CMU celebrates Privacy Day 2015

Julie Brill, Commissioner of the Federal Trade Commission and keynote speaker at CMU Privacy Day 2015, spoke about the need for data privacy.  (credit: Jonathan Leung/Photo Editor) Julie Brill, Commissioner of the Federal Trade Commission and keynote speaker at CMU Privacy Day 2015, spoke about the need for data privacy. (credit: Jonathan Leung/Photo Editor)

Imagine a world where your every move is being monitored. Your routine actions and personal thoughts become the business of others, and are manipulated beyond your control. It almost sounds like a page taken from George Orwell’s novel, 1984, a chilling story about a totalitarian society. As our world becomes increasingly reliant on digital technology, we, too, may soon find ourselves facing the realities of science fiction, through a phenomenon known as the Internet of Things (IoT).

IoT refers to our seamless ability to connect to the Internet through a wide range of computing devices. In turn, we become more vulnerable to security hacks that compromise our individual privacy.

Despite such concerns, the IoT has made our lives more convenient. It is the reason why the United States, as well as several other countries, celebrate Data Privacy Day, an international holiday that strives to increase public awareness about data privacy and protection.

Last Wednesday, Carnegie Mellon shared in the celebration by hosting a number of privacy-related events. A highlight of CMU Privacy Day 2015 was keynote speaker Julie Brill, who spoke before a large audience after receiving a warm welcome from President Subra Suresh. The event took place in Rangos in the Jared L. Cohon University Center.

Back in 2010, Brill became the Commissioner of the Federal Trade Commission (FTC). A magna cum laude from Princeton University and the New York University School of Law, Brill eventually found herself attracting national recognition for her work in protecting consumer privacy.
The Commissioner believes that it is possible for us to “unlock the potential of big data, and enjoy its benefits, while still obeying the privacy principles that protect individuals.” Brill said that one of the main goals of the FTC is to protect consumers by preventing foul business practices in the marketplace.

Brill referenced many examples of past consumer privacy violations throughout her speech, including a major incident from last year in which the FTC pressed charges against Snapchat for its lax security policies. A third-party app was found that allowed recipients to recover and store messages, or “snaps,” that were supposed to have disappeared. “You can imagine,” Brill said to the audience, “that a security failure that leads to the capture of an image that you thought would be ephemeral is a pretty rude shock, and undermines [an] essential selling point [and] privacy enhancement that Snapchat was offering.”

During the same year, Credit Karma and Fandango also settled charges with the FTC for misrepresenting the security of their mobile apps to consumers. The two companies failed to secure the transmission of highly sensitive information due to “man-in-the middle” attacks. Through these attacks, hackers were able to gain access to the credit card details, credit report data, and social security numbers of consumers.
To further address these security issues, the FTC is working on enacting federal laws to set guidelines that would push companies to take action.

In addition, during a visit to the FTC, President Obama called on Congress to pass legislation that would “strengthen the FTC’s existing data security enforcement tools” and “provide education to consumers” in the event of a security breach.

There are, however, companies that are interested in finding ways to protect and gain the trust of their consumers. In response, Brill proposed several solutions.

One proposed solution was the implementation of security by design. A software engineering term, security by design describes a product that was built to be secure from the start. Data minimization and de-identification would help to further protect consumers from the potential risks of providing personal information.

Brill also encouraged companies to become more transparent in establishing their security policies. Furthermore, she said that consumers should be given more tools to control the privacy of their data.

But simply enforcing these guidelines will not be enough to combat the invasion of privacy that comes with the increasing prevalence of the IoT, Brill said.

Aware that she was speaking to the technology-focused Carnegie Mellon community, Brill urged the technologists in the room to help ensure those changes take place. While she recognizes this is not an easy task, Brill is confident that the analytical and creative skills of computer scientists and engineers will help companies reach milestones in enhancing data security.

Incredible advancements in technology show promise of a future that greatly differs from Orwell’s fictional, totalitarian society. Digital technology may not, after all, become the downfall of the sophisticated intelligence that is characteristic of the human race. The IoT may even prove to be advantageous within the modern world, provided that we use it mindfully.

Quoting the Cuban revolutionary Fidel Castro, Brill said that a “revolution is a struggle to the death between the future and the past.” Only time and the efforts of many can bring us the solution to one of the 21st century’s most controversial issues.