Thursday, January 30, 2014

Privacy and Security

Security is a big focus in personal, server, and embedded computing.  Computer security or cybersecurity broadly refers to all sorts of information security.  We often focus on malicious attacks but good computer security offers protection against natural events as well.

Privacy is a related but distinct issue.  Computer privacy refers to what others can find out about us.  This of course includes what we tell the world and what information about us the bad guys can steal from our computers.  But privacy also includes what can be inferred from our data.  In a lot of cases, our agreement to release one kind of data allows others to infer more about us.

A good cyber-physical example of the nature of privacy is offered by your electric meter.  Your electric utility reads your meter periodically to bill you for the electricity you use.  But those meter readings tell more about what you do.  With even sparse electricity readings, such as the typical monthly reading, an observer can estimate the number of people living in your house.  I have heard rumors that some authoritarian regimes use just this technique to find people hiding in homes.  With more frequent readings, an observer could tell when you are likely to be away from the house.  This is the cyber-physical equivalent of the old thieves' trick of driving by to find houses with no lights, then targeting those houses for burglaries.

As we install more cyber-physical systems and IoT devices, we will create new privacy problems for ourselves.  Some of these are variations on old-world privacy issues; other problems are relatively novel.  Hopefully, we can roll out these systems so that we don't create long-lasting privacy holes that society can't easily plug.

No comments:

Post a Comment