Archive 8 min read

Privacy At Scale

As the Facebook / Cambridge Analytica scandal continues to snowball, we take a look at the larger issues. How does privacy scale? Can it scale under the current social networks? What's next?

Privacy At Scale

Watch this episode on YouTube.

Reasonably Accurate 馃馃 Transcript

Morning. How's everyone doing today? Uh Just the microphone here. Um Trying out something new um broadcasting live on youtube for the first time. Um At least I am hoping I'm broadcasting live on youtube. Uh I am gonna double check the streams and make sure because this is the first time I've tried it and we'll see if it's actually working uh youtube slash work.

See. Um So the goal here uh for those of you that are new with the show, um Yeah, so we're going live fantastic there. Those of you who are new with the show is really um just to uh get some ideas or talk through the ideas of what I'm working on today.

So, uh part of my job, I'm the vice president of Cloud Research at Trend Micro. Um And part of my job is basically to stay tuned to everything that's going on today. Um But really look 3 to 5 years out and see where things are going.

And that's a really fortunate position for me. I'm very grateful for it and that I get to kind of just experience everything and kind of step back and think about a lot of different things. And for the last little while this is episode 22 I think of the show where I take a few minutes in the morning I was broadcasting on Facebook, but now I'll be doing it here on my site, slash MWM mornings with Mark or on youtube.

Um, to just kind of share what I've been tackling or what I've been thinking about, um, uh, later in the day yesterday and then kind of setting up for today with the goal goal, hopefully of being able to do something more with it.

So, as opposed to just an idea that I'm sharing here, um pushing forward with something a little more substantial. So whether that is a post on medium or a more formal video, like the ones you have seen here on youtube, um or uh you know, maybe some code or something else.

So it's really just a way to hash out some ideas and it's been working out really well so far. Um If you have questions, comments concerns, you can talk to me in the comments below or hit me up on social at marknca.

Um It is really about driving discussion and sharing uh approaches and perspectives. So the last few days, um we've been talking about Facebook and Cambridge Analytica. Um This thing is just gaining more steam um which, you know, it sounds bad, but it's actually a really, really good thing for the longest time privacy advocates have been saying, hey, um, there's a major issue with social networks here.

You know, if you're not paying for it, you are the product. I mean, people kind of like. Yeah. Yeah. Yeah. Whatever. But, um, you know, I get to get good recipes. I get to talk to my friends. I get to take funky quizzes.

Um, you know, Facebook gives me far more than it takes for me. And I think that was really um primarily true simply because people didn't see the cost. It was a very hidden cost. And unfortunately, that's very true with privacy in general is that privacy tends to be a very hidden cost.

Um And this is the first time where people have seen um not quite a tangible but a semi tangible um results. So the impact in the United States around um uh perception leading up to the elections and whether it was effective or not, the fact that it's called that um process into question um is important in of itself.

Um So there's been a huge backlash and finally, Mark Zuckerberg came out last night and did an interview with CNN and that was what you would expect. It was a bunch of platitudes in Facebook's defense. They have fixed the technical gaps behind um this uh this issue with faith c Analytica.

But realistically, this is the core of their business, the core of their business is to create profiles to then sell the advertisers. You would be amazingly naive to think that there are not other uses for profiling populations at scale beyond advertising.

Um Now, advertising itself is, is a huge challenge. It's something that's very frustrating. You know, um A lot of people don't realize the depth at which we're tracked online simply to push products towards us. Um, you know, in this case of the election meddling of propaganda at scale, that product is an idea as opposed to buy this thing.

Um You know, the easy example is if you're not using an ad blocker, if you're not using any anti tracking software or plug in for your browser, go search for something on like Amazon, you know, something different or unique and then watch how many ads follow you around the internet for that kind of thing.

It's not random, it's not happenstance that you search for, you know, a new dress shirt or a new set of speakers or a fitness device. And then all of a sudden that's what's popping up in the ads as you go across the internet.

That is a system that works in the background. Um, that is driving a profile of you based on your habits in order to push more product to you where they feel that you would be susceptible to buying it. Um Same principles have been in play here with the election meddling.

Um And, you know, it's, it's questionable whether even election medal is the right term and it is simply pushing an idea to the populace, um, who needs to be far more cynical. Um, the whistleblower for Cambridge Analytica. Um, despite the public appearance has some really good statements, um, you know, in that he said, uh, you know, when he posed the question of, you know, do you trust anyone?

And he said it's not that I don't trust anybody though. Of course, you know, you don't. Um it's a question of, you know, going around the internet with a healthy dose of skepticism. And I think we need to equip ourselves, we need to equip our populations, our communities with the tools to interpret information based on a number of factors just because you have a ton of viewers or a ton of followers or a ton of likes doesn't make the information valid.

Um There needs to be some level of standard and rigor and that is a huge challenge because, um you know, this is not just a one country issue, this is a global issue. This is, um you know, we are finally pushing into that area that we've been talking about in sci fi.

And um for a long time as far as the internet enabling sort of a borderless society. Well, the challenge of the borderless society is when you try to get up, uh you know, 2.2 billion people in Facebook's case, those 2.2 billion people have very different perspectives, excuse me, very different perspectives and very different views on a number of issues.

Um So if you are looking and saying, you know, fake news, um what does that mean? Does that mean news that is demonstrably false or is that an opinion that does not lead with a specific community? There is a really, there is a ton of issues here.

Um you know, community standards don't really scale. Um but giving people tools to ability to interpret or filter themselves are part of the answer, but that also creates its own problems because now you live in a filter bubble. Um What the heck does this have to do with security and privacy?

And I think it has everything to do with security and privacy. So security's goal is to make sure that the system works as intended and only as intended um these types of unintended consequences fly in the face of a secure system or at least a system that is whole because the system in this case has been gamed by a number of actors that run counter to the primary country of origin of this network.

Um From a privacy perspective, I think that is obvious, you know, we give up a lot of our privacy willingly, even if we are not explicitly making that um that uh trade off, right? You are making it whether you know it or not.

So lots to think about there. Um Today, it looks like I'm going to be tackling, um, a good idea, sort of bubbling and percolating based on this stuff. Um, from the, um, resignation, not resignation, sidelining of Alex Stamos at Facebook.

He was the CSO. Um, he has been sort of removed from day to day. Um, I think that for me really is sort of the stamp of the foot down of, um, some of the work I did around organizational design and whether or not um the CSO and that entire structure that we built up around security is actually effective or not.

Can it actually do the job? We are asking it? I don't think it can. Um I'm gonna probably write that up into a little more formal of an essay and probably pop that up on to um medium. It also leads to some of the stuff I'm getting ready for RS A um mid April.

Um I'll be down there. I'm on the program committee for Ransomware and Destructive Attack Summit on the Monday. I'm also one of the social ambassadors for the conference. So I'll be talking a lot and blogging about and streaming live for the conference but also putting some stuff up on the trend, my blog, so blog to um to talk about the shortage in cybersecurity.

And again, that's another thing that is sort of tangent to this. Do we really have as big a shortage as we think? Or are we simply going to the problem? The wrong way. If something does not scale in an application, you would not just keep hammering and saying, well, we just need to keep scaling the way we are.

You would look in refactor. I think we need to refactor. Um not just the CSO but the organization underneath it. So that is really the topic of the day. Uh What do you think? Let me know in the comments here below in youtube on the stream.

Uh first day doing the stream here. So I will be doing what I normally do is kind of package this up, put some uh graphics before and after. Um and then post it as a normal thing. Um Down below here on market dot C A, um You'll see the past episodes by week, every week.

I put up a post of of what I talked about on the stream. Um And I'll push this out on my other social channel. So on Facebook, you'll still be getting this but not live. Um And uh there you go. So a bit of an experiment today, hopefully this worked.

I'm watching it kind of in the background with a bit of a delay. So it is streaming on my site which is cool. Um But yeah, there we go mornings with Mark. Thanks for tuning in on this new channel. Um Really appreciate it.

Uh Hit me up online at marknca on all the major socials um or down below in the comments. Have a great day. We'll talk to you soon.

Read next