Data Privacy Day 2010 is just around the corner

Data Privacy Day 2010 is occurring on January 28th. Data Privacy Day is an annual international celebration to raise awareness and generate discussion about information privacy. In 2009, both the U.S. Senate and House of Representatives recognized January 28th as National Data Privacy Day.

Over the past few years, privacy professionals, corporations, government officials and representatives, academics, and students in the United States, Canada, and 27 European countries have participated in a wide variety of privacy-focused events and educational initiatives in honor of Data Privacy Day. They have conducted discussions, examined materials and explored technologies in an effort to bring information privacy into our daily thoughts, conversations and actions.

“Despite all the benefits of new and innovative technologies, there are doubts and worries that persist about just how much personal information — our digital identity — is collected, stored, used, and shared to power these convenient and pervasive services.”

Richard Purcell, executive director of The Privacy Projects (www.theprivacyprojects.org), organizing sponsor of Data Privacy Day.

Data Privacy Day has also provided an opportunity to promote teen education and awareness about privacy challenges when using mobile devices, social networking sites and other online services.

Everyone is welcome to participate by sponsoring events, contributing writings and other educational resources, joining activities, and taking actions designed to raise privacy awareness.

More information can be found on the event website at: dataprivacyday2010.org.

David Lacey likes my book!

The book launch that happened yesterday went very well. It was a great pleasure to find David Lacey there who has made a very nice posting on his blog concerning my book in ComputerWeekly.com.

David has also just published a book (Managing the Human Factor in Information Security)that is extremely relevant in a changed society that we live in today. Information security but from the ‘human perspective’. His thinking is a ‘bottom-up’ approach in the organisation, as the traditional top-down approach is just not working. I have only just started reading the book on my journey home from the U.K., just finished the chapter “Power to the People” 😉 very cool!

On my way home I also got distracted by my new gadget, my Sony digital reader that I purchased at the airport. Well if David has one, I want one too 🙂

RHUL ISG Alumni Reunion 2008

This week I was at a reunion held at the Royal Holloway University of London (RHUL) for the Information Security Group, and it was so cool! I met a whole load of security professionals over and above those that I had already had the pleasure of studying alongside with on the distance learning programme. I also had the pleasure of speaking on the Wednesday, I spoke about privacy and how perceptions are changing and why.

If any of you guys I met at this conference read this post, I would like to thank you for being there. It really was a pleasure to meet you all!

Lost texture and co modification

Just over a week ago I attended the LSE conference on the ‘social and organizational consequences of information growth and the Internet’. Last year it was on identity. Both years have been excellent. I particularly enjoyed listening to Albert Borgman who spoke about the impacts on our society. For example 200 years ago two-thirds of us were illiterate whereas today, although illiterate, we lack other skills such as texture/context. This is the ability to feel how articles originated. For example, the material you may buy for your curtains at home, just 200 years ago, at least before the Industrial revolution, a woman could visualise how it became material, the process. All this she saw when she touched the texture. It’s the context or texture. What we see today is a piece of linen as linen.

I was thinking about this a lot. It is like not having sight or the ability to feel texture when we touch something. Have we really lost something here? I was thinking how satisfying it feels to grow things in my garden, and how knowing the process, I see it when I buy something. He mentioned that more people should get close to nature, his example was gardening. It brings us back to basics, helps us to appreciate a good life. Simple things that are determined by external factors outside of our control, the weather, nature for example. It stops us thinking about things that are just not important.

He also talked about co modification. It describes what is happening today to information. Information has become cheapened. There was also moral co modification, economic co modification and e-co modification. Co modification will provide a universal uniformity that will lead to a decline of competence and comprehension, furthermore a dispersion and isolation of people from one another. Consequences are instead of a thoughtful and cosmopolitan people that I hope most of us are today, some of us have become, and will become, thoughtless and arrogant. Even though individually people are in general decent.

Bruce at INFOSec Europe

I was lucky enough to listen to Bruce Schneier speaking at INFOSec Europe on Wednesday last week. He spoke about the mismatch between ‘security’ and ‘feelings’. In that often how we feel does not equate to the reality. For example at the airports they remove liquids during the security check, it makes us feel more secure, but in reality doesn’t make much -if any- difference to how secure we actually are. In effect we make security trade-offs based upon how safe we feel. The ability to make this trade-off accurately is can be distorted by media hype. The fact is the ‘feeling’ comes from the instinctive part of our brain, and the ability to be able to rationalize distinguishes us from animals as human beings.

This brings us onto ‘models’. You know society models that we have grown up with and accepted as fact. Models are created by human beings and are based on facts. These facts can actually become an integrital part of how we feel. For example one model created by the tobacco companies in former times was that smoking was healthy, this model has changed over the last 30 years to the converse. Changing this model took time, and was painful for many, especially the tobacco companies 🙂

The unknown is scarey, and it seems to be we have a tendency to overestimate the impact of involuntary risks (e.g. earthquakes, airplane crashes), and to the converse, underestimate voluntary risks (e.g. smoking that is a choice).

Security Theatre (snake oil) is the name given to those products that make you feel more secure, even though in reality they don’t do anything. Although we need these sometimes. One example in the US was the introduction of the safety cap on over-the-counter drugs. There was an incident whereby one bottle became contaminated by some (mentally sick) person. The consequence was a death. This type of incident happening is extremely rare, however over-the-counter drugs would have never made it further without the introduction of the safety cap as consumer confidence had been lost.

So to summerise: the most successful security products manipulate ‘models’ and ‘feelings’ even though they may not necessarily match ‘reality’.

PRIME and Karlstad university

I have a speaking engagement at Karlstad university tomorrow. Should be interesting especially as it is linked to the PRIME EU funded project. PRIME is about building a privacy infrastructure that enables us to have some level of anonymity in our transactions. Well it is much more than this. Anyhow it is about giving you and me the choice and power to keep our personal information private, it is about having the choice to track whoever is collecting our information with and without our knowledge, and pulling this information back if we like. It is about having control over our own identities. It covers all the stuff that I’ve been writing and speaking about!

btw I will have part 2 of the paper Identity Linkage and Privacy -that was originally published by ISSA in April and then reprinted by IAPP in July this year- published in ISSA December issue. This is what I will be talking about tomorrow.

Graduation at RHUL!

Hi, well at last, myself and some of my class-mates that passed a Masters Degree in Information Security last year with the Royal Holloway University of London had our graduation ceremony. It was a very special occasion. The champagne was flowing……we have some nice pictures…check the comments

Congrats to my class-mates, it’s been a pleasure studying with and getting knowing you all, and look forward to keeping in touch!

From left to right: Andy Smith, Ron Bailey, Bob Bowden, Brian Cooke, Me (in red), Richard Lane, David Musgrove, Steve Greenham, Jose Recio Pelaez.