Congratulations to Apple for featuring a fingerprint reader as part of its new iPhone. It was reported by The Wall Street Journal here, in the blog of Bruce Schneier here, by Time Tech here, and in dozens of other places. Very much expectedly, this revelation spurred anxiety among the conspiracy theorists out there. The two common concerns that were raised are:
(There is another line of concern, related to the fifth amendment and how its protection may be foiled by authenticating using biometrics alone, but this is a legal concern which is off topic.)
While a bit of paranoid thinking is always helpful, security engineering requires more than crying out each time a mega-corporate launches a new technology that involves private data. Assets and threats need to be determined, and then we can decide whether or not the risk is worth the benefits.
There is an ongoing debate on the need for new regulations that protect individuals' personal data. Regulation is said to be required to protect the personal data of citizens, consumers, patients, etc., both against corporate service providers as well as against governments.
There is a growing concern about the implications of the data collection habits of social network operators, such as Facebook, as well as other service providers. Even those individuals who claim to not see any tangible risk behind the massive collection of data on themselves by service providers, still feel unease with the amount of data available on them, and on which they have no control.
On the state side, knowing that your government may monitor every single email and phone call reminds of George Orwell's book "nineteen eighty-four". It is largely agreed that this practice, if not outright eliminated, shall at least be better controlled.
This essay discusses the two possible domains for such better control: technology and regulation, arguing that the former is tremendously more effective than the latter.
The concept of "Cyber Security" is surely the attention grabber of the year. All security products and services enjoy a boost in their perception of importance, and sales, by merely prepending the word "cyber" to their description. But how is cyber security different than just security?
It differs, but it is not an entirely different domain, at least not from the technology perspective.
Security protects against malicious attacks. Attacks involve an attacker, an attack target, and the attack method, which exploits one or more vulnerabilities in the target. When speaking of cyber attacks, it is common to refer to a nation state attacking another, or to an organization attacking a state. Referring to unorganized individual hackers as executing "cyber attacks", while being a common trend, is a blunt misuse of the "cyber" term in its common meaning. And still, cyber security is not as dramatically different than traditional security.
I finally got to read Bruce Schneier's new book: "Liars and Outliers". The book is pleasant to read, but truth be told, I was slightly, just slightly, disappointed.
The book is written in Bruce's style, which I like and appreciate. Like all of his books and essays, it is crystal clear, and is extremely well-written. It is written in a way that makes it comprehensible by absolutely everyone. Not too many people with Bruce's knowledge can write in such clear style.
What I less liked about this book is its overall triviality. Bruce Schneier is excellent in using trivial down-to-earth facts and notions to get his point across. This is one of the best features of his texts. However, in "Liars and Outliers" I feel it went a bit too far. The book does not take you from the trivial to the "Wow!" but mostly repeats the discussion of trivial phenomenons that bring to trivial conclusions. The discussions are interesting, and the points made are valid and worthy, but I cannot avoid suspecting that the book could be cut down to half of its length without losing much of its substance.
I recently got a US patent application granted by the Patent and Trademark Office. The patent bears the title "Device, System, and Method of Securely Executing Applications".
I will be participating in a panel titled "Cyber Security of Vehicle Connectivity", as part of the SAE ATA Conference: The Convergence of Systems Towards Sustainable Mobility, on November 7th-8th, 2012, in Turin, Italy. Details on the conference can be found here.
I recently got a US patent application granted by the Patent and Trademark Office. The patent bears the title "Device, System, and Method of Digital Rights Management Utilizing Supplemental Content".