Event Recording

EIC 2012 Keynote: Interview - What are the Privacy and Information Security Challenges 2012 and Beyond?

Roy Adar, Vice President of Product Management, Cyber-Ark
Dr. Nigel Cameron, CEO, Center for Policy on Emerging Technologies
Martin Kuppinger, KuppingerCole
Shirief Nosseir, Marketing Manager, CA Technologies
Jim Taylor, VP Identity and Security Management, NetIQ
April 17, 2012 15:40

Well, we now have our panel discussion. I would invite those panelists please, to come up on the platform and take a seat so we can move along while they're coming. We do have a hashtag for the event, EIC hashtag EIC 12. There are about five people. I think who've been tweeting during these previous sessions. The, oh yeah, the wifi here, a little slow, but it is functional. And those of you who are actually involved in social media do feel free to social mediate. As we proceed, please come and take a seat where well, okay. We're almost all here.
Well, we're very glad to welcome to the platform. Roy ADA shif. No. And Jim Taylor, and I'm gonna stand here. I think we have time for a lively conversation now to where pull together some things we've already been talking about and prep everybody for what comes next. And what was suggested was we might begin by asking the question, but what, what is, what is your top most pressing privacy concern now? What is the thing that you lie awaken night worrying about most? We'll start from here and introduce yourself first, briefly. So we all get around the table.
Hi, I'm Sharif Nuer, and I work for security management solutions at say technologies. I work in as a product marketing director in that space. So when, when we're looking at privacy, there's a number of things that are happening from a technology perspective. I think there's a number of, of new technologies. We've seen Kim talking about cloud computing. So that's, that's obviously an area where privacy concerns are gonna be important to, to look at and, and looking at it from in ways similar to offshoring and, and outsourcing and, and things like that. But cloud computing obviously provides a lot of challenges there that we need to be aware of, but also location based services. This, this is an area that it's really starting to, to pick up some ground and, and the implications are quite important to be able to handle in the sense of, it's not just a matter of losing person information.
It could end up with people being, you know, physically attacked because we know the location of, of the person or we know the location of the deliveries that are happening and, and things like that. So how can we secure this information? Other areas are, for example, also big data. Yeah. And, and how we're gonna be able to collect all of this data, start to analyze it and, and look at patterns of what people are doing, the behaviors of the users, how we're gonna store this information, what are we gonna be using it for? How we're gonna communicate it to our users and so on. So, so, so these are some technology challenges
Let's move. Yes. Major issues on privacy. You can't, you can't repeat him. You've gotta come up with line with these children's games. You've gotta have something fresh,
Something different. Okay. So I'm Jim Taylor from net IQ. I run product management for net IQs identity and security solutions. So I guess, you know, I would have the same, but if I'm not allowed to choose those, then I would add another one onto that. And one of the areas of concern that we're focused around at the moment is really the mobility of data, mobile devices, bringing our own device, how to secure and manage data and information that goes onto those devices. What happens to it really, the way I guess I would categorize that is the changing consu, the changing consumption of information, and the fact that the traditional ways that we've managed information in the past are radically changing and they're changing very quickly. So how do we deal with privacy concerns in that context? Okay,
I'm Royal darn the vice president of product management for cyber ax software. One of the things that we are concerned about and, and predict changes will happen in the next year or so are not really around the, the, the people who are concerned about their privacy and want to ensure that their private information is protected. But a lot of us, a lot of the people are happily sharing personal information. And one of the challenges that we see is that how can this information put the enterprise that, that employs those individual in perhaps more danger when personal details and information about employees can be actually used by attackers to penetrate the organization? How can we map that? How can we understand the risk that we're facing as the aspect of, of, of privacy
Security issue? Okay. I think I, any points and I just wanna pick three, at least two of them I had in my keynote. I think so one is that we have this lack or this loss of trust. I think that's one of the things. So what are the really trusted parties and how do we deal with the fact that this has changed? The second is what I would call data leakage by design. So things we are observing in Android, which we had in iOS recently was contacts, contact data leaking. So really catastrophic design errors. In fact, regarding privacy of data, when all your contact data could flow. I think it's a very interesting point. And the third one is I would say, let's call this traceability of data when it flows. So we us in the session this morning, you might have your as a PHR system, you might have probably hundreds of CSV. You create regularly to export data to our systems and that you are lost. You don't know what happens with the state and the same happens. Once you give away data to someone, your private data, to some other priority, once it's out, you're out of control and this, how do we stay better in control? I think it's one of the very interesting topics on in enterprises and for the consumer side where life management platforms, for example, would be a very interesting thing.
So these seven or eight different major sets of questions here, put on the table, two other major questions, which, you know, draw sort of matrix or various intersections here. I mean, which I'd like us to go around on one is the question of extent to which people are concerned about privacy, the extent to which they're gonna end up being worried about the extent to which is a sort of the sort of numb period at the moment, which will be followed by a period in which people's feelings come back. And they develop a sense of privacy in the new, the new paradigm in which, in which, in which will change so many things. But, you know, the, the, at the moment, of course, so many of these businesses, their model depends on people not caring much about privacy and the extent to which monetizing privacy is gonna end up more as a transactional, overt contractual relationship.
And then the other question, I'll put these out there and then we can go around on them is of course a transatlantic question in that, you know, the fact we in one or two, I think you were there in Washington. We hosted an event with Peter hostings, you know, the European data privacy supervisor a few weeks ago in Washington. And one of the things that Peter typically says is that there is a, a slow progression toward convergence in the European position and the us position on privacy questions. This is something he likes to say every time. I think he speaks it may or may not be true. Depends just what significance you give to these questions, but the significance of the transatlantic discussion. But first of all, let's talk a bit about the question of monetizing privacy example of this. There was a very interesting thing from Google quite recently, they offered to give people vouchers of some kind, if people, they would let them use more of their data than they normally did. Very interesting. Cause it was the first example. I think, of Google paying people directly, even if it was a book voucher or something, but is, are we going to see that sort of over monetization so you can, you know, pay 10 euros a month or have them your data.
Yeah. Yeah, I think overall, I think you're touching a very important point, which is what is the currency we pay it's as money or is it privacy? And I'm currently working on the piece on the, the ceases in there is that once too many parties, too many identity providers, for example, know too much about too many people, the value of the, these things will decrease because this knowledge is only valuable. If it either very few are sort of the Polis or they have a very, a knowledge only they have, but the more parties outside more know about everyone, less well in it, because, and so I think there's, there's a logical limit for the privacy currency. It won't work for everything it is, is a very limited scale. And I think that's a very important point when you look at these things and I, I've never read as that, that firm, but I think it's a very important point. If you look at a transforming economic perspective, there's a logic limit because the value of this data of the personal data, the values, the more people know about it.
Do we, do we agree with that? Is, is that, is that logic, does it hold or in fact, is there something indefinite about the correlations? I dunno.
I think it's, it's a bit of both. So definitely in a number of areas where we start getting information about people then, then will, will reach us healing. But I think also human nature are, are quite different in the sense of a lot of the time, the information is collected for marketing purposes and, and for creating profiles and putting people into these different profiles. So, so in certain areas, once we created these profiles, then that will be it. But as new markets start to develop and, and, and, and, and as human behavior changes, as people carry on, there might be some, some areas where there might be opportunities to, to continue to continue getting more information out of that. But I personally, I'm, I'm under, under the point of, you know, if we do it as a self-regulated way and, and just leave corporates to, to run the way of, of doing things, which is more of the, of the us view of things, then a lot of privacy is gonna be taken away from people as opposed to more of the European perspective of being in a way, a bit more regulated. And we've, we've, we've seen, what's been coming out of the, the EU with the privacy laws that are hopefully gonna be coming through. So
What, what others think, I mean, are we going to see more overt monetization of, of, of data?
So I wanna come back to Martin's point and say that, I think that's an interesting point, but I think one of the dynamics at the moment is that people don't really understand the value of their private data. We all go sign up for Facebook's Googles, whatever, everybody just ticks. I agree. And you know, a lot of the, a lot of the users or the consumers of a lot of these services where this information is collected, don't really understand the value of the information that's being collected. So I agree with Martin's point that I think there is a limit to the value of the data. And once everybody knows it, to some extent, it loses a lot of its value, but I also think that there's a growing, but a very small realization of consumers, of the value of that data. And I think the more we have breaches and tax and things like that, things that are very public where, you know, we discuss and see the value of this data. I think probably everybody in this room probably understands the value of it. But I think this room probably represents, you know, 0.01% of the reality of the understanding of the general consumer. I know my teenage daughters don't have a clue. They just want to get onto the thing that they're using. They tick the box. They have no idea what that means. I think that's gonna change over time. So I think the real value of, of that information consumers don't really understand it at this point.
Yeah. But, but, but two points again, sorry. One point is the interesting thing is I've deleted my Facebook account some six months ago or something. And when I created it, I've created to, haven't received some, two years ago, having received a lot of invitations since I deleted my Facebook account, I received exactly one invitation and this one was a spam invitation. So obviously in my peer group, the people who are actively inviting to Facebook are not as active anymore as they have been two years ago. I think that's a, that's a very, very interesting thing. It's only, it's not, not a statistical well it's statistic, but it's, it's just something I've I've observed. And I think the other point is once you have real options, which are becoming increasingly popular, that also lead to people thinking more about it. And if you look at all the discussions around Google changing its terms of conditions and all these things, you know, it becomes a public discussion that raises awareness.
I would, I would like to add to that, that, you know, some things in, in human nature are, are things that you start paying attention to after you get hurt or after something, after you realize something. And that goes to the point of the value of my information. So as, as people mature into the age where they start to use computers and internet, and that's of course, you know, tens of millions of people around the world reach the age where they start using computing, they're still, I'll call it more innocent in providing their information. And if they get an opportunity to get more information or more games or more fun activity, and all they need to do is, you know, tell some personal details about themselves or pay, you know, or pay, or don't give your details, but pay a subscription. You know, a lot of people would choose to, to get the free, get the free service and, and give up their details. So that's something that, you know, it's, it's human nature, so it will continue to, to
Happen. Well, let me, let me ask you, cuz it, it has puzzled me personally, why, you know, over this last decade, when all this has been happening, none of these major services has offered a subscription alternative with sort of heavy duty privacy, anonymity, affixed. I mean, Facebook could be saying $10 a month and we won't keep anything. We won't read anything. You keep it all. None of them's done that. Do you know why haven't they even tried to do that? Are they scared? Do they think, I dunno.
I think when you look at Facebook, maybe it's because their software platform is so difficult to change that they just couldn't do it. If, if you look at how long it takes them to make a, a fix, they have to do regarding privacy, probably that's their problem that they're just not able to do it based on their platform. The other thing is, as long as a business model works pretty well. Like the one of Google, maybe they, they don't have the pressure to do it. And it'll be very interesting maybe in the next years to see once they're there's, once there are real alternatives, how they react. So will they then be able to change their models or are they too late? Because that's, I think the real interesting point once there's an alternative are the able to change or not.
I would add that the, the business model of, of ratings. So the more rating you can show the advertisers, the more ads you you can sell and, and at higher prices has been around for tens of years and, you know, start with, with TV and, and, and newspapers, newspapers, yes. And common websites. So that's a mature tens of years of, of maturity, of a business model, which is, is hard for, for companies to, to ignore or, or
Give up on. Yeah. I interesting. We're looking at, let's talk about this transatlantic question, because this is another of the sort of big FIS across, you know, every one of these conversations. And obviously, you know, we, the major companies here have been us companies. The us has a very different approach to regulation in general, particularly once you get outside the telecoms and so on, there's just not been that development here. And from my point of view, I suppose I have seen Europe as the kind of regulator of last resort because European muscles have been flexed and American companies have been scared. And, and, and this has been a process now, how, how do, how is this looking? Is it looking, is it getting better? Is there more harmony breaking out here? Or do we see real problems down the road? Not least for, for investors and, and for, for those who, who, you know, who, who have a stake in, in these industries who wants to pick up?
So I will. Yeah. So I think the real answer is a bit of both. Unfortunately I think there is no true answer to that. I think there is definitely a sign of convergence. I'm a European that lives and works in the us. I deal with a lot of us companies. I also spend a fair amount of time in Europe as the global economy develops. I mean, we see so many companies in Europe dealing with things like Sarbanes, Oxley, things like that. You know, there is a lot of cross-border regulation now. So I think I would agree and say that there is convergence in regulation, but I don't necessarily see it as by design or, you know, it's more really to suit a purpose it's by desire. So I think convergence is happening, but it's happening more in spite of itself rather than a focused, driven, successful.
And is it, is it happening then sort of say proportionately that if, to say number of issues, the amount of money, these things are all going up, I mean, is, are things actually net getting better?
I would say they're probably staying about the same.
Okay. Okay. Great. Say, well, that's, we can keep having conferences talking about the same thing, Martin.
I think there, there some aspects we have to, to look at and one is, I think in the us, we, we look at it from European perspective pretty as a pretty mono six thing, but I think it isn't. So I think there's the aspect, which is more Homeland security part in the us where it's really about what seen as a risk to the us as a state. And I think there's a utter perception than when it comes to privacy and the business. So we tend to, I think from a European perspective to mix up these things a little bit too much, maybe I think that's, that's a point where we might need to differentiate a little bit more because it's not everything the same. And then I think the other point is that in tendency, I think the us tends to trust a little bit more in the let's say in the markets.
So market will regulate things over time, more than the Europeans do. So us also regulates, but European always tends to believe more in regulations maybe. And I think that's the point, but overall, if I look at the discussions I also have as my, my us colleagues, which is pretty interesting to me because we have different views in our company. And I had this recently around the Google terms of conditions around these ignore of privacy settings in the internet Explorer, by Facebook and others. And I think the point is not that one is privacy ignoring the others, fully privacy sensitive. It's more, where's the borderline. And yeah, I think that's the point where, so the big, I think there's really some conversions over time. It's a slow one, but it's happening.
Yeah. I would like to add if, if we look at the, the, the way that privacy is considered here in Europe, it's more considered as a human, right. Really it's, you know, it's article eight of the European convention on human rights, as, as opposed to, if we look in the us, it is privacy is more as seen as a Liberty and it's more seen as, you know, a way of protecting from the government overreaching into, into the home. And, and what we're, what we need to keep in mind is there's a couple of ways that we need to be looking at privacy. There's the, the freedom of speech, which is, you know, the first amendment in the us. And a lot of the time when privacy is being mentioned, the, the, the first amendment is, is the thing that comes to mind, but we need to, to differentiate between freedom of speech and privacy in the perception of, of collecting information about people, to be able to use it for marketing purposes.
And, and, and there's a difference there, I think from a freedom of speech speech, I think, I think the us is more keen on that. There's more interference from the governments here in, in Europe of, of what, you know, freedom of speech should mean. We've seen cases of Google in, in Italy where some executives were sentenced to six months of jail, although was suspended, but you know, something like this would definitely not happen in the us as opposed to, you know, when, when we're talking about collection of, of private information for marketing gains, I think there's definitely a convergence. And we've just seen last month that the white house has been coming up with stuff similar to the European directive
In the description of the session in the program, which I'm sure brought you all here. It's, there's the phrase is used that dreaded bands of rogue nights robbing your privacy. This would be a certain kind of European view of certain kinds of American companies, I think is, is there really gonna be a big choice to be made for us as to whether the internet essentially is a commercial enterprise in which privacy basically goes by the board and a kind of democratically, but controlled, you know, more humane, but more regulated. I mean, is this a big choice we are going to face, or do you think in 10 years time, we'll be having the same conversations we've got about three minutes quick answers.
So as a quick answer, I would say that eventually, are you rogue, or are you not, rogue is a question, both of kind of morality, are you doing good or doing bad? That's one way to look at it. And it's also, are you within the law or out outside of the law and potentially majority of, of the sites who, who perhaps, you know, abuse privacy are doing it within the current capabilities that the laws provide them. So the, the rogue term is perhaps a bit, a bit on the, on the judging side to, to people who are within the law. Now, if the laws will become more restrictive then, and still organizations will, you know, will not adhere to the law. And yes, that would be a rogue.
Okay. Let me just ask each of the four of you. We've got just two minutes in one sentence, as we wrap up 10 years time, is this conversation gonna be pretty much the same? Will it have been resolved or is it gonna be scarier Martin? You go first.
I think we will have different conversations. So because we will have real alternatives to today's approaches, relying on consuming as much of privacy data as possible for others. I think we will have real alternatives and that will change the discussion.
I agree. I think the mobility and the location would really introduce completely fresh questions for the next few
Years. Yeah.
So I agree to some extent, but I think money is king and if money can be made out of it, I think we'll be having similar conversations. I exactly agree with that as well. So yeah, we're definitely gonna improve a lot, but because money's involved, there's always gonna be interesting.
I, I shared a panel on this in Washington a couple of years ago, and the person there who was basically giving the industry view was one of the panelists. And at the end, I went around with a similar sort of question, and I said, might it not take the collapse of one of the major brands in a privacy scandal? And of course we've had a whole series of 'em from Google and Facebook. And so on. I said, one that just takes off and it could have happened and it could happen. And I said, this was a year ago. I said, like BP, without the oil reserves, because, because all these companies really have is brand it's brand is trust service. You know, that's what they have. I said, we, the collapse of one of these companies to upend the whole model and to produce privacy as the, the key, the key, you know, selling proposition very went on the panel with us.
We had a C L U there various people in the room and came to, to the person who represented most the industry view. And he said, I hadn't thought about that, which I thought was something of an indicator of the context of the American discussion. And I think also their lack of approach to, to, to risk management in this situation, which I think in some ways is, is the bottom line. So that's my last word. Thank you very much. We now have 20 minutes for refreshments. You are invited to hurry along and to hurry back so we can carry on with the program. Thank you very much, indeed.

Stay Connected

KuppingerCole on social media

Related Videos

Webinar Recording

Better Business With Smooth and Secure Onboarding Processes

In the modern world of working, organizations need to digitally verify and secure identities at scale. But traditional IAM and CIAM strategies can’t identity-proof people in a meaningful way in the digital era. Finding an automated digital identity proofing system that is passwordless…

Webinar Recording

Advanced Authorization in a Web 3.0 World

Business and just about every other kind of interaction is moving online, with billions of people, connected devices, machines, and bots sharing data via the internet. Consequently, managing who and what has access to what in what context, is extremely challenging. Business success depends…

Analyst Chat

Analyst Chat #146: Do You Still Need a VPN?

Virtual Private Networks (VPNs) are increasingly being promoted as an essential security tool for end users. This is not about the traditional access to corporate resources from insecure environments, but rather about privacy and security protection, but also about concealing one's actual…

Analyst Chat

Analyst Chat #118: A first look at the new Trans-Atlantic Data Privacy Framework

On March 25th, 2022 the European Commission and the US government announced a new agreement governing the transfer of data between the EU and the US. Mike Small and Annie Bailey join Matthias to have a first look as analysts (not lawyers) at this potential milestone for data privacy…

Analyst Chat

Analyst Chat #115: From Third-Party Cookies to FLoC to Google Topics API

Online tracking is a highly visible privacy issue that a lot of people care about. Third-party cookies are most notorious for being used in cross-site tracking, retargeting, and ad-serving. Annie Bailey and Matthias sit down to discuss the most recently proposed approach called…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00