Friday, August 21, 2015

Open Data: Privacy & Security

Civic hackers and open data are children of public-spirited and trusting Gen Xers in the same way that personal computers, open source software and the Internet were the children of altruistic and ingenuous Baby Boomers. Unfortunately, altruistic and trusting children of the sun don’t think the same way as people who lurk in the darker corners of society.

For better or worse, digital security is one of the last concerns of digital innovations. By definition, these innovations are significantly different from anything that came before, and in the early stages of an innovation, there is no way to predict if the innovation will be successful and last for years, or if it will be a flop and fade quickly from everyone’s memory. The only innovations created by people skilled in digital security are new digital security objects. Extremely few innovations in smartphone apps, integrated circuits, connected cars features, or any products on Kickstarter will be developed by digital security ninjas because they aren’t highly knowledgeable about or experienced in those fields. Pretty much nobody has enough money, time and knowledge to bake top quality security into their innovation before the product is shown to be a success. Even after the innovation is a proven success, very few people or companies will spend the time or money to go back and redesign the product with bulletproof digital security.

Personal computers and the Internet suffer from the same digital security issues as a result of the open design approach of many of their early users and product developers. Not only weren’t these people skilled in digital security, they purposely avoided security in favor of convenience and collaborative sharing. When it’s easy and convenient for well-intentioned people to use complex and powerful computing systems, it is also easy for ill-intentioned people to abuse and misuse the systems. The result of this philosophy and approach to real-world implementation was described in 1986 in a conversation in “The Cuckoo’s Egg” by Clifford Stoll.
“...Dennis saw the hacker problem in terms of social morality. "We'll always find a few dodos poking around our data. I'm worried about how hackers poison the trust that's built our networks. After years of trying to hook together a bunch of computers, a few morons can spoil everything...The real work isn't laying wires, it's agreeing to link isolated communities together. It's figuring out who's going to pay for the maintenance and improvements. It's forging alliances between groups that don't trust each other...The agreements are informal and the networks are overloaded," Dennis said. "Our software is fragile as well—if people built houses the way we write programs, the first woodpecker would wipe out civilization..."
Billions of dollars are being spent annually on cybersecurity now for personal computers, organizational networks and the Internet, but much of that money is being spent, sometimes unsuccessfully, to address problems created by the original lack of security described in “The Cuckoo’s Egg.”

Open data and civic hacking has numerous benefits and shouldn’t be avoided or squelched, but it’s critical  to get more digital security specialists integrally involved in this space, and we need those specialists to build security into the DNA of the civic hack ecosystem. This is not always done, and the absence of a secure foundation will limit the reliability and usage of civic hacks. It may eventually cause many government organizations to shut down their open data sets and revert to locked-down public-data files.

In addition to the issue of digital security for open data and civic hacking, there is the even more important challenge of protecting personal privacy. Because the data which civic hacking works with is often tied to personal data and geolocations, there are concerns about maintaining appropriate privacy.

The related third topic, in addition to security and privacy, is data quality. If open data sets have inaccurate or incomplete data, or if the data is interpreted inappropriately, civic hacks created with that data may be useless or cause unnecessary problems, such as driving poor decisions or creating misplaced public concern about issues related to the data. Because most civic hackers are unpaid volunteers, it’s unrealistic to expect all their civic hacks to have expert-level security, privacy and data quality.

There are online documents and guidelines for dealing with open data security and privacy concerns. But I suspect that many smaller cities which are providing or considering providing open data do not have employees with necessary knowledge, skill and responsibility to ensure all those cities' open data is managed with high levels of security, privacy and quality. Some cities may not realize they need to have someone like that taking care of open data, while other cities may not have the budget to cover the costs of top shelf security, privacy and quality for open data. This is something that organizations like the National League of Cities should get involved with.

Because of the current US and global push to release increasing amounts of open civic data, more open data guidelines, manuals and practices will be developed, especially through programs like the Bloomberg “What Works Cities” initiative. Mesa, AZ, and some of the other cities involved in that initiative have never provided open data, so I’m sure part of the Bloomberg program will address and refine how to provide secure, high quality open data that appropriately addresses personal privacy issues.

Open data and civic hacking are good for NE Wisconsin, as explain in various posts on this blog. However, all NE Wisconsin cities, counties or other government bodies publishing open data need to take the time and effort to make sure digital security, personal privacy and data quality are appropriately addressed.

-------------------------------------------

If you’re highly interested in digital security, personal privacy and quality issues related to open data, the items below may be of interest to you. You can also search with Google for “open data” and additional relevant keywords to meet your needs.
How to protect privacy when releasing open data
"Open Data: Where to start, what to keep close"
"National/Homeland Security and Privacy/Confidentiality Checklist and Guidance"
"A Realistic Look at Open Data
"The problem with Open Data"

*****

No comments:

Post a Comment