+1 812 868 ROSS (7677)
Information Protection and Privacy

Information Protection and Privacy

This past Wednesday was national data privacy day, created by congress in 2009 to help raise awareness of need to protect personal information and data.

While it seems laughable that the same government that espouses the need to protect our data is the same body that brings us Edward Snowden-esque allegations of widespread data infiltration of its citizens by same said government; I think there is a point here worth noting…

At the risk of stating the obvious; protecting your information and identity, whether online or otherwise, IS important.

But it is also YOUR data, and therefore YOUR responsibility. Which is good because we are largely on our own. Being freeing is, in a lot of ways, freeing; we aren’t going deluded ourselves that something is happening when it’s not. (What do you mean I’m denied medical coverage?! That’s why I pay for insurance!)

Having spent a considerable amount of time in the EU, one of the things they do is take the protection and privacy seriously, the EU’s Data Protection Directive requires substantial disclosure of the use of collected personal information and levies heavy fines to those commercial enterprises that violate the directive.

The U.S. has no commensurate directive or legislation. So it becomes our responsibility to ensure our own protection.

I mentioned around Christmas time that I would be sending out ‘bite sized’ tips on protecting your information. Some of them are so obvious they seem ludicrous to even mention, but having been in my position for as long as I have (and two Masters degrees in information security), I find that 99% of protecting your information is about good personal practices (when was the last time you changed your passwords, and do you use the same or similar passwords for your banking information as you do for Amazon?)

I rest my case.

http://lrs.ms/EUDataProtLaw
http://lrs.ms/EUDataProt
http://lrs.ms/DataPrvWP

 

 

Net Neutrality and Internet Sovereignty a Match Made in Censorship

Net Neutrality and Internet Sovereignty a Match Made in Censorship

o-net-neutrality

If you don’t think net neutrality and internet sovereignty are related, you better think again.

The republicans in congress are fiercely fighting the request by the Obama administration to classify broadband internet providers as a utility making them, and the Internet, subject to much stricter regulation.

At the heart of the net neutrality debate is ostensibly whether or not internet should be considered like a utility and therefore subjected to utility provider regulation similar to electric or telephone service.

Meanwhile in China, Internet Czar Lu Wei and President Xi Jinping are arguing the states right to manage and govern the the information running across it’s sovereign territory. The Internet, Wei argues, is part of the national infrastructure like roads and power and it is the states responsibility to insure infrastructure stability.

Both prescribe controlling information flow across the internet, albeit each country takes a slightly different approach. While China is more overt in controlling information; by classifying and categorizing information protocols, the proponents against net neutrality arrive at very much the same place.

The tragedy of the Charles Hebdo shootings simply underscore the stakes involved in the freedom of information debate.

We are quickly facing a world where the information we’ve taken for granted may not be as easily accessible.

http://lrs.ms/ChinaInternet20151
http://lrs.ms/ChinaInternet2015
http://lrs.ms/NetNeutrality2015
http://lrs.ms/NetNeutralityDefined

Are You Really Private?

Are You Really Private?

privacy1

From the Snowden leaks last year, to all of the ‘cyber breaches’ and loss of personal information from large retailers in the last couple of years; we as a global village are finding out that keeping things to yourself is not as easy as it once was.

All of the social media platforms compound the difficulty of keeping our private information private, and we all struggle with the increasing importance to do so.

In a world where EVERYTHING is ‘out there forever’ as soon as it’s set in to the wild, and where almost everything is subject to discovery in our increasing litigious society; I see an increase in the number of secure messaging apps aiming to help keep conversations private; for example;

Sicher, Silent Circle, CyberDust, Signal, et al. all use end to end encryption and data destruction to provide a means for groups of people to communicate with each other securely and privately.

Even WhatsApp, the popular text messaging replacement application is starting to use end to end encryption.

But I’ve noticed another trend unique to these secure applications; while they have provided a means of ‘hiding from prying eyes’ they have fostered a new sort of social media platform.

For example one of my favorite new apps is CyberDust (available on iOS, Android, and Windows Phone). CyberDust not only provides secure person to person messaging because everything runs over an encrypted channel, and the messages self destruct after a short period of time AND are NEVER stored on their servers or any endpoint; CyberDust also provides a sort of ‘Twitter-Like’ platform where a person can ‘Blast’ a message to a group of subscribed followers.

I’ve been using CyberDust to sort of ‘Pre-Publish’ posts, as a platform that allows me to get something ‘out-there’ quickly without a lot of editing, and in somewhat longer format than the Twitter limit of 140 characters.

I find this feature incredibly useful, because I can send raw unedited posts to my followers without worrying too much about the editorial content, grammar, and so forth; and since I save my posts to Evernote, I can come back at a more convenient time, clean them up and post them on LinkedIn or my blog (blog.ross-sivertsen.com).
But I’ve noticed as I’ve used CyberDust, something more disturbing occurring; many of the people I follow, some of them professionals, are posting pictures and comments I believe they would think twice about posting if the platform they were using was as open as Facebook, or Twitter.

Let me say before I continue, that I’m neither Polly Anna nor prudish about this subject, and I am in NO WAY making a judgment about anyone I follow; I publish a number of posts that are all raw, unedited, and sometimes incendiary.

What I am saying is; even with a platform that leaves no physical nor virtual evidence of pictures, posts or comments; when we intentionally broadcast a message to a group of people, do we not leave with our audience, followers and listeners a residual impression of who we are; whether or not evidence exists?

This subject goes beyond privacy issues and quickly is an issue of reputation management. The fact of the matter is regardless of whether or not the platform is secure and encrypted, I am sending a post out to the public, i.e. more than one person to whom I have no personal relationship other than they follow me, rather than one or two people with whom I have a relationship and where the conventional social contract of confidentiality is the norm.

I believe in the right to personal expression and exercise said personal expression frequently, I am also acutely aware of the consequences of my actions, and of the things I publish or portray.

My point is that this message becomes a cautionary tale to everyone (most of all myself) that we leave a lasting impression of who we are and what were about with the people around us; even if the evidence self destructs after 30 seconds.

Three people can keep a secret, if two of them are dead.” – Benjamin Franklin

The Two Biggest Lies Told During an Audit… Part Deux

I wrote this original post over four years ago before I was hired for my current position at Peerless; you can find the link to the posts HERE and below. Having completed a recent, now called ITGC for SOX, audit, the content is as relevent today as it was then.

I find it facinating at how increasingly prescritive the PCAOB (Public Company Accounting Oversight Board) is becoming in the assessment over internal controls. If you were to read over the AS5 guidance, there is a fair amount of flexibility built in to an auditors ability to make judgements on their client's engagements.

But over the last several years, I'm finding that internal controls audits are becoming increasingly more about form over substance. I'm not being critical of any one professional services firms, I'm making my judgements as a matter of general observation…

That said, it's interesting that Grant Thorton published a survey early in 2013 of 243 Corporate General Counsels, that specifically citing increasing pressures of regulatory compliance and corresponding litigation, rather than competition, are the biggest threats to growth in US companies.

Here's a link to the survey:

In house counsels more concerned with regulators than competitors.

Link to the original post:

The Two Biggest Lies Told During an Audit…

 

NSA’s Domestic Spying Grows As Agency Sweeps Up Data – WSJ.com

Quoted from http://online.wsj.com/article/SB120511973377523845.html?mod=hps_us_whats_news:

NSA’s Domestic Spying Grows As Agency Sweeps Up Data – WSJ.com

NSA’s Domestic Spying Grows
As Agency Sweeps Up Data

From the “The price of freedom is eternal vigilance” department, come this article from the front page of today’s Wall Street Journal. This is interesting for me on a number of levels; not only am I responsible for the management of my company’s information assets, and having a master’s degree in information assurance. I find this truly disturbing. The fourth amendment of the constitution prevents the illegal search and seizure of our property, but in the interest of “national security” the NSA seem to find this notion… inconvenient. Now, honestly, this isn’t anything that hasn’t been happening since before the days of J. Edgar ran the FBI, but this move of “openness”? The NSA effectively states “yeah, we’re monitoring you, and you should probably be careful.” Interesting… I could rave on about this being a fascist plot to oppress the populous by “the man,” but they’re probably already monitoring this blog.

 

FBI Prepares Vast Database of Biometrics – washingtonpost.com

Link: FBI Prepares Vast Database Of Biometrics – washingtonpost.com.

Under the title of "The Price of Freedom Requires Eternal Vigilance," this article in today’s Washington Post caught my eye. We’ve been facing the issues of personal privacy for some time; the notion that the FBI is spending $1 billion to build a database of personal biometrics is, in a word, frightening.

Ostensibly, the intent of this massive effort is to assist in the identification and capture of criminals, but this also provides the US government unprecedented ability to identify individuals in the United States and abroad.

Opponents of the initiative cite the fact that the increasing use of biometrics raises worry that such measures become a "de-facto" national identity card, thus making more and more difficult for citizens to avoid unwanted scrutiny.

This biometric information includes not only finger/palm prints, but irises, faces, and soon DNA. DHS, the Department of Homeland Security, has been using iris recognition to verify identity of persons wanting to move quickly through lines at some airports.

Though this information is currently being collected through direct interaction of the individuals from whom the data are collected, researchers at the FBI’s biometric facility are working on capturing this biometric information covertly. Though several years away, this ability is of great interest to government agencies.

One of the biggest concerns made by skeptics is that such projects are proceeding before there is reliability in matching suspects against the enormous amount of data collected. In one of the world’s first large-scale study on the reliability of this technology, the German government used face recognition to identify people between October 2006 and January 2007. The technology proved reliable 60% of the time under the best daylight conditions but fell to between 10 and 20% at night.

The long term goal is "ubiquitous use" of this recognition technology, where individuals will have biometrics captured without ever having to step up to a kiosk and looking in to a camera.

I’m ready for my close up Mr. Demille…