It has been proven that de-identified data points on anything from credit card transactions to healthcare records can be reidentified, often quickly, by trained data scientists with access to additional data points. A study conducted in 2000, for example, found that 87 percent of the U.S. population can be identified using a combination of their gender, birthdate and zip code.
It is possible to train machine learning models with private data sets so that no single data point is identified but statistical learning is maintained, including outliers like balls bouncing in the road or black ice conditions. Just like with humans, the more you experience, the more you know how to react in the future.
As the fallout of the Spectre and Meltdown vulnerabilities settles, the future of in-silica security becomes fuzzier. There are many comprehensive reports on the attack vectors, patches and respective performance degradation, perhaps most lucidly presented by Peter Bright at Ars Technica.
In a letter to the Commission on Evidence-Based Policymaking, US Senator Ron Wyden, D-Ore. proposed the use of privacy enhancing technologies (PETs) by government agencies in order to protect sensitive data.
Trust cements the foundation of the banking industry. Without it, we would be more apt to keep cash stuffed under our mattresses than in the impenetrable vault of a stranger. Modern digital banking wins and maintains customers' trust based on the security, transparency and accessibility of their data. Unfortunately that trilogy is not always mutually inclusive.
The inevitable onslaught of targeted advertisements has both consumers and technology companies wondering whether there is any alternative future for internet economics. Jonathan Shaw recently published a compelling piece in Harvard Magazine, breaking down some of the biggest challenges to our understanding of individual freedoms and technological progress.
The latest in a wave of sovereign data security laws has emerged from China, causing some alarm with companies trying to understand how it could impact their businesses. Several sectors are identified as "critical information infrastructure", including telecommunications, information services and finance, who would be required to store personal information and sensitive business data in China.
With over 3,000 IT professionals surveyed, the recent Ponemon study sponsored by Gemalto addressed issues concerning the "Global State of Cloud Data Security." The webcast can be viewed here and the report can be downloaded here. The participants represented a good cross section of company scale and geographic location around the world.
The world's largest mission-driven open source conference, Open Camps aims to "break down barriers to technology innovation through open source governance, communities and collaboration." The Inpher team presented the _ultra development platform for application-level security and privacy at the Search Camp session in New York on July 10th.
Strong privacy laws that establish the 'right to be forgotten' may be unenforceable. EU citizens can request that search engines remove results that are no longer relevant or accurate; however, researchers at NYU have found that even after links are delisted it is possible determine the names of individuals who petitioned for their removal.
Keyword search is enabled on shared data by utilizing a key exchange system based on standard public and secret key cryptography. The _ultra encrypted key architecture allows applications to manage information in vulnerable cloud or on-premise environments while keeping sensitive data unreadable to the infrastructure provider and host.
With over 20 billion devices coming online by 2020 and an estimated 25 vulnerabilities per product, it's no wonder that IoT security is a hot topic. While acknowledging that encryption is not the complete answer, we maintain that data should be protected as it is created.
Mr. Schrems has his doubts about 'Safe Harbor 2.0', according to his recent interview with Ars Technica. Others have been quick to jump on board with dissent, eyeing opportunities to become a neutral data haven. According to John Whelan, a data privacy lawyer, in an interview with the Irish site independent.ie, “If Privacy Shield doesn't work out and ultimately data has to be segregated."
The draft document for ‘Safe Harbor 2.0’ was released on March 2, and is pending review and approval by the EU Article 29 Working Party by the end of March (sure). Sidley Austin’s Data Matters blog covers it well. In summary, the new framework is ‘significantly different’ from Safe Harbor 1.0 so companies must re-certify to “ensure a level of protection of personal data..."
Firms are spending tens to hundreds of millions building new data centers in the EU to comply with post safe-harbor regulations in order to avoid hefty fines; up to $20m USD or 4% of global revenues. Despite their best efforts, employees' unsanctioned use of cloud applications that contain personal data could still render companies liable.
Will the Internet of Things make it even harder to prevent cyber-crime? Research seems to show that it will. How can you protect your privacy and your private data with IoT taking over everything?
The Economist is educating their audience about the difficulty of fully homomorphic encryption and multi-party computation technology. They're noting that putting them to work on messy, real-world data is proving to be very tricky.