Economics of Security During Covid-19

Data Protection

In our BigIDeas on the Go podcast, BigID CEO Dimitri Sirota talks with Dan Geer, security and risk management expert and CISO at In-Q-Tel—the strategic investment arm of the US intelligence community. Geer examines the future of enterprise security, as well as data protection and privacy concerns in the context of Covid-19.

Geer’s repertoire in infosec includes the development of authentication system Kerberos and MIT’s Project Athena. His additional background in public health and biostatistics gives him a unique perspective into the way security and privacy intersect around the Covid-19 crisis.

Increasingly, he says, “the nature of information security and the future of humanity are tied together.”

We’re “Engaged in a Giant Natural Experiment”

“From a public health point of view, broad information is the only way you can affect the outcome of something like a pandemic,” Geer says.

Contact tracing, for example, depends on the use of data with other types of data. The merging of data makes it more powerful, and opens up new applications and uses. “If I know where my neighbors have been all day long, all month long, I can, in fact, do things from a public health point of view that I couldn’t otherwise do,” says Geer, “and some of them are hard to argue with in terms of their usefulness for public health outcomes.”

But the use of data for public health purposes can also pose new risks. “At the same time, there’s no way to guarantee that information that has this use can be controlled in the future, and there’s certainly no way to guarantee that information can be thrown away. There’s no way to frankly assure deletion of data.”

Listen to the full podcast to learn more about Geer’s position on data security during Covid-19 and the opportunities he sees on the horizon in information security.