Should We Regulate Big Data and The Internet of Things? Pederson Asks at NJ Big Data Symposium
At the NJ Big Data Alliance Symposium, which took place March 16 at NJIT, a packed room heard talks on everything ranging from analytics in higher education to the use of big data in smart policing.
Setting the mood for the event, Jay Pederson, IBM security client executive, asked the question, “Do we need more government regulation of big data and the internet of things?” He left that question out there hanging, as he presented some of the regulations that exist today and some of the data breeches the industry has seen.
Regulation can bad for business, he said, citing the example of Germany, which has a federal data-protection law that is “unique in the world.” In Germany, citizens have to contact a company to give it permission to collect their data.
Even if they do give a company their consent, the law imposes some location restrictions. “If I am a German citizen and I agree that you can use my data, that data can’t leave Germany.”
Pederson noted that this creates lots of problems for financial software and Software-as-a-Service companies, as well as other companies that are building data centers around the world, managing data at scale and operating with razor-thin margins.
“I’ve worked with some large financial services companies, and some of them are constructing completely separate data centers in Germany.” Clearly, this has an economic impact on the companies, he noted.
The Problem with the IoT
The drive across industries to collect data and share it on the IoT has problems associated with it as well. Pederson told the story of a denial-of-service security breach caused by unsecured security cameras. The problem with the IoT, he said, is that it runs on software, and software has flaws and vulnerabilities, “lots of them.”
This particular security breach allowed bad actors to take down half of the internet last year, he said. It even affected Amazon and Netflix. Pederson said that the folks behind the attack were savvy and had even done a test run, knocking a popular security blogger’s websitee offline for three months straight. “They wanted to see if the Internet could fix it.” This blogger had several big software security companies come in and try to help, but it took the resources of Google to actually fix the problem, which it managed to do only after several months.
The scary part of this story, he said, is that manufacturers have no incentive to fix the holes in their software. So many devices such as routers and DVRs can be used by hackers while the owners have no idea what’s going on. Manufacturers simply release new models that are more secure, and they prefer to sell the new models. They’re not interested in updating the older models of their webcams, DVRs and other devices that are buggy and allow hackers in. “It’s not like an iPhone that gets an update every few months.” Since there is no economic reason to fix it, do we regulate it? he asked.