TTS's Security and Privacy blog offers news, announcements, and insights on responsible data use and best practices related to security and privacy at Tufts.
You probably aren’t interested in this, but the Family Educational Rights and Privacy Act (FERPA) was part of a legislative response to what the public saw as a “records prison”—data about your past tends to define you—which also generated a “dossier consciousness,” which had them focusing less on “what [they] are” than “what the record makes [them] out to be.”
Costs and Risks of Artificial Intelligence
(Gary Weingarden, Privacy Officer & Director IT Security | Published May 2024)
As promised this post is about AI costs and risks. While AI offers a lot of benefits, it also comes with costs and risks. The costs and risks vary among use cases and types of AI. Check some of the links at the end of this post for more resources.
Beware Tax Season Scams
(Gary Weingarden, Privacy Officer & Director IT Security | Published March 2024)
Scammers don’t need a special occasion to con you, but it definitely helps. It’s tax season and the scammers will use our culture and expectations against us.
Best advice: If you’re contacted about tax-related matters be skeptical.
The IRS, the FTC, and several state attorneys general have web pages with details about current scams and advice about how to spot them. I’ll hit the high points here.
A Quick Primer on AI
(Gary Weingarden, Privacy Officer & Director IT Security | Published February 2024)
It seems like everything comes with a fancy “AI” feature these days. I get lots of questions! This post will explain some of the basics; later we’ll explore some of the risks, challenges, and really cool features of AI and related systems.
What is Artificial Intelligence? What is Generative Artificial Intelligence?
AI has been around for a long time, and ChatGPT and other Generative AI are only the most recent, trendy example. A popular definition of AI is: a computer system “that can perform tasks typically requiring human intelligence, such as problem-solving, decision-making, language understanding, and perception.” There are more elaborate definitions, and definitions that are more technical (see discussion of Russell and Norvig), but AI is a broad category that, depending on the definition can include everything from the Antikythera mechanism, to an ATM, to Google’s autocomplete, to Deep Blue (which defeated the chess world champion, Garry Kasparov back in 1997). Frankly, the concept AI is often unhelpful because how much it covers.
Unpacking the MOVEit Breach
(Gary Weingarden, Privacy Officer & Director IT Security | Published October 2023)
If you haven't heard about it yet, a software product called MoveIT was compromised by a group called cl0p. Lots of businesses used MoveIT, and many of those businesses provided data related services to other businesses, so the exposure is spread out, and those impacted may be once- or more-removed from the buseinss that whose data was compromised. As a result, you may have already heard about other MoveIT-related breaches. If you're curious about the details, you can learn more here. Tufts has learned that NASCO, which provides technology to health insurers, like BCBSMA, was impacted. If you are a Tufts employee or dependent who is enrolled in our BCBSMA, you may receive a notice from NASCO. The notice will include instructions for how to sign up for 24 months of free credit monitoring and identity theft protection and the number for a toll-free call center. If you need more information, the best source is the call center phone number provided in the notice.
Learn more about statistics and analysis behind the MOVEit Breach.
Is this Personally Identifiable Information?
(Gary Weingarden, Privacy Officer & Director IT Security | Published September 2023)
Is this PII? I get this question a lot. Or the similar claim “I removed all the PII.” I regret to inform you, that’s not quite how it works. Don’t get me wrong, I know what you mean, but we’re really not talking about Personally Identifiable Information. In fact, the term “PII” doesn’t appear in many laws. PII is shorthand for what lawyers call covered data–any data that’s subject to a law or contract. PII casts a wider net than you’d expect and includes more than things like name, address, and SSN.