Privacy and Security in the Era of Big Data

Technology, privacy and legal experts came together Friday (Sept. 15) at Lehigh to discuss the thorny issues of privacy and security in an era of big data—how consumers are unwittingly trading bits of privacy for convenience and coupons, how expanded access to customer data creates new dilemmas for businesses, and how a computer virus can cause more damage than an F-16 fighter aircraft.

Hosted annually by the College of Business and Economics, this year’s daylong Impact Symposium featured keynotes by Tom Gillis ’15P ’17P ’19P, co-founder and CEO of Bracket Computing Inc.,  and P.W. Singer, strategist and senior fellow at the New America Foundation. Two panel discussions also focused on data privacy and data security issues.

“Cybersecurity is framed too often as something that’s really complex,” said Singer, who is also a Popular Science contributing editor and founder of the technology advisory firm NeoLuddite. “But I think it’s relatively simple: What can you do with information?”

With technology revolutionizing society, Singer said, new science-fiction-like questions are being raised over what’s ethical, legal and possible. 

Change has been swift. After the 9/11 terrorist attacks, he said for instance, the U.S. force in Afghanistan had a handful of unmanned aerial systems. Now, just 16 years later, the U.S. military has more than 10,000 drones, many of which are armed, and 12,000 robotic ground systems. A military strike can be made from thousands of miles away from the intended target. 

And the United States is not the only player, he said; some 86 different militaries in the world have robotics today. Drones also are being used in farming, policing and disaster relief efforts.

While debates swirl around the loss of manufacturing jobs to countries overseas, Singer said, it’s technology that accounts for much of the job losses, not only blue collar but professional jobs as well. Nearly half of 702 different professions are at risk for replacement or reduction, he said.

In other key changes, Singer said the internet is becoming more mobile, which is dramatically affecting industries such as banking, and it is becoming “things” in people’s lives. In the next few years, billions of devices will come online, he said. “They’re going to be smart cars, smart thermostats, you name it.” To best illustrate his point, he pointed to smart refrigerators that would monitor when a family’s milk supply is low and communicate that to a vendor for delivery, possibly by drone.

Singer also identified several core shifts as more and more data becomes available: Cameras, phones and the like carry sensors that have the ability to collect information about the world beyond the computer, such as people’s locations; data is being pushed into the “cloud” rather than just being stored on devices; data is allowing for new insights, creating new dilemmas and raising interesting questions of ownership and intellectual property. There are new possibilities, he said, and new vulnerabilities.

“We need growing awareness of not just these trends but these threats,” Singer said. “That’s the only way we’re going to manage them.”

Singer said there’s been an evolution too in “threat actors”—from teenagers in search of attention who operated from their parents’ basements to highly organized groups that range from nations to criminal entities.

A New Approach to Cyber Security

The symposium opened with welcomes from Georgette Chapman Phillips, the Kevin L. and Lisa A. Clayton Dean of the College of Business and Economics, and Provost Patrick V. Farrell, who pointed out the timeliness of the symposium in the wake of data breaches at HBO and Equifax.

In his keynote on “A New Approach to Cyber Security,” Gillis explained that the first domain of warfare was land, then sea, then air, then space—and now cyber. He referenced an American-Israeli cyberweapon reportedly responsible for blowing up Iran’s computer-controlled centrifuges and setting back a nuclear threat.

“You were able to achieve with software something that was more effective than what you were able to achieve with an F-16 and putting human beings in harm’s way,” he said. “So cyber has evolved to a point where it is a major, major initiative. Governments are behind a lot of war technology that is driving cyber, but it has a tendency to get out in the community and be used for many different uses. This actually is one of the challenges.”

Gillis pointed out that computer viruses were more of a nuisance, created by people who were experimenting, when they first surfaced in the 1990s. Now, he said, criminals recognize viruses as a powerful mechanism for fraud. Even more menacing, he said, is the impact of hacks on nations, whether their elections, power systems or air defense systems.

He also pointed to the recent high-profile cyberattacks against HBO, in which an anonymous hacker threatened to leak episodes of “Game of Thrones,” and Equifax, which potentially compromised people’s sensitive information, such as their Social Security numbers.

“These attackers have achieved persistence,” said Gillis, explaining that they could have gone unnoticed in the companies’ systems for months to a year. “They achieve persistence by burrowing down into the guts of the operating system itself.”

Gillis said new technologies are emerging to isolate servers and slow down and stop the spread of attacks once they’ve gotten into networks. One of the more interesting ways to do to that, he said, is by utilizing a technology called hypervisor, which is a virtual machine monitor that abstracts, or isolates, operating systems from the computer hardware. He likened it to homeowners putting valuables into safes to protect those valuables from burglars who have gotten past door locks and window locks.

“The impact of cyberattacks keeps growing,” said Gillis. “It’s more than a financial impact. It’s literally changing the fate of the nation. And will continue to do so.” 

Rounding out the symposium were two panel discussions. Nevena T. Koukova, associate professor of marketing, moderated a morning panel discussion on data privacy. Panelists included Matthew Schaner ’08, product sales specialist, Cisco Meraki; David Tribbett, chief technology officer, Coordinated Health; Rebecca Wang, assistant professor of marketing; and Ting Wang, assistant professor of computer science and engineering.

Catherine M. Ridings, associate professor of management, hosted an afternoon panel on data security. Panelists included Daniel P. Lopresti, director of Data X, professor and chair, Department of Computer Science and Engineering; Marie Meliksetian, CEO, Reliance Solution Services; Neal Snow, assistant professor accounting; Heidi L. Wachs, special counsel, Jenner & Block; and Keith Hartranft, chief information security officer at Lehigh.

Photos by Christa Neu