Dispatch from OURSA: The need for diversity in design

(Apr 18, 2018) The RSA security conference made news recently after some high profile folks on Twitter pointed out that, of the nearly two dozen keynote speakers lined up for the event — perhaps the biggest security conference in the world — only one was female. It's no secret that the security industry has a male-biased history, but instead of just complaining about it, the OUR Security Advocates Conference was born. This one-day, alternative conference featured a slew of leading female and minority informati... Read More

OURSA conference signals need for diversity in privacy, security design

(Apr 18, 2018) The RSA Security conference made news recently after some high profile folks on Twitter pointed out that, of the nearly two dozen keynote speakers lined up for the event — perhaps the most prominent conference in the world — only one was female. It's no secret that the security industry has a male-biased history, but instead of just complaining about it, Access Now's Amie Stepanovich and Facebook Chief Security Officer Alex Stamos, among others, worked on a solution: A one-day, alternative confe... Read More

IoT security and trust toolkit available

(Apr 17, 2018) AgeLight Advisory Group Managing Director Craig Spiezle has spent a lot of time examining more than 1,500 documents released by hundreds of initiatives that have hoped to develop a way to tackle issues related to internet of things security. The fruit of his efforts has arrived with AgeLight's IoT Safety and Trust Design Architecture and Risk Toolkit. The resource will help guide organizations into self-regulation, as they can examine 45 different principles to see which ones they need to implem... Read More

Advisory group releases IoT safety and design risk toolkit

(Apr 17, 2018) Hundreds of initiatives have been launched over the past several years to tackle the issue of internet-of-things security in the design phase for devices. AgeLight Advisory Group Managing Director Craig Spiezle spent the time to review more than 1,500 documents to see what those initiatives hoped to achieve. AgeLight has released the fruits of Spiezle’s work in the form of the IoT Safety and Trust Design Architecture and Risk Toolkit. The toolkit seeks to achieve three primary goals: to guide a... Read More

Hackers attack casino's smart thermometer

(Apr 16, 2018) Cybersecurity company Darktrace recently revealed hackers were able to exploit a smart thermometer to gain access to a casino's database of high-roller customers, Mashable reports. Darktrace CEO Nicole Eagan explained, "The attackers used that to get a foothold in the network," adding, "They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud." While the information contained in the database was not disclosed, it is reported t... Read More

A privacy pro's guide to explainability in machine learning models

(Apr 13, 2018) With the EU General Data Protection Regulation just around the corner, there has been some debate and discussion about whether the law requires a "right to an explanation" from machine learning models. "Regardless of the regulation's effects on machine learning, however, the practical implications of attempting to explain machine learning models presents significant difficulties," Immuta Legal Engineer Stuart Shirrell writes. "These difficulties will become an increasing focus for privacy profes... Read More

Exploring the potential privacy implications of a 'web 3.0'

(Apr 13, 2018) "To many privacy professionals, a 'user-centered internet for individuals' would only exist in a perfect utopian world," writes Duff & Phelps Regulatory Consultant Seth Litwack, CIPP/US, CIPM, CIPT. "Yet, as the blockchain ecosystem matures, individual control, trust and security are consistent themes that blockchain and cryptocurrency platforms are attempting to tackle. In the not-too-distant future, a cryptographically secured digital identity may allow us to 'trustlessly' complete transac... Read More

Is a decentralized 'web 3.0' the answer to our privacy concerns?

(Apr 13, 2018) To many privacy professionals, a "user-centered internet for individuals" would only exist in a perfect utopian world. Yet, as the blockchain ecosystem matures, individual control, trust, and security are consistent themes that blockchain and cryptocurrency platforms are attempting to tackle. In the not too distant future, a cryptographically secured digital identity may allow us to "trustlessly" complete transactions that would have previously required the exchange of personal data and layers o... Read More

The privacy pro's guide to explainability in machine learning

(Apr 13, 2018) With the GDPR’s implementation date looming, there has been much discussion about whether the regulation requires a “right to an explanation” from machine learning models. Regardless of the regulation’s effects on machine learning, however, the practical implications of attempting to explain machine learning models presents significant difficulties. These difficulties will become an increasing focus for privacy professionals as machine learning is deployed more and more throughout organizations... Read More

Dominique Shelton saw an opportunity and jumped

(Apr 4, 2018) At this point in her career, Dominque Shelton, CIPP/US, can pretty much call the shots. She has been in the game for 25 years now; she has represented high-profile clients in cases spanning the gamut of privacy and cybersecurity litigation. She went to Brown University for undergrad. She was named one of the most influential lawyers in digital media and e-commerce law by the Los Angeles Business Journal. And, speaking to her, it's clear she has stood in front of a judge or two in her day — and g... Read More