People are sharing their personal information online faster than policymakers can keep pace, a privacy expert said Jan. 13, 2016, at the 12th annual Forum on Financial Information Systems and Cybersecurity.
“Current policies are like bringing a knife to a gunfight,” said Alessandro Acquisti, a professor at Carnegie Mellon University. “The way we are doing things now is not the only way it can be done, and certainly not the best way it can be done.”
The event, sponsored jointly by the University of Maryland’s School of Public Policy and Robert H. Smith School of Business, brought together about 60 scholars and working professionals in the fields of public policy and information security. Acquisti, who delivering the Ira H. Shapiro Memorial Lecture, spoke about the economic implications of the loss of personal information in the digital age. Other participants talked about the need to look beyond technology when setting public policy.
David Balenson, a senior computer scientist at SRI International, said governments and organizations must also consider human cognition patterns that drive behavior. “People are not in full control of their actions,” Balenson said. “They often do things they do not want to do, even if their behavior or its consequences are detrimental to self-interest.”
Besides the limits on self-control, Balenson said human brains are vulnerable to other types of biases, such as the tendency to view small samples as representative of larger populations. Peter Jansson, senior manager of EY Cybersecurity, suggested one simple rule for policymakers. “Make desirable behavior easy,” he said. “And make undesirable behavior hard.”
Other conference presenters included:
Rebecca Mercuri, founder and CEO of Notable Software, who spoke about the security risks of self-auditing systems, such as electronic voting machines that don’t leave paper audit trails.
Naba Barkakati, Chief Technologist and Director at the U.S. Government Accountability Office, who spoke about cybersecurity audits at federal agencies.
Sasha Romanosky, policy researcher at the RAND Corp. and a faculty member at the Pardee RAND Graduate School, who provided an analysis of costs and causes of cyber incidents acquired from publically available sources.
John Bagby, professor at Penn State University’s School of Information Sciences and Technology, who spoke about privacy challenges with the international electronic payment system.
The forum was coordinated by Larry Gordon, EY Alumni Professor of Managerial Accounting and Information Assurance, in the Smith School of Business; Martin Loeb, professor of accounting and information assurance and Deloitte & Touche LLP Faculty Fellow, in the Smith School of Business; and William Lucyshyn, interim director at the Center for Public Policy and Private Enterprise in the School of Public Policy.