While I am generally not pro-active in insuring my privacy (I'm quite beholden to Google services), the idea of a 3rd party deleting my data, yet keeping the information their algorithms extracted from it bothers me.
How would I prove the results they generated were wrong? What if the results have been collected over months or years, and now the Credit Agency see's me as a high risk? The data used as input to those algorithms is gone now (yay Privacy & Right to Be Forgotten). How are you going to prove that it was an error and should be removed? I'm not even sure what data they were collecting.
Moving forward, what if governments worked this way: your data is only on our systems momentarily, and then removed. Behind the scenes, you've been tagged as a high risk because of an error in the algorithm, and now you are no longer able to purchase a plane ticket.
How will you correct that situation?
It would be like an e-voting system that "recorded" the vote and then destroyed the actual input/ballot. It flipped every 3rd or 4th vote, but there's no feasible way to prove and fix it.
So, either keep both my data that you used as input and the information you generated, or keep neither.
Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts
Wednesday, May 22, 2019
Wednesday, February 1, 2017
Security through technology?
Rambling post ahead...just an attempt to keep writing, and perhaps generate some focused topics for later posts.
I've noticed a rapid push for more and more security tools to be installed on everything from a toaster (e.g. IoT devices) to desktops, to VMs and physical servers.
This one monitors your activity (all of it? Specific actions?); this one verifies that blob of bits is benign (or, really, not known to be malicious); this one prevents you from using parts of the system (USB ports, CD/DVD drive).
Luckily...it leaves about 1/4th of the system available for those actual value-generating activities (hopefully those activities are ok, even if monitored). Hopefully we all over-purchased resources so we can handle the current - and the future - security tools that will be required on our systems.
It's not unexpected. It's a lot easier to sell a product that offers (the illusion of) control, than to be constantly vigilant, or work with those around you to improve actual security.
And it's not that these products cannot be valuable in ones goal to maintain the security, integrity, and privacy of your data, environment, and, of course, your self. They just tend to become a way to say you've done something to improve security, without actually proving it improved your - or your customers - security.
Then, there's the issue of parsing all this security data that the tools generate...which requires resources that also need to be secured...
I've noticed a rapid push for more and more security tools to be installed on everything from a toaster (e.g. IoT devices) to desktops, to VMs and physical servers.
This one monitors your activity (all of it? Specific actions?); this one verifies that blob of bits is benign (or, really, not known to be malicious); this one prevents you from using parts of the system (USB ports, CD/DVD drive).
Luckily...it leaves about 1/4th of the system available for those actual value-generating activities (hopefully those activities are ok, even if monitored). Hopefully we all over-purchased resources so we can handle the current - and the future - security tools that will be required on our systems.
It's not unexpected. It's a lot easier to sell a product that offers (the illusion of) control, than to be constantly vigilant, or work with those around you to improve actual security.
And it's not that these products cannot be valuable in ones goal to maintain the security, integrity, and privacy of your data, environment, and, of course, your self. They just tend to become a way to say you've done something to improve security, without actually proving it improved your - or your customers - security.
Then, there's the issue of parsing all this security data that the tools generate...which requires resources that also need to be secured...
Subscribe to:
Comments (Atom)
-
As the Agile philosophy picked up steam (and started generating consulting profits), us developers were introduced to the concept of "...
-
I really enjoy shows that guide me through various points of history, digging deeper into the day to day minutiae that your history classes ...
-
I ran into a problem a while back: I identified NGINX as the best technology to reverse proxy our Apache Tomcat instance, but there was 1 p...
