The Rise of the Machine, Big Data’s Next Hurdle

For those expecting a Terminator-esque diatribe warning you about the evils of ‘machine’ autonomy you’re in the wrong place. For a security professional, I am perhaps the least suspicious and prone-to-conspiracy person I know. Even my Sister and Brother-in-law are worse, but they are a lawyer and Scottish respectively so their paranoia is expected.

After reading Daniel Burrus’s articles ‘Big Data Is Already Producing Big Results‘ and ‘Create an Integrated Big Data Strategy To Increase Sales Now‘ it occurred to me that while Big Data has no place in security beyond forensics (in my opinion), the security OF the big data itself is critical. So is the integrity and availability of it.

The concept of Confidentiality, Integrity and Availability (CIA) has been around almost as long as I have, but only with the advent of big data and real-time analytics does it truly come into its own.

Everyone trying to sell you something – which is everyone – is looking at big data, or more specifically, how to collect the data in first place, and what to DO with it once they’ve got it.

Scenario: You’re out shopping with your wife when suddenly you are barraged by lingerie offers, as your spending habits over the last few months have been recorded and instantly regurgitated by hopeful vendors. Your wife has no lingerie…

Morality aside, this is a gross invasion of his privacy (loss of confidentiality). Now image if that data was actually inaccurate (loss of integrity), I’m sure his wife would be very understanding, right? As for availability, that’s the vendor’s problem so I don’t care much.

Now, let’s take this even further. In ‘The Internet of Things‘, soon everything from your home security to your dog will be online. Your location, your travel plans, your favourite everything will be known by someone, or someTHING, somewhere. The amount of information being collected is growing, quite literally, exponentially. The trend is also to automate as much as possible, so for example, if no-one’s home, the oven should not be on. Do we really want ALL of these decisions made without human interaction?

I personally love the way things are going. Instant access, always-on, functionality, convenience etc. But I am prepared to pay the price for this, the currency of which is measured in terms of the loss of both my privacy, and potentially, my personal safety. The data is online, if someone really wants it, they can get it, then do things with it I don’t even want to contemplate.

Big Data is not evil, data just is, it’s the use to which the data is put that defines good or bad. Businesses have been very quick off the block to define the profit-making contexts within real-time data analysis, but so far I haven’t seen much in the way determining what’s right and wrong. Or whether or not we even have a choice to take part in it.

The generations born prior to 1990 are most likely the ones holding this trend back, so we’re the one’s who’d better write the policies, and put the checks and balances in place, because the Millennials are too busy posting pictures of their junk.

2 thoughts on “The Rise of the Machine, Big Data’s Next Hurdle

  1. I am a victim of big data processing. My email address is being identified as spam (its a btinternet.com / yahoo mail address) and increasingly my email does not even get through now to the recipient. My presumption is that when BT / Yahoo got hacked around 2013, millions of BT customer emails then got passed around the world and used by any spammer or hacker around the world.
    My question to you is if my personal data (email address) is being stored by data security companies as a blacklisted number and therefore denying me the right to communicate are they not in breach of the GDPR as they are carrying out an automated process which impacts upon me and to which I have no knowledge as to who they are and how they are using my data. Which to the best of my knowledge I did not provide them with authorisation to hold or process?

    • I would need a real expert to jump in on this one, but unless you can point to an example where this has happened to YOUR ‘[name]@btinternet.com’ address (as opposed to a general block on ANY ‘@btinternet.com’ address), then you cannot point to the offender. If you could, your rights under GDPR would certainly give you recourse.

      There are of course complications related to the fact that your data is publically available, and Recital 47 (on ‘overriding legitimate interest’) states “The processing of personal data strictly necessary for the purposes of preventing fraud also constitutes a legitimate interest of the data controller concerned.” so you’d really have to be able to find the instigating offender.

If you think I'm wrong, please tell me why!

This site uses Akismet to reduce spam. Learn how your comment data is processed.