Q&A with Cybersecurity Expert: 2019 Threat Predictions and Data Privacy Resolutions

Photo courtesy of iStock/LuckyStep48

BU Research: What is the most widespread cybersecurity threat we should be aware of?

Trachtenberg: I believe that “privacy” will dominate our concerns this year. We have already seen how seemingly inconsequential privacy leaks (i.e., Facebook posts to friends) can be leveraged for political advantage (i.e., the 2016 election), and I expect that legislative bodies will be taking an increasingly strong position on the data rights of consumers — as has already happened in Europe with the General Data Protection Regulation (GDPR).

What are the biggest policy gaps from a privacy perspective that need to be addressed?

With respect to data privacy, I think that the most important task that can be accomplished by government (not just the White House, but also Congress and the judiciary) is to define a clear liability for loss of privacy. Today, companies can lose personal and sensitive information on millions of customers with little more than a social stigma (which companies have lots of experience battling through their public relations departments). Our courts do not know how to put a dollar amount on a person’s loss of privacy. As a result, there is no clear and strong financial incentive for companies to tighten their privacy protections. It feels like we live in a privacy Wild West, where each week an even bigger privacy breach is reported — and that’s only among those that are actually publicly reported.

Do you think there will be a push for more regulations on how big technology companies, such as Facebook and Google, use and monetize consumer data?

I think that there will be a push for either breaking up big technology companies or regulating them much more heavily. The big tech companies each maintain control over historically unprecedented amounts of data that, with the help of modern computing, are highly individualized. On the one hand, they appear to have the power to swing elections and social policies, steer financial and stock markets, and read trends at a scale never before possible. On the other hand, their newfound wealth allows them to propel grand challenges and technical vision that cannot be enacted on a smaller scale (i.e., autonomous vehicles, searchable global encyclopedias, worldwide buying markets, etc.).

Data privacy and data security have long been considered two separate missions with two separate objectives. Do you think this is changing?

With respect to data privacy versus security, I would say that the two are technically (but not socially) inextricable. Security breaches are responsible for huge losses of privacy, and privacy breaches can often be leveraged for security vulnerabilities. However, as I mentioned earlier, unlike the broad cybersecurity area, there is very little financial interest in protecting privacy in today’s industrial (or, frankly, governmental) landscape.

Consumers are paying more attention to maintaining and controlling their personal privacy and data from corporations. Aside from potential policy regulations, do you think new technology solutions will emerge to help consumers maintain better control of their data?

The technological threat landscape is huge, and we really do not have a handle on how to technically protect it. My personal thought is that the task is impossible — much like making a pick-proof lock or an unsinkable ship. Instead, we need to focus our attention on joint technical and legal solutions.

What should modern-day cybersecurity officers be doing to mitigate the growing data privacy risk?

There is always more to be done in the cybersecurity domain, but there are some basic “best practices” that every chief information security officer (CISO) should know and train employees to maintain.

Where do you think the most funding is needed in cybersecurity research? Are there areas that you feel should be prioritized?

I think that the US needs, quite desperately, more funding for basic research of all types, not just cybersecurity research. True innovation does not often come from administrative guidance, but rather through inspiration and chasing down unforeseen ideas.

What impact would you specifically like to achieve in the cybersecurity/privacy space?

I have been analyzing the emerging field of side channels, where information is leaked (typically unintentionally) from the regular use of technical devices and software. My goal would be to develop some broad, overarching properties of these channels, where they form, and how we can mitigate them. The impact of such work would be a safer, more open technical world — but very few people would actually realize it.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
BU Experts

BU Experts

Cutting-edge research and commentary out of Boston University, home to Nobel laureates, Pulitzer winners and Guggenheim Scholars. Find an expert: bu.edu/experts