A cadre of cybersecurity lawyers recently gathered at IBM Security with faculty and staff from Harvard Business School, the MIT Sloan School of Management, the Massachusetts Attorney General’s Office, and experts from private companies to explore innovations in this important area. BC Law Professors David Olson and Sayoko Blodgett-Ford coordinated the January event on behalf of BC Law’s Program on Innovation and Entrepreneurship (PIE).
These days, you’re probably familiar with something like this. You check your phone for email, but instead of seeing that, your phone is prompting you to update your OS.
Not this again. Now you have to tap through the permissions (as much as they can be called that), tell Apple that you’ve read the “Terms and Conditions,” tell Google you don’t mind if it uses your location from time to time, and tell whoever else is preventing you from checking your email whatever they want to hear because, until you do, you can’t use your phone.
What you may not appreciate is that every time you click through the legalese, you may be giving broad permission for companies to access and share your information and collect targeted data about you: where you are, what apps you use, what sites you like to visit. This might not be news to you. And legally, it’s fine: You said they could do it. But what if that information is hacked? Do you actually trust these companies? Do you know how they use your information? Do you know their methods of gathering it? Do you know how it’s stored? More important, do you think they’ve thought through what happens when they get hacked? Did Equifax?
The truth is most of us don’t know or remember what we’ve told tech companies they can do. And most of us don’t have more than the vague idea that someone, somewhere might be after our Social Security number. As data becomes more and more an aspect of our daily lives, and as boardroom conversations center on what to do with data, we need to ask, are people outside of Mark Zuckerberg and his colleagues on top of this? This was the point of PIE’s morning summit at IBM Security.
After a tour of IBM Security’s Cyber Range, a mission control-style environment where participants are dropped into a live, simulated international hacking scenario and forced to respond, event attendees gathered to hear presentations from current experts and practitioners on what’s going on in the world of cybersecurity. Heather Sussman, a partner at Ropes & Gray and co-head of the firm’s Privacy and Cybersecurity Practice Group, gave an overview on the implementation and requirements of new, international data security laws such as the European Union’s General Data Protection Regulation and China’s Cybersecurity Law.
Sara Cable, a Massachusetts assistant attorney general and director of data and Security within the AG’s Consumer Protection Division, then discussed data privacy and security at the state level. Notably, Massachusetts leads the nation in data security requirements, and has served as a model to other states drafting their own locally based protections. Cable went on to discuss how the Commonwealth has ensured that companies collecting data do so in a way that is fair and unbiased.
One investigation highlighted that minority communities within the Commonwealth were being unintentionally overlooked when receiving notifications on shipping discounts for goods they purchased online due to flaws in the inputs the relevant algorithm considered. The Attorney General’s Office worked with the company to correct this problem, rather than simply filing suit and levying fines, she said.
Other presentations included talks on innovations at Harvard’s Berkman Klein Center for Internet & Society on the ways in which data is collected and identities are kept safe. Cybersecurity vendors discussed their business and how they look to help their customers.
Kevin Powers, the director of Boston College’s Master of Science in Cybersecurity Policy and Governance program, gave an overview of BC’s strategic partnership with the FBI, an upcoming Boston conference on cybersecurity, and the college’s extensive work to educate students to become top cybersecurity professionals. The morning concluded with thought exercises lead by Peter Lefkowitz, chief digital risk officer at Citrix Systems.
The conference left no question that data has become and will continue to be a central part of the world of commerce and reinforced the importance of PIE, BC Law’s endeavor to build partnerships between the Law School and outside entrepreneurs engaged with these important issues.