One of the challenges of an information technology professional is working with a client to find the balance between competing demands for a system. We ned our systems to be secure, but for inexperienced and untrained users, increased security can create a usability challenge, thus decreasing the utility of the system. Ensuring privacy, secure and ease of use increase system costs so when funding is limited, we must prioritize these requirements. How do you decide what is the best compromise? What if your client has other priorities?
Responsible disclosure of a cybersecurity flaw is more complicated than a typical whistleblowing scenario. In many whistleblowing situations, unsafe or illegal activities are already ongoing and known (or even condoned) within an organization. By publicizing these activities, the whistleblower is shedding light with the hope of improving safety or stopping a crime. When a cybersecurity flaw is discovered in an application or system, the organization may not be aware of it. Exposing the flaw publicly alerts hackers who may be able to exploit the flaw prior to the availablity of a fix. It is responsible practice to disclose a flaw privately so an organization has time to prepare patches (corrections) or close security holes.
Fake news has been around for centuries in many forms. Even before news was available on social media sites, email and traditional web sites made it possible for hoaxes to quickly spread, giving rise to sites like Snopes whose purpose is to refute hoaxes and urban legends.
So if this problem has been around for years, why has it become a significant issue now?
Selfies are a remarkably popular activity that was enhanced by smart phone manufacturers when they placed a second camera that faces toward the user on the device. People take selfies of any experience and every activity in their lives and quickly post them to social media to let the friends (and the world) know what they've done, created or even destroyed.
In March, 2017, Congress voted to eliminate rules that "would have required home Internet and mobile broadband providers to get consumers' opt-in consent before selling or sharing Web browsing history, app usage history, and other private information with advertisers and other companies." -- Ars Technica, 3/29/2017
By 2020 (in less than 3 years), the government of China plans to have a system that assigns each person a social rating based on the person’s financial transactions, how he or she behaves in public and at work, etc. Already, face-recognition technology installed along streets detects jaywalkers and displays their photos on large public screens. These systems and more would be linked together to create the social rating.