Abstract
Digital data collection presents a delicate balancing act between creating beneficial results from collecting consumer data and avoiding deleterious infringement upon user privacy. Unfortunately, major tech companies have almost unilaterally ignored user privacy in favor of rampant data collection. To help rebalance the field to maintain user privacy, engineers must first strive to create secure products. To that end, this technical work aims to assess the readiness of computer science graduates to face cybersecurity challenges that await them in professional software development. Secure software alone, however, will not suffice to guarantee user privacy; the science, technology, and society (STS) research paper seeks to fill the gaps left by the technical work by examining how the United States can create data regulations that safeguard user privacy into the future. Both the technical and STS works serve to ensure that software products are created for the benefit of the public by promoting a right to privacy.
The examination of University of Virginia (UVA) computer science graduates will, in a small way, help to ensure that new software engineers are ready to tackle real world software development challenges, including protecting user data. To assess the readiness of graduates, tasks from a cybersecurity event are analyzed to determine how well UVA computer science curriculum prepares students for security threats. The analysis demonstrated that while UVA cybersecurity courses give engineers a solid foundation in dealing with security challenges, the engineers may struggle using only information from the required computer science curriculum. Thus, the report concluded that further research into the value of cybersecurity knowledge in professional software development environments is needed.
In addition to a strong technical foundation in engineers, strong laws are needed to fully protect consumer privacy. In support of this goal, the STS work focused on ways the United States could create lasting national privacy legislation. The work argued that California’s privacy acts, the California Consumer Privacy Act and the California Privacy Rights Act, could act as models for a national law. Using Callon, Latour, and Law’s Actor-Network Theory, the paper compared the national actor-network to the California actor-network to identify key differences. These differences were then assessed to make recommendations for changes to the United States network.
The paper found that consumers in the California network had stronger connections to the government and data collection regulations as compared to consumers in the national network. In California, activist groups used the ballot initiative system to propose first the California Consumer Privacy Act in 2017, then the California Privacy Rights Act in 2020. The ability to directly propose legislation does not exist at a national level, where citizens have few options to voice concerns outside of voting for representatives. In addition to the ballot initiative system giving citizens stronger ties to legislation, the California Privacy Rights Act created a California Privacy Protection Agency, giving consumers a forum to directly voice privacy concerns. The paper concluded that including consumers in privacy discussion is essential to protect the right to privacy.
Engineers have a responsibility to work in the interest of the safety, health, and welfare of the public; therefore, protecting user privacy by creating secure products is a key responsibility for software engineers. Additionally, the success of the California privacy laws indicated that laws regulating software products must consider consumer input to properly protect privacy. Together, the technical and STS works demonstrated that fully guaranteeing user privacy requires both the technical knowledge to create secure software and an understanding of the broader societal context of the software to maintain its users’ privacy.
