It’s time to rework our ideas about technology. Consumers should demand better security built in up front, governments should hold companies accountable for the problems their technologies create.
If we don’t fundamentally change how we build and secure tech our problems will get much worse.
Modern computing security is like a flimsy house that needs to be fundamentally rebuilt. In recent years, we have suffered small collapses here and there, and made superficial fixes in response. There has been no real accountability for the companies at fault, even when the failures were a foreseeable result of underinvestment in security or substandard practices rather than an outdated trade-off of performance for security.
There are better ways to make systems more secure. For example, you can build more isolation and separation into our systems, moving security functions to properly audited hardware and away from software (which is always more vulnerable). Things cannot be hacked if they cannot be reached. This may mean that we have to sacrifice some speed for security.
As things stand, we suffer through hack after hack, security failure after security failure. If commercial airplanes fell out of the sky regularly, we wouldn’t just shrug. We would invest in understanding flight dynamics, hold companies accountable that did not use established safety procedures, and dissect and learn from new incidents that caught us by surprise.
And indeed, with airplanes, we did all that. There is no reason we cannot do the same for safety and security of our digital systems.
The Looming Digital Meltdown https://nyti.ms/2Ef8fkf
Smart devices equal surveillance devices.
Don’t worry that the staff here at NobodyisFlyingthePlane has gone anti tech. It’s just that we promote thoughtful implementation, use, and management of technology.
Devices like Alexa will ultimately take more from us than they give to us. It’s essentially a State Security wet dream. They can listen in to everything that goes on in our homes because we let them. I’m sure Amazon is already receiving subpoenas for in home recordings from Alexa. This is the sort of thing that needs thoughtful policies and regulations forbiding miss use.
At its most expansive, “smart” produces a world where we no longer exert control over objects we’ve bought from corporations, but corporations exert control over us through things we pay for the privilege of using. And when “smart” is crudely applied to the cities we live in — to our crumbling infrastructure and militarized police forces — we give in to forces of privatization, algorithmic control and rule by corporate contract. It seems an indelible symbol of the times that New York City neglects essential but mundane services like public restrooms while promoting other putative municipal innovations, like the mass conversion of pay phones to Wi-Fi kiosks. As with other smart devices, which subsidize their costs with data collection, these kiosks are free — provided you submit to the collection of your personal information and location data. The commons becomes simply another site for private companies to spy on people.
Just How ‘Smart’ Do You Want Your Blender to Be? http://nyti.ms/1rnrsZO
Americans are so preoccupied with the illusion of safety, that we can’t get behind mitigating real threats.
We’d rather have airport security prevent one shoe bomber than protect our government and private IT infrastructure.
Cyberthreat Posed by China and Iran Confounds White House http://nyti.ms/1Le0WJZ
Federal guidance on all types of data security is needed. Starting at the start with security far cars and other vehicle related data would be a great start.
Regulators Should Develop Rules to Protect Cars From Hackers http://nyti.ms/1Mcvdbw
Kudos to Bobby Jindal for getting it right on privacy. License plate readers pose far greater harm to society than any law enforcement benefit they could possibly provide.
Of course private companies will get their hands on this data. In no world should it be ok for private companies to know where we are.
Companies and employers can gather what ever information about us that they wish, but they aren’t compelled to keep that info secure. They are certainly not held accountable when it gets stolen.
Institutions, companies and government agencies often devote more resources to collecting information about employees and consumers than to protecting it, security specialists say.
negligence by employees and contractors has been a more common cause of corporate data breaches in the United States than malicious attacks, according to a study of 2011 done by the Ponemon Institute, a research center on data security, and financed by Symantec, a data security company.
Susan Landau, a Guggenheim fellow in cyber security, privacy and public policy, says companies and agencies are unlikely to improve data security without the threat of penalty.
“What are the personal consequences for employees who allow data breaches to happen?” Ms. Landau asks. “Until people lose their jobs, nothing is going to change.”
We can’t trust companies to provide adequate data security on their own. There is too much at risk. We need our government to step up and draw up some guidelines and mandates that will force companies to protect data. The government isn’t the obvious choice to trust with your privacy and your data, but its foolish to believe there is any other entity that could or would possibly put the rights of citizens before profit.
had security flaws that could allow location tracking of users against their will and the theft of personal information stored on their phones, federal officials said Friday.
Don’t think for a second HTC is the only one. iPhones let apps steal your pictures and contact data.
“The company didn’t design its products with security in mind,” Lesley Fair, a senior lawyer in the commission’s Bureau of Consumer Protection, wrote in a blog post. “HTC didn’t test the software on its mobile devices for potential security vulnerabilities, didn’t follow commonly accepted secure coding practices and didn’t even respond when warned about the flaws in its devices.”