PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Mr. Robot: My Review of the New TV Series

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
July 13, 2015

Mr Robot 01by Daniel J. Solove

I’ve really been enjoying the new TV series Mr. Robot on USA. Network.  It presents highly-engaging depictions of hacking and social engineering, and it is great entertainment for privacy and security  geeks.

Mr Robot 05aThe protagonist is Elliot Alderson (played by Rami Malek), a tech who works at a cybersecurity firm in New York City.  The show is narrated with voiceover by Elliot, and we get a glimpse into the mind of this reclusive and quiet person.  Voiceover can often falter as a technique, but here it works wonderfully — and all the more impressive because Elliot speaks softly, often in monotone.  But Elliot is such a fascinating character and Malek delivers Elliot’s monologue so effectively, that it becomes surprisingly engaging.

Elliot is very smart and clever, and he sees many around him as idiots.  He suffers from severe bouts of depression, is a recluse who wants to be invisible, and he is very awkward around other people.  He lives most of his life inside his head.  The show presents the stark contrast between what he says to others and what he is thinking.  In one scene, we see him speaking to his psychiatrist, telling her hardly anything.  But we hear his thoughts and know that he is pondering quite a lot.
Continue Reading

Going Bankrupt with Your Personal Data

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
July 6, 2015

title image

By Daniel J. Solove

 

A recent New York Times article discusses the issue of what happens to your personal data when companies go bankrupt or are sold to other companies:

When sites and apps get acquired or go bankrupt, the consumer data they have amassed may be among the companies’ most valuable assets. And that has created an incentive for some online services to collect vast databases on people without giving them the power to decide which companies, or industries, may end up with their information.

This has long been a problem, and I’m glad to see it receiving some attention.  The issue arose in one of the early FTC cases on privacy about 15 years ago.

Continue Reading

Security Professionals in High Demand

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
July 1, 2015

CISO Security Professionals Security Training

by Daniel J. Solove

According to a study, the number of cybersecurity job listings increased 74% from 2007 to 2013.  This was more than double the growth rate of IT jobs.

In a survey earlier this year of ISACA members, 86% stated that there is a “global shortage of skilled cybersecurity professionals.”

According to a salary survey, CISO salaries climbed 7.1% in the past year, from a range of between about $126,000 – $190,000 to a range between $134,000 – $205,000.

Chart CISO Salaries 01

Continue Reading

What Is Privacy?

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
June 29, 2015

Finger Print Iris Scan

By Daniel J. Solove

What is privacy? This is a central question to answer, because a conception of privacy underpins every attempt to address it and protect it.  Every court that holds that something is or isn’t privacy is basing its decision on a conception of privacy — often unstated.  Privacy laws are also based on a conception of privacy, which informs what things the laws protect.  Decisions involving privacy by design also involve a conception of privacy.  When privacy is “baked into” products and services, there must be some understanding of what is being baked in.

Far too often, conceptions of privacy are too narrow, focusing on keeping secrets or avoiding disclosure of personal data.  Privacy is much more than these things.  Overly narrow conceptions of privacy lead to courts concluding that there is no privacy violation when something doesn’t fit the narrow conception.   Narrow or incomplete conceptions of privacy lead to laws that fail to address key problems.  Privacy by design can involve throwing in a few things and calling it “privacy,” but this is like cooking a dish that requires 20 ingredients but only including 5 of them.

It is thus imperative to think through what privacy is.  If you have an overly narrow or incomplete conception of privacy, you’re not going to be able to effectively identify privacy risks or protect privacy.

In my work, I have attempted to develop a practical and useable conception of privacy.  In what follows, I will briefly describe what I have developed.

Continue Reading

New Resource Page: HIPAA Training Requirements FAQ

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
June 29, 2015

HIPAA Training Requirements Whiteboard 02

by Daniel J. Solove

I recently created a new resource page for the TeachPrivacy website: HIPAA Training Requirements: FAQ.

Continue Reading

Baseball’s “Hacking” Case: Are You a Hacker Too?

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
June 25, 2015

title image

By Daniel J. Solove

 

I’m a St. Louis Cardinals fan, so I guess it is fitting that my favorite team becomes embroiled in a big privacy and data security incident.  At the outset, apologies for the feature photo above.  It pulled up under a search for “baseball hacker,” and as a collector of ridiculous hacker stock photos, I couldn’t resist adding this one to my collection.  I doctored it up by adding in the background, but I applaud the prophetic powers of the photographer who had a vision that one day such an image would be needed.

Continue Reading

Cybersecurity: Leviathan vs. Low-Hanging Fruit

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
June 24, 2015

Data Security Training Low-Hanging Fruit

by Daniel J. Solove

There are certainly many hackers with sophisticated technical skills and potent malicious technologies.  These threats can seem akin to Leviathan — all powerful and insurmountable.

Leviathan 01

It can be easy to get caught up focusing on the Leviathan and miss the low-hanging fruit of cybersecurity.  This low-hanging fruit consists of rather simple and easy-to-fix vulnerabilities and bad practices.

Continue Reading

The OPM Data Breach: Harm Without End?

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
June 22, 2015

title image

By Daniel J. Solove

The recent breach of the Office of Personnel Management (OPM) network involved personal data on millions of federal employees, including data related to background checks. OPM is now offering 18 months of free credit monitoring and identity theft insurance to victims. But as experts note in a recent Washington Post article, this is not nearly enough:

If the data is in the hands of traditional cyber criminals, the 18-month window of protection may not be enough to protect workers from harm down the line. “The data is sold off, and it could be a while before it’s used,” said Michael Sussmann, a partner in the privacy and data security practice at law firm Perkins Coie. “There’s often a very big delay before having a loss.”

Continue Reading

New Resource Page: Text of HIPAA’s Training Requirements

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
June 22, 2015

HIPAA Training Requirements Text 01

by Daniel J. Solove

I recently created a new resource page for the TeachPrivacy website: Text of HIPAA’s Training Requirements.  This page provides excerpts of the training provisions in the HIPAA Privacy Rule and the HIPAA Security Rule.

This page is designed to be a useful companion page to our resource page, HIPAA Training Requirements: FAQ.  The FAQ discuss my interpretation of the HIPAA training provisions, but the full text of those provisions is located on the separate new resource page above.

Continue Reading

Use of Encryption Is Increasing — Albeit Slowly

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
June 22, 2015

old metal numbers

by Daniel J. Solove

According to a survey commissioned by Thales e-Security, the use of encryption by organizations is increasing.  Ten years ago, only 15% had an enterprise-wide encryption strategy. Now, 36% have such a strategy.

Chart Encryption Increase 01 Some other interesting findings from the survey also found, according to a ZDNet article:

Continue Reading