It used to be that only an absolute monarch like Louis XIV of France would have the temerity to say, “The state, it is I.” Now everybody is in on the act. It seems that we all want to treat the world as our own personal kingdom where we get to make all the laws, all the rules, determining for ourselves what is right. Cyber-managed data is a prominent issue here. Edward Snowden and Bradley Manning made Louis XIV-like decisions when they unilaterally decided to reveal secrets they were privy to, but for which they had no right of disclosure. Until, of course, they decided they did. Obviously, it is not just individuals who make such decisions. According to a July 9, 2015 editorial in the Wall Street Journal, “The Consumer Financial Protection Bureau plans to monitor 95% of all credit-card transactions by 2016,” arguing a legislative mandate to do so. Currently, the CFPB “through its 12 data mining programs, collects and monitors information for nearly 600 million personal credit-card accounts on a monthly basis.” That should give you pause. Then there’s the massive Office of Personnel Management data breach; who decided that data should be “theirs”? (Ambiguous antecedent intentional.) Pick up a paper and on almost every day a new instance appears of individuals or institutions unilaterally deciding, “I am the state.”
Of course in a world where, “L’Etat c’est moi,” one begins to wonder about one’s privacy. We all know how we feel about this: my information should be private. Your stuff? Not so much.
What does all of this have to do with ISR? Quite a bit, actually. Arguably we have contributed to the problem through our varied contributions to the development of the Web. More recently ISR has started to make some contributions to privacy through a recent project focused on Electronic Health Records (EHRs). EHRs pose an interesting challenge: how can I (“L’Etat”) see to it that only those people whom I desire have access to my health records, and no one else. I want to make those decisions. Of course, no matter how much in our hearts we want to be monarch of the universe, we are not. And when it comes to health records many other organizations have a perspective on their use and management (they believe they are the State—how impertinent!) So the technical issue becomes one of enabling each entity in the health care system to properly manage its own data, maintain its privacy, and somehow cooperate with other entities such that, in the end, everyone’s would-be kingdom is respected.
This EHR work has been based on the COAST technology that is highlighted elsewhere in this issue, but there the focus is another privacy-intense industry: the financial world. While the work highlighted in this ISR Connector is preliminary, the importance of diverse efforts to self-protect one’s personal information is evident. The repeated failures of government agencies to protect even Federal workers from inadvertent disclosures of personal information shows, among other things, the limitations of “security perimeters.” Historic solutions have not sufficed, and are not likely to. Can technology help us take back some of the power that has been arrogated by institutions, so that sharing data does not have to be absolute, and so that we can have some control over the information? Security and privacy do not admit simplistic answers.
On a happy note, and one very much connected to this theme of security and privacy, I am very pleased to announce the arrival of a new member of ISR: Professor Sam Malek. In a future issue we will feature Sam and his work with security and privacy, but suffice it to say that we are very excited to have Sam join our faculty and contribute to this critical technical (and societal) need.