Tag Archives: security

Artificial Intelligence Applications

Artificial intelligence (AI) will continue to contribute to innovations this year. I think some industries will embrace the change and some will resist for various reasons, including job displacement and trust. Our world is changing already in terms of the tasks that computers take on. Let’s examine some of the ways that AI will change how we work in 2017 and beyond.

Definitions

AI is simply a set of cognitive tasks that can be handled by a computer. Some AI functions incorporate vision and robotics but do not necessarily resemble Arnold Schwarzenegger’s dangerous “Terminator” character. Think of the hundreds of decisions that you make every day and which of those decisions could be best made by a computer, thus freeing you up for more creative and innovative tasks. Another term associated with AI is machine learning. That is the ability of a computer to learn from past cognitive decisions and make corrective choices, similar to how we learn from our mistakes and change our thinking in order to produce a better outcome.

Security

In a recent InformationWeek article, the author is hopeful that AI advances will help solve a skills shortage in the cyber security field. Right now, computers are used to gather data on threats and potential threats to weed out erroneous information and help security professionals formulate a mitigation strategy. In the future, the computer will also be left to formulate and institute the threat response as well as gather the initial data. Far from displacing security personnel, it will free them up to work on higher level tasks such as business continuity and refining the data collected and filtered. In this case, AI provides another pair of hands but security professionals will continue to be in as high demand as they are now.

Automotive Applications

One of the AI applications I am most excited about is automotive. I have written about this in the past and there have been some real breakthroughs recently. One practical application of AI is Ford’s new Pro Trailer Backup Assist. I cannot back up a trailer to save my life; I was denied that gene when I was born. Somehow the trailer appears at my side whenever I try to back into a spot. With backup assist, the driver removes their hands from the steering wheel completely and backs up by using a small knob on the dash. Turn the knob to the right and the trailer moves to the right. This is just the opposite of trying to use the steering wheel and certainly much more intuitive. This is an example of machine learning using vision and computing algorithms. Another even more radical example is the upcoming autonomous vehicle. These vehicles make constant decisions based on sensor input from around the vehicle to safely transport a passenger.

Danger Zones

Robots using machine learning differ from simple drones in that they make independent decisions based on past experience. A drone is controlled by a human operator and cannot function independently. An example of independent robot development is CHIMP from Carnegie Mellon University. CHIMP will be used in industrial application and for search and rescue when the situation is too dangerous for humans. It makes decisions based on instructions, experience, and multiple sensor input.

Thoughts

These are just a few AI applications, with a lot more to come. Are there tasks or decisions that you would just as soon leave to a computer? Do you trust the systems to make those decisions? This is a brave new world and it will take a leap of faith before some of these developments become completely commercialized. Let me know your thoughts.

Author Kelly BrownAbout Kelly Brown

Kelly Brown is an IT professional and assistant professor of practice for the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.

The Risk and Security of Connected Healthcare Devices

Photo of a pile of pills and medical devices.A recent Forrester Research report highlighted the security risks of connected healthcare devices and some of the implications of lax policies of manufacturers and care providers. This brings to mind for me all kinds of doomsday scenarios so I want to highlight some of the best practices in the report. These apply to the healthcare industry and other businesses.

Internet of Things

Part of the allure of the internet of things (IoT) is that many devices can be connected, including medical devices. In a recent article, author Yash Mehta highlighted some connected and potentially connected devices. On the list are monitoring devices which allow patients to be at home instead of a hospital. He also mentions companies that are developing edible IoT “smart” pills that will help monitor health issues and medication. This is an area where I would want the tightest security.

Steps for Security Planning

Start from the inside when thinking about security. Is everyone in your organization following best practices? Are you requiring passwords be changed regularly? Is everyone following this requirement or have they developed a workaround? Are there any shared accounts with a shared password? One of the biggest security holes has to do with social engineering. A hacker will pretend to be someone trustworthy to secure passwords or entrance into secure systems, then launch a widespread attack. Make sure everyone in your organization is educated and prepared for such an attempt.

Verify that the new devices have security built in from the manufacturer. This applies to health care IoT and other connected devices. It is hard to build security with no foundation. Push manufacturers to install a minimum level of threat protection in every device.

It is necessary to separate device information from actual customer details. In the case of health care, that means storing data collected from the connected device in a separate data structure than the patient data. In a retail establishment this means storing credit card information away from personally identifiable information such as customer name and address. The two can be linked via a separate ID but it should be difficult for a hacker to connect the two sources of information.

Thoughts

It is exciting to think of all of the possibilities with IoT devices but it is sobering to contemplate the security risks. All of us must consider and mitigate the risks, either as consumers or as part of an IT team building the tightest security possible. IoT devices are coming. Are you ready?

Author Kelly BrownAbout Kelly Brown

Kelly Brown is an IT professional and assistant professor of practice for the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.

Pokemon Go and the Future of Augmented Reality

Photograph of a smart phone screen with an active Pokemon Go game.Augmented reality took a big leap forward this month with the release of Pokemon Go from Niantic Labs and partner Nintendo. This game has become very popular and has drawn praise and criticism from different groups. Many are excited about getting players young and old out of the house, but some are concerned about the potential security problems when the lines are blurred between the virtual and real worlds. Personally, I am fascinated by the social implications of this technology and its potential benefits in gaming and extended professional scenarios.

Pokemon Go

Pokemon Go requires players to chase Pokemon cartoon characters in the real world using a smart phone. It uses the smartphone camera and clock to overlay one of 151 characters in real places such as the city, the beach, the forest or in buildings. The player must collect these characters wherever they may be. Water characters can only be collected near waterways and night fairies can only be collected at night. The game has become so popular that Darwin police in Northern Australia have alerted players that they do not need to come into the police station to catch a particular character:

For those budding Pokemon Trainers out there using Pokemon Go — whilst the Darwin Police Station may feature as a Pokestop, please be advised that you don’t actually have to step inside in order to gain the pokeballs. It’s also a good idea to look up, away from your phone and both ways before crossing the street. That Sandshrew isn’t going anywhere fast. Stay safe and catch ’em all!

This is not the first augmented reality game, but so far it’s the most popular. Niantic released a similar game called Ingress in 2015. Pokemon Go uses the same database of features and is basically Ingress using Nintendo characters.

Recent History

Niantic Labs was a Google creation but spun off last fall during the Alphabet restructuring. The original intent by Google was to build things on top of the incredible mapping technology that they already have. Think about Google Maps, Google Earth, and Google Street View. They have a comprehensive database of geo coordinates, so it makes sense to augment (no pun intended) that work with a game. This is a great example of an innovation extension.

My Interest

I have seen similar application research recently in the field of education. The premise is that if young people could be enticed to go to a park or a museum or into the forest, they could learn about the features of that location and earn tokens at the same time. Basically, this is the gamification of nature or history. I have written about this topic before, but I am all in favor of enticing people to go outdoors, whether to search for cartoon characters or for solitude away from the stress and distractions of everyday life.

Thoughts

Games like Pokemon Go could be the first of many popular augmented reality games. While there are still some bugs to be worked out, the technology is promising. Have you played Pokemon Go? Do you think this is a passing fad or the beginning of a new reality? Let me know your thoughts.

Author Kelly BrownAbout Kelly Brown

Kelly Brown is an IT professional and assistant professor of practice for the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.

Customer Data: The New Capital

Fingerprint weighted against a dollar sign.Sports Authority, a retail chain of sporting goods stores, recently filed for bankruptcy and sold off all of their assets. One of the highest bids was for their name, e-commerce site and customer data, bought by rival Dick’s Sporting Goods for $15 million. In contrast, a package of several store leases went for only $8 million and naming rights to Sports Authority Field, also known as Mile High Stadium, home of the Denver Broncos, is still on the auction block. It appears that customer information is the new desired capital, but what does that say about our privacy and the use of our personal information? Is it truly for sale to the highest bidder? Did we actually agree to that?

Privacy Policies

The Sports Authority privacy policy states, “We may transfer your personal information in the event of a corporate sale, merger, acquisition, dissolution or similar event.” Information collected and stored at the Sports Authority website includes full name, street address, e-mail address, telephone number, credit card number, and credit card expiration date. This is not unique to Sports Authority; other online retailers collect the same information and include a similar caveat in their privacy policies. It is up to the consumer to read and understand that clause and decide whether it is worth the risk.

Relationships

When signing up for rewards programs I agree to hand over my personal information, regardless of whether I read the privacy policy or not, but I expect our relationship to end if the company is dissolved. In the case of Sports Authority, my intended relationship was with them and not with Dick’s Sporting Goods or someone else. Is there a step in the process that lets me break off the deal should I not want to be solicited by the highest bidder?

Thoughts

With value on customer data comes responsibility to customers who have disclosed their information and expect at least a minimum of privacy and discretion. Privacy advocates are watching these developments closely. They are concerned that the new owners will not adhere to the original privacy agreement and will use the customer information in ways not originally agreed upon.

Let me know your thoughts on buying and selling customer information. It is not a new idea. I have received solicitations from car dealers for years based on information available from the division of motor vehicles. What is new is how easy it is to collect, buy, and sell this information and the amount of associated customer information collected, which can be put up for sale to the highest bidder.

Author Kelly BrownAbout Kelly Brown

Kelly Brown is an IT professional and assistant professor of practice for the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.

Brexit and the Technology Industry

Puzzle with the national flag of great Britain and European Union on a world map background.The recent decision by Britain to exit the European Union (Brexit) has people asking a lot of questions. Some analysts are pondering British technology regulations and the state of the technology industry post European Union. There are surprising implications that perhaps have not been considered but probably would not have made a difference in the vote.

Silicon Roundabout

An area in East London has been dubbed Silicon Roundabout for the concentration of high-tech firms, particularly start-ups. In a 2013 Guardian article, director of Twilio Europe James Parton cites reasons for locating a hub in London, “…London was a natural choice for our first office outside of the U.S. Language, accessibility to rest of Europe, a vibrant start-up ecosystem, the financial market, talent and flexible business conditions were all contributing factors.” Other areas of Britain have attracted high-tech heavyweights and start-ups alike.

With Brexit, some of those desirable qualities could disappear. Accessibility to the single EU market is in jeopardy, which could result in less than favorable trade arrangements and higher tariffs for companies operating in an independent Britain. A recent BBC article suggests that Berlin, for example, will actively court those tech start-ups and venture capitalists that have been pouring money into Britain. In making her pitch, Cordelia Yzer, Berlin Senator for Commerce and Technology, said, “They are welcome, their talent is more than welcome. It’s a great place to live and we also speak English. Berlin is a place where their dreams can come true.”

High Finance

Another potential issue for tech firms in Britain is access to capital. Start-ups in particular, but all tech firms in general, are capital-intensive operations mainly used for talent and equipment. A recent Reuters article reports that Standard and Poors and Fitch Rating recently dropped their credit rating for the country. This could make it harder or more expensive for companies to borrow capital for expansion or for a start-up. These companies could consider other EU centers such as Berlin or Paris, where funds are less expensive.

Data Privacy

The EU and the U.S. are working on the latest changes to their data privacy agreement. The EU has some of the toughest privacy laws in the world with Germany and France leading the charge in areas such as “the right to be forgotten,” which require companies such as Google to erase all internet history of an individual upon their request. Britain has pushed for less stringent regulations but it remains to be seen whether they will still abide by the EU-U.S. data privacy agreement. That brings up the question of whether data flowing through Britain will still adhere to those standards, or will it be less secure?

Thoughts

The exit is still being planned, though EU countries are pushing to get it done sooner rather than later. With the separation come questions for high-tech companies and consumers. These will be sorted out over time and I will be watching the developments with interest. Can you think of any tech benefits or drawbacks to a post-EU Britain? Let me know your thoughts.

Author Kelly BrownAbout Kelly Brown

Kelly Brown is an IT professional and assistant professor of practice for the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.

Careers in Technology: Threat Intelligence

A silhouette of a hacker with a black hat in a suit enters a hallway with walls textured with random letters 3D illustration backdoor conceptI recently came across an interesting New York Times article highlighting the field of threat intelligence. Gartner expects the market for this security service to reach $1 billion next year, up from $255 million in 2013. Surely there must be job opportunities for the person with the right preparation, education, and credentials. I did more research into this technology career and came up with some interesting prospects.

Making Lemonade out of Lemons

In the article, the author cited a case of a family welding shop in Wisconsin that ran a small server for tracking orders, billings and suppliers. Their server was hacked, and they were totally unaware until a Silicon Valley security firm contacted them. The firm noticed that it had become a proxy to get to other vulnerable servers, some from very large companies. The security firm left the server in place but now closely monitors the traffic going in and out of it and can preemptively warn clients when they have been breached or are about to be compromised. Threat intelligence is really about being proactive, as opposed to reactive, and monitoring security issues or paying others to monitor them for you.

Education

For education in this field, it is best to pursue the Certified Information Systems Security Professional designation. This training is available through self study, on-site or online training which prepares you for the mandatory tests. There is even a “CISSP For Dummies” book but I am not sure I would trust my network to someone who chose that route to learn the business.

In addition to the CISSP, there are specialized courses in threat intelligence to augment the CISSP training and certification. These courses take you beyond basic intrusion detection and teach you how to battle persistent threats and how to programmatically counter these threats.

Jobs

There are jobs available in private industry for security firms that do threat intelligence and sell that information to clients. Many major corporations want to build in-house expertise in this area in order to fend off hackers and protect proprietary information. There are also government jobs available from agencies trying to get the upper hand on security threats. This expertise might have prevented the breach of the Democratic National Committee that I mentioned in last week’s blog.

Thoughts

Network and system security is becoming more critical as some of our most valuable assets are the data we store about customers, new products, proprietary processes, and partner agreements. It is essential for firms and agencies to do all they can to protect that data. That means now moving from a reactive approach to the proactive and systematic method offered by the new field of threat intelligence.

Author Kelly BrownAbout Kelly Brown

Kelly Brown is an IT professional and assistant professor of practice for the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.

Watergate 2016: The Evolution of Technology

Stylized photo of a hooded hacker at a laptop.The political season in the U.S. is now in full swing and I had to smile at a recent article about a security breach of a Democratic National Committee server and the  alleged theft of background information on the Republican candidate, Donald Trump. For a moment I thought I had slipped back to 1972 when a break-in and attempted wiretap occurred at the Watergate hotel and office complex where the Democratic Committee was headquartered. The more things change, the more they stay the same. In this case though, the technology has evolved from breaking, entering, and wiretapping to sophisticated digital entry to specific servers. Let’s take a look at the evolution of technology in terms of security.

1972

I followed the Watergate scandal closely even though I was only a teenager. Members of the “committee to re-elect the president” were found to have masterminded a break in into the Watergate office building to plant wiretaps on the phones of key members of the Democratic Committee. Several players were indicted and sentenced to prison and President Nixon eventually resigned under suspicion of having authorized the break-in and for keeping secret recordings. When the Watergate burglars were caught, they were found with:

“… at least two sophisticated devices capable of picking up and transmitting all talk, including telephone conversations. In addition, police found lock-picks and door jimmies, almost $2,300 in cash, most of it in $100 bills with the serial numbers in sequence.

The men also had with them one walkie-talkie, a short wave receiver that could pick up police calls, 40 rolls of unexposed film, two 35 millimeter cameras and three pen-sized tear gas guns.”

2016

Fast forward almost 45 years and consider the modern tools of the burglary/cyber espionage trade. No longer is it necessary to even be near a physical building; a lucrative break-in can be done from anywhere. As of this writing, it is believed that hackers linked to the Russian government broke into the Democratic National Committee servers, presumably while in Russia. Whether that can ever be substantiated or whether the individuals behind the break-in will ever be brought to justice is doubtful. Part of the hacking ethos is to cover digital tracks through multiple systems and connections so as to mask the hacker’s identity.

Thoughts

Catching five burglars with wiretapping equipment in an office building was a piece of cake compared to what law enforcement faces today. The stakes are higher in terms of the information stores that we keep and the break-in methods are much more sophisticated. The tools needed to track and prevent a strike are complicated and require advanced education and skills. As long as we continue to have security breaches, both in politics and business, organizations of all types will seek qualified professionals. The more things change, the more they stay the same.

Author Kelly BrownAbout Kelly Brown

Kelly Brown is an IT professional and assistant professor of practice for the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.

Cybersecurity: After Ashley, Sony, and Target

Abstract image of padlock against blue tech background.There have been several high profile cyber attacks over the last two years, some for financial gain, some out of malice, and some from hacktivists trying to right what they see as moral wrongs. Has anything changed since these security breaches? Do we take security more seriously now? Do company leaders pay more attention to technology and security?

Grey Hat Hacktivism

I wrote about grey hat hacktivism after the breach of the Ashley Madison website. Hackers threatened to publish the names of Ashley Madison members unless the site was taken down. They did this under the guise of moral outrage that the website was encouraging and enabling adultery by matching members. The hackers later published a few of the names, and then the full list. Whether the full list was published purposefully or accidentally is still unclear.

While the hack and the revelation of member names has interrupted many lives, Ashley Madison and its parent company, Avid Life Media, are still operating as usual. The CEO resigned last year after the breach, but the company states it “continues to have strong fundamentals with tens of thousands of new members joining AshleyMadison.com every week.” If the company claims are true then the hackers did not succeed in their objective. Hopefully it has caused people to be more careful about their own security and dealings on the internet. There is no evidence that Ashley Madison has changed its security policy to prevent future hacks.

Right on Target

In December 2013, Target was breached and 40 million debit and credit card accounts were exposed. In the aftermath, Target hired cybersecurity experts to probe the network and they found that once inside, hackers had access to every single cash register in every store. Target has taken steps to ensure this particular breach will not be repeated. It is thought that the initial entry came through a heating and air conditioning contractor who had a virtual private network (VPN) tunnel into Verizon for the purposes of exchanging contracts and work orders. Once the contractor was breached, the hackers had access to Verizon through the VPN and once in Verizon, they could go out to the point of sales systems to collect customer information. Even one weak link can cause incredible damage.

It is not clear how much customer information was actually used or sold but Target suffered, at least temporarily. Short-term earnings were down after customers lost confidence in the company. The CEO and CIO both resigned over the incident and Target has since worked to examine every aspect of their network for possible security holes. In short, security is serious business now, even at the highest levels.

Sony Hack

In November 2014, hackers breached the Sony Studios network and made public information about personnel, including salaries, unreleased films, and e-mail correspondence between Sony employees. They demanded that the upcoming movie, “The Interview” not be released. The movie was a spoof about North Korea, which led to the conjecture that the North Koreans were behind the hack. I will go on record as saying that I believe that the hack was an inside job, either by disgruntled employees or perhaps even orchestrated by the company to create publicity around a potentially bad movie. In any case, the movie was not released to theaters right away and Sony Pictures chief Amy Pascal was fired. It is not clear what Sony has done to shore up their defenses from further attacks but this is a case where limited and targeted inside information was exposed instead of customer information.

Thoughts

These are just three of the recent high profile attacks perpetrated for financial gain, moral outrage or embarrassment. High-level executives lost their positions and organizations lost credibility in the eyes of customers. Here are three take away messages for me:

  1. Security does matter and it should matter in the highest levels of an organization. In the old days, the shop proprietor locked the front door when she went home at night, but it is not that simple anymore. With the increase in cloud computing and storage, there are a lot more doors to secure. It is complex and it is important.
  2. Organizations need to evaluate their security threats from both the outside and the inside. Employees know the systems and networks better than hackers. Are they with you or against you? How do you know?
  3. Security matters to each individual. We need to be diligent about our own digital presence and tracks on the Internet. Are your transactions secure? Are you using solid passwords? Are you encrypting your personal information when necessary? We all have a personal responsibility in that regard.

Those are my thoughts. Let me know what you think.

Author Kelly BrownAbout Kelly Brown

Kelly Brown is an IT professional and assistant professor of practice for the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.

The Beauty of Blockchains

A rainbow of color blocks.Last year I wrote about the Bitcoin revolution and some of the implications to our financial, currency, and trading systems. At that time, a single Bitcoin was worth $1,100 but now is only worth $379. There are wild price swings and talk of dissent among Bitcoin developers, as outlined in a recent Wall Street Journal article. Whether Bitcoin or some other crypto-currency survives in the long run, I think the most interesting story is the blockchain technology behind the rise of Bitcoin and the wide-ranging uses for this development.

Blockchain Explained

A blockchain can best be described as a ledger or database that exists simultaneously on hundreds or even thousands of systems. All of these copies are cryptographically connected to ensure data security.

In the case of a Bitcoin, every time a coin or a fraction of a coin is used, that transaction is recorded on the ledger. The database or registry records who had the coin and who now has the coin, which prevents a coin holder from spending the same coin multiple times. Because this registry is replicated in several identical databases simultaneously, someone attempting to hack into a system to steal the coin would have to hack into all of the systems at the same time. Changing only one instance of the registry alerts the other systems of the fraud and blocks the transaction. If blockchains can be used for currency, what are other possible uses for this technology?

Title Chains

Anything that requires a title could make use of blockchains. When you purchase a home or a vehicle, you need to know the person selling that property really owns it. A title tracks ownership through the life of the property. When you purchase the property, you are added to the title. This process takes a lot of resources, both human and computer, and is not immune to fraud.

When I sold stock, I had to send my paper certificate to a broker to prove that I was indeed the owner. When I bought stock, the broker sent me a newly issued certificate to prove that I was the owner. Now the exchange is executed electronically, but it can still take up to three days to complete a transaction because of all of the systems and humans involved in the process. All of these transactions could be simplified by secure blockchain technology, which would be quicker and would reduce risk and amount of paperwork.

Developing Countries

I think that developing countries could benefit greatly by using blockchain technology. Many of them do not have a secure title transfer infrastructure which limits their ability to buy and sell goods and services. Blockchains can be registered in small increments, even cents, so they can be used by entrepreneurs wanting to sell locally and worldwide without employing costly brokers.

Thinking on a larger scale, if an entrepreneur wanted to start a company, they could sell fractional shares in the company with each share secured by a blockchain transaction. The computing infrastructure does not need to reside in the community or even in the country but could be anywhere in the world. The transaction costs can be a lot lower, thus ensuring that more of the profit is kept in the community and reinvested for future growth and opportunities.

Thoughts

I am excited by the fact that technologies such as blockchains can create new opportunities. Coupled with other emerging advances, such as green power and wireless communications, this has the potential to be a game changer. Let me know your thoughts.

Author Kelly BrownAbout Kelly Brown

Kelly Brown is an IT professional and assistant professor of practice for the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.

Implementing Privacy Policy Across Borders

Image of a padlock surrounded by gold stars on a blue field.Digital privacy and security often go hand in hand and the two will continue to be center stage in terms of information management in 2016. As we continue to work through the freedoms and accessibility that come with our connected world, we need to take a broader view than just our community and country. How will digital policy in other parts of the world affect the way we conduct business and how we protect our digital identity? An article this week about emerging policy in the European Union (EU) helped me understand the implications for my own digital persona.

Secondary Use

The EU has developed privacy and data protection reforms that could be enacted within two years. According to the new legislation, a European citizen’s information cannot be used for a secondary purpose without their consent. For example, if I agree to reveal my current location to use Google Maps or to find the nearest Olive Garden, that piece of information cannot also be used to target me for a local gym membership advertisement. Anyone intending to sell personal data would need to know the potential buyers ahead of time and must get permission from all individuals whose data may be sold. Because it will be difficult to limit this to EU citizens it could become wide-ranging. This also has implications for anyone doing data mining and analytics to create and sell information or profiles.

Profiling

Personal profiling is also covered in this recently passed legislation. While not prohibited, it places the burden on the profiler to reveal the information collected and algorithms used to create the portrait. If I eat out every Tuesday night, shop for groceries every Thursday night, and have recently searched online for chef schools, someone could conclude that I am tired of restaurant food and could target me with an ad for a local kitchen store. Before that happens however, I have the right to know just how that data mined profile is created, according to the new legislation. While this helps me as a consumer, as an IT professional I have to be careful conducting any data mining or analytics and now have to be transparent in my work and intent.

In The Cloud

While I applaud the EU for its sweeping reforms I think they will be difficult to enact and enforce. Here is the dilemma for me: how do I reconcile geographical boundaries with cloud boundaries, which by definition are ethereal? For example, as an EU citizen, the data collected about me could be housed on cloud servers in Frankfurt or Mumbai or Buenos Aires or Atlanta. Do the laws refer to me as a citizen living within the European geographical boundaries? Or do they refer to the location of my data? What if I am a German resident but my data is housed and mined outside of the EU? What then?

Thoughts

The European legislation is still at least two years away from being enacted. In that time we need to broaden our thinking beyond government boundaries and create worldwide policies regarding security and privacy. It would be difficult to specifically mark all data belonging to citizens of a particular country, but it would be easier to apply the same standard for users worldwide. It will take a concerted effort to think beyond controlled boundaries and work together to consider what is best for all digital citizens. Do you think we will ever be able to agree on global digital policies? Let me know your thoughts.

Author Kelly BrownAbout Kelly Brown

Kelly Brown is an IT professional and assistant professor of practice for the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.