People are sharing their personal information online faster than policymakers can keep pace, a privacy expert said Jan. 13, 2016, at the 12th annual Forum on Financial Information Systems and Cybersecurity.
“Current policies are like bringing a knife to a gunfight,” said Alessandro Acquisti, a professor at Carnegie Mellon University. “The way we are doing things now is not the only way it can be done, and certainly not the best way it can be done.”
The event, sponsored jointly by the University of Maryland’s School of Public Policy and Robert H. Smith School of Business, brought together about 60 scholars and working professionals in the fields of public policy and information security. Acquisti, who delivering the Ira H. Shapiro Memorial Lecture, spoke about the economic implications of the loss of personal information in the digital age. Other participants talked about the need to look beyond technology when setting public policy.
David Balenson, a senior computer scientist at SRI International, said governments and organizations must also consider human cognition patterns that drive behavior. “People are not in full control of their actions,” Balenson said. “They often do things they do not want to do, even if their behavior or its consequences are detrimental to self-interest.”
Besides the limits on self-control, Balenson said human brains are vulnerable to other types of biases, such as the tendency to view small samples as representative of larger populations. Peter Jansson, senior manager of EY Cybersecurity, suggested one simple rule for policymakers. “Make desirable behavior easy,” he said. “And make undesirable behavior hard.”
Other conference presenters included:
Rebecca Mercuri, founder and CEO of Notable Software, who spoke about the security risks of self-auditing systems, such as electronic voting machines that don’t leave paper audit trails.
Naba Barkakati, Chief Technologist and Director at the U.S. Government Accountability Office, who spoke about cybersecurity audits at federal agencies.
Sasha Romanosky, policy researcher at the RAND Corp. and a faculty member at the Pardee RAND Graduate School, who provided an analysis of costs and causes of cyber incidents acquired from publically available sources.
John Bagby, professor at Penn State University’s School of Information Sciences and Technology, who spoke about privacy challenges with the international electronic payment system.
The forum was coordinated by Larry Gordon, EY Alumni Professor of Managerial Accounting and Information Assurance, in the Smith School of Business; Martin Loeb, professor of accounting and information assurance and Deloitte & Touche LLP Faculty Fellow, in the Smith School of Business; and William Lucyshyn, interim director at the Center for Public Policy and Private Enterprise in the School of Public Policy.
Media Contact
Greg Muraski
Media Relations Manager
301-405-5283
301-892-0973 Mobile
gmuraski@umd.edu
About the University of Maryland's Robert H. Smith School of Business
The Robert H. Smith School of Business is an internationally recognized leader in management education and research. One of 12 colleges and schools at the University of Maryland, College Park, the Smith School offers undergraduate, full-time and flex MBA, executive MBA, online MBA, business master’s, PhD and executive education programs, as well as outreach services to the corporate community. The school offers its degree, custom and certification programs in learning locations in North America and Asia.