BEGIN:VCALENDAR VERSION:2.0 X-WR-CALNAME;VALUE=TEXT:CRCS Act with Andrew Neff: "The Internet Identity Mess and Opportunities for Improvement" PRODID:-//Harvard events data//EN BEGIN:VEVENT UID:event_661431_0 SUMMARY:CRCS Act with Andrew Neff: "The Internet Identity Mess and Opportunities for Improvement" DESCRIPTION:

CRCS Informal Discussion

Discussion leader: Andrew Neff

Title: "The Internet Identity Mess and Opportunities for Improvement"

Abstract: Well into the mainstream Internet's third decade, news about large scale theft of private personal data, including authentication information such as passwords, still comes out with alarming frequency. Meanwhile, even when it isn't stolen, this information is generally perceived to be misused and monetized in ways that disadvantage and disempower the average person. Frustratingly, academicians have known since the 1980s how to dramatically mitigate threats on both fronts by way of public key techniques. These techniques may have been impractical for mass Internet use as recently as a decade ago, but genuine technology availability and usability problems no longer exist. All that seems to stand in the way now are significant, but surmountable standards and adoption hurdles.

This discussion will cover some of the history of failures, and propose an initial, robust authentication prototype that is especially light weight and easy to deploy. Historically, it has been hard to convince the general public that data security and privacy are "worth the effort." But perhaps it is now possible to make the effort required small enough that a critical mass of people will adopt. If that happens, additional interesting opportunities to improve, and perhaps decentralize other important everyday transactions quickly open up.

Discussion Related Links

Sampling of (In-)Security News

http://arstechnica.com/security/2015/05/report-irs-admits-its-been-hacked-tax-info-stolen-for-100000-plus/
http://www.wired.com/2015/10/hack-brief-hackers-steal-15m-t-mobile-customers-data-experian/
http://www.zdnet.com/article/000webhost-hacked-13-million-customers-exposed/
http://www.nytimes.com/2014/08/06/technology/russian-gang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html
http://www.nytimes.com/2012/06/11/technology/linkedin-breach-exposes-light-security-even-at-data-companies.html
http://bits.blogs.nytimes.com/2012/06/06/that-was-fast-criminals-exploit-linkedin-breach-for-phishing-attacks/
http://www.cbsnews.com/news/russian-hackers-steal-5-million-gmail-passwords/
http://www.businessinsider.com/dropbox-hacked-2014-10
http://www.zdnet.com/article/cancer-clinic-warns-2-2-million-patients-of-data-breach/

Internet Structural Issues

http://bits.blogs.nytimes.com/2015/12/17/lifelock-agrees-to-pay-100-million-fine-in-settlement-with-f-t-c/
https://www.consumer.ftc.gov/blog/consumer-complaints-ftc-increased-2015
* http://www.theatlantic.com/technology/archive/2014/08/advertising-is-the-internets-original-sin/376041/
http://www.nytimes.com/2013/05/06/books/who-owns-the-future-by-jaron-lanier.html
https://www.goodreads.com/book/show/15802693-who-owns-the-future
http://hueniverse.com/2012/07/26/oauth-2-0-and-the-road-to-hell/
http://www.medpagetoday.com/MeetingCoverage/HIMSS/50983

LOCATION:Maxwell Dworkin 119, 33 Oxford Street, Cambridge STATUS:CONFIRMED DTSTART:20160411T153000Z DTEND:20160411T170000Z END:VEVENT END:VCALENDAR