Talk:Renewing the GC Data Strategy

Speaking for myself ONLY:

A data strategy IMO needs very close attention to mechanisms used to acquire, process, store, etc. these data. Development standards (particularly in the cybersecurity space) are very out of date - they reflect 1990s style "big bang" releases and paper assessments, no assignment of controls until months into a project, etc. This has to be changed or people will end run around procedures.

Worse, some initiatives to "democratize" the development process also jeopardize what little we have in this respect. IMO, we should be moving towards professionalization in software development, application security, data security (which was barely alluded to at all in the talks, which is terrifying), etc. Remember that data *integrity* is as important (or often more) than confidentiality, and so even if there is a revolution in "secrecy" there is still a problem with data omissions, misrepresentations, distoritions, etc. that is not only the target of bad actors, but also just a way to suffer accidents.

Finally, there is a desire to use certain acquisitions of extremely fraught ethical character - for example, spidering. Clear, agilily updatable regulations (legal sanction to departments, particularly) and very very concrete specifics on what is tolerated and not. A campaign to make the public aware of this and standards for being ignored personally (including businesses). Serious engagement with the philosophy of computing community on matters related is also vital (and this must also go beyond ethics to epistemology and effectively also, metaphysics like theories of human nature); scholars like H. Nissenbaum have pointed out that our traditional categories of privacy and such are not anything like how people actually behave and think. Whole categories of thought on these matters are not reflected (yet!) in law and policy. One interesting and terribly complicated example - terms of service. Do we honour them?