Question 1
See if you can find an example of a privacy breach that was reported in the Australian or international news in the last 6 months. What were the consequences?
Target admitted that between November 27th and December 15th 2013 approximately 40 million credit and debit card accounts may have been impacted due to a security breach. On January 10th target said that the hackers stole personal information from as many as 70 million customers. According to Target their first priority is preserving the trust of their clientele. Based on reported data target alerted authorities and financial institutions immediately after it was made aware of the breach. They later admitted that they ignored early signs of a Data Breach, security software picked up suspicious activity after the cyber attack was launched. The loss did not only impact individual customers but it also tarnished the brand, the U.S. chain reported declining sales of 6.6% in the fourth quarter in 2013.On March 16th Target reported that 80 actions have been filled in multiple states and they expect more to be filled. Target's Chief Information Officer Beth Jacob resigned on Wednesday 5th of March, although it is reported that the resignation was Jacob's decision, many feel that she was forced to be the scape coat.
Target is partnering with a forensics firm to conduct an investigation of the breach. It has come to light that the breach started as an attach on one of Target's vendors. According to a fraud analyst Target could be facing losses up to $420 million as a result of the breach, Target will also need to upgrade its retail system to handle the more secure chip-and-pin credit and debit cards. This upgrade carries a cost of $100 million.
Security is a major concern in today's world, in the case above half a billion dollars of damage was caused to the second largest retailer in the U.S. due to a smaller business with an estimated $12.5 million in annual revenue. Target would have been protected against a direct attack and to bypass this obstacle the hackers concentrated on a vendor through phishing attacks that was introduced to the Target network. In this scenario the human element was the greatest risk and I believe this will remain the case, there are several very secure networks in existence and networks will become more secure due to necessity but the human element will remain the weakest link.
Lessons learned from Target breach's malware attack. (n.d.). Retrieved from http://www.tennessean.com/story/money/tech/2014/03/21/lessons-learned-target-breachs-malware-attack/6673499/
Report: Cyber Security has $1.5B impact to San Diego - 10News.com KGTV ABC10 San Diego. (n.d.). Retrieved from http://www.10news.com/news/report-cyber-security-has-15b-impact-to-san-diego-032014
Target Admits It Ignored Early Signs Of Security Breach « CBS Miami. (n.d.). Retrieved from http://miami.cbslocal.com/2014/03/16/target-admits-it-ignored-early-signs-of-security-breach/
Target Confirms Unauthorized Access to Payment Card Data in U.S. Stores | Target Corporate. (n.d.). Retrieved from http://pressroom.target.com/news/target-confirms-unauthorized-access-to-payment-card-data-in-u-s-stores
Target Says It Ignored Early Signs of Data Breach | Top Tech News. (n.d.). Retrieved from http://www.toptechnews.com/news/Target-Admits-to-Early-Mistakes/story.xhtml?story_id=11100CG36UN0
Target CIO resigns in wake of massive data breach. (n.d.). Retrieved from http://www.cnbc.com/id/101449488
Question 2
What AmI technologies are identified in the case?
Technologies identified:
Iris Scanner (Biometrics)
Video
Profiling Technologies
Location Implants
Sensor Networks
Surveillance Systems
4G Mobiles
High Capacity Optical Storage Devices
What drives DMC’s officers to take the actions they took?
In my opinion the main drivers of DMC's actions are money and secrecy. No one was aware of the data being collected on them so from their point of view they stood little chance of being found out. If they admitted the breach they would not only be advertizing that they have been gathering data but government agencies would not be so willing to approach them. The amount of money they would get from government agencies would be large, just consider the severance package paid to the DMC president.
If the Governments mentioned where aware of the security breach they themselves would have agreed not to make the security breach public, it would cause unrest amongst their citizens if they became aware of the government gathering information on them.
DMC is the clear market leader in the aggregation of AmI data. Are there any comparisons you can make to technology companies today?
There are multiple companies that gather data in today's world from social networking sites like Facebook and Google Plus to Online Survey Companies. Now admittedly these are not seen as technology companies although Google is a definite contender. Facebook has introduced several online technologies as well as having made social networking very popular. Recently they bought a mobile phone application, WhatsApp, and many have raised their concern about this application posing further opportunities for Facebook to gather personal data. Data Mining is a very lucrative field and I believe this will just grow.
How realistic is the description of governments using the technology and prohibiting immigration from states with no AmI data aggregation information?
Very realistic, it is already difficult for people from certain countries to obtain visas to visit other countries. For example Pakistani's have difficulty obtaining visas to both America and Australia based on their history with terrorism. Although I disagree that a whole country should be punished because of the actions of few, I do understand why they have put this measure in place and I support their underlining reasoning. If they can find a way to narrow the span of this discrimination why not use it? But it would not be wise to rely on this data alone, they should not stop someone from entering a country based on an assumption that someone MIGHT do something.
What would be the impact of this digital divide?
I am not sure what the impact would be, I think there will be 2 major groups. One that screams discrimination and the other would scream "It's about time". This question poses a real dilemma to me, I am against discrimination, any type, I am a firm believer that people can change. Look at Australia, this is a country came to be what it is today in part because of convicts being sent here. I come from a country riddled with racism thanks to Australia I have lost all my inhibitions related to race.
BUT I firmly believe that a country has a duty to protect its people first.
List some of the ‘unintended consequences’ described in the case.
1. It was unintended that the breach became public knowledge.2. Government agencies would not have wanted it be known that they have been purchasing information.
3. I believe public trust would be impacted.
No comments:
Post a Comment