In previous blogs, we discussed the fact that data is physical and inherently controllable. Much like I can move a candy bar from the left side of my keyboard to the right, leave it there in anticipation, and slap away a hand intent on stealing it, it’s possible to physically control where data goes, where it remains at rest, and who can access it. What does this say about data ownership? Quite a bit, as it turns out.
In every field of engineering, there is a grace period when the engineers doing the heroic work of making a complex and highly valuable new technology work can escape liability for poor performance, failures, or damages caused by what they build. That grace erodes as the technology becomes commonplace. Eventually, usually through a combination of litigation, legislation, regulation, and evolving insurance requirements, liability and responsibility for failure starts being pinned to the engineers who designed and built the failed system.
Information was first digitized in the 1950s, thus ushering in the dawn of data. Then, as now, software was used to create and process data, and like most new technology inventions, security was not inherently built in. Software developers didn’t feel the need to apply controls to the new data objects created. Anyone with access to the software and the rare, expensive computer on which to run it could open, read, modify, delete, or copy this data without limits.
Data is just the geek word for information, right? If I were to provide information about the room in which I write this, I might say that it’s 10 feet by 8 feet with a 12-foot ceiling. You’d realize that it’s a comfortable but not overly large space. To put that information into a database, you would use software to enter each dimension into the appropriate cell and save it to your device’s hard drive. Although this description seems straightforward, the information I just conveyed to you and the corresponding data in a database differ in important respects. Without understanding the distinction, we will always struggle to think accurately about data ownership, privacy, and even cybersecurity.