On Wednesday, November 5th, 2014, OCL visited Yahoo! San Francisco for the tech in motion meetup that was focused on Privacy Tech Talk with a panel of people who work for or focus on privacy and security.
Moderator Perri Blake: BP
The panel consisted of:
Dos Dosanjh, Head of Solutions at CipherCloud: DD
Zouhair Belkoura, founder and CEO of KeepSafe: ZB
John Roberts, Platform Lead at CloudFlare: JR
BP: When things like FourSquare came about things like sharing location was new, what are your thoughts on that?
BK: When you are sharing this stuff for a service or app it creates a different experience versus you just sharing it for the hell of it. There is some sort of utility you get out of it and thats you relaying information to your friends
ZB: Most people don’t really care about big brother and that services like Gmail scan your email and show you personal ads. You are getting targeted results which are supposed to help and for the most part you don’t nice or it helps.
DD: It’s a challenge these days. There are a lot of things that are personalized towards you but you have to opt in and people can be scared of what they don’t know.
PB: Where does the burden lie with protecting data and privacy?
JR: It’s on both the consumer and company. It’s a trust system. The consumer believes the company is going to follow best practice. Users trust the email provider and there is a basic understanding that the company is scanning for their purposes but no other companies are going to have access to that information.
ZB: When it comes to the Apple iCloud account is that the fault of the user for having nude photos on their phone, not it’s not. They assume that their stuff is private and secure. It’s like saying you can’t do what you want in your house because someone might be watching or have access to what is going on.
PB: Lets talk about best practices for a minute…what can you do to be ahead of the game instead of getting into an “Oh shit” moment?
BK: No matter what the size of the company, everyone has to buy into the security, even though there is a dedicated team working on this. You rely on those dedicated teams and the entire company should also always being mindful of the data that are collecting.
Provide transparency, notice, an agreement, choice (opt out), security and integrity of the data.
You need to have the long game in mind. if you want to temporarily abuse the data, you’ll lose the trust and maybe not get it back. The long game is where it is at.
It takes time to build up trust especially after a breach. Security and privacy is not a feature but should just be standard.
ZB: The biggest threat to your users is building an MVP. A best practice is how to handle their data and think about it and read some blog posts and follow what others are doing. As long as you kind of follow what other good companies are doing, you’ll be okay.
PB: Give us a positive story of how your work has positively impacted your customers?
JR: We have doubled the size of our encrypted web, it benefits them by SSL becomes a norm. Then your traffic looks less sketchy and just become the norm.
ZB: Quite simply, our app lets people be more in control of their data, photos, etc.