Privacy – Page 27 – Maverisk / Étoiles du Nord

CIAAEE+P

Privacy came to the fore last week, at a very interesting ISSA NL event.
Where we discussed the prevalent Confidentiality-Integrity-Availability approach (where impacts mandatorily regard the data subject(s), not you the processor, as the data subjects are legally owner of their info …!) and whether those three actually cover privacy aspects sufficiently.

Well, we did conclude that for now, CIA is ‘still’ the common denominator. But … hey, Auditability might be added, as that’s a sort-of requirement throughout privacy protection. And Effectiveness and Efficiency – of the data handling! – have a place as well, being representative of proportionality and legal-grounds-for-the-privacysensitive-data-handling-in-the-first-place (i.e., real purpose / purpose limitation!); if you collect more than very, very strictly necessary, you’re culpably inefficient in a hard legal sense, and at least part of your data handling is not effective.

But should we add Privacy as yet another factor ..? Does it have value in itself? Initially, I thought so, as the common CIA somewhere will always have lost its connection to information value, e.g., through the Bow Tie effect and other deviations (lagging) from modern developments.

Which I’ll discuss below. But now, first, an intermission picture:
OLYMPUS DIGITAL CAMERA
[Yup, Whistler]

So, as said, Privacy may be covered by CIA. But, … with specific deviations of interpretation. Continue reading “CIAAEE+P”

Who has your back; who’s up your back side?

Depends on how you foresee the world’s wheels of fortune turn…:

[Plucked via some byways from this originating site. Worth a visit!]

But beware … Things may change rapidly.

Cryptostego

Just as last week I’ve been discussing stego with colleagues, I missed this Bruce’s post…
Be sure to read the comments, though. A couple on stacking steganography over cryptography, which is what I would presume would work.

And, again the question: what would you know of actual use ‘out there’; is it common, rare, what are the characteristics of its users ..? Is it the next big thing after (?) APTs …?

Oh, here it is; the pic you expected:

[Would ‘Riga’ be a hint that there’s more to the picture …!?]

Who controls the Watsons…?

First, a picture for your viewing delight:

[Seems chaotic, yet navigable]

Who controls the Watsons in your pocket, once they arrive ..?
Anoher one triggered by Clive Thompson’s Smarter Than You Think: When not if Watson has morphed into a Software Defined Anything something small enough to fit on your mobile, just about everyone will use it in cyborg / centaur ways to augment oneself. This will require adaptation of the way one goes around in the world, and …
may create a dependence on the Machine, possibly a big one for those that had gained the most by this new ways.

But

Where will the database sit that hold all the info to be brute-force searched, in breath and depth ..?
If it is local, then how are the inputs screened; are they, and by whom ..? Who would know anything about the stuff you/they miss out on ..? Homophilia (groupthink/narrowingmindedness) and its grave dangers.
If it is somewhere remote, the control issues loom even larger. Yes, capacity-wise this may work much better. But the Central Scrutinizer (eternal thanks) may … will be the blue pills all around solultion …!
Even if primarily stored locally, who will have access to the images stored remotely for ‘backup purposes’ ..? Due to the enormous dependence that the PocketWatsons will create, backups are ‘more essential’ than ever, and by their nature must be kept at some distance. What a TLA wet dream would it be to lay their hands on yours…!

That’s only two questions that popped up already. There will be many more. And the answers …
Who will provide those, who will pick the best ones, who will decide what’s best ..!?

To Be Continued.

Seriously, what is @google up to ..?

Just a short note. Or question, rather: What the … is Google up to, these days..?
I mean, Glass has turned into a pilot thing, as yet testing the waters only, but spawning a whole eco(?)system of wearables. One of The Other Ones (fubbuck) swallowing up Oculus might tie in to this (pre-emptive, to keep it out of G’s hands ..!?), or not.
And after Hadoop there’s news on WebScaleSQL; I can understand that (but see how this means reaching out to conglomerate with erstwhile fiercest (attention) competitors).
But then there’s AI. Yeah, that might improve Search. But the potential(s) for game changers of unseen kinds are limitless. Is the Big G trying to outflank Watson, and/or will G morph into the Matrix ..? Blue pills…, blue pills everywhere….
Compared to this, the jump to Gmail Banking is just a little one, (will) disrupting only a couple of major industries.

As it all stands; what is Google’s grand master plan, or if there isn’t one, how could one get a good overview of all (sic) the initiatives in the wings, either public or, of which I guess there’s a lot more to know, internally?
I would sign a stack of NDAs to get an insight – if only to be able to decide on a reinventive career switch… Thanks Google if you could reach out to me!

Oh and now to close it off of course encore the usual picture for your viewing delight [sits on ‘Picasa’ somewhere anyway ;-]

[Appropriate, if you know what/where I mean]

Rule-based rules rule, babe

First, a picture for your viewing pleasure. You’ll need it.
DSCN5208
[OK, noga I mean toga I mean yoga class, Bryant Park]

Solliciting your help in trying to find the lapse of reason in the following:
Rule-based laws, or regulations, or organisational procedures, aren’t always bad. There need not be a principle-based approach always certainly not since (fact) that deteriorates over time into yet another bucketload of rules every time again for clarity [which proves it just is too difficult for the great many, to think, to only need the principles and act accordingly…].
There can be simple sets of rules… here and there … IF those rules are the precious few guiding rails needed, to keep everyone in reasonable alignment. Brushing off the sharpest edges, and standing ready in the background when something might go heywire.

In organisations throughout. Anything one can dream up, may be left to the specialists (if…), who (should) know best and need not be micromanaged.
Who is it that thinks to be better at rule-setting than the ones in the midst of turmoil in the first place ..? The compliabully, yes, but kick back (Frappez! Frappez toujours!) for freedom. The biggie rulesets derived from principles or not: They squash your freedom of action, your independece, your autonomy.

Take a look at societal rules. The law books have a few very abstract principles, and a great many very detailed rules… In case of doubt, courts come to the rescue [give or take that even there, one cannot be 100% perfect always]. Normal people using their normal brains, will not overstep the line.
Why can’t subsocieties like industry sectors function the same way? No autorities there, to govern the lot? Too many free riders and other scum, maybe; then step in from the outside and wipe it all clean (including the internal cleaners that didn’t perform – claw back their income in full as they didn’t deliver on their promises. Bad luck, such is life throughout the centuries).
Why can’t subsubsocieties like organisations function the same? Same. Would wipe the top half of many an organisation; silly bureaucrat mice walking on the bridge next to the elephant and claiming how much noise you make.

So, would we need oaths per professional association or per industry sector? No. By having been born, one has sworn to uphold the law that includes the lesser rulesets that any halfbrained dunghead could know to have to work within.

No me auto

On the quest to maintain autonomy as Freedom, as the driver for privacy.

First, a picture:
DSCN1118
[Oh look, a fig leaf of green, so this isn’t Metropolis at all (…?)]

Yes, indeed. I was triggered by the ‘blessings’ that Big Data may deliver in e.g., health care, where Watson-like doctors may deliver more accurate diagnoses that humans might. IF, big if, they’re fed with the right information. Restraint will not be in the system.
But, moreover, it is not the emotionless (?) machine we fear; it’s the loss of control. A human would interact; a machine, well, wouldn’t have need for that as it’s ‘always’ better than a human, and shouldn’t be second-guessed. A human doctor we can still distrust even if posing as an authority.

In there is our fear: The loss of control. The loss of autonomy.

Prisoners don’t fear guards as long as the latter just act normal. Because then, the latter are drones that actuate the System, the bureaucracy that is the Power That Be. Abusive guards, overstepping their (‘minimal’) power, lose that authority and are just Evil.

Humans fight bureaucracies because of the loss of autonomy that these bring.
Ever since Man (F/M) became aware of his autonomy in the dangerous environment, she has strived for control over that uncontrollable Nature beast. Most of all, by growing a pair, of brain halves, to a size so huge that pattern recognition leading to predictive analysis was bound to spring up. If only one could predict Nature, then one would have power over it because nothing surprising would happen. And then, one could do less fleeing, a bit more fighting and feeding, and much more of the Four F’s ‘F-for-reproducing’.
Ever since Man (M/F) started to cooperate in groups, there was a balance of sacrifice of autonomy, independence and efforts as inputs versus gains from cooperation.

And now, with the übercomplexity of society having passed a threshold somewhere in the mid-19th century, there is no room, no dream, for escape anymore. Until then, there was sufficiently vast terra incognita’s, (near-)unoccupied inhabitable lands, that there was always the alternative, however distant in achievability, of quitting the Contrat Social. Or, as before, societies weren’t overly complicated (for: ), one could start a revolution, or so. To get the non-autonomous together and with their combined muscle- and brain-force, get all to be free again. Until then, there was no notion of privacy, but it did result quite quickly (well, in line with the speed of societal development that then was also seen as being high…).

Which also ties in with the overwhelming Big Corp (Google, the Second Tier, and the rest) dominance over governments is steering our societies as these integrate. These uncontrollable beasts go far beyond what ‘democratic’ geography-tied national authorities pull off. Pulling both the TLA-agency snooping (automated trawling for patterns; no humans involved! but that’s exactly where the (above) fear comes in: uncontrollability as it’s too much, too fast, too abstract to be tractable for humans…!) and the loss of copyright over one’s own data (production) into the picture. The latter, as in this most recommendable book.

[Bell for a relevant intermission]
Or … this; around 0:37- but the whole thing isn’t too long and needed for full understanding – yes indeed if that was The Message, then it is, still, for all.
[We’ll continue the show]
Continue reading “No me auto”

On APTs

[Easy to get in. Valencia]

Suddenly, an uproar over this Mask APT that appears to have been around for seven years. Oh. Not much of an uproar. Also not over this.

Some may remember my prediction, from way back i.e. two months ago [not even going to put in links; just browse the Predictions category of posts], that 2014 would be the year of APTs, among others. Now, I almost feel that it isn’t 2014 but just January. Too bad!

Or, if you would want to shed light on this, do comment.

A few bits of hope, a lot of redundancy

DSCN1926
[Perfectly doable, for a machine/computer, very soon. Barça harbour.]

Along flew a tweet on this insightful piece.

Providing some leftover bits of hope that there will be a humanity that can sustain itself, in various marginal ways. Glad that we don’t need to be drones (and other links) ‘anymore’… As long as we can outpace AI, which we may lose control over soon.

Exit homo sapiens sapiens. Entrat Singularity, artefactum sapiens sapiens sapiens.

You’re a SCADIoT?

Strassbourg
[Just some side street of Straasbourg]
[Updated, ? added in title to make it less harsh]

A thought crossed my mind, as they do constantly: SCADA is over the hype hill already, qua setting information security as a requirement abstraction. Not yet onto enlightenment, implementation. But still, gefundenes Fressen. And methodologies are available, if one searches well and close enough.

For the Internet of Things (including domotics), not so much. Here, we see much more societal and philosophical discussions still going on, whilst the first traces of implementation, the earliest of early adoptions [that’s why they’re called ‘early adoptors‘, not ‘adaptors’ you fool; they’re actively adopting, not passively adapting like a micro-HDMI-to-VGA connector] are spreading. But security as in getting that implemented from the start, not so much.

Which would be OK if the first true piloting would await the results of the discussions, after which the implementations of the outcomes would still have to be done before roll-out. But no, the discussions are of no use now that Big Corp start pushing its ‘solutions’ quod non.

The more interesting thing is: Any wider-scale implementation will be a cross-over of SCADA and IoT, OR we give devices, robots, full control from the start; sorcerer’s apprentices when it comes to operating IRL.
In that space, we still stand very much empty-handed, don’t we, when it comes to methods to do methodologically sound work. Where (information/privacy/societal) security would be integral and important part of the ‘sound’.

Any thoughts, anyone ..?

[Edited to add: This link, with a discussion on the same (ex security)]