Why the ethics conversation is more than just a security vs privacy conversation. T&C applies

By Aisha Bello

Elevator Pitch

Companies have a responsibility that the purpose of any data collected is conveyed in a clear and concise manner. In this talk security and privacy will be part of the broader conversation of ethics, what is and isn’t acceptable and how we can apply lessons from regulations like GDPR, HIPAA e.t.c

Description

Talk Outline

  • Quick Introduction to Ethics focusing on Data Privacy and Security. And what this means in this current time.
  • Why this talk. The big picture when faced with a choice of Privacy vs Security, and how this can have a more adverse effect if not intentionally thought about.
  • The Good and Bright Side: Case Study Examples of organizations who have done a good job in the above subject e.g How Apple refused to release information to the U.S government due to privacy concerns,
  • The Bad that could turn ugly: 2 different case studies outlining Ethical and privacy concerns what was, what could be, and what might happen if not checked. An example could be a popular and publicized e.g Facial Recognition software used by police that wrongfully identifies criminals or Edward Snowden who leaked classified NSA information that sparked up the national security vs Individual privacy debate. How products that are meant to be fun or helpful could be used unethically, and steps that could avoid or mitigate these risks in the future.
  • What can we do? Effective ways of how individuals/ Companies can build more ethical products like employing the Defense method of red teaming. Collecting the data that is actually needed to solve the task at hand.
  • Individual Examples of the right “Why” “who” and “when” ethical questions we should all ask ourselves regardless of our contribution to a project.
  • Bringing it all together, concluding thoughts and next steps.

Audience Takeaways

At the end of this talk the audience will have a better understanding of how to think more ethically and ask more ethical questions as a product developer, consumer or contributor. The audience will also get thoughts on how they can borrow rules from laws like GDPR, HIPAA and SANS Institute and apply them to their everyday tasks. We would also share best practices, tools and resources that people can take advantage of (e.g as a consumer how you protect your individual privacy and security using duckduckgo) or as a project contributor/developer (e.g. What are the ways you can ensure that your ML model is learning from a diverse pool of training data).