CyberWire Daily - Best of: Abby Smith Rumsey
Episode Date: December 27, 2016Our podcast team is taking a break this week for the holidays. We’re revisiting some of our favorite interviews from 2016. Back in May, we spoke with author and historian Abby Smith Rumsey about... her latest book, “When We Are No More: How digital memory shapes our future.” The book explores human memory from pre-history to the present, from pictures painted on cave walls to the present, with all the world’s knowledge available in an instant on our mobile devices. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. stay home with her young son. But her maternal instincts take a wild and surreal turn as she
discovers the best yet fiercest part of herself. Based on the acclaimed novel, Night Bitch is a
thought-provoking and wickedly humorous film from Searchlight Pictures. Stream Night Bitch January
24 only on Disney+.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k
at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
I'm Dave Bittner in Baltimore.
Our podcast team is taking a break this week for the holidays,
but don't fret, we'll be back next week with all new episodes of our show.
In the meantime, this week we're revisiting some of our favorite interviews from 2016.
Stay with us.
Do you know the status of your compliance controls right now?
Like, right now? Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist. Vanta
brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
Thank you. by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications,
securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today
to see how a default deny approach
can keep your company safe and compliant.
can keep your company safe and compliant.
Back in May, we spoke with author and historian Abby Smith-Rumsey about her latest book, When We Are No More,
How Digital Memory Shapes Our Future.
The book explores human memory from prehistory to the present,
from pictures painted on cave walls to now,
with all the world's
knowledge available in an instant on our mobile devices. Abby Smith-Rumsey spoke to me from her
home in San Francisco. Well, I'm a historian, and I'm writing about why it is that at times like
this, when we're sort of creating more and more information, it's harder for us to keep that
information, to create a really robust historical record,
both for present and future generations.
I talk about some of the technical issues about why digital information is harder to
maintain, to capture robust samples of and to maintain for long periods of time.
But I also talk about the risk that that poses if we don't solve the problem.
And it's not just a risk to present generations, but also to future generations to lose the past.
And I talk about the value of the past.
I think for many people in the technology sector, it's a given that today's information is important.
is important. But I think that there's also sometimes an unexamined assumption that because we have a lot of information now, that most of the information that we create supersedes
information from the past, that in fact the past becomes less relevant the faster we move into this
future that we talk about. What are some of the historical examples of things that were,
you know, it turned out to, I know you mentioned a few in the book,
things that turned out to have great value long after, you know,
they'd been sitting on a shelf for a long time?
You know, one of my favorite examples is of the maritime logbooks
that mariners used to keep.
I imagine they still do.
But the British Naval Museum, in fact, has a vast collection of mariners' logbooks from its years on the high seas
as the empire that ruled the waves.
And the museum, each one is a logbook written by hand on board ship
that has in detail and in very particular hand,
and not everybody can read this hand without training,
handwriting, I mean, without training.
It records everything that happens in the course of a day on a ship,
and it reads actually like a very boring almanac
about the birds that are seen and the temperatures
and the size of the waves and so on and so forth.
And this information, if you read page by page,
really doesn't accumulate into something significant.
if you read page by page, really doesn't accumulate into something significant.
But the museum or the archive has scanned these logbooks with a very interesting technology that allows a machine to read individual handwriting.
So they've been able to scan this material, and they've created a database.
And now scientists are studying oceans and atmospheres and changes in weather and flora
and fauna and things like that that are so important to climate science. They're now looking
at these centuries of data about ocean conditions. And, you know, it's amazing the kind of information
they can get out of it, historical information. So these old logbooks are kind of like this goldmine of information
for the study of climate change.
And incidentally, nobody in the 18th or 19th century
thought that logbooks would be valuable to study climate change
because nobody at that time imagined that human beings were changing the climate of the globe.
So that's an example of the kinds of information that lurks there
that could solve problems that people are not even aware will be developing over time.
What about encryption?
I mean, I think about, you know, people in the past,
someone had something that they wanted to protect or keep out of prying eyes.
You know, they could lock it in a safe or, you know, lock a filing cabinet or something like that.
And so, you know, that would keep people out but if someone if that person passed away or that company you know was no longer in existence you know over time someone could figure out a way to
unlock that safe or pry open that filing cabinet but i'm not sure that's the case with encryption. Where are we as a result of putting such technologically advanced locks on so much of our data?
What's the ramifications of that?
Well, I can tell you that you don't even need to encrypt data to make it inaccessible over time.
make it inaccessible over time. I mean, I wrote several what are now, to me, very important documents on obsolete hardware and software in the 1980s. It's totally irretrievable. I mean,
even a digital archaeologist wouldn't be able to resurrect my Zyright files, probably.
But that aside, I don't know any more than anybody else what the effect of all this encryption will be over the long term.
I do know that in the short term, it has the immediate effect of privileging,
creating, you know, some different categories of information and access to information
without truly understanding the import of that information.
And I'm not talking about national security information.
Sometimes it's just commercial information.
Sometimes it's simple things as weather data.
Do you know it was very hard for the U.S. government
to get information about Hurricane Katrina in real time
because they were using commercial satellites,
and the commercial companies were not making that stuff available to the government
because actually they were commercial assets.
The government had to go in and go to court to get information to this,
get this kind of information.
So I think we need to think very carefully about both the categories of encryption that we allow
and then how do we back out of that.
And I know that sounds much simpler than it really is.
back out of that. And I know that sounds much simpler than it really is. And I think the case of trying to get into the iPhone of the people in San Bernardino who perpetrated that terrorist
act is a good example of just how complicated these policies can be. What about, you know,
I think about Thomas Jefferson famously, you know, burning the letters between him and his wife.
What about the right to privacy and the right to be forgotten?
Well, I do think that everyone has a right to control information about themselves,
which they consider private, and control it from circulating freely.
I think that was true before the internet,
and I think it's true now. What is difficult is that what constitutes a private person
has really changed. And I think that that's still something that is a work in progress.
At least in the U.S., we have fairly good definitions of what constitutes a public
person and a private person,
and which parts of a person's life are public and private,
and that's how lawsuits about libel and that kind of thing are adjudicated.
But now that everything that circulates on the web is, in some strange technical sense, published,
and people actually put things on Instagram or YouTube in order to expose things
about themselves publicly, even if they don't know what that means. It creates a lot of difficult
issues. I think we need to revisit the issues of what constitutes privacy and a private versus
public act. There are ways that savvy digital natives, or I should say people who are digitally literate,
understand how to control the scope of people who can view the things that they send on the Internet or through e-mail.
And I think one of the most important things in education now is to educate digital natives
about what can and cannot circulate freely,
what should and should not circulate freely,
and to teach each individual with any smartphone
that they need to start becoming aware of their digital self versus their private self.
But that's easy to say and hard to do in a generation which is, in a way,
kind of inventing things as they go along.
The right to privacy is, I think at this point at least, best understood in the old-fashioned
sense. A public person, a public personality shouldn't have the right to actually get rid
of websites that they have posted if they've changed their opinion about
how things are now. And this certainly happened when I was working on Capitol Hill at the Library
of Congress. People would tell me about members of Congress who would ask the Library of Congress
or Thomas, their website, to take down their old websites if they had changed their views about a
certain thing. And you can't do that with a public record. And representatives are
public figures. But I think the question of the right to be forgotten, in some cases,
in most cases, I think we should err on the side of caution and let people take things down until
we have a better sense of the ramifications of all that information online. So speaking of the people in our audience, it's their jobs to protect data, you know,
from being lost, from bad guys. You know, what do you think their role is in all of this?
Well, I think their role is incredibly valuable. Just having taken on this very complicated
technical task of trying to secure data into the future when we know
that the world in which they are operating technically, hardware, software, et cetera,
is always changing. And furthermore, that as I at least imagine it, that the policies that they
need to adhere to over time, and they need to be very strict about these policies because the
stakes are so high that, in fact,
those policies themselves are changing, and that policies that may have been operative 10 years ago
turn out not to be the best. And so they change that. And I think it takes a certain amount of
what you might call intestinal fortitude to be able to withstand having to meet really exacting standards at the same time
that you know that things are shifting. But I also, I've often thought about how even though
I think about this issue a lot as a historian and just as a human being, that the actual technical
work of what they do, what they do when they go to work every day and how they spend their time,
technical work of what they do. What they do when they go to work every day and how they spend their time is quite opaque to me. I don't understand what they do and I don't, in other words, I don't
truly value what they do. And yet I know that somehow there has to be a certain lack of
transparency if they're dealing with security. All I can say is that I hope that they, in their
capacity as private citizens, not in their work capacity, actually join the chorus of citizens
who are demanding that our politicians pay a lot more attention to settling some of these issues
around digital security, about
protecting national security and privacy at the same time.
This is a dynamic kind of balance that needs to be in place.
But it needs to be negotiated and renegotiated constantly.
And somehow in this political cycle, we seem to be talking about everything but these important
issues.
seem to be talking about everything but these important issues.
I do know, I've heard from many people in the scientific and social science world,
that many of the things that they would most like to work on, that would have the biggest benefit for mankind in the short term as well as the long term,
are hampered because there are no effective policy, data policy and access policies,
to some of these things,
medical data, for example.
So it's really difficult that we operate, and cybersecurity people in particular,
operate in a world in which these policies are not dealt with forthrightly.
That's author and historian Abby Smith-Rumsey.
Her book is When We Are No More, How Digital Memory Shapes Our Future. and their families at home. Black Cloak's award-winning digital executive protection platform
secures their personal devices,
home networks, and connected lives.
Because when executives are compromised at home,
your company is at risk.
In fact, over one-third of new members
discover they've already been breached.
Protect your executives and their families
24-7, 365 365 with Black Cloak.
Learn more at blackcloak.io.
And that's The Cyber Wire.
We are proudly produced in Maryland by our talented team of editors and producers.
I'm Dave Bittner. Thanks for listening.
Your business needs AI solutions that are not only ambitious,
but also practical and adaptable.
That's where Domo's AI
and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com. That's ai.domo.com.