Posts Tagged ‘data privacy

03
Oct
14

One Congresswoman’s Perspective on Why We Don’t Have National Cybersecurity or Privacy Policies

I was able to attend an interesting discussion yesterday hosting Congresswoman Betty McCollum, a Democrat from Michigan who  journeyed all the way to Santa Clara, CA in the interest of furtherig dialog and understanding between herself as a Representative on the powerful Appropriations Committee and the high tech community. Kudos to her for the sincere outreach, and to the Silicon Valley Leadership Group for putting the event on.

During the event, I was able to ask for her opinion on where Congress stood with passing any cyber security or data privacy legislation in the foreseeable future. While her response was candid, I must admit it was a bit of a surprise – she said she didn’t think I’d want them passing any legislation because they don’t understand the issues, and that most Congresspeople are inept when it comes to technology – even using it. Well there, at least somebody called it out.

She went on to sound the alarm (as was also heard from Senator Saxby Chambliss at last August’s Silicon Valley Cyber Security Summit) that Congress needs a wake-up call, that they’re failing the American people on this issue, that we need to get our act together, and and and…   Representative McCollum went on to bemoan the volume of issues and work to keep up on, the lack of staff capacity due to budget cuts, Congressional discord, the Tea Party, etc. etc. etc. It was sadly the kind of dodge from an uncomfortable question that seems an auto-response from those in elected office. Lot’s of ‘we need to’s’ and ‘we shoulds’ but no action. At this point I could only see an abrogation of duty, but what else is new? These threats are real and core to national defense and well being. I wonder how many in the Congress might think they should actually learn about technology – goes to show the effects of having minions take care of all of that pesky stuff for you.

Given the pace at which cyber attacks and malware are accelerating; given the unprecedented collection of data from everywhere about everyone; and if the Gentlewoman from Minnesota’s position is correct – and I fear it is, we’ll likely be in for an uninformed, ill-advised Congressional knee jerk reaction when some big time dookie hits. Whomever has their ear about the correct course of action at such time is likely to influence policy that will last for many years. As the Patriot Act shows, once they do something, they don’t un-do it, no matter how much it might need undoing.

Keep changing your passwords folks.

22
Aug
14

Final Lessons from the Silicon Valley Cyber Security Summit – Dealing with Data Privacy?

The third and final Cyber Summit panel brought the growing privacy issue to the fore. The esteemed panelists from DC all noted Washington’s keen awareness of damage done from the NSA debacle, which has created a big rift in public trust of the government [not that it was so great before]. There is now timidity around addressing the cyber threat through aggressive legislation that will be seen as too invasive of personal privacy, especially until NSA surveillance practices get cleared up. Senator Chambliss had claimed substantial compromise to that end in the proposed Cybersecurity Information Sharing Act over previous legislative attempts.

 

I just can’t help but think that in the immediate aftermath of a potentially significant attack, we’ll see a Patriot Act-level response out of Congress – the consequences of which would most likely be irreversible. It would be far better for proactive and more balanced legislation to be passed in the very near term, before such an attack could happen. The bottom line is that when people don’t trust their government, they won’t share information the government will need to protect them.

 
Consumer privacy is a whole other issue. Many websites pay lip service to privacy by including obscure links in miniscule font that can take visitors through a maze of pages to an ultimate opt-out page. Facebook changes its policies so often that no one can keep up. The great majority of internet users simply don’t see or use these links. Sanford Reback, Senior Technology Analyst at Bloomberg Government, spoke of the need for corporations to exercise what is known in legal terms as ‘responsible use’ of personal data – and that Washington knows legislation will be needed to enforce this.

 
He noted that ‘policy must catch up with capability and capacity.’ At a Federal level, how long that will take and what it might look like are unknowns, but 47 states and the District of Columbia have already enacted their own information notification legislation. A Federal act would need to establish notification standards but without weakening state laws already in place, and without making it so complicated that businesses wont’ be able to comply. I figure if they’ve been able to get there with Gramm Leach Bliley and HIPAA, we can get there with digital privacy requirements too.

 
There were other great insights and little pearls dropped across the Summit, but a blog post can get too long. A key takeaway for me was that while corporations will always be competitive, the seriousness and urgency of this issue create an unusual “we’re in this together” dynamic that I found hopeful. While government and business can, should and will help, the bad guys and gals are out there, looking for new ways to get at what we’ve got – and that includes YOUR data. The best defense for now is to be active about guarding what you can and help spread the word to your friends and fam. Vaya Con Dios!




%d bloggers like this: