Don’t we need Federal Privacy Laws for IoT?

Darkreading.com reported “For the third time in as many years, lawmakers have introduced a bill that would require Internet of Things (IoT) products sold by federal contractors and vendors to abide by government guidelines to ensure a baseline of cybersecurity.”  The March 18, 2019 article entitled “New IoT Security Bill: Third Time’s the Charm?” included these comments about the proposed law called “Internet of Things Cybersecurity Improvement Act of 2019” that the “National Institute of Standards and Technology (NIST) to develop security guidelines for IoT devices sold to the US government”:

…tasks NIST with creating requirements for federal agencies that consider the secure development, identity management, patching and configuration management of IoT devices. In addition, NIST is also tasked with developing recommendations on the management and use of IoT devices by March 31, 2020.

What do you think?

15 Easy Steps to Vanish (including only carrying cash)!

The New York Times reported that a Bitcoin security person “had long been obsessed with the value of privacy, and he set out to learn how thoroughly a person can escape the all-seeing eyes of corporate America and the government. But he wanted to do it without giving up internet access and moving to a shack in the woods.”  The March 12, 2019 article entitled “How a Bitcoin Evangelist Made Himself Vanish, in 15 (Not So Easy) Steps” included these comments about #3 to “Carry cash”:

The most anonymous way to buy things, of course, is to simply use cash…. enough to handle most daily transactions.

Here are details on #8 to “Create a V.P.N. for home internet use”:

In order to shield his internet address and his location, he turned his home internet router into a virtual private network, or V.P.N., that made all his internet traffic appear to come from different internet addresses in different places.

All 15 Easy Steps:

  1. Create a new corporate identity.
  2. Set up new bank accounts and payment cards.
  3. Carry cash.
  4. Get a new phone number.
  5. Stop using the phone for directions.
  6. Move.
  7. Make up a fake name for casual interactions.
  8. Create a V.P.N. for home internet use.
  9. Buy a boring car.
  10. Buy a decoy house to fool the D.M.V.
  11. Set up a private mailbox and remailing service.
  12. Master the art of disguise.
  13. Work remotely.
  14. Encrypt devices when traveling remotely.
  15. Hire private investigators to check your work.

Does this give you any ideas?

Privacy Concerns- Should facial recognition tracking your buying habits in stores be regulated?

eMarketer.com reported “that more than 60% of respondents thought the technology was “creepy””…that was used in…”tracking buying habits, and alerting sales people to shoppers’ preferences and previous purchases as soon as they enter stores.” The March 7, 2019 article entitled “Facial Recognition Brings Opportunity … and Privacy Concerns” included these comments:

Regulators and advocacy groups have also voiced opposition.

Lawmakers haven’t needed encouragement to begin regulating the technology; in February, San Francisco became the first US city to impose a ban on the use of facial recognition by government agencies.

Washington state Sen. Reuven Carlyle proposed a bill to require companies that make facial recognition tech to obtain consumer consent, and notify those consumers when they walk into a store or access a website where it’s in use.

What do you think?

Only 47% companies train employees to recognize spear phishing!

Darkreading.com reported about the results of the February 2019 report from the Ponemon Institute and commissioned by Experian “Is Your Company Ready for a Big Data Breach?” which “polled 643 professionals in IT and IT security on their organizations’ data breach response practices…[less] than half (47%) educate employees on spear-phishing.”  The March 5, 2019 report entitled “Incident Response: Having a Plan Isn’t Enough” included these comments:

Most (92%) companies have a data breach notification plan in place.

The problem is, most companies with a breach response plan fail to adapt to change.

Forty-two percent of respondents have “no set time period” for reviewing and updating their response plans, and 23% haven’t reviewed or updated their plans since it was put in place.

Some types of security incidents pose a greater challenge than others. Only 21% of respondents expressed confidence in their ability to handle ransomware attacks, and 24% said the same for spear-phishing, researchers found.

What do you think about the results of Ponemon’s report?

Trust is #1 Tech Trend, not AI or Big Data!

Forbes reported that “businesses have pushed themselves into the manipulative practices that the modern consumer lacks trust in.”  The February 27, 2019 article entitled “The Biggest Tech Trend Of 2019 Isn’t AI Or Big Data, It’s Trust” included these comments:

For the longest time businesses have been pushed to focus on impressions, unique visits, lowering bounce rates, and other forms of engagement in order to quantify success.

This has become a standard in the new attention economy, where data is king and has become the new currency.

Changing the public’s perception will, of course, mean checking the boxes on the General Data Protection Regulation (GDPR) and future regulation, were necessary, but solving this problem is much bigger than regulation.

The changes consumers want to see go beyond surface level tactics and heartwarming PR stunts.

It will be interesting to see how businesses cope with trust in 2019!