1) Introduce yourself to the audience (Background, Profession)

My name is Pradeep Atrey. I am an Associate Professor of Computer Science at the College of

Engineering and Applied Sciences, University at Albany (UAlbany). I am also the Director of
Undergraduate Computer Science Program. I also co-direct the Albany Lab for Privacy and Security
(ALPS).

2) What inspired you to become a cybersecurity/privacy professor?

Cybersecurity is an important problem which society is facing today. It is very vital to study this
problem and develop scientific solutions to tackle it. This motivated me to conduct research in this
area.

3) What lessons do you teach your students that are different from other professors? What
topics do you teach your students, titles of classes, types of students, who takes your class?

I teach course on Cryptography and Computer Security, which covers the fundamentals of security
and privacy techniques and their applications in countering various cyberattacks. Students at senior
undergraduate and graduate levels typically take this course.

4) What can you tell me about cyber security, what's new, has there been any new concerns
about privacy?

We face cyberattacks on a very frequent basis. For example, recently vulnerability was found in
WhatsApp, a widely used app for multimedia message communication. In this attack, an adversary
just needed to place a WhatsApp voice call on the victim’s phone in order to install malicious code
on the phone, even though the victim does not even answer the call. The malicious code once
installed on the phone can be used to steal all the data including messages, calls, photos and videos
from the phone. This led to a big privacy concern among people who use WhatsApp.

5) Has there been new legislation released in regards to privacy/cybersecurity? How is privacy
being dealt with in businesses?

Recently, European Union (EU) came up with a new privacy regulation called EU General Data
Protection Regulation (GDPR), which defines how data should be handled in public and private
sectors. This legislation is considered one of the most important changes in data privacy regulation
in 20 years. In USA, although there is no general federal legislation, there are sector-specific data
protection laws such as Driver’s Data Protection Act (DDPA) and Health Insurance Portability and
Accountability Act (HIPPA). I foresee a need for a comprehensive legislation like GDPR in USA.

6) Is privacy something that we should worry about?

Although privacy is a subjective phenomenon, meaning some may feel privacy loss in a given
circumstance while others may not; there are general scenarios in which most people would be
worried about their privacy. If, in what is revealed to public, there is some sensitive information,
most people will feel privacy loss. For example, if one is captured by a surveillance camera on street
(normal case) versus in a hospital (sensitive case); in former case many people may not feel privacy
loss while in the latter case most people may be concerned about their health related information
being leaked to adversaries.

5) Are there any specific cases (legislation) that you and your students discuss in class?

We, in computer science department, teach cyber security and privacy from technical perspective
rather than law and policy perspective. The law and policy aspects are covered in other UAlbany
schools such as College of Emergency Preparedness, Homeland Security and Cybersecurity.

6) Since these new laws exist, such as the ed law 2d, which prevents large business
corporations such as Google to steal any minors data, if it has any relation to school or
education. Are we seeing any of these changes happening?

With these new laws, such as New York State Education Law 2-d, business corporations will
definitely be more cautious in using minor’s data.

7) So, what most people do to hide data that is being collected from ISP’s is by using free
VPNs. Could you explain the disadvantages of using these free VPNs? Is our data being
protected, like these companies mention in their ToS?

Free Wi-Fi connections are very lucrative and we normally tend to use these. However, it is
important to understand that most of the connections are not secure and ISPs can see your data.
Their Terms of Service (ToS) are mainly meant to benefit them not the users.

8) What precautionary measures should users take when surfing through the internet. What
should they be aware of? What websites/browsers should they be using? What types of
software should be installed?

There are many steps one can take while surfing through the Internet, such as:

a) Avoiding the use of unsecured Wifi: We generally use freely available public Wifi in shopping
malls, airports etc. and access emails and social media. These unsecured networks allow
eavesdroppers to capture our confidential information (e.g. id and password).

b) Use of different passwords on different accounts: One should not use the same passwords on
logging over all the accounts as if any of your website is less secure it will make you identity
information known on all the websites.

c) Use of authentic mobile login apps: It is important that users always login through Authentic
Mobile Apps to login to social media or banking or financial websites instead of logging on them
over browsers. There are multiple benefits: (1) we reduce the possibility of key logging, remote
terminal monitoring which is very easy on desktops; (2) there is a very low chance of phishing as
users cannot be redirected to a phished site on phone when they always use their corresponding
mobile app to login and surf. One does not need to check for “https” on the status bar or
certificates as we need to do on browser to verify authenticity of the websites. Also on mobiles
there are no browser extensions which can sniff your data in the background.