Skip to main content

Privacy and Security in the 21st Century Who Knows and Who Controls?: Proceedings of a Forum (2019) / Chapter Skim
Currently Skimming:

3 Privacy and Security in a Rapidly Changing World
Pages 11-28

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.


From page 11...
... A secure system is built in such a way that it does what people think it is going to do. Security and privacy also enable people to interact with each other well in a system; she noted that "we have seen lots of places on the internet where people don't necessarily behave well toward each other." 11
Read the entire page →
From page 12...
... For example, applying to a university is virtually impossible without using cookies, because "virtually no university will accept an undergraduate application that isn't submitted through some kind of online form, and those all use cookies." If people do not have alternatives, they are forced into certain kinds of behaviors and do not have the choice they might expect. Friedman also made the observation that questions about privacy and security do not involve only computer scientists.
Read the entire page →
From page 13...
... It is the responsibility of the international legal community to come to an agreement about nation-state forces involved at this level, but Walker commended Microsoft president Brad Smith's proposal for a "digital Geneva Convention," which would commit governments to protecting civilians from nation-state attacks. Gupta pointed out that the situation has changed over time, with new kinds of threats appearing at all levels of the pyramid.
Read the entire page →
From page 14...
... We have a long way to go. We have to mature our systems so we are not laying this burden on users and can do it for them transparently." Kissner made the similar point that malicious actors develop new methods over time, such as targeted phishing attacks called spear phishing attacks, which were used for some of the interference with elections.
Read the entire page →
From page 15...
... As Friedman pointed out, when Google first introduced targeted ads with Gmail (its web-based email service) , some people using Gmail realized that the ads they were receiving were targeted and thought that a person at Google was reading their email messages.
Read the entire page →
From page 16...
... The first is to build automated technical solutions that designers, users, and security experts can apply. Underlying tools like libraries can provide an infrastructure with which software engineers can write secure code so that they do not need to become encryption experts.
Read the entire page →
From page 17...
... The platform overlays security on top of that choice to make sure it follows through on its users' expectations. People need to understand privacy settings so they can make good choices, Kissner observed.
Read the entire page →
From page 18...
... These are the kinds of advances we have to make across all the features." Kissner similarly cited new procedures on Google, where people signing up for a Google account answer a few high-level questions about the options they want. A new privacy policy incorporates "a huge amount of user experience." A video on the site even provides information about data retention, since "how data get deleted out of large systems tends to be confusing to people who don't spend their time in large systems." A privacy and security checkup takes users through settings in different Google products, so that important privacy and security settings are in one place as well as in products such as Gmail.
Read the entire page →
From page 19...
... In the computing industry, engineers typically design for 3 weeks to 6 months, deploy for 18 months, and consider a technology obsolete after 5 years. But computing is now going to be integral to many physical and biological materials, with millions and billions of devices generating data for 20,
Read the entire page →
From page 20...
... ' Yet that characterization is not so far from where we are." Getting lost in the next technical fix or strategy can obscure hard questions like these that need to be framed in terms of relevant ­ istorical h examples. Human moral capabilities are lagging behind technological ones, she added.
Read the entire page →
From page 21...
... Walker stated that "technology companies How can technologies and certainly have a collective respon- engineering practice be better sibility to protect users. Working in aligned with ethical and moral security teams, we talk about that capabilities?
Read the entire page →
From page 22...
... An attacker can register a domain name that is one bit different from a legitimate domain name, and devices whose memory has been corrupted by a random failure will go to that alternate registered domain instead of the intended domain. Security engineering teams need to protect against bit squatting, and to do that they need to know who is registering these domains.
Read the entire page →
From page 23...
... Is it because data mosaic owners, people who work with a whole bunch of different datasets, have other ways of finding out what fraudulent domain names are? … Or was private registration of domains not as big a problem as defenders thought it was going to be?
Read the entire page →
From page 24...
... The computer security community got worms under control "not through any particular single innovation or magic bullet but through very careful engineering, software armoring, a whole series of advances," which have so far kept a global catastrophe from happening. Phishing emails, which try to trick people into giving up their secrets, provide another example of progress in security.
Read the entire page →
From page 25...
... Google routinely scans the entire internet for phishing attacks and publishes a feed that provides warnings for all kinds of applications and browsers. The system is not perfect, she said, since a phishing attack can occur in seconds, which is faster than Google can scan the internet, but improvements continue to be made.
Read the entire page →
From page 26...
... It used a new technique called homomorphic encryption, which can perform operations on data while they are encrypted, to handle six voices in a conference A second-generation call with echo cancellation and underwater data center is voice mixing. The problem, he said, powered and cooled by the is that the technology is incredibly ocean and can save data for demanding on computer power.
Read the entire page →
From page 27...
... "Pull as hard as you can," he urged members of the audience. "Democracy matters." The future of computer security will continue to involve a complex interplay between technological capabilities and human expectations, the panelists observed.
Read the entire page →

Key Terms

  • security community
  • computer security
  • domain name
  • security engineering
  • building security

  • power grid
  • major cloud
  • engineering practice
  • security experts
  • underwater data

  • data protection
  • data center
  • careful engineering
  • phishing attacks
  • domain names

  • panelists observed
  • engineering teams
  • enable people
  • moral capabilities
  • moral dimensions

  • walker commended
  • ing attacks
  • highly secured
  • business model
  • diversity enables

  • bullet holes
  • moral security
  • develop security
  • security risks
  • security settings


    • This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
    More information on Chapter Skim is available.