Security & Privacy « The Envisioners

Archive for the ‘Security & Privacy’ Category

The Future of Public Libraries

Thursday, July 1st, 2010

http://www.podtrac.com/pts/redirect.flv/www.theenvisioners.com/wp-content/uploads/podcasts/Episode6.flv

A few months back we were approached by the Society of Chief Librarians to provide some insight on how changes in society and technology may offer some opportunities for us to radically change the way in which we live, work and play – a topic regular viewers will know we enjoy and have some opinion on .

Fundamentally – I am convinced that the library is one of the primary pillars of community and as such it’s role in developing and nurturing that community is absolutely essential – however, my view is that some things need to change if we are to make the most of the opportunity (and the challenging circumstances in which we find ourselves today).

I was captivated by Alberto Manguel’s concept of the library as a "pleasantly mad place" – it struck a chord with me and re-enforced my opinion that the library needs to be many different things if it is to survive in the current environment – but whatever those things are they need to be built on the principles that have made libraries successful for thousands of years.

You can find highlights of the key recommendations I made to the SCL in this episode of the Envisioners:

Download the webcast here –

The Envisioners Episode 6

or click here to subscribe to the Envisioners podcasts on iTunes.

You can also download the slides I used here –

Open Government and the Future of Public Libraries

– like all the content we create, they’re available for use under Creative Commons license, so feel free use them if they’re helpful to you, but please respect the copyright of the image authors (see speakers notes in each slide) and ensure you are licensed properly for their use.

If you’re a sucker for punishment, a webcast of the full presentation is also available here for download:

Download the Hi-res (640×480) version here:
Open Government and the Future of Public Libraries (Hi-Res)
Download the Low-Res (320×240) version here:
Open Government and the Future of Public Libraries (Low-Res)

Tags: Libraries, Local Government, Open Data, Open Government, Podcast, social computing
Posted in Cloud, Consumerisation, Gov 2.0, Hybrid Organisation, Open Data, Podcast, Security & Privacy, The Digital State | 1 Comment »

Privacy By Design

Wednesday, June 23rd, 2010

Yesterday, we launched HealthVault in the UK, in some ways I think it is one of the most interesting (and perhaps, significant) products we’ve had for some time.

Not just interesting and significant in the context of the product itself, but more because of the approach to privacy that has been taken throughout the development of the platform.

For the uninitiated, HealthVault is simply a cloud based application platform, that allows people to develop rich UI based applications that feed off an individual’s secure and private datastore (in this context for applications that focus on “wellness”).

HealthVault is unique because it puts the individual in control of their health information, they have full visibility of what data is being consumed, by whom, which applications they use and more importantly, in every decision they make about which apps to use, or who to share their data with, the user is made explicitly aware of what data is required.

What is important in this approach is that the platform was developed using a series of key principles that were there when we started – we didn’t create the code and then “bolt” privacy on as so often happens.

Those principles were simply:

The record you create is controlled by you.
You decide what goes into your record.
You decide who can see and use your information on a case-by-case basis.
Your information cannot be used for commercial purposes unless you are explicitly asked you clearly tell us we may.

Privacy isn’t a binary problem, there is no single answer, but we can’t afford to ignore this key area, we need to listen to (and engage with) the experts – organisations like BigBrotherWatch, Privacy International, and NO2ID are excellent examples of people who are actively engaged in Privacy discussions across the board in an attempt to help us all do a better job of getting this right.

Sure, there’s more to it than this, but the point I’m trying to make is Privacy is going to be the “killer” topic in IT for the next few years (if you don’t believe me, ask Mark Zuckerberg ) Our collective success in addressing it properly will only come if we work together to understand the issues and build on the above principles to make it stick.

Tags: HealthVault, privacy
Posted in Cloud, Gov 2.0, Open Data, Security & Privacy | No Comments »

Cloud Computing – What’s the Point?

Tuesday, October 27th, 2009

http://www.podtrac.com/pts/redirect.flv/www.theenvisioners.com/wp-content/uploads/podcasts/Episode4.flv

Back in the Summer, Matt Deacon asked if I’d like to give a presentation on the subject of Cloud Computing to an Architect forum he was planning in the UK for September. I said “yes” immediately because I was getting increasingly frustrated with all the hyperbole about Cloud Computing being “the Future of IT” when all that was really being said was about cost containment and greater agility and frankly I wanted to prove that there really was more to it than that.

So, several weeks passed, the deadline loomed, and I set out to prove my theory that Cloud Computing would enable some significant outcomes that would transform society’s use of technology. Take a look to see how I got on…

You can download the webcast here (right click and “save as”) or click here to subscribe to the Envisioners podcasts on iTunes.

This presentation uses the superb Productivity Future Vision video generated by Microsoft’s Office Labs team. You can find this video (and get the background and more detail) here…

Finally, you can also download the slides I used here – like everything on this site, they’re available for use under Creative Commons license, so feel free use them if they’re helpful to you, but please respect the copyright of the image authors (see last slide in the deck) and ensure you are licensed properly for their use.

Tags: Cloud Computing, Consumerisation, Data Sovereignty, Differential Privacy, Office Labs, Podcast, privacy, Technology Biorhythms
Posted in Cloud, Podcast, Security & Privacy | No Comments »

Differential Privacy

Friday, October 9th, 2009

Privacy Earlier this week I blogged about the growing evidence of governments opening up their public data at both a national and local level. While this in itself represents a great leap forward it brings with it a new set of challenges the we will need to address. One in particular stands out and it is around the evolution of some of the very real challenges we’re going to face around Privacy in a Web/Gov 2.0 world.

Earlier this month I was chatting to Stuart Aston (one of our security advisors – you know the type, smarter than your average bear and very switched on to the evolution of the security principles we will face in an increasingly connected world) and he introduced me to the concept of “Differential Privacy“. He left me with a few white papers and a smile and a few hours later, with my head pounding and eyes bleeding (trust me you want to try and read this stuff) I finally got my head around the concept and what it’s going to mean to us as citizens.

Differential privacy is essentially, the ability to make very specific conclusions (with incredible accuracy) about the identity of an individual when provided with two disparate sets of anonymised data on a similar topic.

The example given uses NetFlix’s recent competition to improve their recommendation system as the backdrop…

DiffPriv

NetFlix published an anonymised data set of around 500,000 records in order to help developers come up with a solution to improve their recommendation system. Some bright sparks took this data and a similar export from the IMDB and by applying some fairly hairy maths, they were able to identify specific individuals with a shocking 96% accuracy rate.

This is mind blowing, not just because of the maths involved, but because of what it means in a world of growing public data, the old bastions of Privacy that we have relied upon thus far may no longer be enough.

Governments and organisations are going to need to take this seriously as it will present some difficult challenges about liability and the duty of care to keep their citizens/customers identity and data private.

In particular, think about the duty of care element. As an organisation, you have a legal requirement to look after the privacy of the data you hold on an individual or organisation – with differential privacy, how far does this duty of care extend? If you keep your data anonymised but others can compromise that privacy (albeit with hairy maths and more public data) who is actually liable or legally responsible for the breach?

There are some tough answers to be found here and undoubtedly some more legislation will be required – in the meantime though, it’s a concept we need to understand more so we can build appropriate responses that don’t restrict the overall movement towards making public data more readily accessible . We cannot afford to let this (and other similar issues) stop the democratisation of data, but we do need to go into this with our eyes open.

Tags: Cloud, democratisation of data, Differential Privacy, Digital State, Gov 2.0
Posted in Cloud, Gov 2.0, Security & Privacy, The 6 Themes, The Digital State | 1 Comment »

The Security Sledghammer

Sunday, May 3rd, 2009

Another week, another data security problem hits the headlines. It’s the same old story, human error results in the “misplacement” of a piece of technology (disk, USB stick etc) but the easiest way to deal with it seems to be to blame the technology and chase after that as the source of the problem. devilusb

The thing for me is, that people have been leaving important things on trains since Mr Stephenson stepped off the Rocket and said “Welcome to the Age of Steam, now where did I leave my umbrella?” so why is it now that we find ourselves in a world where the the humble USB key finds itself transported from “friend of the networkingly challenged” to Satan’s portable storage device?

The problem of course (beyond our own inability to deal with the implied human failure) is that we don’t have a sufficiently granular way of dealing with information risk. We simply don’t have access to pervasive, infallible technology solution that on a file by file basis, enables us to protect data that is sensitive while leaving less important data alone.

As a result, organisations and Enterprises face a binary choice in deciding how to prevent this from happening again (which is often made even worse when they are reeling from the headlines and embarrassment of another data loss). They can secure everything or secure nothing – it’s the only option they feel they have. Guess which one they choose?

I’ve worked with organisations who have an outright ban on portable storage devices, some even go so far as to glue up the USB ports on their PC’s. Let me tell you these are not organisations from the Security, Defence or Intelligence sectors, these are regular Enterprises just like yours.

Don’t get me wrong, I don’t blame them for doing this, but it’s a bit of a sledgehammer for what is essentially a walnut. The technology vendors have a big part to play in this, as do the various Governments and legislators that care about encryption standards, but importantly, the real challenge lies with you, dear reader, and it is one of data classification. There doesn’t seem to be much point in having a pervasive, granular data security solution if you don’t know which bits of your data are sensitive and which aren’t.

So what are you doing about it in your own organisations? Easy for me to say I know, but trust me, I know how big a deal this is. I know it’s a mammoth task and involves getting the “business” to agree on a classification schema (and sometimes for some hard truth that their “sensitive” data really isn’t all that important) but no matter how arduous or tortuous the route, you have to take it if you want to be that agile, innovative organisation you always wanted to be.

Ignore this and you might as well breakout the Araldite ™ and get cracking…

Tags: data classification, privacy, security
Posted in Security & Privacy, The 6 Themes | No Comments »

Security and Privacy – Give and Take

Monday, March 9th, 2009

So the last thing I’m going to try and do here is to attempt to talk to you about the principles of IT Security and Privacy.

But what we do need to understand is that people are increasingly willing to sacrifice elements of privacy in return for something we find valuable, grocery store loyalty cards for example are the gateway to a whole range of profiling and targeting that we subject ourselves to in return for some cheaper petrol and a few savings vouchers – it’s going to continue, especially as (through innovation and transformation) organisations get increasingly sophisticated in how they collect, analyse and use the data that we leave in our wake as we travel through our every day lives.

The good news is that despite the scaremongering, people are really waking up to privacy and security issues and are increasingly able to make informed choices about what information they disclose and how to protect the information they seek to remain private.
Perhaps the best example of this occurred a couple of years ago with Facebook when Zuckerberg changed the status updates to a newsfeed service.

Zuckerberg faced a massive backlash from his user base, almost 300,000 users got together to revolt but then something happened. Surprised by the reaction, Zuckerberg implemented a privacy feature that enabled people to designate which information was private and which was public (and would therefore be sent out as part of the news feed update to friends). The reaction was incredible and transformed the usage of Facebook and ultimately set the standard for a bizarre conflicting standard for personal privacy that is simultaneously vigilant and laissez-faire.

But societal changes aside, lets return to the job at hand. In light of the other topics I’ve talked about today, Security and Privacy are no different. Traditionally, these concepts have been thought of as constraints to productivity, disablers of the possible, barriers to progress. I don’t think we’re there anymore. IT Security is an integral part of everything an organisation does and just like the others, given the other opportunities that both technology and society are presenting today, ultimately, our increasingly sophisticated needs and understanding become the catalyst for truly transformational change.

However, the biggest issue I’m left with today is our own organisational view on risk, I just can’t see how we can achieve the kind of transformation that’s going to be required without being forced to revisit some things that are obviously the very cornerstone of our operation and culture.

Ultimately, we are the only people that can answer this, but I’m hopeful that by continuing to collaborate through this blog (and other forums), both we and our other strategic partners will be able to provide you with pieces of the puzzle that make what is necessary, possible.

Tags: facebook, privacy, security
Posted in Security & Privacy, The 6 Themes | No Comments »

Archive for the ‘Security & Privacy’ Category

Privacy By Design

The Security Sledghammer

Security and Privacy – Give and Take

Tag Cloud of Envisioning:

Archives

Blogroll

License

Disclaimer