Earlier this week, the Jewish Communal Fund hosted a forum at the Harmonie Club entitled “Privacy, Safety and Security in an Increasingly Vulnerable World.” For the folks in attendance, it was a sobering 90-minute overview of the myriad real-world and online threats that we face each day.
The panel was moderated by Jordan Arnold, Esq., Senior Managing Director at K2 Intelligence and a former prosecutor with the Manhattan District Attorney’s Office. He was joined by an illustrious panel of experts, including:
- Raymond W. Kelly, Vice-Chairman of K2 Intelligence and former Police Commissioner for New York City;
- Jeffrey Neuberger, Partner, Proskauer; Co-Head of Technology, Media & Telecommunications Group; and a Member of the Privacy and Cybersecurity Group; and
- Stephen G. Poux, Senior Vice President, Private Client Group Risk Management and Loss Prevention, AIG.
Additional information about the speakers is contained in the PDF below.
K2 Intelligence’s Arnold got the event underway by asking former Police Commissioner Kelly to give an overview of some of the major security challenges facing the country and the world. Many heads in the room were nodding when he began by saying that “there is a high level of anxiety these days.” At the top of Commissioner Kelly’s list of hot spots, not surprisingly, was North Korea; as he pointed out, the United States has had issues with that isolated country since 1948. Next on his list was Russia, which he described as “a country that in many ways is a failing state.” From there, he segued to a discussion of the challenges in the Middle East and the ongoing concerns regarding international and domestic terrorism.
Mr. Poux, as he himself noted, had the unenviable task of following Commissioner Kelly’s sobering summary. As the only insurer on the dais, he focused his comments on some of the emerging risks for travelers, particularly those known to be affluent. For instance, he and his colleagues have seen a rise in so-called “express kidnappings.” The phrase refers to a situation in which tourists hire a cab at an airport and while enroute to their hotel, are taken to an ATM and ordered at gunpoint to withdraw whatever money is available. Mr. Poux said that AIG recommends that its clients reserve a car service from a reputable company before traveling overseas and that they not get into the car unless they have a photo of the driver or a code word to confirm identity.
Among other things, Mr. Poux also said that his practice when traveling is to request a hotel room on the 4th through the 6th floor. It is high enough, he said, to make it unlikely that anyone will climb up and into the room but not so high that firefighters can’t reach the room with a ladder in the event of a fire.
Jeffrey Neuberger and Jordan Arnold continued the discussion regarding overseas travel but with a focus on digital security. Mr. Neuberger, for instance, advised the audience to only bring absolutely necessary electronic devices when traveling overseas. The assumption, he said, is that any electronic activity overseas is available to third parties (whether the government or non-government actors). The best approach for traveling with electronics is to purchase a new device in the United States (or wipe your existing one) and bring it with you.
Above all, Mr. Neuberger said, avoid using public wifi in foreign countries unless reading the paper or looking up information; scrupulously avoid entering any private information or passwords. If you are not using your device, then turn it off and physically remove the battery to protect it from intrusion (in some countries, like China, mobile devices can and will be infected with malware during routine operating system updates).
For those traveling with confidential material (which should be avoided if possible), Mr. Neuberger recommends deploying whole disk encryption. However, some countries prohibit travelers from bringing in devices that are encrypted, so do some research ahead of time. And above all, don’t lie about having an encrypted device when going through customs; if the device is checked and encryption is discovered, the consequences could be quite serious.
All four panelists raised serious concerns about the amount of personal information that is shared through personal media and the ways it can be used to defraud someone. Commissioner Kelly flatly advised the audience not to use Facebook at all. Mr. Poux pointed out that a gang of thieves followed Kim Kardashian on Facebook and other social media channels for two years before robbing her in Paris; when the robbery occurred, the thieves knew exactly which pieces of jewelry to target, thanks to Kardashian’s bling blogs.
There was general consensus that the rapidly-expanding Internet of Things will only exacerbate the privacy challenges that we all face. In light of those concerns, the audience was amused to learn that Commissioner Kelly owns both an Amazon Echo and an Amazon Dot. That doesn’t mean he is oblivious to the privacy concerns: “They’re recording all the time,” he said, “and the FBI is now starting to subpoena the information collected by these devices.”
As someone who has had an Echo for nearly 18 months and was delighted to learn that it can be told to play MLB games with a simple voice command, I found Commissioner Kelly’s enthusiasm gratifying. But as the half-hour Q&A session made clear, there is a lot of concern about the extent to which we can actually control the spread of personal information and prevent its misuse. One topic of particular interest, for instance, was the vulnerability of Web cams and baby monitors to hacking.
Audience members also focused on how to generate good passwords and remember them. Mr. Arnold suggested the use of password software and listed a number of useful applications, including Dashlane [which I use], 1Password, DataVault, and LastPass. The panel also offered a series of familiar recommendations to improve password security: 1) make each password at least 15 characters long; 2) don’t repeat passwords for different sites; 3) change passwords promptly if there is a breach; and 4) make sure a trusted individual can get into your password software in case something happens to you.
Set out below the speaker bios are some handouts that were distributed at the forum. Each contains a number of additional suggestions for protecting your privacy and security, so I recommend looking them over and implementing any that make sense for you.
[Update 2017-05-05] In response to this post, my friend and colleague Dr. Sam Albert forward to me an article that readers may find useful: “Dear Wirecutter: How Can I Wipe and Restore Tablets and Phones for Travel?”