Watch this episode on YouTube.
Reasonably Accurate 馃馃 Transcript
Everybody. This is gonna be a quick one. I am down in beautiful uh There you go. There you can see me. I am down in beautiful sunny Miami, Florida here for an internal trend micro event. And the keynote is about to start in a few minutes.
So I do not have that long for Mornings with Mark even though this is episode 50. So thank you for coming along on this journey. Um gonna keep going. Uh I think it's been really productive. I find a lot of value in it.
I hope you do as well. It started some really cool conversations. Um And last week we were talking a lot about getting started in cybersecurity. What need to know, how do you break in? And there's a ton of great stuff there.
We're going to keep talking about that um later on in this week. But what I wanted to let you know what I was sort of on my mind today because I had a bit of an adventure getting down here from Ottawa yesterday and we got detoured and rerouted.
So I had a ton of time on the plane um to continue to reading a book and I've been reading this really interesting novel by Rob Reid. Um, it's called Always On, let me just double check after on, that's it. I always get the title mistaken, but it's after on a novel of Silicon Valley by Rob Reid.
And it's obsessively about the social media company that goes way too far and they are, you know, selling access to feeds all this kind of crazy stuff. Um, but it's under its roots, it's about a I and sort of the impact on society now.
It's a lot to take in on the novel. And that's not what I really want to talk about though. It's a great book. You should absolutely read it. Um, what I want to talk about was sort of ethics around security and around technology because I think that's an important subject that's often ignored, unfortunately.
So I know I took a lot of, uh, I took a couple of ethics courses as part of my graduate degree, but it's not really normally offered as undergrad or not a question raised. Um, often as we've seen from some examples of, you know, should we be doing this?
And the thing that was most relevant in the news lately is the, um, location, smart secures, uh, location tracking, um, for cell phone users in North America. Um, so these are companies that have agreements with the cell providers because the cell providers are legally restricted from providing that information to um, third parties.
Um And these companies are doing it as middlemen essentially. Um And then even going off to other companies like three C interactive to sell it where, um, law enforcement can get access without an, uh, a warrant, but also other uh, companies and data brokers can get this access.
And that's really where things get interesting is, um, the user agreement that you've signed and this ties back to the novel. Um getting user agreements signed is basically carte blanche for companies they are able to or carte blanche, not carte blanche.
Um It's been a long day. Um So the user agreement essentially gives companies carte blanche to do whatever they want because in every user agreement I've ever seen and read and I've read a lot of them, unfortunately. Um They have this sort of clause at the end that says, oh, we can update this any time we want.
Um And yes, legally they're probably covered. But should they be doing that? And that's a question we, as security professionals need to ask ourselves quite often, especially around um intrusive technologies that we're deploying. So years ago, I had this challenge come when I was working with an organization, we were deploying web filtering, web proxy technology.
So we had the ability to look into the web traffic going out and see who was surfing what these kinds of things. And we had a strong discussion, came out with a really strong position and policy that the team adhered to and communicated out clearly saying here's how this technology works, here's how our process works to use it.
We are not looking at traffic unless there's a significant event that triggers us into an investigation that involves hr this that and the other thing. So, you know, the fact that we had that discussion, I think is what's relevant here because obviously we as consumers are not having that discussion with the community or we thought we did and set the law in place to prevent Isps and mobile providers from providing that information.
Yet they're going around it in a perfectly legal way. But is it the right way? And I know morals and ethics change depending on where you are in the community and the norms. But I think as we go more global and be digital citizens, we really need to adjust and have these conversations more regularly.
We need more granular privacy controls. We don't need these blanket yah that say, oh, I agreed to use your service. Therefore, I agree to anything you want throughout time in perpetuity just because we can doesn't mean that we should.
It's an interesting question. Um You can spend years debating it diving into it. Philosophers and ethicists have for a long time, but I think my takeaway for you for today is that um a you should read this book after on phenomenal book.
Very interesting. Um It's a novel it's a cool adventure story. Um But more importantly, the take away here is that we need to actively have these types of ethics discussions because we have an insane amount of power at our fingertips, especially being security and privacy professionals just because we can should we, that's what we need to start asking more often.
I think, you know, that's a constant discussion. It's not a one time discussion, it's an ongoing constant conversation and we need to enable technologies that allow us to have more fine grain control over what's going on and allow users to have fine grain control over their information and their position online lost the a big weighty subject.
Despite the beautiful surroundings again, I got a jet to get into this event. I'll be tweeting some stuff out today, I'm sure, but I'll be back tomorrow with another Mornings with Mark. Thanks for coming along with the ride and looking forward to the next 50 episodes.
Take care, everyone have a great Tuesday because it's Tuesday and I knew that without even thinking, take care.
