooking a dish that requires 20 ingredients but only including 5 of them.
It is thus imperative to think through what privacy is. If you have an overly narrow or incomplete conception of privacy, you’re not going to be able to effectively identify privacy risks or protect privacy.
In my work, I have attempted to develop a practical and useable conception of privacy. In what follows, I will briefly describe what I have developed.
By Daniel J. Solove
I’m a St. Louis Cardinals fan, so I guess it is fitting that my favorite team becomes embroiled in a big privacy and data security incident. At the outset, apologies for the feature photo above. It pulled up under a search for “baseball hacker,” and as a collector of ridiculous hacker stock photos, I couldn’t resist adding this one to my collection. I doctored it up by adding in the background, but I applaud the prophetic powers of the photographer who had a vision that one day such an image would be needed.
by Daniel J. Solove
There are certainly many hackers with sophisticated technical skills and potent malicious technologies. These threats can seem akin to Leviathan — all powerful and insurmountable.
It can be easy to get caught up focusing on the Leviathan and miss the low-hanging fruit of cybersecurity. This low-hanging fruit consists of rather simple and easy-to-fix vulnerabilities and bad practices.
Free newsletter with cartoons, writings, events, webinars, training, humor and whiteboards.
