A place to exchange ideas and perspectives, promoting a thriving innovation economy through public policy
638 Discussions

It Takes Data To Protect Data

0 0 336
By: David A. Hoffman, Associate General Counsel and Global Privacy Officer



I recently had the pleasure of participating in a discussion of using data to promote cybersecurity. Hosted by Lawfare, Intel Security, the Center for Democracy and Technology (CDT), and the Hoover Institution, the event began with keynote remarks by Intel Security’s Vice President and General Manager Chris Young on the current cybersecurity landscape and how Intel Security uses data to deliver cybersecurity products and services. At the event, I elaborated on these themes as part of a panel of security and privacy experts including Greg Nojeim of CDT, Daniel Weitzner of MIT's Computer Science and Artificial Intelligence Laboratory, Laura Donohue of Georgetown Law, and Susan Hennessey of Brookings and Lawfare.

The main point of my remarks was to reject the proposition that we must inherently decrease privacy, if we want to increase security.   Instead, privacy and security can be mutually reinforcing values. This is especially true in the area of cybersecurity, where it takes data to protect data.  Protecting devices, networks and personal data from attackers requires analysis of the information flowing over and through those technologies. Cloud-based threat intelligence provides greater protection against known threats when it draws on the collective knowledge and experiences of many organizations. Predictive analytics then provides organizations the ability to better detect, “connect the dots,” and respond to attacks in progress.

Intel has a long record of encouraging the ethical and innovative use of data to accomplish important social goals, such as education, healthcare, urban planning and national security. A foundational element of this work has been to determine ways to promote privacy while pursuing data innovation. We call this effort “Rethink Privacy” and ground our recommendations in the Fair Information Practice Principles (FIPPs), which have served, and will continue to serve, as the basis for law, regulation and industry best practices globally. Organizations processing data need to implement the FIPPs in new ways to adjust to an environment of the Internet of Things, cloud computing, and advanced data analytics.  Our work demonstrates that with the right implementation the FIPPs can promote both privacy and security.

Lawfare is publishing essays from each of the panelists in the discussion.   My essay focuses on how to implement each of the FIPPs in the cybersecurity context.   I encourage you to read the essays and provide feedback to contribute to the discussion.