Q&A
Chief Technology Officer explains encryption and identity protection measures
1:07:03
·
128 sec
Matthew Fraser, the Chief Technology Officer, responds to Council Member Paladino's concerns about security in the MyCity portal. He explains the measures taken to protect user information and ensure data security.
- Fraser emphasizes that the MyCity chatbot is built in a closed environment to prevent sharing constituent information with external parties
- He describes the encryption practices used for both internal and public-facing applications
- Fraser explains the security review process conducted by NYC Cyber Command and external partners to validate application security
- He highlights the trade-off between rapid AI learning and personal data protection, prioritizing security over capability
Matthew Fraser
1:07:03
Yeah.
1:07:04
Thank thank you very much for the question, and it's actually a very insightful question.
1:07:10
So here's the thing.
1:07:12
When you look at AI tools and tools that make determinations based on any information that's provided, one of the reasons why we built the MyCity chatbot in a closed environment is we wanted to make sure that we didn't inadvertently share our constituent information with anyone except the city.
1:07:28
So whenever you use the my city chatbot, no one outside of the city has access to any of that information and can use that information towards anything because it's developed in a closed environment.
1:07:40
From an authentication perspective, the thing that you mentioned in terms of services when you log in to make sure that data is encrypted.
1:07:47
That's a common practice that we employ across not just internal ex applications, but applications that are deployed out to the public.
1:07:55
Part of any application development process, New York City Cyber Command has an application review process where they look at the security of the application, not just from in for internal use, but from a public perspective.
1:08:09
And then we also have partners that we use to validate that those applications are secure, and they meet industry standards in terms of best security practices.
1:08:18
I think for us, and as you mentioned, like the Big Brother aspect, A lot of times when you're leveraging tools online and you're using things like chatbots and to some degree, a large part of the information that you provide out is used in the background and can be used to enrich that chatbot, but that means other people have access to it.
1:08:37
That's part of the reason why when we deployed it, we wanted to make sure that that wasn't the case for the New York City instance, which is why it's it's in a closed environment.
1:08:46
Now the consequence or the trade off that you take by doing it that way is it means that everything that that bot has to learn, you have to teach it, and it doesn't evolve as quickly as some of the bots that are learning in real time from information that's being used in the public forum.
1:09:02
And I think for us, I'd rather trade capability for personal security every day because once we lose it, we can't get it back.
