A cybersecurity challenge in the age of surveillance

Security is getting more and more invasive, using biometrics like fingerprints, iris scans, facial recognition, and even DNA.

Cybersecurity schema should not require or depend on “what you are” — fingerprints, irises, DNA, etc. That’s because it would require someone else to have those intimate details. "A person can't change their fingerprints, irises, or DNA if those are compromised,” said a privacy advocate. “You know how often we hear about large-scale data breaches these days. It's imperative we keep these intimate details truly secret and in the hands of as few parties as possible, preferably no parties other than the person to whom they belong."

In case you missed the following two-part series, part 1 is where I tee up the challenge: How do you solve this security challenge going forward? And part 2 contains some examples of how others are addressing security, and how I approach cybersecurity while addressing the three key challenges: 1) attackers have unlimited computing power, 2) humans are lazy and unwilling to do too much work to protect themselves, and 3) security should not come at the expense of privacy (that would be a slippery slope indeed). Part 2: Cybersecurity Without the Surveillance and NSA Backdoors

I welcome cybersecurity practitioners to have a look and seriously pressure-test my knowledge and assumptions, and challenge how we’ve built in cybersecurity.