Hot Topics
Analytics & Intelligence Governance, Risk & Compliance Security Bloggers Network 
SBN

Many Techies Don’t Understand Privacy …

by C. Warren Axelrod on November 1, 2021

… and many lawyers/politicians don’t understand computer technology.

That may well be an exaggeration. But a recent Kara Swisher interview of Walt Mossberg with the title “Is Mark Zuckerberg a Man Without Principles?” confirmed at least some of this assertion. The transcript of the interview is available via Opinion | Is Mark Zuckerberg a Man Without Principles? – The New York Times (nytimes.com)  [click on Transcript] In my opinion, the most relevant segment, expressed by Mossberg is as follows:

“… we [Mossberg and Zuckerberg] had a big argument for about an hour, in which I [Mossberg] said it [the News Feed] was bad for privacy. And I concluded from that that he [Zuckerberg] just—it was like ships passing in the night. I kept saying privacy. He kept not knowing what it was. And you know, Kara, that later we had another privacy discussion in which he couldn’t put together a clear sentence about it.”

This reminded me of a system requirements meeting when I was responsible for security at a financial services company. There was a great deal of impetus behind ensuring privacy because of the Gramm-Leach-Bliley Act (GLBA), a.k.a. Financial Modernization Act of 1999, which requires the protection of NPPI (non-public personal information) by financial institutions—see What is GLBA Compliance? Understanding the Data Protection Requirements of the Gramm-Leach-Bliley Act in 2021 | Digital Guardian. Such identifying information as name, date of birth, Social Security number, and drivers’ license number, and transactional data such as bank and payment card account numbers and records, need to be protected by financial services organizations against access by, or distribution to, persons and systems other than those with a verifiable need-to-know. The same goes for health-related information and the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

At the above-mentioned meeting, I wanted to explain privacy and the need to protect it. I still recall a senior systems designer/developer saying: “I don’t care to know about privacy and the law. Just tell me what I have to do.”

On the other side, I have met few attorneys who understand technologies that can be used to protect personal data. And Congressional hearings only confirm that many lawmakers don’t have a clue about the implications and consequences of modern computer and network technologies.

What we need is a GLBA for non-financial institutions and a HIPAA for non-medical units, especially online tech giants such as Facebook, Google and Amazon—even (or especially) Wikipedia. These sites regularly display sensitive data with impunity, especially if you are “famous.” Wikipedia will disclose name, date of birth, mother’s maiden name, schools attended, and the like, and signature, in some cases. What more could an identity thief want? And try getting the websites to delete offending data or postings—good luck! Also, if some of the data or postings are false—especially when they come from malevolent anonymous sources—there seems to be little, if any, recourse.

The situation is made much worse with the use of AI and algorithms, which cull such information from many diverse sources. Apparently, the Federal Trade Commission (FTC) is looking to regulate biases, as described in Esther Ajao’s article “FTC pursues AI regulation, bans biased algorithms,” available at FTC pursues AI regulation, bans biased algorithms (techtarget.com) Let’s see where that leads.

Coincidentally, I recently came across the fanfare announcement by The New York Times of “The Privacy Project” in the Sunday Review section of April 14, 2019. This was an ambitious attempt to make readers aware of privacy issues. What started as an enthusiastic effort to inform their readership about privacy matters and concerns appears to have fizzled with the last newsletter being posted on February 25, 2020—see Charlie Warzel’s Opinion column at The Privacy Project: The key to everything. (nytimes.com) It is a sad reflection on the state of privacy that the project lasted less than a year with seemingly meager results. There was a flurry of interesting articles, listed at The Privacy Project: What Should Be Done? – The New York Times (nytimes.com), but that seems to be it. I hope I’m wrong about that.

Have we given up on privacy? It would seem so.

*** This is a Security Bloggers Network syndicated blog from BlogInfoSec.com authored by C. Warren Axelrod. Read the original post at: https://www.bloginfosec.com/2021/11/01/many-techies-dont-understand-privacy/?utm_source=rss&utm_medium=rss&utm_campaign=many-techies-dont-understand-privacy

C. Warren Axelrod , , , , , , , , , ,