Data Security and Privacy with the Privacy Professor

The History, Mystery, and Rise of AI at CornCon!

Dr. John Johnson describes why he created the wildly popular cybersecurity conference, CornCon! It was first held in 2015, in Davenport, Iowa on the banks of the Mississippi River. He also describes the goals for the conference, how it is unique from others in offering a children’s hacking bootcamp, and a hacking contest for teens, along with two days of sessions and activities for professionals. Rebecca is also excited to be a speaker with her talk, “It’s Not Always a Rattlesnake Just Becaus...

Need More Privacy? Write the Privacy Law We All Need!

Do you see a need for more privacy in certain areas of your life? Or within certain industries? Or throughout society? Well, don’t just sit there; get up offa that thing, and get that new privacy law drafted into a bill, and then passed into law! It’ll make you and everyone else who cares about privacy feel better, while also strengthening privacy protections. Want to know how? Tom Kemp, author of the newly released book, “Containing Big Tech: How to Protect Our Civil Rights, Economy, and De...

A Romance Scammer Took All My Dying Mother's Money

April describes the horrific harms that romance scammers caused her mother while terminally ill with cancer, and Kathy describes the upcoming World Romance Scam Prevention Day that her organization established. A must-listen-to episode!

GDPR Compliance Stats Everyone, Everywhere, Needs to Know!

The EU General Data Protection Regulation (GDPR) has been in effect for 5 years now. What have been the impacts to organizations who must comply? What have been the penalties applied? And for what specific non-compliance issues? Which EU country has been most active in applying GDPR non-compliance penalties? Have there been any countries where no fines/penalties have been applied? What is the largest GDPR fine/penalty to date and to what entity was it applied? What was it for; which GDPR Arti...

Individuals & Businesses: Mitigate! Those! Risks!

Everyone is at risk of cybercrime, privacy breaches, and associated physical risks. Individuals in their personal lives, as well as businesses and their employees within work areas…which are often in homes, and other locations outside of physical business facilities…are at risk. Each and every one of them needs to understand how to recognize information security and privacy risks, and basic ways to mitigate those identified risks. But most folks don’t know how to do this. More needs to be do...

IoT Stalking, IoT Jewelry, JuiceJacking, AI, CheckWashing & More!

In this episode Rebecca continues answering a few more of the hundreds of questions she has received from listeners and readers throughout the past few months, covering a wide range of topics. Some of the questions include: • What happened to those men, bar owners, who were arrested for stalking a woman by using digital tracking devices there in Des Moines, Iowa? Did they go to prison? What laws apply? Hear Rebecca’s answers, in addition to other associated news and points about IoT trackers...

AI Challenges & Risks: Security, Privacy, Bias & Ethics

AI has quickly become pervasive in all our lives. But, how can it impact us? Consider a couple of examples. Lensa is an app that takes real photos and uses AI to make art images from them. Millions have used it. Others are concerned about the related privacy and intellectual property rights problems it creates. Lensa uses a huge open-source collection of data to train its AI that contains than 5 billion publicly accessible images that it categorizes as “research.” However, it not only inclu...

“Romance Scammers Have Used My Photos Since 2016”

Bryan Denny served as an officer in the U.S. Army for 26 years. In 2016, Bryan’s photos were stolen and used to build thousands of fake profiles. Kathy Waters has logged over 4,000 volunteer hours helping those like Bryan Denny whose identity has been stolen, as well as the women and men who have fallen victim to the scammers. Each day new headlines report the financial and emotional destruction that romance scammers wreak on their victims’ lives, who include both the targeted victims of the ...

Dobbs Leak, Airtags, Spam, Spoofed Email, & Data Privacy Day!

It has been almost three years since Rebecca has done a show answering listener questions; it is time she did another one! In this episode she answers a wide range of questions. Some of the questions include: • Why are location trackers (Apple Airtag, Tile, etc.) bad from a privacy perspective? They aren’t even sending any personal information; just location. Should they be outlawed if they are actually bad? Listen in to hear not only her answer, but how she explains what engineers need to ...

A Cybersecurity Expert’s Real Life Identity Theft Experience

Everyone is a target for identity thieves. Even the most brilliant cybersecurity and privacy experts. Why? One significant reason is because when those organizations and individuals who possess and use your personal data do not effectively secure that data, they leave it vulnerable, leaving YOU at the mercy of cybercrooks. Listen in to hear my riveting conversation with Christine Abruzzi, cybersecurity expert with 30 years of experience, and owner of Cacapon Cyber Solutions describe her curr...

Privacy & Cybersecurity for Your Life During the Holidays

Are you armed with the privacy and security knowledge and awareness necessary to identify all the holiday scams and cybercrooks that emerge and try not only new scams and crimes, but also all the same scams and crimes that have proven to be effective year after year for decades? Are you prepared to help those to whom you give tech gifts so that they use them in the most secure and privacy-protecting way possible? Can you secure those tech gadgets that you receive as gifts to keep the hackers ...

Let’s Stop the Robocall Scammers!

Everyone is inundated with robocalls! Many of them are legitimate, such as those providing notifications about environmental threats such as hurricanes and tornadoes. And those giving alerts about missing persons. And there are many others that are legal, but can still be quite annoying, such as from political candidates. There are also increasingly more robocalls that are used to commit scams and a wide range of crimes. Security expert Ben Rothke is fed up with all these robocall scammers!...

“Wacky Tobaccy” Laws, Privacy & Security!

At this time in our current enlightened period in history, we're actually not enlightened with regard to cannabis benefits, medicinal uses, how to debunk disinformation that has been being spread since the 1930s, and how to protect the privacy of cannabis users, as well as their associated personal data, and the business data of the dispensaries. Have you used cannabis, of any kind in any form? Have any of your family members or friends? For recreation and/or for medicinal purposes? Do you k...

Action is Necessary to Improve Voting & Elections Security!

Many claims have been, and still are being, made about elections and voting security, more than ever since the 2020 election. Some claim there was widespread “voting fraud.” While no process or technology, of any kind for any purpose, is 100% secure, the 2020 general elections were determined through audits and assessments by dedicated elections workers, federal and state civil servants, and cybersecurity experts, to have been the most secure in history, based on the combined results of over ...

Secure Coding Fixes the Top 25 Most Dangerous Software Weaknesses

In the news every day are security incidents and privacy breaches caused by software programming errors, sloppy practices, lack of sufficient testing, and many other engineering-, coding-, and programming-related reasons. This has been progressively getting worse for the past 40, 50 years as technology has been proliferating, along with code, and different programming languages. Case in point: At the root of most Zero Day exploits is unsecure software code, created by programmers and coders w...

IoT Data Creates Frankenstein Profiles Claiming to Be You

There are an estimated 20 – 30 billion “smart” internet of things (IoT) devices currently used in the world. Most of them are listening devices, meaning everything heard within the vicinity of the device is sent to cloud systems, analyzed, and actions are taken. This number is projected to increase to 75 – 100 billion by 2025. This data and results of artificial analysis (AI) using the words and conversations of people, and sounds, in the vicinity of the device are sent to numerous, sometimes...

Catching KGB Hackers with 75¢ and a 2400 Baud Modem

Nation state hackers have been trying to get into the secrets stored on computers for decades. The Russian KGB has been trying, and often succeeding, to hack into computer systems before there was a publicly accessible internet; back when the Arpanet was used primarily to connect university and government computer systems. Do you know who caught the KGB in the act of their hacking activities within these computer systems when no one else, not even the FBI or the military, was interested in fi...

How Stalkers & Assaulters Track & Find Victims with IoT Tech

Assaulters and stalkers are increasingly using technologies to target, surveil, and attack their victims. IoT tech in particular is increasingly being used. • What types of IoT tech are being used to track down and ultimately attack the targeted victims? • What types of popular, tiny, inexpensive IoT devices are increasingly used by assaulters and stalkers for surveilling and then tracking down victims to abuse and assault? • In what ways are a variety of different types of IoT tech device...

What Do UNIX, Linux & Dirty Pipe Have in Common? Listen To Hear!

A lot of news has been released lately about the Dirty Pipe vulnerability in the Linux OS. How is this related to UNIX? Listen in to hear Rik Farrow, the world’s most experienced and knowledgeable expert on UNIX and Linux, explain! Rik will provide his advice about careers in UNIX and Linux security, and answer a wide range of questions Rebecca has received from listeners about these topics. A few of the questions covered include: • How many versions of UNIX are there? • What makes Linux diff...

Transportation Cybersecurity & Privacy: Highway to Digital Hell?

There have been many reports about over-the-road trucking delays causing problems throughout the full supply chain and delaying deliveries of critical products throughout all industries. However, what about the cybersecurity and privacy risks within the transportation industry? There has been little, if any, thoughtful public discussion of the wide range of surface transportation cybersecurity and privacy risks. Cybersecurity vulnerabilities could cause many more disruptions within this criti...

A Synthetic Data Deep Dive: Privacy Protector, Foe or Other?

Synthetic data has increasingly been in the news in recent years. It is being used for many purposes, such as training artificial intelligence (AI) models, and for more thoroughly testing software. It is also being described as a new type of privacy enhancing technology (PET). In what other ways is synthetic data being used? Do data protection regulations and other laws and legal requirements apply to synthetic data? E.g. do the associated individuals need to provide consent for organizatio...

How to Fix the Log4j Problem & Prevent Similar Types of Incidents

The Log4j security vulnerability is likely a result of insufficient secure coding and/or testing practices for software that is used in billions of devices worldwide. This vulnerability is now being actively exploited, causing a wide variety of security incidents and privacy breaches. New attacks are announced weekly, and sometimes daily, that are exploiting that vulnerability. How did such a dangerous vulnerability make its way into billions of devices? Hear a preeminent applications devel...

Who's Responsible for BPO Contact Center Privacy & Cybersecurity?

Rebecca discusses the importance of call/contact center and customer service privacy and cybersecurity practices with privacy law and business process outsourcing (BPO) expert, Jon Bello. Often the contact center, or customer service group, is the only barrier between a caller and the personal information and access to the account of a particular individual. BPO staff are common targets of social-engineering to get into others’ accounts and to locate where others are located. Mr. Bello discus...

Protecting Aviation Critical Infrastructure from Cyber Attacks

The US Transportation Security Administration (TSA) recently announced they are requiring critical US airport operators, passenger aircraft operators, and all-cargo aircraft operators to designate cybersecurity coordinators, and to report cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA). Lower-level transportation organizations are encouraged to follow the rules as well. Why hasn’t this been done before now? Will it be enough to protect the highly complex and div...

Software Development Security Practices Suck! Wise Up Now!

Why do so many business leaders insist on using unsecure systems and software development practices? Often to skimp on IT budgets and to race to production. Or leaders with marketing expertise, but no actual tech understanding, make bad decisions to align with their sales tactics and marketing messages. Or, for other reasons. But with demonstrably ongoing damaging consequences. In this episode we speak about the critical need for secure software engineering, development and testing, and the n...

Demystifying Cyber Insurance: Facts to Get the Right Coverage!

Listen to this episode to learn from Judy Selby, a worldwide recognized and award-winning cyber insurance expert, about the considerations to take into account for different types of cyber insurance, and how recent, and growing numbers of, ransomware and cyberattacks and hacks are impacting the cyber insurance coverage packages. Throughout the recent history of ransomware and other types of malware and cybercrime and hacking, organizations have become increasingly dependent upon cyber insur...

The BOM Episode! DBOMs! SBOMs! And...Supply Chain Cybersecurity!

Before the Solarwinds hack made global news daily for many weeks starting in December, 2020, most of the public had never heard the term “supply chain,” let alone know about the inherent data and cyber security risks they bring to organizations. You know it is a significant issue when the President of the United States issues an Executive Order (on Feb. 24, 2021) to significantly strengthen supply chain security in all industries. The risks have always been there, but the number, types and ...

4th Amendment Does Not Give LE the Right to Access Encrypted Data

The recent take-down of 300 criminal syndicates in more than 100 countries by the DoJ, selling their own 12,000 encrypted devices and services to which they had the decryption keys, has resurrected the question of encryption and lawmakers’ claims that backdoors into encryption are necessary. Lawmakers, and even some data security personalities, point to this event saying it proves encryption should have backdoors. There are also claims that the fourth amendment supports this view. But wait!...

Data Pipelines & Data Lakes Security & Compliance Answers & Info

What are “high-speed streaming analytics data pipelines”? What is the function of a data pipeline? Are there more security risks associated with data pipelines, or less, compared to VPN transmissions, and network transmission technologies that have been used for decades? What are “data lakes”? How are they different from data warehouses? Is it possible to meet data protection compliance requirements using data pipelines and data lakes? What are the security risks with using data lakes? What i...

Defending Against Nation-State Hacking & Cyber Warfare Attacks

There have been many news reports in the past several months about nation-state espionage, and in particular nation-state cyberthreats and cybersecurity warfare attacks. So, what exactly are nation-state cyberthreats? What countries are the sources of the cyberthreats? What countries are launching cyberattacks? Russia? China? The USA? Others? Who should be defending against these cyberthreats? Government? Corporations? Individual citizens? In what ways have US citizens committed cyberattack...

Voter Fraud Facts No One is Talking About…Until Now

In 2021 there have been at least 253 voting bills proposed in at least 43 US states. These bills are restricting voting methods, times, and even criminalizing such practices as the provision of food and drink to those who are in waiting line for hours to vote. All due to “concerns about voter fraud,” even though hundreds of audits, hundreds of ballot recounts, and hundreds of independent voting machine security assessments have found no voter fraud. What security measures are actually estab...

Data Security - March 6th, 2021

Fighting US Elections & Campaigns Interference with Cybersecurity

There continue to be more lessons to learn from the past 8+ years of election cycles in the US. Lessons that can be applied throughout the world, about the need to build in strong security and privacy protections to the associated processes, systems, and physical components of elections to strengthen democracy as well as to establish verifiable and validated election results. The FBI reports verified election interference attempts and goals of China, Russia, Iran & domestic groups; often th...

Healthcare CISOs: Securing Patient Data & HIPAA Compliance

Health data is considered personal data gold to cybercrooks. Hospitals, clinics and telehealth situations involve a lot of complexity that brings many threats and vulnerabilities to patient data. • Is your healthcare and patient data safe? • Are hospitals and clinics doing all they can to protect your data? • What would you like to ask your hospital about this? • Would they know how to answer? • Are HIPAA requirements effective for protecting patient data? Listen in as Mitch Parker, a h...

Holding Privacy Events in a Pandemic World

For Data Privacy Day month Rebecca is speaking with Kim Hakim, CEO & Founder of FutureCon Events, about how she handled needing to move...almost overnight!...all her 2020 conferences to being online events at the beginning of 2020 when COVID-19 started spreading through the USA. Kim also discusses some of the key privacy issues she had to address when doing so. Kim will also describe the most requested privacy topics for the FutureCon events. Some topics covered in this episode include: • Wha...

How A Trail-Blazing STEM Mentor Is Revolutionizing Cybersecurity

The numbers of women & people of color are still a woefully small percentage of the IT and cyber/data/network/applications security workforce. Such lack of diversity results in weak and flawed IT, security and privacy practices, applications, networks, and data protection. Rebecca discusses the related issues with cybersecurity expert, industry leader & long-time mentor, Dr. Cheryl Cooper: • What is Dr. Cooper working to change in society with her mentoring work? • Many displaced workers ...

How Cybercriminals Take Advantage of the COVID-19 Pandemic

With 2020 being the year of the global COVID-19 pandemic, it has also become the year of globally widespread working from home offices, and attending school online from home. Cybercrime is increasing dramatically in many ways never before seen as a result of these quickly established new working and learning environments. • How has cybercrime increased since the COVID-19 pandemic started becoming noticed? • Which new types of cybercrimes were created to take advantage of the many different...

Data Proves Voting Fraud is Rare; Don’t Believe Conspiracy Theories Claiming Otherwise

Voter fraud conspiracy theories have reached a fever pitch. There are even claims that mail-in ballots are “a scam.” What’s the truth? Voting security experts & researchers Jennifer Kavanagh & Quentin Hodgson describe in-depth research revealing verifiable facts about security of all types of voting including absentee/mail-in, voting machines & paper at polling locations, & drop boxes. They provide research results for questions such as: • How are voter registration databases kept up-to-date...

Surveillance Pandemic: How Tech Giants Collect & Use Personal Data for Profiling & Huge Profits

Since 2018 Rebecca has invited many tech giants to explain if & how they are collecting & selling personal data to govt & other entities to profile & target subsets of populations while making huge profits. For example, one tech company reportedly made over $1.6 billion from the US federal government from 2017 – 2019. No tech company has accepted the invitations. However, Mijente, which has performed significant research into tech surveillance activities, agreed to answer questions such as: •...

COVID-19 Contact Tracing: Privacy & Security Risks

Tech giants & startups are quickly releasing “cutting edge” COVID-19 tracing tools. Some states have built their own tracing tools. COVID-19 tracing is absolutely necessary to get the pandemic under control. But are those tools secure? Will the privacy of the individuals’ health data be protected? • What tracing tools are being used? Which best protect privacy? Which put privacy at risk? • How do certain phones and operating systems put patient data from tracing tools at risk? • What are the...

Voting by Mail Security: Busting Myths and Explaining Facts

In the midst of a deadly pandemic mail-in voting would be the safest way to vote. However, many warn that voting by mail will lead to wide-spread fraud and lost votes. Is this true, or are they baseless claims? What is true, and what are pure conspiracy theories and lies? Amber McReynolds, one of the country’s leading experts on election administration, policy & security, discusses the risks of voting by mail along with the benefits, security, and myths. Some topics covered: • How are reques...

Legislating Weak Encryption is Stupid and Dangerous

The value of strong encryption cannot be overstated, but yet the efforts from lawmakers to force tech companies to create weak encryption has been put into overdrive. Bruce Schneier has been a vocal proponent of strong encryption for many years, and eloquently explains why it is technically not possible to give the good guys the access they want to encrypted files and transmission without also giving the bad guys access. Listen in as Schneier explains his thoughts about the most recent effor...

Why Weakening Encryption for Law Enforcement Access is a Bad Idea

Efforts are increasing in the US & worldwide to force tech companies to build encryption that would “allow only law enforcement and government” groups to get into encrypted files & communications. The claims are that this is necessary to fight online crimes such as human trafficking and child sexual exploitation. We definitely need to address these horrible crimes. However, are these commands from governments & law enforcement groups technically feasible? Why aren’t these groups including tec...

How Rob Sand Caught the Criminal Who Committed the Largest Lottery Fraud in History

Hear Rebecca speak with Rob Sand, the lawyer who used his tech savvy as the Asst Attorney General for Iowa to successfully prosecute Eddie Tipton, who committed the largest & longest occurring lottery fraud in US history while employed as an IT worker, and was promoted to Information Security Officer, at the Multi-State Lottery Association where he committed his crimes. Eddie exploited his positions of trust to rig the lottery winning drawings, totaling more than $24 million, at least five di...

How Poor Tech Security & Misinformation Upend Elections

Listen in to hear Rebecca speak with elections security expert Theresa Payton about elections security, safeguarding voting machines, and the types of attempts to disrupt or even change the results of elections. Some of the topics covered include: • What are some key points to understand about the tech and other problems in the Iowa caucuses? • In what ways do nation states, and other malicious actors, try to manipulate elections results? • How can voters recognize manipulation campaigns? • W...

How Biased and Malicious AI Can Do Harm

Listen in to my chat with artificial intelligence expert Davi Ottenheimer about not only the potential benefits of AI, but also the risks to information security, privacy and safety when flawed, biased and maliciously-engineered AI is used. Also hear the boundaries Davi recommends for preventing bad AI. Some of the questions covered include: • What are some examples of tragedies that possibly could have been prevented with AI? • In what ways are AI controlled robots shifting power in our soci...

Diving into the Dark Net

Many listeners have sent questions over the past two years about the dark web • What is the dark web? Is it the same as the dark net? How is it different from the deep web? • Is it legal to go into the dark web? • What is Tor? • What are some real-life crimes found on dark web? • What are some of the most disturbing activities in the dark web? • What do information security and privacy pros need to know about the dark web to help them with their job responsibilities? • What should the genera...

The Criticality of Change Control Management in Cloud Services

Recently the CEO of a cloud services business for compliance & information security shrugged off the problems he has on an ongoing basis with his SaaS cloud site where he does not have change controls implemented, & doesn't use a separate test or development region or server. He shrugged & said, “That’s just the way it is with a cloud service, they all have these problems.” Wrong! In this episode I discuss the importance of change controls to supporting information security & privacy with an...

Professional ethics and technology in the cyber age

Executives, tech, data & cyber security, and privacy professionals face situations testing their ethics every day. Just a few issues include: • Profit maximization at any cost, including privacy and data security • Creating and selling products and services that monetize personal data at the cost of privacy, security and safety of the associated individuals • Intentionally refusing to acknowledge known security and privacy problems to not damage sales and profits • Deliberately releasing tec...

White hat hacking & security break-in testing & ethics

A recent incident occurred in central Iowa where security vendor, Coalfire, employees were arrested for breaking/entering and robbery of a county government building. After the arrest it was determined this was part of a contract the vendor had with a Federal agency in a neighboring county. This incident brought a wide range of online discussions about white hat hacking, facility break-in tests, and associated responsibilities and related ethical considerations. • What are some lessons from ...