23
Mar

CTO’s Reading List: Four Articles to Read Today, and This Weekend

Written by Andrew Jaquith. Posted in Blog Post

Greetings! Long time, no post. I have four good articles for you to read today and over the weekend.

HITECH regulations start to bite

Today, Dark Reading’s Ericka Chickowski  wrote a story about a recent settlement with Blue Cross/Blue Shield of Tennessee over violations to the HIPAA Privacy Rule. Why the penalty? Blue Cross failed “to prevent a breach that saw the theft of 57 unencrypted hard drives containing recordings of customer service phone calls. The drives were left behind in a data closet after the company stopped using a leased facility.” The precedent, in other words: thou shalt encrypt thine hard drives under penalty of fine.

Good article, but Dark Reading waxes a bit hyperbolic by saying that that particular case ushers in a “new era” in health care regulatory enforcement. HHS’s OCR division has been reporting on breaches since 2009 at least, with over 100 breaches affecting more than 500 individual since 2009. But Ericka’s broader point is still valid. Anecdotally, we’ve seen a steady uptick in visibility of these kinds of enforcement actions. For example, see this recent post by Proskauer LLP’s Robyn Sterling about Minnesota Attorney General Lori Swanson suing a business associate for failing to encrypt the contents of a laptop that was lost.

As a managed security services and hosted email provider that does significant business with health care companies, Perimeter believes health care Covered Entities need to take a proactive approach to security. You can see my blog post describing our “Rx for health care” (sorry for the pun) here.

Disclaimer: Perimeter E-Security is a Proskauer LLP client.

More testimony to John Nash’s beautiful mind

The Turing’s Invisible Hand blog posted an excerpt and commentary about a recently declassified John Nash’s 1955 letter to the NSA describing a new method of cryptography. In the letter, Nash anticipates by nearly two decades something that we all now know to be true: the “strength” of a key should be judged based on how long it takes to factor it. He also suggests that by selecting algorithms of sufficient complexity, cryptosystem designers could fashion sufficiently long keys that were essentially unbreakable. Again, this is held as gospel today — how many times have you heard expressions like “it would take 16.7 million years to crack a xxxxx-bit key”? — but it was a sensational assertion (albeit privately voiced) at the time. It’s not clear that the NSA ever took Nash up on his offer to work on his proposed cryptosystem.

If you are a cryptography nerd, or play one on TV like me, you’ll get a real kick out of this letter, though.

EU Data Protection rules become less confusing

US multinational corporations that have European subsidiaries have long had to make difficult decisions about how to comply with the EU Data Protection Directive (DPD). Do you use model contracts or binding corporate rules? How much money will it cost you to comply with each member country’s Data Protection Authority (DPA)? Are you forced to set up European data centers? So it comes with some relief that The European Commission’s new draft regulation, which essentially replaces the DPD, would bring much clarity to these and other issues. Covington Burlington LLP’s Mark Young does a nice job in his post “European Commission Proposes Comprehensive Data Protection Reform” summarizing the key changes.

That said, if you want to read a very thorough, incredibly thoughtful yet readable analysis, go read Christopher Kuner’s article, “The European Commission’s Proposed Data Protection Regulation: A Copernican Revolution in European Data Protection Law.” Christopher is a Brussels-based partner at Hunton & Williams, and is my “go-to” guy for all things related to EU data protection.

 Visions from Ben

On a fun note, for Friday:

Over at Stephen Few’s Perceptual Edge blog, Stephen posted a link to a paper by Ben Schneiderman that made me very happy. For those of you who don’t know him, the University of Maryland’s Ben Schneideran is one of my favorite data visualization thinkers. His specialty is exploratory data analysis, and he invented the treemap. He and Jeffrey Heer from Stanford just published a delightful taxonomy of  analysis tools for data visualization called… (wait for it), “A taxonomy of tools that support the fluent and flexible use of visualizations.

The article — which will take you about 15 minutes to read — defines a vocabulary and way of thinking about interactive data exploration. This is a crucial discipline for Big Data analysis (see my post on that topic here). You can’t say “Big Data” without “analysis.” Two items in the paper that got my attention is formally defining “trellis plots” (another name for small multiples) and “brushing and linking” (clicking, selecting or rolling over a data range in one plot causes them to to be highlighted in related plots). I also liked the closing part of the paper, which stresses that data analysis is really all about storytelling. While I can’t say too much about what we’re working on here at Perimeter (super secret!), I’ll just say I was able to relate to this point really, really well.

That’s it for now. As always, I look forward to your comments on these articles and other topics.

Trackback from your site.

Andrew Jaquith

Andrew Jaquith is the Chief Technology Officer of Perimeter E-Security. Before Perimeter, he was a senior analyst with Forrester Research and Yankee Group.

Leave a comment