A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Strange interactions in personal data: Brokers and the CFAA - Christine Dudley (BSides Las Vegas 2013) (Hacking Illustrated Series InfoSec Tutorial Videos)

Strange interactions in personal data: Brokers and the CFAA - Christine Dudley

There is one very important fact, most people overlook when considering privacy and user data: Data cannot be owned.
Personal data cannot be owned. This small fact has astounding implications when considering privacy.
Consider the intersection of two distinct, troublesome areas: data broker operations and the computer fraud and abuse act.

When considering threats to the integrity of your network, advertisers are not the first thing that comes to mind. Yet the market for user data is so rich right now that it is ripe for exploitation. The brokers can buy and sell any data they wish, with no concern for the origin or means of acquiring data. They are not required to and unwilling to reveal their sources. Some provisions in the Computer Fraud and Abuse Act open up the opportunity to acquire data surreptitiously by discouraging the public from discovering what may be happening to their data. Quiet, quasi-criminal operations could exist that syphon data that is illegitimately collected and sell to legitimate brokers.

The result of this alignment of circumstances is that there is an entirely unexplored class of attackers that may operate beneath the radar, yet out in the open. The data market is not something that has the potential for regulation, so it is incumbent on organizations to be aware of the threat and take appropriate measures to contain it.

BIO: Christie started her career with a BSEE with an emphasis in digital communications from the University of Kansas. A 15 year enterprise network engineer career, largely in finance and manufacturing followed. Starting with a study in anthropology she decided to change fields, eventually pursuing an old interest in communications security and privacy and a brief internship in hardware security. Seeking to combine her interests in technology and society she began pursuing the field from a new perspective, enrolling as JD candidate at Santa Clara Law. She now consults on privacy issues related to communications technology while completing her law degree. She has also cofounded Fork the Law, an effort to bridge the gap between technologists and legislation.

Back to BSides Las Vegas 2013 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast