March 11th, 2022 meeting

DATE:March 11th, 2022
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC:Consumer Privacy is too Complicated for Consumers
PRESENTER: Kevin Murphy (CISM, CGEIT, CISSP)
RECORDING: 

ABSTRACT

The average consumer really has no idea what personal information they are sharing online and how companies (and governments) track their online behaviour. How did we get here? Come join us as we review what consumers can do to “sort of” protect their personal information online.

BIOGRAPHY

Kevin was the vice president of cybersecurity operations and governance at IOActive.com. He is a retired U.S. Air Force intelligence officer and the former director of Windows security architecture at Microsoft. He has over 25 years of experience in threat intelligence and information security and holds the CISM, CISSP and CGEIT security certifications.

December 11th, 2020 meeting

DATE:December 11th, 2020
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
Please obtain passcode to enter meeting from email confirmation

RSVP Required – register at Zoom
TOPIC(S):Differential Privacy
PRESENTER(S):  Robert Slade (M. Sc.)

ABSTRACT

Differential privacy is a relatively recent topic, although it is an amalgam of well-known, and long utilized, concepts. Oddly, outside of academic circles, it was almost unknown until Apple made a big deal of it in an announcement in 2016. Differential privacy is, however, the “quantitative risk analysis” of privacy, which is why it has such important points to make to the field of privacy, and why almost nobody is using it. (Including, mostly, Apple.)

OK, CISSP question time:

Which privacy law does differential privacy support?

a. British law
b. Chinese law
c. EU law
d. US law

You want a clue?  OK, some initial discussion, then:

a. British privacy law is still primarily based on the original privacy directives, and
is mostly concerned with what data you can collect, and for how long, and how
accurate you have to be.
b. Yeah, I needed a good laugh, too.  But China *does* have a privacy law, and it
pretends to be compatible with the original privacy directives.
c. Well, GDPR is *mostly* just the original privacy directives, but the new
accountability directive *might* have to do with how well you protect what you
*have* collected …
d. OK, I often say the the US doesn’t have any privacy laws, but they do.  Those
are primarily concerned with how much you can sue when people disclose your
data.

For the final answer, attend the December 11th meeting on the topic of
differential privacy.

BIOGRAPHY

Robert Slade has been stuck inside for six months with nothing to do but study
the latest security and privacy buzzwords.  More information than anyone would
want to know about him is available at http://en.wikipedia.org/wiki/Robert_Slade
(and he doesn’t particularly care if you know that).