Where Do You Draw The Line? by Patricia R

hi so hello everyone I'm Patricia and on this privilege 15 minutes of fame that I have here I'm gonna take us through a thought experiment we and I thought experiment is really just a fancy name that that is that I gave to the process of using that question that I that I put there where do we draw the line uh to make us think a little bit outside of our reality box or security concerns that we have right now in the present so first of all just a tiny bit of a disclaimer you can see there it's it's mentioning Schrodinger's cat and the reason I'm mentioning it is because towards the end it will get it's not

Sinister but it does mention something like a little bit weird and you'll see that it has something to do with rain computer interfaces as well um but again it's not to be Sinister it's just to unravel New Perspective so to explain or not our minds to new ways of thinking first a problem having that sad what's the plan because every how to do presentation sales we should have a plan and we should show the plan and the first thing that I'm gonna present to you is how we're gonna set the scene so why use the the question that I posed where do you draw the line and after that uh we you use we are

using that question to challenge our boundaries in terms of security concerns and finally if I completely mess this up and we are all lost we will just have a few key takeaways that I hope at least that that brings some value to to us all so let's start by understanding why are we using this where do we draw the line expression uh or question so I was having a discussion with a colleague of mine and he had his point I had my points no one was really winning my colleague was saying okay no no this is fine but this is not fine and the way I was able to make him look at the issue

from a different perspective was by saying well you you cannot see the text because it's too clear obviously but we draw the line we drew like everyone draws the line where they stand so if you draw a line here it's because you stand here and you agree with that and I'm like okay but if you agree with that someone that agrees with something a little bit above why is that not good for you what makes your perspective better than that person's perspective and I I understood that that really fits in a lot of arguments that you can have with other people about issues and not all of them but many times it's just an opinion it's an

opinion based um discussion so you can use that to say oh to challenge the other person saying hey why is your line better than my line now applying that to security and security concerns uh through a timeline uh generation generational timeline so in the past my grandparents they they would have things like telephones and letters they use nothing like smart anything smart they would write their own letters and they would forward them and their concerns were mainly oh is my letter reaching the right person if they're really fancy they will think about uh what about wiretapping is my telephone being wired up so you you could even ask if I ask them oh what about this business uh

business availability because it's relying on a server running in some kind of uh like some cloud service provider well they're like it's not within their security their security concerns because it's not within there's a reality box the reality box well solely telephones letters pretty much a now if we move a little bit forward to right now I challenge um uh well I dare to say that everyone here has some kind of social network and more than that it's probably running on some kind of cloud service so someone else's computer is running that application so and the concerns here are not just the privacy and the data management side making sure that oh who has my data and did they

delete it and what they are neglecting about me it starts also being a business-wise business starts relying a lot on server servers that are just spread around the world and networks so availability starts being a concern as well so you can see the the shift from the past to the present the concerns are changing and even in the present itself we can see that a few years ago what I'll I'll be a lot concerned about my network perimeter and making sure that my network was worth it and the firewalls just blocked anything that wasn't and now because of work from home and and everyone having their own devices we start shifting that's concern even just in the

present what I what I'm considering the present we start shifting that concern to Identity so from the network parameter to Identity so I think it's just interesting to to see how even when what there is being considered present it it's constantly evolving and now well not now in the future what are we looking at we're looking at right computer interfaces we're looking at a virtual reality uh augmented reality and that brings its own concerns so as it was mentioned just an hour ago um the brain computer interface is brain computer interfaces do put a new security concerns or should make us think about new security concerns and what I think happens here is that I believe it's kind of a mistake

we are applying a lot of the present security concerns and security and um present threats to the Future threats the future of the of technology so really what I wanted to explore is what's even further what's what's the trend there so I was at security besides Dundee up in Scotland and there was this talk about metaverse and how the even organizations are investing a lot on quite a lot in and not only having video video conferencing with cameras on they actually want you to feel in the room so you have virtual uh a VR set and you look around and you are in a room and you feel like you are in your room because you have Visual and um hearing

those kind of Sensations and so we can see that the trend seems to be to make what what what we would traditionally look as a physical thing but visually so I'm in a room but I'm not actually in a room but why stop ourselves just in the visual and the hearing Sensations why not you know just like was said previously uh or Sensations are just signals to our brain Why not start like mimicking those Sensations to um in in a virtual space so can I can I pretend that I'm fully within um some kind of experience that makes me feel things it makes me feel happy makes me feel like I'm eating a sandwich when

I'm I'm not or making me feel like I'm eating a pizza and here people start responding like oh we need to limit these things because uh you know it starts being a little bit outside of what they can imagine oh wait I I don't want to leave through a virtual thing I want to experience real life uh however I don't think this argument holds because I'm a deep believer in human curiosity and engineering and I believe that those two together with the right technology if it's possible it will be done and that means if it's possible for someone to stimulate uh some kind of feeling in my hands or in my body that will eventually

happen from whichever technology takes me there [Music] let's assume even Limitless and let's assume we can fully virtualize our lives and I I'm just I'm not saying this to sound crazy you know just Why Stop why draw the line at the hearing and visual Sensations who am I to draw that line there I'll say well let's see as long as I get the my nutrients and I can leave from like and connected to some computer I'm I'm no one to say that the line shouldn't be there but what concerns does that start bringing us so if you if you think of Sensations and if someone can simulate some kind of touch in my hands the only difference between that and

pain and physical pain would be the intensity right so more than just making sure people cannot read my thoughts and write my thoughts of privacy and confidentiality and integrity we start having concerns just by Expo by expanding our reality box to the uh the physical sensation we start having to think wait a second what about physical pain and that that's something that you not traditional traditionally think of right so what are the key takeaways this is quite fast but that's what I wanted to to Really [Music] um make sure I'll pass through yourself and you we need to be creative enough so that new threat scenarios emerge from things that we were so who here would

think about physical pain just from whatever we have the technology we have now it's not really something that we think of but by just unlocking that New Perspective we start thinking of it or we should start or maybe it's crazy but it's just to to make ourselves think okay maybe maybe we think that maybe we need we need something a little bit more creative on a another thing that I really really believe in is determine controls so just saying you cannot do it is not something that holds look we are humans and what distinguishes us from other animals is curiosity if it's possible it will happen it's not big it's not because we are bad it's

just it's just engineering it will happen so do not hold on to those policies that you have you know don't rely on them to make sure and I just say I I say and that's good right because and look what Curiosity has minus D in terms of Technology I'm able to have like this thing uh connected to my laptop and it shows something in a TV or in a a screen it's like that yeah it still amazes me we owe that to curiosity again with creativity you know when you're doing your threat models just try to do that extra step of going a little bit outside of the reality box that you are right now because your

reality box might be just a little bit under what the attacker attackers is so just add that creativity just just think what's your physical pain scenario on whatever your threat modeling and don't limit yourself to the to the boundaries of your reality works that's all [Music] [Applause] thank you anybody have any questions

thanks for that Patricia so um I I took you took your point that um you're looking at um uh like like what threats look like now and in the future but um I I you know I I struggled a bit with with what you said there because I've you know I've been around in the industry for for many years and you know I was comparing well you know if you look at the past how threats were in the past if what I've imagined them now it's the same things that come up over and over again and I was just wondering do you think that will always be true or is is this um you know is

there a fundamental set of things that um are always going to be security weaknesses that are fundamental to the human character or do you think that new technologies will naturally bring new different ways of attacking great question so I think there there are certain so the new concerns don't eliminate the common ones so one thing that that you could see the Privacy is always a concern even in my grandparents uh time they'll be concerned okay can anyone read my letters that are supposed to be only to that person so you can see privacy is always a concern there it's just that new security considerations are added it's not that there are uh I I'm not I'm absolutely

not saying that the the old ones are gone some some are even hiding it like highlighted now so because the previously now and the data it's kind of just a derivation from those like really old ones but the because it's much bigger and we're all just connected to each other they are even more important and if you go to the Future they are still there I still want people to read my mind if it is no please do not to read a and not write I would say that right is even worse I'd say um so I absolutely it's not that there are all always the common ones it's just that you might encounter other ones that you're not

thinking right now but you might have to think of them in the future thank you any other questions um I've got one if no one else does um so I was just wondering in terms of you talking about your um threat modeling um going back to the title of your site where do you draw the line in terms of how far how far do you go um to say that this is something that's beyond the realm or this is something that we need to build in in the next three to five years do you do it on impact do you do it on time to adoption how do you draw that line I haven't had that

in that I've done a couple and that's something that I I I I struggle with that because I just want to fix everything my line is really well in my acceptance line in terms of spreads is that I don't accept I am like no no we have to defend against this even if it's such a small thing so I'd say because ultimately and this is something that I've learned uh recently ultimately everything is a business so if uh companies that you work for they they're not looking to be absolutely 100 secure because everyone knows that's not possible and it's not uh profitable so I'm gonna say this well it's almost like a joke just go as much as you can

until like until tilled off by your uh or Superior saying no you cannot do that because you're spending way too much money and just handling that one threat scenario um but do consider them because I believe that you're better off at least knowing the threats are there even if you're not handling them you are aware and you are conscious that it's something even if the likelihood is really small it's something that can happen cool thank you here's any other questions yep

thank you um you know how you said that don't limit yourself to the boundaries of your reality books how would you suggest to somebody like how to achieve that like how how can one push themselves to think above that reality box excellent uh oh just you need creative you need to think that that's a really good question you just screwed me because I'm not trying to think what made me think of the physical pain one

[Music] would it be like exposing yourself to things and just I don't know experiencing whatever happens and then open mind maybe fair enough I won't take it and open and I was just talking to people and coming to conferences like this and where you where you because sometimes just one or a shower you know sometimes you're in the shower and you just find something in your brain like back there you're like you know what it makes sense and you just have to try to fit it then thank you oh we're out of time thank you so much [Applause]