Future Watch 3 – Privacy and Social Media
Tech legend and one-half of Know Now, Chris Cooper concludes the discussion with Gemma Christie on data security and privacy. They talk openly about how Facebook and Google use your data, along with a great sandwich story. We also take a look at what the future holds for having more control over your own personal digital footprint.
G: You wrote your article ‘5 rules of thumb and security of YOUR data’ in 2015 so it’s about a year old now. Do you think there have been any substantial improvements within the last year?
C: No. I think it’s got worse, to tell the truth.
G: In what way?
C: We’re seeing more and more stuff being connected without any good agreement on what constitutes good security design. There are a number of standards that are out there, but there isn’t an agreement on the handshake and the trusted exchange of information between devices. There isn’t a mechanism for what I call the ‘lizard principle’ or the ‘lizard tail principle’ for where you could shut something down and confine it and contain where you have maybe a risk or an exposure, and you can sacrifice that particular component.
I think where so many of the solutions that we see coming through are what I call ‘single-threaded decision makers’, so you have one sensor or one trigger that leads to one action, and all it takes is for that one thing to be compromised, and it just sets in chain a whole run of events.
A good holistic design has multiple decision-making points reinforcing a trend. If you’re responding to that trend proactively, it will achieve some type of difference. Where we seem to be, is on things that are going, right, I want to know something about the state of this area, and then once it reaches a certain point then I’m going to go do something else.
An example of this could be: river flow is going up, let’s open up a sluice gate. A sluice gate only has one centre and if that centre is compromised, the sluice gate doesn’t open. People get flooded. That just seems really poor design, a lack of thought on how you make stuff happen and a lack of desire, in my opinion, to invest appropriately in a fit-for-purpose solution that would stand the test of time. We tend to be buying on price for the short term and not investing in a project for the medium to long term.
So no, I don’t think how our ethos and how we approach projects, how we are trying to deliver stuff and connect stuff up, is following good systems practice. We’re still seeing a number of poorly-designed, poorly-implemented solutions, especially in the internet space.
The 5 reasons to worry about security
G: In the article that was written last year, you said there are five good reasons we need to worry about security?