What is the true price of free and how much data are you willing to trade for convenience or security?

These are the looming questions that the National Cyber Security Alliance sought to address this week during its 8th Annual National Data Privacy Day (Jan. 28, 2016), supported by the Georgia Institute of Technology School of Interactive Computing.  Professors Annie Anton (IC) and Peter Swire (Scheller College of Business) serve on the National Cyber Security Alliance advisory board.

“Most Americans are giving up a lot more data on a daily basis than they might think,” says Andrew Howard, director of the Cyber Technologies & Information Security Lab at the Georgia Tech Research Institute (GTRI). “Between their cell phones, security cameras and Internet browsers, the average person is trackable throughout most of their day.”

Despite the prevalence of hacks or fears of overzealous surveillance, Swire, who is the Huang Professor of Law & Ethics at the Scheller College of Business, argues that the U.S. is still one of the safest places in the world with stringent safeguards of individual privacy.

“The 4th Amendment applies to all wiretaps – it’s a legal structure for any intercept of communication or information,” Swire said, who served as the top privacy official under the Clinton administration and on Obama’s cyber security review group. “If you violate the 4th Amendment, you cannot use the evidence in court. What other countries have a legal order that is the same as the U.S.? Who in the world has a longer and stronger tradition of protecting fundamental rights than the U.S.?”

This week, Swire was in Brussels to debate European privacy activist Max Schrems, who has alleged that American companies too liberally trade personal data between the U.S. and Europe.

But despite protections like the 4th Amendment, Swire and others at Georgia Tech agree: Current technology allows such a new breadth of data collection that individuals should be concerned about collection until that data is proven necessary and useful. We asked faculty, scientists and research engineers for their thoughts during National Data Privacy Day:

What do too few Americans know about data privacy but should?

“Data brokers know much more about you than you can imagine, and there are few regulations for this industry. Data brokers collect personal information about consumers from a wide range of sources and provide it for a variety of purposes, mostly marketing and people search as documented by the Federal Trade Commission … Inferences these brokers data aggregators make include potentially sensitive things like ‘expecting mother’ or ‘diabetes patient.’ [Their] products can be used to facilitate harassment, or even stalking, and may expose domestic violence victims, law enforcement officers, prosecutors, public officials, or other individuals to retaliation or other harm.”

Michael Farrell, associate director
Institute for Information Security & Privacy

What should every individual do at minimum to protect their data?

“Think twice before in-putting data into different applications or giving online applications broad access to your online accounts through services such as Facebook, Twitter or Google Mail. Asking yourself a few quick questions before sharing data can go a long way towards avoiding problems: Is this a trustworthy service? Who will have access to my data?”

Andrew Howard, director
Cyber Technologies & Information Security Lab

“Right now, by default, you will be tracked and you have to manually switch on the options to block your tracking [in Internet browsers, for example]. Product developers should be focused on flipping that option so that by default you are not tracked. For most sites that we visit, we do not need to be tracked.”

Wenke Lee, professor of computer science and co-director
Institute for Information Security & Privacy

Who can best lead the development of new solutions for cyber security — government, industry or academia?

“It’s academia and industry working together. Our research is based on understanding what is going in the real world and the threats that are there. We call it ‘ground truth driven research.’ A lot of the data that enables this form of research is there in industry, so academic and industry working together is important, as well as the government supporting forward-looking, longer-term goals.”

Mustaque Ahamad, Professor of Computer Science,
Director of Educational Outreach
Institute for Information Security & Privacy

“Industry is best positioned to lead the way due to the market pressures placed on them; however, without academic research and government support, they are unlikely to succeed. Like most hard problems, solutions will require a partnership.”

Andrew Howard, Director
Cyber Technologies & Information Security Lab

What are you most excited about that could advance cybersecurity?

“I am excited that debate is in the public sphere at this time, and that people are talking about cybersecurity.”

Peter Swire, Huang Professor of Law & Ethics
Scheller College of Business

“Many open-source solutions are being created here at Georgia Tech, which anyone can use to create more secure systems, software and hardware. Our projects like UCOGNITO can help people truly browse privately. Other research is exposing new places where information is being leaked, for example, between mobile app developers and ad networks. We need to educate consumers to apply pressure to overzealous businesses, and as researchers we can focus on creating the tools that enable customers to protect themselves.”

Wenke Lee, Professor of Computer Science and Co-director
Institute for Information Security & Privacy