data

The difference between European and American privacy approaches is typically framed as E.U. aspiration versus U.S. pragmatism:

• The E.U. views privacy as a source “right of personality” versus the U.S. mosaic of privacy torts;
• the E.U. has comprehensive, federal law versus U.S. spotty, sectoral statutes; and
• the E.U. has spotty enforcement at the nation-state level versus U.S. rigorous enforcement through private right of action, state enforcement through attorneys general, and federal regulation through the Federal Trade Commission.

As Don Cohn has said, “hell on earth is E.U. law and U.S. enforcement.” There’s some truth to these characterizations, but they miss the point. The E.U. and U.S. simply disagree on the priority of two key cultural values, disclosure and discretion — that is, freedoms of the public (i.e., speech, press, assembly) and freedoms of the person (i.e., equal treatment, privacy). We get mired in technocratic detail without recognizing this fundamental cultural difference.

Last week, the European data protection authorities came to Silicon Valley to discuss access and use of online personal data. The clash of values, between rights of the public and rights of the private, could not be more clear. At the Berkeley Law Privacy Forum, Peter Hustinx (European Data Protection Supervisor) said:

“When data have been published or have been shared and it is within your [company’s] power to get them back, you have to make reasonable effort to get the spirit back in the bottle.”

Mr. Hustinx seems to be saying that even if information is published, there’s an obligation to re-cloak it. For example, if two Twitter users get into a heated fight (hey, it happens), and both agree to delete their exchange, Twitter should make “reasonable effort to get the spirit back in the bottle” and delete the tweets. But what if these public tweets are retweeted far and wide? Does Twitter have the obligation to delete them, too? I don’t think so.

What is noticeably absent from this point of view is the public’s right to history, knowledge, and lessons learned. Sure, a public fight often results in public humiliation of the combatants (or at least the loser), and they want to erase the experience from the public record. That’s a mistake. Many of life’s lessons have been learned by witnessing (or sometimes engaging in) playground, barroom, and online fights.

What’s more, the duty to have our public mistakes remembered isn’t just important to our social fabric, it’s a key ingredient to technology innovation. Entrepreneurs aren’t deterred by risking the embarrassment that comes with public failure. To paraphrase famed marketer Geoffrey Moore, please fail publicly so we can learn from your humiliation. We’ll forgive you and thank you.

More from Jim Adler
Chief Privacy Officer, Intelius

There’s a new threat landscape and it’s you! So, what does that mean? According to the latest reports from data breach experts (namely the Verizon Business Data Breach Investigations Report), attackers are no longer spending as much time directly attacking servers and data. One of the most common methods of access today is for attackers to target employees and their systems to gain a foothold into the network.

This means that you are more important than ever to the confidentiality, integrity, and availability of the systems that you and your company rely on each day. What can you do? Here are some things to keep in mind as the new front-line defenders of information security:

• E-mail is not secure by default. If you need to exchange confidential information, ask the other party if they have a secure or encrypted e-mail mechanism. E-Mail is typically transmitted across the Internet in plain-text, which makes it vulnerable to eaves-dropping by many parties along the way. If you need to send confidential or private information at work and the other party does not have a secure mail gateway, speak with your Helpdesk about possible alternatives. There may already be an enterprise-wide solution in place that you can use. For sending confidential and private information at home you may have to investigate an encrypted e-mail provider, or consider simply calling the party you need to share information with. With some apps in the various marketplaces today you can easily encrypt both your voice calls and text messages.
• Any pond with fish will eventually be Phished. The days of e-mails that contain viruses or malicious links from unknowns are far from behind us. Several of the largest data breaches this year have happened because of an infected e-mail sent to a handful of employees. However prescient (and frightening) these attacks account for only a small number of data breaches today. The same principal is still being applied in ever-more versatile ways, however. Attackers have started moving their phishing scams, malicious links, viruses, and spam to social networks to keep up with the times.  Be wary of strange (especially “viral”) links that show up on Facebook or Twitter, as these are the latest ponds to be phished. These links can lead to viruses or infected pages which can, in turn, infect your machine and even grant attackers access into your company’s networks.
• Smart Phone viruses are a growing trend. Mobile phones now only carry the moniker of “phone” for the sake of tradition. They are just as much (if not more) a computer as the desktops that we used a decade ago. No matter what your phone of choice (iPhone, Android, BlackBerry, et cetera), there are most likely attackers trying to write malicious code for it or (on some platforms) sneak malicious apps into the app marketplace. It is probably worth researching some Anti-Virus and firewall solutions for your mobile device platform of choice. This is another among many good reasons to consider e-mail insecure. The infancy of smart phone operating systems makes it easier for attackers and harder for anti-virus and anti-malware makers, which makes your mobile device an easy point of entry for an attacker looking to gain access to confidential company data, or your own private information.

Posted by Ben, Senior Information Security Engineer at Intelius

Earlier this week, Intelius Chief Privacy Officer Jim Adler spoke at O’Reilly’s Strata Conference.  His talk, The Accidental Chief Privacy Officer (CPO), discussed how the industrial privacy professional is evolving from a compliance enforcer to a product innovator.  Here are the slides and interview with O’Reilly’s Alex Howard (@digiphile):

Jim Adler interviewed at Strata NY 2011

The key takeaway from the talk (see summary slide) is that the privacy pro is becoming a key evangelist for responsible innovation within fast-moving, high technology organizations. To be successful, four lessons:

1. Innovation is a team sport. Communication is key. So talk and (more importantly) listen to your toughest critics, both inside and outside your organization. They’ll better understand your perspective and you’ll often get great ideas.
2. Build a confluence of influence. Good decisions come from every corner of the business, early in the product cycle. Find the members of any team that are inventive, collaborative, and capable of creating the Reality Distortion Field (used so effectively by Steve Jobs) that’s so vital to disruptive innovation.
3. Be the happy warrior. Innovation, by definition, changes the status quo and makes some people uncomfortable. Engage with them in a constructive, respectful way inline with Graham’s Hierarchy of Disagreement.
4. Find clarity in the confusion. Use math, data, and history to find the clarity within the confusion. Privacy issues are especially difficult. As Jeff Jarvis points out in his new book, Public Parts, even defining privacy is a journey through an Escher maze. Jeff has a great, well referenced chapter on What Is Privacy? that illustrates the perennial struggle we all have navigating the privacy maze.
   
   The good news is that the privacy labyrinth can be traversed with sufficient situational assessment, data analysis, and historical perspective. Then, to remix metaphors, you can be that excited child in the room of manure who finds that elusive pony.

More from Jim Adler, Chief Privacy Officer at Intelius

Earlier this month, Intelius' Chief Privacy Officer & General Manager of Data Systems spoke at the Wolfram Data Summit on what we in the data privacy community might learn from a century’s history of food policy. Here’s his abstract and presentation:

Data is the new medium of social communication and is forcing a healthy debate to define public/private boundaries, fair access, and appropriate use. Like food, social communication (and the data that drives it) is a necessity for humanity’s survival. This talk will discuss the key ingredients to avoid the empty calories.