When data security is more than just secure data

I admit that at the Berkeley HRC New Machine conference, I tended to go to the more geeky and technology oriented talks. This is for me, one of the more interesting aspects of just about any line of work whether it be waste disposal or in this case, human rights.
The sessions were broad in the topics that they covered. They ranged from mapping systems, to databases, to forensics, to mobile phones. But the one thing that was hammered at time and time again was the need for data security. It was music to my ears and quite honestly something that corporate business here in the US needs to pay a great deal more attention to.
There is however one fundamental difference in losing a computer of say, Social Security (or other national ID) numbers and losing a computer of say, testimony in an ongoing investigation for crimes against humanity. With the former, it’s a massive inconvenience. With the later, lives are literally on the line. I suppose to some extent, the reason that it isn’t life or death is the (still inexcusable) reason why corporations are so bad with data security. Amazingly, governments are much the same as was shown by a drug enforcement operation that had to be shut down due to an operative “misplacing” a USB drive on a bus.
Obviously in the talk, ‘Databases, Data Sharing, and Data Security’ there was a good deal more about securing data which was mostly summed up in this tweet of mine. This fellow also caught a bit about data on UN machines NOT being encrypted, which is a rather sordid way of doing business. Computers are quite easy to lose in everyday life, let alone when someone is busting around the ends of earth.
The session on ‘PDAs and Phone for Data Collection’ was interesting in that it was Eric Hersman who said that it’s a new medium with boundaries needing to be pushed. But, at the same time, people were definitely data security minded. There is the issue however that SMS is not a secure mode of data transport to start with. While it can be monitored quite easily, the real issue lies in the corpus of data collection you end up with. With something like Frontline SMS, there is the onerous issue that you can log all of the messages received with that program, so what do you do with that data? Again, security is key as the data one collects for good can easily be used as a weapon for bad.
Good talks overall though and if anyone wants to see some of the audience cliffnotes of the PDA session, they can go here: #conf_pda. As you see, the audience was quite involved with that session due to it being a hot topic in both the corporate and NGO worlds.
By way of an update, today it was announced that two very large colleges in the San Francisco Bay Area had a security exploit open for six months that allowed access to confidential data of 160,000 former and current students. Way to go…
When data security is more than just secure data