Security X Privacy: Introduction


I’ve been working in Information Security for about three years, primarily focused on three domains: secure product development, security technology development, and defining the context for full security solutions.

The security landscape continues to change rapidly. Threats are increasing  while local regulatory requirements are having world-wide impact.  Dissecting this landscape requires clear and innovative thinking.

Personally, I’ve found that the discipline writing down thoughts and ideas forces a higher level of clarity. Blogging, with the prescription for clear sentences, is ideal. And social media provides an opportunity for quick feedback. It’s like “science-ing” the #$%^ out of them.” Throw something out as a hypothesis. If it’s bad, ideally people will quickly let you know (in a constructive way) where the flaws are. So we’ll see how this goes.

I’m calling this blog series [Security × Privacy] “security cross privacy” for a very simple reason. Most people tend to think of security or privacy as kinds of measurable “scalar” quantities, i.e. something you have or don’t have to varying degree. But, for any number of reasons, that view point is naive. For instance, are you more or less secure with a password that is so long and convoluted you can only remember it by writing it down? It’s hard to say without understanding the (multifold) threats you’re trying to mitigate. Security and privacy are not a single number, but a rich space. You may be secure against some attacks (like computer generated guesses) but completely defenseless against someone standing in your office reading the sticky note on your wall.

My latest idea (or hypothesis) is that security and privacy are really more like a “vector space” comprised of multiple components. Each has multiple independent components and it is only through looking at the intersection (or interaction) of these components that we can get a complete picture.

The intention for [Security × Privacy] is to look at various perspectives of security and privacy in a multidimensional context; a kind of “cross product” of capability against a vector space of threats and requirements.

For a first foray, I’d like to share some thinking I’ve had recently about privacy. We all sort of intuitively understand what privacy is: the protection of sensitive personal information. You want privacy when you speak on the phone about sensitive financial information with your banker, but feel totally protected if the person sitting next to you in a coffee shop overhears a conversation about a shopping list.

But, this is just a jumping off point – and where things get interesting. What constitutes “sensitive information?” And what exactly am I “protected” from?

Where this becomes hard is that information you may not think is important can be used to deduce things that are important. The apocryphal story from 2012 of Target figuring out a teen was pregnant before her father did is one example.

Another more recent example relates to the GPS devices in your car or cell phone. A recent kaggle competition demonstrated that individual drivers could be identified by the telematics from a GPS unit with almost 98% accuracy. Data from a GPS device in your car can tell not only where you are going, but also who is driving.

Why do these matter? Because these issues lie in the domains of information security and privacy. There is no one “quality” that describes what constitutes security and privacy here. What information in the above cases is defined as confidential?  What control did the person have over the information? Did they fully understand the full context? What were the intended versus unintended or possibly detrimental outcomes?

In the case of the Target outcome, personally sensitive information was deduced from seemingly benign shopping patterns. In the case of the GPS data, while the data about the location and speed of the car is assumed anonymous, in fact the identity of individual drivers can be deduced. In both cases these outcomes may or may not be unknown to the user, and depending on the context, have desirable intended consequences, but also unintended consequences.

Let’s explore these together!