Developing an Assessment Toolkit; Improving Consumer Trust Around The Issue of Data Security

While my technical report and STS paper focus on two distinct groups, the government and the general population, they are inherently related. A central theme in both papers is what is being done to help keep sensitive data secure. The only difference is who’s data is being secured. The government has a lot of data from military secrets, state secrets, cybersecurity practices, and even citizen data that it needs to keep secure. Not only do they need to keep that information private, but they also need to be sure that third party contractors are keeping that information secure. Similarly, we as individuals also have a lot of data that we would like to keep private. Just as the government needs to worry about third parties, we also need to do the same with the multitude of places we visit online that collect our data. While the government has certifications in place to give them a level of trust around this level of security, individuals need to rely on laws to achieve this same level of trust. The question of what is being done, and what should be done to increase this level of trust in both of these areas is central to my papers.

For my technical report, I described the work I did during a summer internship at a cybersecurity firm. The firm was in the process of updating their internal tools for assessing government contractors for cybersecurity certifications. My job was to help develop this application with the goal of it being used by employees to conduct interviews and assessments of third party contractors. To this end, I created an offline desktop application using tools such as Svelte, Tailwind, and Tauri. This specifically was designed to conduct Cybersecurity Maturity Model Certification (CMMC) assessments, but the goal was to make the tool expandable in the future. The application development was guided by others at the company who helped to give me feedback on the user experience, as well as certain technical requirements that the application needed to fulfill. While the initial application was not eventually utilized the company, I gained a lot of technical knowledge by working on the project. On top of this, I was also able to learn a lot more about an industry that I had not been previously exposed to.

In my socio-technical project, I wanted to analyze the issue of personal data privacy. As time goes on, this is an issue that will only continue to grow. To average consumers, it feels more and more inevitable that their personal data will be involved in a data breach simply because of how much personal data they need to give up in order to participate in the internet. To look more into this problem, I analyzed the California Consumer Privacy Act (CCPA). I looked into research about not only what the law has accomplished, but also its shortcomings. Through this, I wanted to see how these shortcomings have impacted public perception of the law as well as potentially how these shortcomings can lead to misinformation and consumer confusion surrounding what the law actually does to protect consumers. Through this research, I made recommendations about what bodies such as the government can do to clear up this confusion and make future laws like it even better and more effective.

I found working on both of these projects simultaneously to be rewarding. It helped to give me a broader perspective on the issue of data privacy and data protection by looking at the issue from multiple angles. On one hand, the work I did in my technical report helped me to better understand the issues that the government faces in keeping its data secure. It also allowed me to see what expectations companies handling this data were put under so that the government can feel more secure in the knowledge that sensitive data is being handled in a professional way. On the other hand, my STS paper dealt more with the challenges experienced by everyday people. It helped me to understand what issues laws around the subject have, and how this leads to a sense of confusion and apathy in consumers. Doing these projects together made me more aware of how widespread the problem of protecting sensitive data actually is. Just as the government is putting systems in place to ensure data security, laws are coming into place to protect the data of ordinary people. What makes me more optimistic about the future is the fact that so much attention is being given to the subject. If it is a problem for everyone, I think that makes it more likely that the problem will be solved.

School of Engineering and Applied Science

Bachelor of Science in Computer Science

Technical Advisor: Briana Morrison

STS Advisor: MC Forelle