Dawning of Privacy
My presentation two weeks ago at the Security Congress went a bit differently than I’d expected. I wanted to take a stab at challenging the audience and inviting an argument. It’s not that I enjoy disagreement, but I thought that it might be helpful to encourage a debate. The main thesis of my presentation was that information security professionals, while often tasked with the responsibility to handle privacy, do a lousy job of it.
Given that I was talking to predominantly information security professionals, I thought that it would likely insult a portion of the audience, and I expected to be called to task for it. Much to my surprise no one seemed to disagree, and I even had a fair number of what I like to call “head bobbers” in the crowd. A head bobber is a person that nods affirmatively in response to whatever you say.
Then this past Thursday I spoke at an Application Developers Alliance event on privacy. Again my preconceived notion of the crowd was mistaken. I figured this crowd, mostly comprised of early-stage startup developers and entrepreneurs, would believe the topic of privacy contained nothing deeper than getting their privacy policy right. The entrepreneurs I’ve met in the past considered privacy more of a distraction then something deserving critical focus. Boy was I wrong. These folks were engaged, asking smart questions and delving deep into the philosophical debate around privacy.
It’s amazing how two short weeks can dramatically change one’s opinion. I now realize that what I initially thought was only a small subset who considered privacy something worth more than a cursory glance, appears to be considerably larger. Until these recent events I hadn’t crossed many professionals tasked with protecting privacy who considered the topic with such deep interest. Maybe, just maybe, the maturity of thinking about the concept of privacy in the United States is much further along than I thought. And, certainly among these folks, their notion of privacy is far ahead of our current laws and regulations.
There is a significant amount of ground to cover on what I presented and what I heard so I’m going to spend the next two to three weeks blogging over the details. I think it’s worth laying out what I’ve learned and it’ll be fun to make some predictions on what the near future will bring. I’m likely to change my mind as I start to bring these to text, but the topics I intend on covering are:
- Security compliance doesn’t mean you have privacy covered
- Privacy laws and regulations will move from user responsibility to corporate accountability
- What developers are worried about with regard to privacy
This marks a return to regular blogging. Thanks for the nice comments and your patience during my seven week absence.