When we think cybersecurity we far too often think about government assets falling prey to shadowy malicious hackers. We forget that the information held within many of these systems is our personal information.
Of course raising barriers around computer systems is certainly a good start. But when these systems are breached, our personal information is left vulnerable. Yet governments and companies are collecting more and more of our information.
The presumption should be that all data collected is vulnerable to abuse or theft. We should therefore collect only what is absolutely required.
The key example of this arose when the White House Cyberspace Policy review mentioned the need for better “authentication services.” It is an embarrassment that, at the moment, our bank accounts and medical records are protected by some easily guessable password system.
But the policy review’s imagination was limited to techniques like encryption and biometrics. Encryption will aid the integrity of computer-to-computer interactions. Biometrics may enhance our confidence in some transactions. But we are introducing vast new problems as we try to solve simpler older ones.
Both of these technologies can be deployed in ways that will destroy privacy rather than save it. First, authentication systems are often deployed so that a single agency or company can keep track of every single time you log on to a variety of services. Just like your telephone company knows all your colleagues and friends, centralized authentication service providers will know everything you do and everyone you deal with. This audit trail of all of your transactions is the first thing a malicious hacker would target if he wished to know everything about everyone.
Second, we are centralizing biometrics into databases. We collect fingerprints for driving licenses, in schools and at the border, and increasingly elsewhere. We put them into databases and make them vulnerable to attack. A stolen fingerprint cannot be replaced, unlike a stolen credit card number.
Innovative thinking is required, and this type of thinking must reduce our risks rather than introduce new ones. The way through this is to see personal privacy itself as a national security issue.
Source: The NY Times.
Of course raising barriers around computer systems is certainly a good start. But when these systems are breached, our personal information is left vulnerable. Yet governments and companies are collecting more and more of our information.
The presumption should be that all data collected is vulnerable to abuse or theft. We should therefore collect only what is absolutely required.
The key example of this arose when the White House Cyberspace Policy review mentioned the need for better “authentication services.” It is an embarrassment that, at the moment, our bank accounts and medical records are protected by some easily guessable password system.
But the policy review’s imagination was limited to techniques like encryption and biometrics. Encryption will aid the integrity of computer-to-computer interactions. Biometrics may enhance our confidence in some transactions. But we are introducing vast new problems as we try to solve simpler older ones.
Both of these technologies can be deployed in ways that will destroy privacy rather than save it. First, authentication systems are often deployed so that a single agency or company can keep track of every single time you log on to a variety of services. Just like your telephone company knows all your colleagues and friends, centralized authentication service providers will know everything you do and everyone you deal with. This audit trail of all of your transactions is the first thing a malicious hacker would target if he wished to know everything about everyone.
Second, we are centralizing biometrics into databases. We collect fingerprints for driving licenses, in schools and at the border, and increasingly elsewhere. We put them into databases and make them vulnerable to attack. A stolen fingerprint cannot be replaced, unlike a stolen credit card number.
Innovative thinking is required, and this type of thinking must reduce our risks rather than introduce new ones. The way through this is to see personal privacy itself as a national security issue.
Source: The NY Times.
Dude..stop watchin these crappy machine taking over the world kinda movies..u ll be fine..!!..Dont believe these Americans..they can just talk abt these things..and there r ppl like u who actually belv them!!..Leave it on them..and they would end the world today itself!!..
ReplyDeletedude..this is not a movie review...:OOO this is an actual bill passed by Obama administration to further strategize thr cyber military power...if this bill is passed then the government of US may hav access to all your personal account numbers that you hold with them....!!!! this is reality T.V...
ReplyDelete