Attention whitehats, The FTC wants you to lead new privacy, security push

FTC to hold PrivacyCon to hash out myriad security, privacy issues

privacycon logo final nodrone FTC
The Federal Trade Commission will in January hold a wide-ranging conference on security and privacy issues lead by all manner of whitehat security researchers and academics, industry representatives, consumer advocates.

The FTC’s PrivacyCon will include brief privacy and security research presentations, along with expert panel discussions on the latest privacy and security challenges facing consumers. Whitehat researchers and academics will discuss the latest security vulnerabilities, explain how they can be exploited to harm consumers, and highlight research affecting consumer privacy and data security. During panel discussions, participants will discuss the research presentations and the latest policy initiatives to address consumer privacy and security, develop suggestions for further collaboration between researchers and policymakers, and highlight steps that companies and consumers can and should take to protect themselves and their data, the FTC stated.

+ More on Network World: Wireless cyber security in your car stinks +

“Due to the unique role that whitehat researchers, academics, and information security specialists have played in raising awareness about privacy and data security issues, the FTC is particularly interested in enlisting their participation in this effort. For the past several years, their work to strengthen privacy and security protections in this country has greatly benefitted the FTC and the public. For example, the FTC’s reports on the privacy implications of facial recognition technology and the Internet of Things have referred to important academic research,” the FTC stated.

The FTC is seeking presentations on consumer privacy and security issues from a number of different arenas including:

  • Connected health and fitness devices or applications
  • Devices or services that incorporate voice-activation technology
  • Smarthomes
  • De-identification
  • Connected vehicles
  • Drones
  • Edu-tech
  • Big data and algorithms
  • Consumers’ attitudes toward, and valuation of, privacy
  • Costs and benefits of privacy-protective technology or behavior
  • Economics of privacy and security
  • Security by design techniques
The PrivacyCon conference will be held in Washington, DC on January 14. For more information go here.

Such conferences have lead to a number of successful campaigns for the FTC in the past. Earlier this year the FTC issued a report on privacy and the Internet of Things that came from a he report is partly based on input from leading technologists and academics, industry representatives, consumer advocates and others who participated in the FTC’s Internet of Things workshop held in Washington D.C.

From that report: The sheer volume of data that even a small number of devices can generate is stunning: one participant in the workshop indicated that fewer than 10,000 households using the company’s IoT home-automation product can “generate 150 million discrete data points a day” or approximately one data point every six seconds for each household, the report states.

“The only way for the Internet of Things to reach its full potential for innovation is with the trust of American consumers,” the FTC stated. “We believe that by adopting the best practices we’ve laid out, businesses will be better able to provide consumers the protections they want and allow the benefits of the Internet of Things to be fully realized.”

  • Build security into devices at the outset, rather than as an afterthought in the design process
  • Train employees about the importance of security, and ensure that security is managed at an appropriate level in the organization.
  • Ensure that when outside service providers are hired, that those providers are capable of maintaining reasonable security, and provide reasonable oversight of the providers.
  • When a security risk is identified, consider a “defense-in-depth” strategy whereby multiple layers of security may be used to defend against a particular risk. For example, companies should consider implementing reasonable
  • Install access control measures to limit the ability of an unauthorized person to access a consumer’s device, data, or even the consumer’s network. In the IoT ecosystem, strong authentication could be used to permit or restrict IoT devices from interacting with other devices or systems.
  • Consider measures to keep unauthorized users from accessing a consumer’s device, data, or personal information stored on the network.
  • Monitor connected devices throughout their expected life cycle, and where feasible, provide security patches to cover known risks.
  • Consider data minimization – that is, limiting the collection of consumer data, and retaining that information only for a set period of time, and not indefinitely. The report notes that data minimization addresses two key privacy risks: first, the risk that a company with a large store of consumer data will become a more enticing target for data thieves or hackers, and second, that consumer data will be used in ways contrary to consumers’ expectations.
Check out these other hot stories:

The ultimate auto-pilot software gets $15M boost

Big question of the day: Leonard Nimoy or not?

DARPA: Current DDoS protection isn’t cutting it

The weirdest, wackiest and coolest sci/tech stories of 2015 (so far!)

DARPA: What are the extreme challenges facing optics and imaging?

NASA touts real technologies highlighted in imminent 'The Martian' flick

DARPA wants low-power chips that handle high-impact applications

FAA: Pilots report record number of unmanned aircraft encounters

US Navy drone can fly, land on the water and swim

Join the CSO newsletter!

Error: Please check your email address.

Tags data breachesftc

More about FAAFederal Trade CommissionFTCNASA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Cooney

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place