NEW: 7/3/2021 – 4th Amendment Does Not Give LE the Right to Access Encrypted Data
The recent take-down of 300 criminal syndicates in more than 100 countries by the DoJ, selling their own 12,000 encrypted devices and services to which they had the decryption keys, has resurrected the question of encryption and lawmakers’ claims that backdoors into encryption are necessary. Lawmakers, and even some data security personalities, point to this event saying it proves encryption should have backdoors. There are also claims that the fourth amendment supports this view. But wait! Doesn’t it prove otherwise? And, doesn’t the long history of failures for creating encryption backdoors prove that encryption solutions with backdoors built in put everyone at risk? Why can’t encryption be engineered to let in only the good guys and those meant to encrypt and decrypt the data, and not allow others access? Listen in as cybersecurity and encryption pioneer and multi-award-winning security and cryptography expert, owning many patents on cryptographic and network protocols, Dr. Steven Bellovin, answers these questions and many more in this highly informative discussion with Rebecca. You will hear insights and facts about encryption that have not been discussed anywhere else!
6/5/2021 – Data Pipelines & Data Lakes Security & Compliance Answers & Info
What are “high-speed streaming analytics data pipelines”? What is the function of a data pipeline? Are there more security risks associated with data pipelines, or less, compared to VPN transmissions, and network transmission technologies that have been used for decades? What are “data lakes”? How are they different from data warehouses? Is it possible to meet data protection compliance requirements using data pipelines and data lakes? What are the security risks with using data lakes? What is a MiNiFi? Listen in as Gal Shpantzer, cybersecurity expert and the architect of the largest supported MiNiFi deployment in the world, answers these questions and many more in an informative discussion with Rebecca. You will hear security and privacy insights, and learn important facts about data lakes and data pipelines, that have not been discussed anywhere else! Follow Gal on Twitter: @Shpantzer #Cybersecurity #Privacy #DataPipelines #DataLakes #MiNiFi #RiskManagement
9/5/2020 – Surveillance Pandemic: How Tech Giants Collect & Use Personal Data for Profiling & Huge Profits
Since 2018 Rebecca has invited many tech giants to explain if and how they are collecting and selling personal data to govt and other entities to profile and target subsets of populations while making huge profits. For example, one tech company reportedly made over $1.6 billion from the US federal government from 2017 – 2019. No tech company has accepted the invitations. However, Mijente, which has performed significant research into tech surveillance activities, agreed to answer questions such as: How widespread is the collection of everyone's personal data? What companies are providing personal data to the tech organizations? Why don’t the data sources notify the general population about all the entities to whom everyone’s data is being shared and used? How is tech being used to surveil and monitor specific populations? How have people been harmed by resulting actions from surveillance of personal data? Hear Rebecca discuss these questions and more with Jacinta González from Mijente.
12/7/2019 – The Criticality of Change Control Management in Cloud Services
Recently the CEO of a cloud services business for compliance and information security shrugged off the problems he has on an ongoing basis with his SaaS cloud site where he does not have change controls implemented and doesn't use a separate test or development region or server. He shrugged and said, "That's just the way it is with a cloud service, they all have these problems." Wrong! In this episode I discuss the importance of change controls to supporting information security and privacy with an expert in this area. What kind of change control processes need to be applied within SaaS environments? What are some of the biggest vulnerabilities within cloud services and how they handle change controls with new and updated applications and systems development? What types of change controls need to be followed when patching cloud systems? Tune in to hear Rebecca discuss these topics and more with Becky Swain, Founder of the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM).
5/7/2019 – Cybersecurity Lessons from the Mueller Report
All 50 US states were targeted by hackers in the 2016 elections. Some claimed a few of the hacks successfully broke into voting systems. The 448-page Mueller Report contains many important points and findings, not only about these hacking activities and related intelligence operations against the USA elections processes and voting machines and systems, but it also points out many cyber security vulnerabilities and threats leaders need to address for voting machines and elections processes. How long has nation state intelligence activities been occurring? How many activities been launched through the internet and directly against computing devices and systems? Are Russian elections hacking/tampering tactics different from USA and other countries' activities? If so, how? What is the weakest link in voting and elections systems security? Tune in to hear Rebecca discuss these topics and more with Christopher Burgess, a 30+ year veteran of the CIA and information security expert.
4/16/2019 – China Tech, Reusing Old Devices, Accessing Patient Data and More!
In this episode Rebecca answers some questions received from show listeners and her Privacy Professor Tips readers. A wide range of topics are covered, such as: How many voting machines were attacked during the USA 2016 elections? Will they continue? Should listeners be concerned that wireless China tech may have surveillance built in? Or tech from other countries? What happened at Mar-a-Lago with the USB thumb drives with malware them? What happens to patient data when a clinic closes? What are red flags that popular tech gadgets, like iPads, have security problems? Is it safe to give children old phones or other tech to use? How can people tell if skimmers are in ATMs or self-pay devices? How can locations for those using Gmail or other email services be removed? What popular retail check-out system is no longer being supported, leaving millions of retailers and their customers vulnerable? Tune in to hear Rebecca discuss these topics and more.
3/26/2019 – Fax Tech and Machines: The Achilles Heels of Cybersecurity
A California healthcare cloud services business exposed over 6 million patient files online due to lack of basic security controls, such as passwords, on their online fax server. Many organizations have unsecured faxing services as well. And to the surprise of many, faxing is growing in usage, increasing data security and privacy risks. Legacy systems and devices, such as fax servers and machines, become the Achilles' heels of systems, applications and data security. How many cyber crooks are getting to personal data through these pathways ignored by large numbers of businesses? What are common security and privacy problems with how businesses and the public in general use faxing, printing and copy services? What types of breaches are occurring? How can these often-overlooked pathways into data, systems, applications and networks be secured? Tune in to hear Rebecca discuss the answers to these questions and more with Eric Nelson, Founder and Principal of Secure Privacy Solutions.
3/5/2019 – Huge Risks From SaaS Orgs With No Test Regions or Change Controls
This 2nd in a series of shows on applications and systems engineering, coding, and maintenance looks once more at a few different topics within applications change controls including: What types of testing of new and changed applications code are necessary to ensure limited possibility of negative impacts to those using the application, as well as others using applications on the same server, and to the associated data and systems? What is regression testing, and when is it necessary within the change control process? What is the primary goal of testing new and changed applications testing? What are "local variables" and "global variables" as they relate to applications testing? What are test-coverage monitors, and when should they be used? Why is using live production data usually a horribly bad idea? Rebecca discusses these and related issues with Dr. Mich Kabay in this episode.
2/19/2019 – No Change Control is Like Playing with Fire in a Dynamite Factory
Increasingly more often over the past couple of decades, organizations have been eliminating software and systems change controls, often as executive decisions to save money. Too many are making changes in applications directly within the production environment, especially SaaS businesses, with complex and multiple services offerings. When separate test environments are not used, numerous risks are created for all involved, not to mention being compliance violations under many legal requirements. What are the basic components that should be part of a change control management process? What are the risks involved when making changes to software code within production environments? How can doing insufficient testing lead to breaches, and lost client data and access to online services? What lessons can be learned about change controls from the Vanguard Rocket? Rebecca discusses these and related issues with Dr. Dan Shoemaker in this episode.
1/8/2019 – 2019 Information Security Forecast: Worldwide and In Colombia
What will 2019 bring with regard to information security and privacy threats and trends? What is "digital density"? What are the security dangers for APIs? What kind of surveillance activities, if any, take place in Colombia? What are common privacy practices and regulations for both the US and Colombia? What international cybersecurity threats exist to all countries? Listen in to hear Dr. Jeimy Cano's five major 2019 information security and privacy predictions. Dr. Cano will also describe what we all need to look out for with regard to cybersecurity and privacy during the year ahead. Also hear about some of the cybersecurity and privacy activities in his home country, Colombia.
12/11/2018 – Is Anonymization Possible with Current Technologies?
What is possible with regard to de-identification and anonymization? Will anonymization be sufficient only for today? Or, will it keep the data anonymized for decades to come; possibly beyond? What is necessary to minimize re-identification risks? What do you need to know about anonymization before agreeing to allow your health data to be used for research? In this episode Rebecca speaks with world-renowned de-identification and anonymization expert, Dr. Khaled El Emam about anonymization, de-identification, re-identification risks, and related topics. Dr. El Emam has done extensive research in this area and written multiple books on these topics. Rebecca contributed a chapter to Dr. El Emam's book, "Risky Business: Sharing Health Data While Protecting Privacy." Dr. El Emam also wrote "Anonymizing Health Data" and "Guide to the De-Identification of Personal Health Information," in addition to many articles.
11/27/2018 – IOT Security, Privacy and Safety
At least one Internet of Things (IoT), or "smart", device, is already used by each person within the large majority of the population. The number of IoT devices are growing exponentially, and soon every member of the population will own a few to many IoT devices each. IoT devices inherently bring privacy, safety and security risks to those using them, and attached in some way to them. Some risks, such as those created by medical devices, smart homes, smart grids and smart vehicles and roads literally could result in death. What are these data and systems security, privacy and safety risks? What needs to be done to mitigate those risks? Why aren't device makers building security, privacy and safety controls into these devices? Listen in to hear Abhik Chaudhuri, author of the book "Internet of Things, for Things and by Things" discuss these and many more IoT security, privacy and safety topics with Rebecca.
10/30/2018 – Information Security and Privacy Questions from Listeners
For this final October episode of National Cyber Security Awareness Month, Rebecca Herold answers questions from listeners and Privacy Professor Tips readers. Just a few of the topics covered include: 8 things everyone should do to secure their computing devices Wi-fi security and privacy ATMs, self-pay devices, and skimmers Privacy protections Exactis privacy breach Web cam hacking Join Rebecca to hear how she answers what your fellow listeners and Tips readers ask!
10/16/2018 – Answering Questions from Listeners for Cyber Security Awareness
I've accumulated dozens of data security, cyber security and privacy questions from listeners and Tips readers that I've not yet had time to answer. They cover a very wide range of topics of interest to all folks throughout the world. E.g. E911. HIPAA breaches. Worst security business practices. Ring security system privacy. Keeping people from visually snooping on your tablet or phone. Phishing calls (with a real example recording). Credit reports. Virus Scanning. And much more! We will answer questions on these topics and more during this episode as part of Cyber Security Awareness Month! Join cyber security expert Dr. Terri Curran and me as we go through as many questions as possible during this hour.
10/9/2018 – Pen Tests and Vulnerability Scans: Advice, Experience and Case Studies
The terms "vulnerability scanning," "vulnerability assessments" and "penetration testing" are often used interchangeably. But they are not the same! What are the benefits of each? For what purposes should each be used? Are they required by law? Are there any negative impacts for each type of activity? Listen in as cyber security expert Kevin Beaver discuss these topics, his experiences and advice, and also hear us go through some related case studies for using these tools.
6/19/2018 – Separating Facts from Fiction in Digital Forensics
There is daily discussion in the USA about voting and elections security. The US Department of Homeland Security reported evidence that Russian hackers tried to breach election systems in 21 states during the 2016 elections. Many states are updating voting systems security before November 2018 elections. Security threats are not confined to the US; voting and elections security threats and active exploits are occurring worldwide. Who should be responsible for ensuring elections processes and voting systems security? What do cybersecurity pros recommend be done to secure elections and voting systems? How are nation states spreading propaganda and using social media to alter votes? What types of voting systems are at most risk of being hacked? How can interference in social media and the spread of propaganda be stopped? What are the most important actions to take to improve voting and elections security in the USA and worldwide? Hear an expert discuss some of his research findings in this episode.
06/06/2020 – Legislating Weak Encryption is Stupid and Dangerous
The value of strong encryption cannot be overstated, but yet the efforts from lawmakers to force tech companies to create weak encryption has been put into overdrive. Bruce Schneier has been a vocal proponent of strong encryption for many years, and eloquently explains why it is technically not possible to give the good guys the access they want to encrypted files and transmission without also giving the bad guys access. Listen in as Schneier explains his thoughts about the most recent efforts from the DOJ and lawmakers to require commercial products to use accessible encryption. Schneier also answers questions such as: What would he say to AG Barr about creating such accessible encryption? What does he think about Zoom encryption, and security in general? What are his thoughts about COVID-19 tracing apps; are they sufficiently protecting privacy, and are they effective? What concerns does he have with online voting security?
4/9/2019 – GDPR: Implementing Data Subject Access and Rights
In this 6th in a series of shows on GDPR we discuss issues about how to give individuals access to their own personal data, how to provide them with portability of their personal data, and related issues. Understanding the actual HOW of doing compliance requirements is usually the most challenging part of compliance. One factor is because each organization has its own unique business environment, so the HOW cannot be the same for all organizations. This show explores Articles 15, along with some of Articles 17 and 20, of GDPR. What penalties and fines under GDPR have been applied to date? By what countries? What are the most challenging parts of meeting GDPR compliance? What types of data do organizations need to provide to individuals upon their request? Does such data include meta data? Log activities? Other information? Tune in to hear Rebecca discuss the answers to these questions and more with Steve Wright, privacy and GDPR expert.
1/22/2019 – GDPR, Data Privacy Day and The Need for Privacy
2018 privacy hero of the year, Tara Taubman-Bassirian, discusses the EU GDPR, the increasing need for protecting privacy in the increasingly technology-rich environment, and some activities for Data Privacy Day on January 28, 2019. What are the benefits of GDPR? Where can it be improved upon? What do companies struggle with most for GDPR compliance? What is a "hot potato" GDPR issue? How are binding corporate rules (BCRs) used for non-adequate countries? How has Brexit impacted GDPR compliance? Why does privacy matter? What are the current largest threats to privacy? What are some activities for Data Privacy Day? Hear Tara discuss these topics, and more, with Rebecca.
12/4/2018 ‐ FTC Influences on Privacy Sanctions and Regulations
The Federal Trade Commission (FTC) is considered by many organizations to be the preeminent arbiter of privacy in the US. How did the FTC develop this authority over the years? What have been some of the most privacy-impacting cases? Where do organizations need to pay more attention within their privacy efforts to avoid fines and decades-long consent decrees? What does the FTC do with all the money from the fines they are paid? Where is the FTC going with privacy regulations and enforcement? How are your posted privacy notices related to the FTC Act when it doesn't even mention privacy? Listen in to hear Marc Groman, an internationally recognized privacy expert and the first FTC Chief Privacy Officer, discuss these and many more FTC privacy oversight and enterprise privacy management topics with Rebecca. Marc will also let listeners know where to get help with improving the security and privacy of their children's and teens' online use.
11/20/2018 – GDPR: Using Legitimate Interests as a Lawful Basis for Processing
What are considered to be legitimate interests as a basis for legal processing under GDPR? Context is a vital consideration. What should organizations do with regard to "careful assessment" to determine whether or not a situation is considered to be a legitimate interest of the data controller to enable personal data processing? What resources and guidance are available to help organizations to determine legitimate interests? What do organizations struggle with most for this requirement? How high are the fines for non-compliance? Tune in to hear Teresa Troester-Falk, Chief Global Privacy Strategist, Nymity, and Gabriela Zanfir-Fortuna, EU Policy Counsel, Future of Privacy Forum, provide answers and discuss more GDPR requirements. We will also walk through some case studies for determining legitimate interests for processing, including a real-life IoT case study!
11/13/2018 – Government Hacking and Surveillance: Activities, Tools and Laws
As encryption and other privacy-enhancing tech is increasingly used, government agencies are seeking new ways to access communications and other data that is also being increasingly generated by new computing devices, apps and websites. Methods currently used include government hacking and vulnerabilities exploitation, and pursuing access through such legal paths as Title III and the USA Patriot Act. What actually is government hacking and what tools are used? What are the risks for putting backdoors in encryption that governments around the world are still pursuing? What is US Title III as it relates to government surveillance? How are data from CCTVs, license plate readers, phone and smart devices being accessed by government agencies? Tune in to hear Michelle Richardson, Director of the Center for Democracy and Technology's Privacy and Data Project, discuss these and many more related topics with Rebecca.
8/21/2018 – Unifying GDPR With US Laws Compliance
Organizations are struggling to meet compliance with GDPR, USA regulations and laws and all the other worldwide data protection legal requirements. There is much confusion about how to effectively comply with all of the many laws and regulations that apply to any single organization. What are hot topics that organizations need to know about for GDPR compliance? How can organizations effectively comply with multiple laws and regulations that cover the same topics and are often in conflict with requirements? How should differences in legal requirements for breach response be handled? How should organizations provide personal data to those making requests? How should organizations approach complying with the conflicting requirements within the 99 articles of the GDPR? Listen in as Matthew McKinney and Thomas Story, attorneys with BrownWinick (www.BrownWinick.com) and experts in these areas, discuss and provide important points and valuable tips for some of the key related topics.
6/12/2018 – GDPR: Debunking Personal Data and Applicability Myths
The GDPR is a very broad set of regulations, with 99 Articles that each contain one to many specific requirements related to personal data, and how it must be protected, restrictions on use and sharing, requirements for giving individuals access to their own personal data, and many other rights for the data subjects. This episode focuses on 3 of those many topics where much confusion exists. 1) Were all those email notifications on May 25 really necessary for GDPR compliance? 2) What is considered to be personal data, and in what possible forms? (HINT: It's not just digital) 3) What types of organizations and people must comply with GDPR? We will also hit upon the additional requirements for data protection within individual countries, the protections for EU citizens as well as EU residents, is government surveillance in the EU subject to GDPR requirements, the growing tsunami of GDPR actions and complaints, and recommendations for GDPR compliance.
5/15/2018 – Who's Eavesdropping on You? Government Surveillance and Laws
The US government recently released its annual report of surveillance activities, including the numbers of individuals about whom data was collected. It reveals that NSA tripled metadata collection from 2016 to taking over 534 million call records in 2017. Warrantless FISA Section 702 content queries involving U.S. persons increased from 5,288 to 7,512. Many other types of surveillance activities are also performed by the US government, along with state and law enforcement agencies, as well as other countries' governments. How many agencies have surveillance programs? What surveillance tools are used and what data is collected? What laws allow, or restrict, such surveillance activities? What can people do to protect their communications from surveillance? What types of data will always be able to be collected for online communications? Can anyone truly be anonymous online? Join this interesting episode to hear an expert for government surveillance answer these and more questions!
3/16/2018 – Privacy and Security Incident Response Mistakes Organizations Make
Privacy breaches and security incidents are occurring more often and are increasingly involving larger amounts of personal data. Why are security incidents continuing to increase? For a variety of reasons. While basic information security and privacy concepts are still the same as they have been for the past 30+ years, too many organizations do not implement information security and privacy programs that cover all those concepts to begin with! There are also more types of devices, such as smart cars, smart home devices, smart mobile devices, smart toys, and more that are collecting and sharing increasingly more personal data. And it is only going to continue increasing. So, with all these available security and privacy management standards and guidance documents, why aren't organizations better prepared to not only prevent security incidents and privacy breaches, but also to respond effectively to them? In this episode we discuss and gain insights from a long-time expert in this area.
2/16/2018 – EU GDPR Sanity: Practical Advice for Effective Compliance
On May 25, 2018, the EU General Data Protection Regulation (GDPR) goes into effect, bringing with it some significant changes to how organizations were protecting personal information under the EU Data Protection Directive. In this episode we discuss this with a couple of GDPR experts who have been deep into the weeds in helping organizations to implement the changes necessary to comply with the GDRP. And this certainly is a hot topic! I did an online news search on Feb 7, and there were 114,000 distinct news articles on this topic, with an unlimited number of opinions, warnings, and sky-is-falling predictions. Join our lively discussion with these two GDPR experts, who are based and work in the EU, to sort out some of the GDPR fictions from the facts, along with giving us some great advice.
1/2/2021 – Holding Privacy Events in a Pandemic World
For Data Privacy Day month Rebecca is speaking with Kim Hakim, CEO and Founder of FutureCon Events, about how she handled needing to move...almost overnight!...all her 2020 conferences to being online events at the beginning of 2020 when COVID-19 started spreading through the USA. Kim also discusses some of the key privacy issues she had to address when doing so. Kim will also describe the most requested privacy topics for the FutureCon events. Some topics covered in this episode include: What makes FutureCon events unique from all other cybersecurity and privacy events? What were the most requested topics in 2020 and for the upcoming 2021 events? What are the inventive ways that Kim arranged for online FutureCon event attendees to interact with speakers and sponsors? What makes a great cybersecurity and privacy speaker? What advice does Kim have for those who want to be speakers at cybersecurity and privacy conferences? Tune in to hear these topics covered, and much more!
12/5/2019 – How A Trail-Blazing STEM Mentor Is Revolutionizing Cybersecurity
The numbers of women and people of color are still a woefully small percentage of the IT and cyber/data/network/applications security workforce. Such lack of diversity results in weak and flawed IT, security and privacy practices, applications, networks, and data protection. Rebecca discusses the related issues with cybersecurity expert, industry leader and long-time mentor, Dr. Cheryl Cooper: What is Dr. Cooper working to change in society with her mentoring work? Many displaced workers in their 40s, 50s and beyond, with no IT or cybersecurity background would like to start a cybersecurity career. What advice does Dr. Cooper have for them? What are common challenges that all ages of women and people of color face in cybersecurity careers and what type of support do members of WINS provide to them? What is Dr. Cooper’s greatest achievement in her career? What advice does Dr. Cooper have for those who would like a career in cybersecurity but do not know where to start?
Information security, privacy and compliance careers are of great interest, and the need for more professionals to fill openings in these areas continues to increase. What are some paths to take for getting into these careers? What types of college degrees, if any, are necessary? What work ethics are necessary for success in these types of careers? How is getting into these careers different in various countries, such as in the USA and Russia? What is necessary to start your own business specializing in cyber security, privacy, and related services and products? What is Women in Security and Privacy (WISP) and how did it get started? Tune in to hear Rebecca discuss these topics and more with Elena Elkina, co-founder/Partner of Aleada Consulting and co-founder of WISP.
4/30/2019 – Small Business Risks, Careers, Mueller Report, CPU Vulns and More!
In this episode Rebecca answers some of the questions received from show listeners and discusses some recent news items. A very wide range of topics are covered, some of which include: What are cybersecurity lessons found within the Mueller report? What are the top 3 things a small business owner should be doing to secure client data? Who should be concerned about Embedded POSReady 2009? What are the challenges to eliminating CPU vulnerabilities from Spectre and Meltdown? What are the best paid information security careers? How can consumers deal with increasingly frequent credit card breaches at online sites? What is a new Microsoft security configuration baseline setting that surprised many? Tune in to hear Rebecca discuss these topics and more.
8/28/2018 – Advice for CyberSecurity and Privacy Threats, Challenges and Careers
Are you interested in expanding your career in the infosec and privacy fields, or want to get started in professions in these areas, or start a new career after leaving another industry? This episode is one you'll want to listen to! What are the challenges information security, privacy, compliance and audit practitioners (aka information assurance pros) face advancing their careers? How are they meeting these challenges? How do information assurance professionals stay up to date with the latest threats and vulnerabilities? What are the benefits of working in information assurance careers in Midwest USA? (There are MANY!) Listen in as Donna Gomez and Naeem Babri, information security experts in the greater Kansas City, MO/KS area, answer these questions and discuss key related topics. They will also provide information about the upcoming SPOTlight on Security workshop in Overland Park, KS, on September 5.
7/31/2018 – Education and Advice for Successful Information Security Careers
How have information security careers changed in the past three decades? What long-time information security capabilities and skills are still vital to have today, but that too many going into this field are simply deciding are not worth pursuing? What concepts are important for those going into information security to understand? What is the Parkerian Hexad and how does it contribute to implementing better security for emerging technologies and for protecting privacy? What degrees are recommended for success in information security fields? The answer may surprise you. What capabilities would you also be surprised to learn are vital for information security career success? Listen in as Dr. Mich Kabay from Norwich University answers these and more questions, and also discusses information security education, and advice for being successful in information security careers.
5/22/2018 – Why Do Women Leave IT Careers?
In this episode we discuss how to encourage women into STEM careers, IT in particular, and motivate them to stay. This most definitely is NOT a man versus women issue! Some of the greatest supporters of women in STEM are men and some of the greatest in opposition are women. There are many opinions and ideas for how to get more women involved in IT and keep them in the industry but there is no simple answer. Many actions must take place, throughout entire lifetimes and generations, and many attitudes which must change. Challenges attracting and keeping women in IT is due to many factors, from the atmosphere in which children are raised, to the people who are influencers in their lives, and too many practices within the IT, info sec and privacy industries that often result in forcing, or encouraging, women to leave their careers. Hear ideas and results from research for how to attract and keep women in STEM careers from an expert who spoke on this topic at the April 2018 RSA Conference.
4/20/2018 – The Path of This Privacy Expert Led to Many World Icons
What do Harry S. Truman, Gloria Steinem, Fidel Castro, Jimmy Hoffa, and Antonin Scalia have in common? Tune in to hear Robert Ellis Smith explain the answer! He will also discuss many other famous icons he's met, been friends with, and interviewed during his long, storied career in privacy. Hear also Robert's explanations of the Supreme Court's Citizens United privacy decision of 2010 versus their AT&T FOIA decision of 2011, and his opinion of those decisions. Also, learn about his latest book, "Faces I Have Known." Robert has some incredible stories he shares; in this episode in addition to in his book!
4/13/2018 – IT and Privacy Career Trends and Tips for Success
I've had many listeners, from high school up through those who were past their 70s, contact me, saying they were inspired to follow their interests into a tech, information security and/or privacy career after hearing some of my other radio shows. I also had many listeners asking me to provide more career advice; about getting into the tech, information security and privacy fields. Asking how to be as successful as possible. Asking for tips to get hired. Asking what fields are the ones that are hot right now, and which will be hot in the near future. I am happy to have the perfect person to answer those questions, and more, as my guest in this episode! Tune in to find out how to focus and propel your career in information security, privacy and IT from an expert whose business helps provide such opportunities.
4/6/2018 – Association Memberships Build Data Security and Privacy Careers
In this episode we discuss information security and privacy careers and ways to support professional growth. In particular we discuss the benefits for building professional capabilities, of networking, learning from peers, and participating in projects as a result of belonging to and participating in professional associations. We also discuss the various types of activities that professional membership associations, such as ISACA, IAPP, ISSA, ISC^2, ACM, IEEE and others, have available for members. Tune in to hear some great professional guidance from long-time information security and privacy experts, and to hear about some upcoming events!
3/30/2018 – Many Areas of InfoSec and Privacy Expertise? Make Them Your Career!
Many information security and privacy pros and career advisors give advice that you should focus on one specialty to be successful. While that may be best for some, I can testify that it does not apply to everyone! You can absolutely be successful doing many different types of specialties, at any age or period of your career, if those are your passions. My guest is the epitome of successfully pursuing a love of many, widely different areas of expertise as a career. Linda Cadigan, a highly accomplished information security and privacy pro and expert, discusses how so many of us love to work and have expertise in many different areas. Hear Linda's experiences and how she utilized her expertise in multiple areas to build successful businesses. We advise listeners on the benefits of being multi-area information security and privacy experts! Success doesn't always come from computing degrees or technology backgrounds, but from following your passion and doing what hasn't yet been done.
9/18/2018 – Cyber Terrorism Defense at Home and While Traveling
There are growing numbers of cyber-attacks being launched by terrorists throughout the world against critical infrastructure networks not only within governments, but also within the healthcare, financial, utilities, and transportation industries, just to name a few. The US Department Homeland Security said during a 2018 9/11 memorial event that, "The cyber threat has eclipsed the threat from physical terrorism." What is cyber terrorism, and how do cyber terrorists choose their victims? What factors lead to cyber terrorists targeting travelers? How can you keep cyber terrorists from your data and systems? How can data security be used during hostage situations? Listen to Tom Conley is President and CEO of The Conley Group, discuss the answers to these questions, and other issues related to domestic and international terrorism and travel security.
8/7/2018 – Physical Fails for Information Security and Privacy
This episode covers a problem as bad today as it was decades ago and in many ways worse. Breaches caused by unauthorized access to physical forms of information: on printed paper (e.g. boxes of customer records on the curb for trash pickup); getting access to the physical USB drives and external hard drives; getting access to backup media; and numerous other ways that expose personal information and many other types of sensitive information. What are some of the most bizarre incidents involving physical access breaches to information? What are some common real-life incidents involving physical access to information? What do organizations, and every person in their private lives, need to do better? What are related legal requirements? What is a certificate of destruction and do you need one? Listen in as Andrew Ysasi, Vice President of Kent Record Management® and President of IG Guru™ provides examples, insights and advice that everyone can use at home and at work.
5/29/2018 – Swatting Dangers and Defenses
A Kansas man was killed in a swatting incident in December, 2017. A central Iowa woman was a swatting victim in May, 2018. In April, 2018: A swatting incident occurred in Arlington, TX; there were 3 swatting incidents in the Chicago area; and at least 6 in the New York City area. Many more swatting incidents could probably be found if more than 30 seconds was spent looking. What is swatting? And when and how did it get started? Is the problem getting worse? Who are the targets for swatting? What should you do if someone wearing a police uniform is banging on your door, but you see no police car, or see a car that isn't a police car? How can Smart911 help in swatting situations? What are the security and privacy issues? Related to this, what types of home safety/security systems can be used to protect homes from intruders? What can everyone do to reduce the probability of being a swatting, or home invasion, victim? Listen in to this episode to learn more from an expert on this topic!
3/2/2018 – Balancing Privacy with Safety when Using Body Cams
Body cameras can provide great benefit for capturing what really happens in various situations and support accountability for the actions of those wearing them. But there are also privacy risks for those in the vicinity. In July 2013, the US Department of Justice reported that less than 25%, at that time, of police departments used body cams. By 2015, 95% of large police departments reported they were either already using body cameras or had committed to doing so in the near future. Laws for body cam use are also increasing. Currently 34 US states and the District of Columbia have created laws for body cameras. Law enforcement and others are increasingly using body cams. Listeners; where do you stand on this topic? Invasion of privacy, for those interacting with the police and those in their vicinity? Or an absolutely necessary tool? Or somewhere in-between? How can we balance the safety and privacy issues? Join this episode to hear discussion of these important issues!
2/1/2020 – How Biased and Malicious AI Can Do Harm
Listen in to my chat with artificial intelligence expert Davi Ottenheimer about not only the potential benefits of AI, but also the risks to information security, privacy and safety when flawed, biased and maliciously-engineered AI is used. Also hear the boundaries Davi recommends for preventing bad AI. Some of the questions covered include: What are some examples of tragedies that possibly could have been prevented with AI? In what ways are AI controlled robots shifting power in our society? What kind of boundaries can be used with AI to support strengthening information security and protecting privacy? Are AI regulations, laws, and other rules necessary? And many more!
2/26/2019 – Is AI a Friend or Foe to Information Security and Privacy?
There are unlimited possibilities for using artificial intelligence (AI), for the benefit of a few, to benefiting large populations. Many in the information security sector are hopeful that AI can strengthen cybersecurity efforts. But, can they also be used to exploit cybersecurity vulnerabilities? And what about privacy? Will AI be used more to invade privacy, or to protect privacy? Considering these issues, and certainly there are many more to consider, just how accurate are all those AI tools being offered? How are AI algorithms validated as being dependable and/or accurate? Are they biased? Is it possible to have unbiased AI? What are the consequences of something going wrong with AI? What are current trends in AI? Rebecca discusses these and related issues with Dr. John Cook in this episode.
4/3/2021 – Voter Fraud Facts No One is Talking About... Until Now
In 2021 there have been at least 253 voting bills proposed in at least 43 US states. These bills are restricting voting methods, times, and even criminalizing such practices as the provision of food and drink to those who are in waiting line for hours to vote. All due to “concerns about voter fraud,” even though hundreds of audits, hundreds of ballot recounts, and hundreds of independent voting machine security assessments have found no voter fraud. What security measures are actually established for poll centers on voting day? For early voting locations? And for mail-in and absentee voting ballots? What would election officials tell you about those images and videos claiming to be evidence? Are they really evidence? Or, are they bogus? And how can you tell? Can boxes of ballots actually be brought into election centers and processed? What controls are in place for elections centers where ballots are collected, processed, and sorted? Listen in as Genya Coulter, named as one of the Top 25 Women in Election Security and Tech, as well as being the Polk County, Florida, Election Clerk who oversees all her precinct operations and manages her team during election season, answers these and many more questions, as well as describes the facts about voting and ballot security controls, and answers questions about voting fraud claims during the 2020 US election during this conversation with Rebecca. Follow Genya on Twitter: @ElectionBabe
3/6/2021 – Fighting US Elections & Campaigns Interference with Cybersecurity
There continue to be more lessons to learn from the past 8+ years of election cycles in the US. Lessons that can be applied throughout the world, about the need to build in strong security and privacy protections to the associated processes, systems, and physical components of elections to strengthen democracy as well as to establish verifiable and validated election results. The FBI reports verified election interference attempts and goals of China, Russia, Iran & domestic groups; often through election candidates’ campaign organizations and associated groups. What kind of interference is targeting campaigns and candidates? How does strengthening security practices help to prevent these interference goals from being fulfilled? What is the goal and mission for CyberDome? Why is US CyberDome well-suited to help fight interference with election campaigns? Listen in as Matt Barrett, co-founder of US CyberDome, provides insights, research findings, advice to campaigns, and describes the goals of CyberDome to protect election campaigns during this conversation with Rebecca.
10/3/2020 – Data Proves Voting Fraud is Rare; Don’t Believe Conspiracy Theories Claiming Otherwise
Voter fraud conspiracy theories have reached a fever pitch. There are even claims that mail-in ballots are "a scam." What’s the truth? Voting security experts and researchers Jennifer Kavanagh and Quentin Hodgson describe in-depth research revealing verifiable facts about security of all types of voting including absentee/mail-in, voting machines and paper at polling locations, and drop boxes. They provide research results for questions such as: How are voter registration databases kept up-to-date and when do errors occur? How is signature matching done? Can poll workers throw out ballots claiming signature mismatches then submit different ballots for the voter? How can voters determine if their mailed-in ballots were rejected because of a signature mismatch prior to election day? What controls do poll workers follow? Are "poll watchers" who interact with voters legal? Is it possible for someone to send "unsolicited millions of ballots"? Does "ballot harvesting" actually occur? Hear Dr. Jennifer Kavanagh and Quentin Hodgson discuss the results of their in-depth research into voting fraud during this episode.
7/11/2020 – Voting by Mail Security: Busting Myths and Explaining Facts
In the midst of a deadly pandemic mail-in voting would be the safest way to vote. However, many warn that voting by mail will lead to wide-spread fraud and lost votes. Is this true, or are they baseless claims? What is true, and what are pure conspiracy theories and lies? Amber McReynolds, one of the country’s leading experts on election administration, policy and security, discusses the risks of voting by mail along with the benefits, security, and myths. Some topics covered: How are requests for mail-in ballots confirmed to be from the actual voter? How much fraud has actually occurred in voting by mail? How can voter suppression be mitigated when voting by mail? What are the security controls for mail in ballots received at elections headquarters? Is "ballot stuffing" and counting counterfeit ballots actually happening? In what ways are mail-in voting more secure than in-person voting, and vice versa? Hear Amber's many years of experiences and research on this topic.
3/7/2020 – How Poor Tech Security and Misinformation Upend Elections
Listen in to hear Rebecca speak with elections security expert Theresa Payton about elections security, safeguarding voting machines, and the types of attempts to disrupt or even change the results of elections. Some of the topics covered include: What are some key points to understand about the tech and other problems in the Iowa caucuses? In what ways do nation states, and other malicious actors, try to manipulate elections results? How can voters recognize manipulation campaigns? What favorite online marketing tool is being widely used to spread misinformation during election seasons? How are social media posts and hashtags used to damage elections? How do social media influencers profit from meddling in elections? And many more!
5/21/2019 – Voting Security, Malware as Art, Ransomware, Breaches plus More
This week many security and privacy topics are covered, plus news about a necessary summer break! Why are actual voting machines, with voter data, being sold on eBay? What are cybercrooks doing on Git repositories that those using them must be prepared for? How are the "6 most destructive malware threats" considered to be art? How are organizations, and so many cloud services, exposing personal and sensitive data to the world? What is going on with all the ransomware and phishing attacks? Are ransomware response solutions providers causing more ransomware? Why is Rebecca taking a break from the show over the summer? Tune in to hear Rebecca discuss these topics and more.
10/23/2018 – Security Views from an Elections Official and Voting Security Expert
Almost every day there are more reports of voting security problems. Voter registration data being sold on the dark web for $12,500 for certain states. Ballot case security being defeated and not leaving any trails to track the hackers. Voter suppression through mismatches of IDs and registration data. The list could go on for many pages. What legal requirements are there in the USA for voting and elections security? What responsibilities do elections officials have to ensure voting security? Do officials and poll workers receive information security training? What security and privacy concerns are there for voting via email, fax, web portals, and mobile apps? What risks are at the polling sites? What security risks exist for voter registration cards? How can voting and elections security be improved? Join Florida election official, and voting security expert, Genya Coulter, and me as we discuss these, and more, related topics.
10/2/2018 – Turning A Blind Eye Does Not Fix Voting Security Vulnerabilities
The sheer number of different voting and elections systems and applications used in USA elections is staggeringly large and diverse; as they are in other countries. The number of people involved in elections is also a significant factor impacting elections security, along with physical access security to the voting equipment, paper ballots, and registration data. The resulting complexity creates many real voting security issues that must be addressed. Voting machines vendors should embrace help to identify risks, not simply deny risks exist. In this 4th in a series of voting security shows, we look at the findings from the "Voting Machine Hacking Village" at DEFCON, state-level cybersecurity election plans, current voting and elections security vulnerabilities, and nation state elections hacking activities. We also answer key questions about mobile voting and paper ballots. Listen in as I discuss these topics and more with Jake Braun, Executive Director of the Harris CPI and CEO of CGA.
9/11/2018 – Voting Systems Security and Risk Limiting Audits
US intelligence agencies confirm that during the run-up to the 2016 elections Russian hackers attacked DNC and RNC election and related servers. Digital attacks on voter registration servers occurred in all states and in a few isolated cases hackers got into voter records servers. Voter fraud at polls is verifiably low, but voting and elections systems have significant security vulnerabilities due to wide diversity of systems and administration practices throughout all the USA, along with risks from varying ages of systems used. What are security risks in voting systems, software and tech currently used in the USA? How is social engineering used in attempts to voting systems? How can risk limiting audits be used to assure voting integrity? Listen to Marian Schneider, President of Verified Voting, discuss her organization's research findings for voting systems and explain risks in current voting systems, and risky practices, such as how voting is occurring in some places via email and fax.
7/24/2018 – Are US Voting Systems and Voter Registration Data Secure?
On July 13 US special counsel indicted 12 Russian intelligence officers for hacking the Democratic National Committee and the Clinton presidential campaign during the 2016 elections. State and county offices responsible for administering the 2016 U.S. elections were also determined to have been targeted by the hackers in an effort to steal voter and other data. Hackers were successful in breaking into the voter registration systems in Illinois. They also targeted systems throughout all the states. Are USA voting and registration systems now secure enough to prevent successful hacks? What are the methods used to attack our voting systems and what social engineering methods are used for the nation state hackers to get access to the systems and databases? What risks exist? What needs to be done to better secure the technologies used in our voting systems and voter registration databases? Listen to voting systems researcher and security expert Maurice Turner for answers to these and other questions.
6/26/2018 – Are Our Voting and Elections Processes Secure?
There is daily discussion in the USA about voting and elections security. The US Department of Homeland Security reported evidence that Russian hackers tried to breach election systems in 21 states during the 2016 elections. Many states are updating voting systems security before November 2018 elections. Security threats are not confined to the US; voting and elections security threats and active exploits are occurring worldwide. Who should be responsible for ensuring elections processes and voting systems security? What do cybersecurity pros recommend be done to secure elections and voting systems? How are nation states spreading propaganda and using social media to alter votes? What types of voting systems are at most risk of being hacked? How can interference in social media and the spread of propaganda be stopped? What are the most important actions to take to improve voting and elections security in the USA and worldwide? Hear an expert discuss some of his research findings in this episode.
5/2/2020 – Why Weakening Encryption for Law Enforcement Access is a Bad Idea
Efforts are increasing in the US and worldwide to force tech companies to build encryption that would “allow only law enforcement and government” groups to get into encrypted files and communications. The claims are that this is necessary to fight online crimes such as human trafficking and child sexual exploitation. We definitely need to address these horrible crimes. However, are these commands from governments and law enforcement groups technically feasible? Why aren’t these groups including technology experts in their forums discussing these needs? What other methods of catching such criminals are available? What would be the impact to everyone if they were forced to use such weakened encryption tools? Would the criminals even use such weakened encryption? Will 5G have any impacts on strong encryption? Listen in as Dr. Eugene Spafford discusses the issues that lawmakers, law enforcement, and the general public need to understand about how encryption works and important considerations.
3/12/2019 – Amazing Cryptography and Codebreaker Pioneer: Elizebeth Friedman
Elizebeth Smith Friedman was an amazing cryptography expert and codebreaker who changed the course of World War II. She also used her groundbreaking work to bust international smuggling and drug running throughout the world. In this episode we discuss some of the valuable contributions Ms. Friedman made to cybersecurity that, until only recently, were overlooked and unappreciated. What are the major successes and accomplishments of Elizebeth Friedman? In what ways would history would have been changed if Elizebeth Friedman had not made her contributions? What is something surprising about Elizebeth Friedman's life? Tune in to hear the answers to these questions, in addition to learning a whole lot more. And, since March is Women's History Month, what a great time to learn more about this amazing woman and her impact on history!
2/5/2019 – Will Australias Encryption Law Kill Privacy in Name of Safety?
Government leaders and law enforcement are trying to force tech companies to put backdoors in encryption in the name of public safety. There are 750,000 law enforcement employees and 1/2 million US intelligence agencies community employees who may use those backdoors, and likely many others worldwide. Strong encryption is available throughout the world. If businesses and general public are forced to use encryption with back doors, will cybercrooks will be the only ones using strong encryption; those the backdoors were intended to be used on to begin with? How will Australia's new law requiring encryption backdoors impact data security and privacy? Who has oversight of that law? How will it impact other countries? Does any evidence prove encryption backdoors have improved safety/security? Rebecca discusses these and related issues with Dr. Katina Michael, Arizona State University director of the Centre for Engineering, Policy and Society. Katina is also a privacy and uberveillance pioneer.
7/17/2018 – Are Encryption Backdoors Really Necessary for National Security?
There are continued efforts by US and worldwide governments and law enforcement to compel tech providers to create backdoors into encryption technologies to allow access to the data if they think they need it. We all want terrorists and criminals caught. But is putting backdoor access to encrypted data files actually the only way to solve cases where encrypted data is involved? Are there other methods available to get intelligence information beyond just the encrypted data, and are other methods available to obtain access to encrypted data instead of putting backdoors into the technology? Would such requirements even be effective with so many encryption technologies available from other countries? Or, should law enforcement investigations always be put before privacy risks? What are some important issues that should be considered for putting backdoors into encryption technologies? Tune in to hear this discussion with a world renowned senior cybersecurity leader and expert! For more details after listening see USACM's statement on extraordinary law enforcement access at: https://www.acm.org/binaries/content/assets/public-policy/usacm/2018-usacm-statement-law-enforcement-access.pdf.
7/3/2018 – Encryption Trends Around the World
In what countries do businesses have the most mature encryption strategies? Which ones are encryption strategy laggards? Do the countries that are lagging in encryption strategy maturity strategy also have weak encryption technologies? Or, do they actually have stronger encryption solutions? And what types of personal data are encrypted most often by organizations, and which are more rarely encrypted? Financial data? Healthcare data? Something else? In this episode I discuss these, and many more, worldwide encryption trends with Dr. Larry Ponemon, who has done many years of extensive research about encryption trends. Dr. Ponemon covers some of the major findings and points from his 2018 Global Encryption Trends Study sponsored by Thales. Plus, I provide five important and compelling reasons why putting in backdoors into encryption solutions, as many lawmakers still are trying to require, is a bad idea for security and privacy, and how it can also harm national economy.
2/6/2021 – Healthcare CISOs: Securing Patient Data & HIPAA Compliance
Health data is considered personal data gold to cybercrooks. Hospitals, clinics and telehealth situations involve a lot of complexity that brings many threats and vulnerabilities to patient data. Is your healthcare and patient data safe? Are hospitals and clinics doing all they can to protect your data? What would you like to ask your hospital about this? Would they know how to answer? Are HIPAA requirements effective for protecting patient data? Listen in as Mitch Parker, a healthcare security expert and executive at multiple large hospital systems, provides answers to these questions and more. Mitch will cover longtime, current and emerging challenges for corporate information security officers (CISOs) at the largest hospitals as well as the smallest, rural clinics. Mitch also provides insights and his thoughts on HIPAA updates during this conversation with Rebecca.
8/1/2020 – COVID-19 Contact Tracing: Privacy & Security Risks
Tech giants and startups are quickly releasing "cutting edge" COVID-19 tracing tools. Some states have built their own tracing tools. COVID-19 tracing is absolutely necessary to get the pandemic under control. But are those tools secure? Will the privacy of the individuals' health data be protected? What tracing tools are being used? Which best protect privacy? Which put privacy at risk? How do certain phones and operating systems put patient data from tracing tools at risk? What are the concerns for location tracking? Is location tracking even necessary for effective COVID tracing? What are some COVID-19 tracing conspiracy theories? Hear uberveillance, privacy and security expert, Dr. Katina Michael, professor at Arizona State University and National Science Foundation funded researcher, answer these questions and more about COVID-19 tracing tools and the related privacy risks and considerations. Read some of her research about this topic at https://bit.ly/3hG1FHb
4/2/2019 – Continuing the Cannabis Security and Privacy Risks Conversation
This is the third in a series of shows about personal data privacy and security risks involved with cannabis sales. We discuss wide-ranging issues involved with cannabis dispensaries and online cannabis sales. We also discuss some of the ways in which smartphones, apps, and other tech can bring risks to those using cannabis. Where is cannabis legal throughout the world? How are cannabis laws creating stigmas for those using medical cannabis? How are the wide number of personal data items collected from cannabis customers and patients put at risk? Is 90% of stolen cannabis patient/customer data really taken by insiders? Are patients using THC at more or less risk of data theft, or privacy harms, than those using CBD? What are the differences? Tune in to hear Rebecca discuss the answers to these questions and more with Michelle Dumay, cannabis industry privacy and security expert, advocate and advisor.
1/29/2019 – Will You Sacrifice Your Privacy When Purchasing Cannabis?
Medical cannabis is legal in 33 US states, Washington, D.C., and 4 US territories. Ten states allow legalized sale of adult use marijuana. Many more are projected to legalize in 2019. Those using cannabis dispensaries assume their personal data is secured, and many incorrectly believe paying cash will leave no record of the purchases. Many risks exist to the security and privacy of those purchasing cannabis when strong security and privacy controls haven't been implemented. Many breaches have already occurred. What is a typical visit to a cannabis store like, and where are the data security and privacy risks? What needs to be done to better secure the data that dispensaries collect, store, and share with others? How can the privacy of dispensary patients and customers be protected? Rebecca discusses these and related issues with Michelle Dumay, cannabis industry privacy and security advocate and advisor. Michelle also provides a case study using an example from an Ohio dispensary.
6/5/2018 – DNA Forensics Can Solve Crimes. Are There Also Privacy Risks?
Those DNA ancestry kits are very popular. But how accurate are they? Can they really pinpoint the country where your ancestors came from? And with whom do ancestry businesses share that data? Was that data given to police which led to the Golden State Killer arrest, or did it come from other sources? How valuable is DNA in making criminal convictions, as well as exonerating the innocent? What parts of the human body provide the best types of DNA for analysis? How has DNA forensics analysis changed over the years? Is a human DNA sample ever too old to analyze? In what ways do you leave behind your DNA throughout the day? Can DNA analysis really be accomplished with a single strand of hair? Can your relatives provide DNA about you? How close in match is the DNA of identical twins? What are privacy considerations for DNA sharing? Listen in to this episode to hear how DNA was used in criminal cases, and to learn more from a DNA forensics expert who has analyzed over 900 cases!
1/26/2018 – Medical Cannabis Patient Privacy and Data Security
Most people assume that their data is safe in cannabis stores and medical cannabis dispensaries. Or they believe if they pay in cash there will be no record of their cannabis purchase. Those are incorrect beliefs. How do dispensaries secure and share data? Who WANTS that data? What security is needed? Some in government, law enforcement and employers want data about state legal marijuana and medical cannabis purchases. Michelle Dumay, Cannabis Patient Advocate, helps cannabis dispensaries and stores to secure their customers' and patients' data and privacy. Michelle learned through experience getting treatment for her daughter that most medical cannabis dispensaries are not compliant with laws governing the security and privacy of patient data. So Michelle decided to take action to ensure personal data is protected. In this episode, we discuss information security and privacy practices of cannabis shops, risks and what needs to be done when it comes to securing data and understanding privacy laws.
3/9/2018 – Uberveillance:Would You Embed Constant Surveillance In Your Body?
There are increasingly more initiatives to make humans passive participants within the Internet of Things (IoT) by implanting a wide variety of computers and computer chips within them. Science fiction stories have long spun tales about such devices being used to control the thinking and actions of the populations at large, and to track their moves. We are now seeing many of those tales come to reality. Now IoT devices of all kinds, those from healthcare providers and those direct to consumers, and others that have nothing to do with healthcare, can dramatically improve peoples' lives. However, if the devices do not have security built in, and if rules for how the data is allowed to be used are not established, they will become a security and privacy nightmares in the IoT. In this episode we will discuss many examples and associated security and privacy issues about embedding devices that constantly track the individual's activities; uberveillance. Our guest is an expert in this field.
4/23/2019 – Hotel Data Security and Privacy
There are growing concerns about privacy and the security of data provided to hotels, along with increasing safety concerns. How many different entities get your personal data when you check into a hotel? How many third parties have access to your personal data through the hotel? What types of activities that you do in your room that are often put into the hotel system? What types of actions can hotels take to help them improve their systems and data security and better protect the privacy of their guests? What are the most challenging requirements within regulations such as the EU GDPR and California CPA for hotels to meet? What are a few tips for travelers for protecting their own privacy? Tune in to hear Rebecca discuss these topics and more with Chris Zoladz, founder of Navigate LLC and former VP of Information Protection and Privacy at Marriott International.
9/4/2018 – The Philippines BPO Industry Goal to be World Leader in Privacy
There are many security and privacy issues related to business process outsourcing (BPO) in general, and to contact centers in particular. The Data Privacy Asia conference (www.DataPrivacyAsia.com) in Manila, Philippines, Sept 19 and 20 will provide advice for how to effectively address those issues. There are many key issues organizations must consider when contracting contact centers: access controls to personal data, ensuring compliance with necessary legal requirements, how caller identities will be confirmed, breach response practices and details, and many more. Organizations need to know that contact centers are effectively addressing privacy and data security risks and compliance requirements. Listen in as Espie Bulseco and Tonichi Parekh discuss the growing BPO industry in the Philiippines, and in particular the actions being taken to put the Philippines at the forefront as the recognized leader in protecting data and privacy in not only Asia, but throughout the world.
7/3/2021 – 4th Amendment Does Not Give LE the Right to Access Encrypted Data
The recent take-down of 300 criminal syndicates in more than 100 countries by the DoJ, selling their own 12,000 encrypted devices and services to which they had the decryption keys, has resurrected the question of encryption and lawmakers' claims that backdoors into encryption are necessary. Lawmakers, and even some data security personalities, point to this event saying it proves encryption should have backdoors. There are also claims that the fourth amendment supports this view. But wait! Doesn’t it prove otherwise? And, doesn’t the long history of failures for creating encryption backdoors prove that encryption solutions with backdoors built in put everyone at risk? Why can’t encryption be engineered to let in only the good guys and those meant to encrypt and decrypt the data, and not allow others access? Listen in as cybersecurity and encryption pioneer and multi-award-winning security and cryptography expert, owning many patents on cryptographic and network protocols, Dr. Steven Bellovin, answers these questions and many more in this highly informative discussion with Rebecca. You will hear insights and facts about encryption that have not been discussed anywhere else!
5/1/2021 – Defending Against Nation-State Hacking & Cyber Warfare Attacks
There have been many news reports in the past several months about nation-state espionage, and in particular nation-state cyberthreats and cybersecurity warfare attacks. So, what exactly are nation-state cyberthreats? What countries are the sources of the cyberthreats? What countries are launching cyberattacks? Russia? China? The USA? Others? Who should be defending against these cyberthreats? Government? Corporations? Individual citizens? In what ways have US citizens committed cyberattacks against their own country on behalf of other nation-states? Why is profiling based on an individual’s nationality and heritage a very bad idea for defending against nation-state cyberattacks? And in what ways does it actually do much more harm than good, and does not protect against the actual nation-state cyberwarfare practices? Listen in as Christopher Burgess, a 30+-year CIA security expert, nation-state cyberthreats and cyberwarfare expert, writer, speaker and commentator on security issues, answers these questions and many more in an informative discussion with Rebecca. Follow Christopher on Twitter: @burgessct #Cybersecurity, #Privacy, #NationalSecurity, #NationStateThreats #CyberWarFare #NationalSecurity #CyberWarfareAttacks
11/7/2020 – How Cybercriminals Take Advantage of the COVID-19 Pandemic
With 2020 being the year of the global COVID-19 pandemic, it has also become the year of globally widespread working from home offices, and attending school online from home. Cybercrime is increasing dramatically in many ways never before seen as a result of these quickly established new working and learning environments. How has cybercrime increased since the COVID-19 pandemic started becoming noticed? Which new types of cybercrimes were created to take advantage of the many different COVID-19 circumstances? What do Europol and Interpol research reports reveal about cybercrimes? Are existing laws insufficient for new types of cybercrimes? Rebecca discusses these issues, and many more about cybercrime, with world renown cybercrime expert and member of United Nations Office on Drugs and Crime expert team, Pauline Reich. Contact Pauline at: cyberasia2@gmail.com.
4/4/2020 – How Rob Sand Caught the Criminal Who Committed the Largest Lottery Fraud in History
Hear Rebecca speak with Rob Sand, the lawyer who used his tech savvy as the Asst Attorney General for Iowa to successfully prosecute Eddie Tipton, who committed the largest & longest occurring lottery fraud in US history while employed as an IT worker, and was promoted to Information Security Officer, at the Multi-State Lottery Association where he committed his crimes. Eddie exploited his positions of trust to rig the lottery winning drawings, totaling more than $24 million, at least five different times. A few topics and questions Rob covers include: 1. How was Eddie Tipton first identified as a suspect? How was he caught? 2. Exactly what did Tipton do to enable him to commit this fraud? 3. How did Tipton commit the fraud so long without anyone noticing? 4. What were the key pieces of evidence used for the case? 5. What changes did the Iowa Lottery make as a result of this incident? 6. What surprised Rob most about this crime? See more in our blog post.
1/4/2020 – Diving into the Dark Net
Many listeners have sent questions over the past two years about the dark web What is the dark web? Is it the same as the dark net? How is it different from the deep web? Is it legal to go into the dark web? What is Tor? What are some real-life crimes found on dark web? What are some of the most disturbing activities in the dark web? What do information security and privacy pros need to know about the dark web to help them with their job responsibilities? What should the general public know about the dark net? Tune in to hear Rebecca discuss these topics and more with Andrew Lewman, co-founder of The Tor Project, Farsight Security and DarkOwl, and technology advisor to Interpol's Crimes Against Children Initiative.
11/2/2019 – Professional ethics and technology in the cyber age
Executives, tech, data and cyber security, and privacy professionals face situations testing their ethics every day. Just a few issues include: Profit maximization at any cost, including privacy and data security Creating and selling products and services that monetize personal data at the cost of privacy, security and safety of the associated individuals Intentionally refusing to acknowledge known security and privacy problems to not damage sales and profits Deliberately releasing technologies that executives know do not work as expected or as advertised Tune in to hear Rebecca discuss these topics and more with Dr. Katina Michael, who has done significant research in these, and related, areas.
10/5/2019 – White hat hacking & security break-in testing & ethics
A recent incident occurred in central Iowa where security vendor, Coalfire, employees were arrested for breaking/entering and robbery of a county government building. After the arrest it was determined this was part of a contract the vendor had with a Federal agency in a neighboring county. This incident brought a wide range of online discussions about white hat hacking, facility break-in tests, and associated responsibilities and related ethical considerations. What are some lessons from the Coalfire security vendor arrests? What are some recommendations for contracting an outside entity to perform hacking and/or break-in activities? What activities need to be confirmed for such activities? What should related contracts contain for such activities? Tune in to hear Rebecca discuss these topics and more with Dr. Mich Kabay.
9/7/2019 – Cybercrime Trends and Changes in Past 3 Decades
According to Cybersecurity Ventures research, sponsored by Herjavec Group, cybercrime damages will be Dollor 6 trillion By 2021, up from Dollor 3 trillion in 2015. What are the biggest cybercrime trends of 2019? What were the biggest cybercrime trends 1, 2 and 3 decades ago? Where is cybercrime increasing? What are the impacts of ransomware? How does cybercrime hit small businesses differently than large businesses? What concerns info security pros and executives most about cybercrime? Tune in to hear Rebecca discuss these topics and more with Kim Hakim, CEO/ Founder at FutureCon Events. CyberCrime Ransomware Phishing IOT CyberCriminals Conferences FutureCon Privacy
2/12/2019 – Backdoors in Cybersecurity Tools Gives Privacy Only to Outlaws
The Pretty Good Privacy (PGP) encryption tool became freely available in 1991, drastically improving data security. It also stirred the ire of US government folks who could not surveil on the encrypted data. Dr. Philip Zimmermann, PGP creator, was then made target of a 3-year criminal investigation, while PGP became the most widely used email encryption software in the world. Worldwide attempts to compel tech companies to create weakened encryption has continued to increase in the name of safety. How does weakened security tech degrade the privacy of the population? Do terrorists and crooks use those weakened encryption tools? What are more effective ways of accessing communications of criminals and terrorists? How does weak encryption support surveillance worldwide? How is VoIP privacy impacted? What are some strong encryption tools available to consumers? What can support government adoption of strong encryption? Rebecca discusses these and related issues with Dr. Philip Zimmermann.
1/15/2019 – Data Security and Privacy Ethics in Computing
There have been concerns about the ethical use of technology, data, and the results of processing for many decades. We are now dealing with additional emerging ethical issues involving big data analytics, artificial intelligence and the associated biases, the use of personal data found online that is not protected, and also for data that is generated by and transmitted through smart devices, and so many other situations. Are there generational differences in computing ethics? How do computing ethics impact data security and privacy? What are the security and privacy ethical concerns for big data analytics and artificial intelligence? Lynn Fountain discusses these, and many more related topics, with Rebecca in this episode. Lynn also provides information about her latest book, "Ethics and the Internal Auditor's Political Dilemma: Tools and Techniques to Evaluate a Company's Ethical Culture" published by CRC Press.
9/18/2018 – Cyber Terrorism Defense at Home and While Traveling
There are growing numbers of cyber-attacks being launched by terrorists throughout the world against critical infrastructure networks not only within governments, but also within the healthcare, financial, utilities, and transportation industries, just to name a few. The US Department Homeland Security said during a 2018 9/11 memorial event that, "The cyber threat has eclipsed the threat from physical terrorism." What is cyber terrorism, and how do cyber terrorists choose their victims? What factors lead to cyber terrorists targeting travelers? How can you keep cyber terrorists from your data and systems? How can data security be used during hostage situations? Listen to Tom Conley is President and CEO of The Conley Group, discuss the answers to these questions, and other issues related to domestic and international terrorism and travel security.
8/14/2018 – Fighting International Cybercrime and Cyber Security Threats
Cybercrime throughout the world is increasing. As technologies evolve while legacy systems and applications continue to be used, and long-time physical and operational information threats and vulnerabilities still exist, the pathways to and through information systems and devices increase astronomically. The threats to critical infrastructures (water/electric/gas grids, healthcare systems and medical devices, voting/elections systems, etc) are also increasing more quickly than security controls are being applied to stop them. What are the most significant cyber threats in international online environments? What are worldwide cybercrime activities? How can private industry and law enforcement collaborate? Listen in as Roeland van Zeijst, an internationally renowned cybersecurity expert who has worked in international law enforcement and facilitated the development of INTERPOL's Cyber Fusion Centre in Singapore, discusses these topics.
7/10/2018 – Curious Cases of Catphishing Executives and IT Pros
When people think of online catphishing, most think those targeted are using dating sites, gaming sites and social media sites such as Facebook and Instagram. However, catphishing is increasingly being done on professional sites, such as LinkedIn. There is a growing trend for catphishers to target business executives, IT pros, and middle managers. Why? For many reasons. Corporate espionage. As a form of nation state intelligence gathering, such as in what happened during the 2016 elections when Russian catphishers were reportedly connecting with those in the USA they thought would then spread their propaganda. To get valuable personal data from those catphished. To get access to networks and business assets. And many more motivations. So, what are some of the specifics involved with these catphishing activities targeting business professionals? Hear answers to these questions and also listen to the details of the curious catphishing case of Mia Ash in this episode.
5/8/2018 – Honey Sticks and Honey Points: Not-So-Sweet Cyber Crook Tools
Most think of cybercrooks coming from far-away places through the internet. But what many don't consider is HOW they got a pathway into our computing devices and networks. Often those pathways were established through direct contact with their victims, and their cyber victims often didn't even know it at the time. So how can such an obvious and out-in-the-open type of hack be accomplished? Well, if you find a USB thumb drive in a library, in your hotel room, or at a restaurant on the table you were just seated at, what would you do with it? Research studies show that most people will plug them into their computers. My guest for this episode created the types of studies that Google, and other large tech company researchers, have replicated in recent years for honey sticks and honey pots to replicate cybercrook tactics. Hear the results of these intriguing research studies that look at the methods cybercrooks commonly use to siphon the data from, and control, victim's computing devices.
5/1/2018 – Why Nation States and Cybercrooks Love Wi-Fi
In April it was widely reported, throughout worldwide news outlets, that Russian hackers were working to infiltrate as many wi-fi networks throughout the world as possible; for the general public as well as businesses, organizations and government networks. News outlets in the UK indicated that over 100,000 wi-fi routers were compromised. Worldwide government security researchers warned that millions of wi-fi routers had been compromised by Russian nation-state intelligence officers; those in addition to the already large amount of attempts being made daily by cyber criminals. Why are Russian, and other countries', nation state hackers looking to get into the home wi-fi network of folks throughout the world, as well as every type of business and organization wi-fi network that is vulnerable? And what types of code and data do they want to load onto those networks? What harms can they do? In this episode I discuss these topics with my guest, Tom Eston, who is a wi-fi security expert!
3/23/2018 – Is Hacking Ever Ethical? A Professional Hacker Explains!
What comes to your mind when I say "hacking"? What comes to your mind when I say "hacker"? It's likely very different to each of you. But would you ever consider hacking to be ethical? In this episode we discuss some hacking history, the different types of hackers (white hat, grey hat and black hat), some ways in which hackers exploit vulnerabilities in systems, applications and networks, social engineering, and some simple ways in which many hackers can be blocked from your systems and data. Our guest, Dave Chronister, a professional hacker and business owner, also describes some fascinating hacking experiences of his own, and offers some thought-provoking insights into what would be considered as good versus bad hacking activities. Plus, hear tips for businesses and the general public to keep from being a hacking victim.
2/23/2018 – Identity Fraud and Theft: Don't Be a Victim!
In this episode we discuss a long-time problem, since before the use of smartphones, and even before personal computers existed, but one that is getting progressively worse. Identity theft. With many more ways in which a person's identity can be stolen, there is much more damage that can be done to victims. How does identity theft occur? What are the different types of identity theft? Does reviewing your credit report help that much in identifying when someone may have stolen your identity? What about stolen identities of children? And of the deceased? What are the primary ways to prevent being an identity theft victim? Join us to hear the most knowledgeable identity theft expert, Mari Frank provide answers to these questions, discuss these topics in depth, and more!
2/9/2018 – The Ghosts of Government in Our Machines: The CIA and Surveillance
Hacking from Russia, China and other nation states has been going on for a very long time. And, it will continue to be in the news as more types of tech creates more ways to hack, and as more data is created to give insights into personal lives and activities. It is important to consider the history of nation state hacking, how it has evolved over the years, and what is currently occurring. Christopher will describe his experiences in the CIA, how he's seen hacking methods change since he first started working in this area, current and future threats, and what everyone needs to keep in mind when considering hacking attempts from other countries.
2/2/2018 – Computer Hacking Crimes and Prosecutions
In recent months self-proclaimed "cybersecurity experts" have posted cybercrime history timelines in online outlets but left out some of the most significant cases that impacted all subsequent cybercrime cases and laws; the Morris Worm and the German hackers caught by Clifford Stoll. In this episode you will hear from the trailblazer in the computer crime prosecution space, Mark Rasch, and learn what he has seen over the years with regard to computer crime, hacking, what has changed, and the things that have remained the same. Mark created the Computer Crime Unit at the US Department of Justice, where he led efforts aimed at investigating and prosecuting cyber, high-tech, and white-collar crime. Mark helped the FBI and Treasury Department develop their original procedures on handling electronic evidence to use for computer crime prosecutions and has taught digital crime and evidence classes at the FBI Academy and the Federal Law Enforcement Training Center. Tune in for a fascinating discussion!
3/19/2019 – Childrens Online Cyberbullying, Privacy and Cybersecurity
Too many children go online without realizing the security and privacy risks. Most parents and teachers do not provide enough guidance to children about online security, privacy, and cyberbullying. We all, as a society, need to do a better job at addressing children's online risks. How have online cyberbullying and cybersecurity risks evolved over the years? What are some real-life examples of children being physically hurt as a result of their online activities? What are the weakest links that bring security and privacy risks to children online? Who are schools' underappreciated superheroes helping children reduce online safety and privacy risks? Does Section 230 under the Communications Decency Act hurt or help children's online safety and privacy? How can we get the power of the internet without the perils of the internet? Tune in to hear Rebecca discuss the answers to these questions and more with Parry Aftab, The Kids' Internet Lawyer.
12/18/2018 – More Needs to Be Done to Protect Student and Teacher Privacy
Throughout school history students have heard the threat "That will go on your permanent record!" It didn't mean much since those permanent records were on paper and usually shoved to the back of a filing cabinet after graduation. But in recent years, now not only grades, but basically all that students and teachers do are recorded digitally to follow them for the rest of their lives; for good and for bad. Plus, US Dept. of Education actions are creating student privacy risks, and so are misguided attempts by school districts to improve safety in ways that invade privacy. Third parties, such as testing organizations, also are taking huge amounts of student personal data and monetizing it, further eroding student privacy. Listen in to this important conversation about privacy in schools, for students and teachers, the success so far of the "Educator Toolkit for Teacher and Student Privacy," and much more, with AFT President, Randi Weingarten.
11/6/2018 – New Toolkit to Mitigate Teacher and Student Privacy Risks
Education environments have inherent privacy risks. Schools are in open environments, with students, teachers, parents, guests, sales vendors, and folks from other schools, going through the facilities every day. More new tech is being used by teachers and students, bringing with them data security and privacy risks, creating a perfect storm for privacy breaches to occur. How are teacher and student personal data collected and used? Who has access to this personal data and how are they using it? What legal protections exist and how have they been weakened? How much privacy training do teachers receive? What is the "Educator Toolkit for Teacher and Student Privacy"? FYI You can get it here http://bit.ly/PCSP_EducatorPrivacyToolkit Tune in to hear Marla Kilfoyle, 30-yr public school teacher and former Exec Director of The Badass Teachers Association, and Leonie Haimson, Exec Director of Class Size Matters and co-chair of the Parent Coalition for Student Privacy, answer these questions and more!