Feigenbaum on Personal Data

Vivek Gopalan: We see that in the Internet Age, government has authorized themselves with the ability to surveil and collect personal data etc. What do you think, as an individual, are important things to do to ensure one's own data security? And tangentially related, should we have a right to sell our own data and commercialize it if we so wish?

Professor Joan Feigenbaum: I don’t have a straightforward answer to those questions. It depends entirely on what you mean by “ensure one’s own data security.” It is feasible for a tech-savvy individual who owns a particular dataset to secure it. Once you identify such a dataset, you can encrypt it and store it offline - not on a networked machine. If you have to send it to someone, then figure out a way to do so in which the data never have to be in the clear (unencrypted) on a networked machine. For example, if the entire encrypted dataset fits on a high-density handheld storage device, just (physically) send that device to the recipient, and send them the decryption key on a separate, secure channel (perhaps on its own physical device). The recipient should ...