- 2017, July 30, The Hill, “House Republican: US just as focused on data security as Europe“
- 2017, July 29, SSRN, “Online Price Discrimination and EU Data Privacy Law“
It’s a pretty sad round-up today – appears this is a Monday in Australia situation (i.e. still Sunday where the news happens!).
Humans out of the Loop
It makes sense to push regulation and education/training to overcome the data security risks in organisations or government. At least, it makes sense for now.
But I wonder if we are fighting an un-winnable war…
Humans continue to do the ‘wrong’ thing: click links they shouldn’t, install malware, take shortcuts because the ‘right’ procedure takes too long, or don’t have the appropriate training due to time or cost limitations. Whatever the reason, the result is still the same: human action undermining any security mechanisms in place.
And on the technology front we rely heavily on encryption and hope it holds up at each stage from one PC/server to another – across who knows how many network nodes. And usable quantum computing is getting closer – and once it does, there goes standard encryption anyway.
It sounds a bit gloomy. But I think – where is the opportunity here? How can we re-think things to build a solid security capability that doesn’t rely on people doing the ‘right’ thing?
I have often thought blockchain is a way to deal with this problem – enforce security through a type of ‘smart contract‘ embedded into data-rich applications. Yet this is vulnerable to the advances in quantum computing.
My ideal is to look for a simple framework – one that isn’t dependent on the latest technology, and can hold up even accounting for human fallibility.
Tonight’s 4 Corners report reminds us: there is a trade-off between privacy and security (when it comes to State use of surveillance technologies). Except in some parts of the world it is not a trade-off at all – it is simply a human rights violation.
In cases like these, humans can’t make the ‘wrong’ choice with security; it’s compromised either way. How lucky we are in the West to have the luxury to debate privacy vs security.