Request For Research Presentations For the PrivacyCon Conference #00002

Submission Number:
Don O'Neill
Initiative Name:
Request For Research Presentations For the PrivacyCon Conference
I served as the President of the Center for National Software Studies (CNSS) from 2005 to 2008. A 501(c)(3) nonprofit organization, the CNSS was established to elevate software to the national agenda in addressing software issues of national importance including: 1. Software Value to US Economic Competitiveness 2. Software System Trustworthiness 3. Research and Development Funding9 4. Software Workforce Issues 5. Maintaining Security and Privacy in Electronic Commerce 6. Protecting Intellectual Property and Preventing Piracy The Software 2015 Report observed that software is the critical infrastructure within the critical infrastructure. This report from the 2nd National Software Summit (NSS2, 2005) was then stated as: "Achieving the ability to routinely develop trustworthy software products and systems, while ensuring the continued competitiveness of the U.S. Software industry". The question today is, Where do we stand with respect to the National Software Strategy and its programs? The answer, the situation is dire. In response to the FTC PrivacyCon Forum to bring together privacy and security researchers with policymakers to discuss their latest findings, I would like to submit the research paper, "Strike a Blow for Freedom: Privacy, Security, Civility... Chaos:The core of the apple is rotten". By extending the research in Software 2015: Situation Dire" (Defense AT&L, 2015), this paper encapsulates and focuses various dimensions of the space including technical debt as an aggravating factor, the stresses on privacy and security, the use of data encryption, the problem of free riders, the need to shift the onus from supplier to consumer, the need to discipline widespread false claims in organization privacy policies, the usefulness of fines and Cyber insurance, and the need and means to apply modern software engineering. The most effective, intelligent, and ethical steps to mitigate Cyber Security risk are an organization policy and assured practice to mitigate Cyber Security risk by taking the following steps: 1. Don't put proprietary data and information you cannot afford to lose on the Internet. 2. For those who do, acknowledge acceptance of the risk associated with Internet use. 3. Encrypt all data and information placed on the Internet. The use of private encryption fully achieves privacy and security assurance unlike key escrow and split key encryption which entail sharing keys with others. 4. Use three factor authentication to control access to data and information on the Internet: -What you have, i.e., card, token -What you are, i.e., iris, fingerprint -What you know, i.e., password, security question 5. Government needs to accept and encourage private encryption and not hold out for key escrow of split key encryption. 6. Government needs to accept indemnification or at least targeted liability to encourage data and information sharing by industry partners. References: NSS2 (2005) Software 2015: A National Software Strategy to Ensure U.S. Security and Competitiveness," Center for National Software Studies, May 2005 Defense AT&L (2015) O'Neill, D., "Software 2015: Situation Dire", Defense Advanced Technology and Logistics (DAT&L) Magazine, May-June 2015'Neill.pdf