Friday Nov 23, 2007


Here in the US, it's Thanksgiving time.

Yesterday I was privately thankful with some of my extended family, so, in the spirit of both thankfulness & privacy, I shall be thankful here as well.

Sometimes the value of personal data begins as one type of asset and transforms into another over time.

Here, an example that happens to be a true story:

Jeanette. This is a piece of personal information. This individual is probably a woman.

Jeanette lives in the Democratic Republic of the Congo. She is a little more exotic to the Western world & the personal information seems intriguing but not all that unusual in an increasingly globalized world.

Jeanette is a mother of several small children. A whole new element that gives us more to relate to her.

Jeanette once tripped over a tree root and hurt her foot. Medical information.

The soldiers that were pursuing Jeanette when she tripped over that root gang raped Jeanette in front of her children, chopped off her hands with a machete & left her for dead. Unspeakable horrible personally identifiabe data that left me shaking when I first heard her story.

BUT this is NOT a story about how thankful I am not to be in that desperate situation because there is more personally identifiable information that adds the appropriate context on which to begin our hermeneutic journey to evaluate the value of Jeanette's personally identifiable information as an asset to her & to us.

Jeanette did not die. Jeanette refused to die. Jeanette stood. Jeanette comforted her children & got to safety. She enrolled in Women for Women ( to get a micro-loan & seed money for a business that took no more than a few clicks of a few buttons for a privacy geek across the planet but took extraordinary courage, resolve and hopefulness for Jeanette.

Jeanette cares for her kids-- with no hands. Jeanette runs a business just like any entrepreneur. I can't pity or patronize this woman. She is too strong for that. I can only hope to be as strong as Jeanette to face challenges that are so very much smaller.

Jeanette stood. Her personal data is one of my most valuable treasures and I share it with you today.

A once benign piece of personally identifiable information, put into context and seasoned over time can transform itself into something entirely different. In the enterprise context, every individual about whom we store data is connected to us in some way-- weaker in the beginning and stronger with every transaction. Value that data; protect that data; govern that data as if it were one of your most valuable assets. It may be.

I wish for you and yours all the peace that comes from thankfulness in who we are today & hope for who we will be tomorrow. As I learned from Jeanette, sometimes all we have to do to begin the rest of our lives is to stand up and begin.

Just a Happy Thanksgiving thought...

(BTW Women for Women is a terrific group. Please check them out at their mission is to transform the lives of women who are in places & circumstances that will either create nations full of victims or survivors who excel in their community & on a global scale. It's a bold & daring mission. I have taken far more than I have given to this group.)

Monday Oct 15, 2007

The Dance of the Employer as Danced by the Employed

Authenticate or Anonymize? Participate or Segment? BS or Truthiness? Disclosure or overreaction?

Dum-da-da da-da, Trah-la Trah-la. Dum-da-da, da-da, Trah-la Trah-la. And so we twirl & twirl.

Sun is a large multinational employer. We provide many services to our Human resources, because they are humans and because they are our resources. Some of those services are provided by fellow Sun employees like myself. Some are provided by a 3d party specialist like my lawyer or payroll or food services.

The employer dance is a complicated score of what services serve without causing undue risk, how these services are managed & audited (both for efficacy and for data governance), how escalations are managed and disclosed for data loss or service mishaps, pre-authentication or on-time authentication, cost effective or full featured, how differing cultures wish to consume these services & so on & so on. The dancer also must be ready to adapt to music, costume & partner changes periodically & often with little warning.

As many data specific issues as possible must be answered before we get started; the ones we didn't contemplate or are changed by time & context we react with process and analysis where possible. The point here is that we dance the dance of "should" and "must". We dance between an impulse to share and an impulse to remain alone or feel that we \*could\* become alone again if we so chose to do so. We dance because it brings us value to share and we dance because we don't like pain.

I'm somewhere between Ginger Rodgers and Gomer Pyle today, but trying my level best to make the right moves to keep the good folks of Sun safe & yet not get in the way of the next pile of benefits. To quote my dad on this one, "Right isn't always easy but it's usually right." ...or should it be left?

More of a sigh than a thought today, but there you have it...

Dum-da-da da-da, Trah-la Trah-la. Dum-da-da, da-da, Trah-la Trah-la.

Tuesday Jul 24, 2007

The Network of You... & Me

(This started as a small thought-light but I got a bit excited...)

Remember when Seinfeld was at the height of its popularity? When we all gathered around to find out what was the next great ta-doo about nothing? Well, that was something.

I have been doing a lot of thinking about what it means to gather around & talk about nothing & how all that talk adds up to something else again & how we can identify that something as community. When that talk isn't just about nothing, but something to me & shared with something you care about too or when all that talk solves a problem for us, those are double bonus communities.

Enter the age of the Network of YOU.

We-- our virtual water cooler, but actual community-- have figured out that The Network is the Computer. That millions of people begin computing for the very first time each day, day in & day out. That content is driven into this Network by individual people from all points on the globe & even by a few floaters up there in orbit. That people from all different cultures, backgrounds, & even with wildly different skills in technology (note the distinct lack of cool graphics or links-- I need fancy blog class 101) contribute their bits & bites to create something entirely new.

This is the Network of YOU.

If it is true that the Network is the Computer, it must also be said that It is a Network of People Computing.

This is BIG people.

Big beyond user driven content in that all this driving may be getting us somewhere valuable...or dangerous.

This also means that the Network has to contain some ethics, some respect, some rewards for good behavior and accountability for bad if it is to continue to solve very human problems and support a very human community. Where particular corners of the Network can be attributed to particular humans, data privacy becomes something far too precious not to protect, to fight vigorously for & ultimately to solution-share, expand, build & nurture.

With all these people computing, we, the Network of You (& Me), must continue to pursue solutions to challenges like:

Harmonization of Rules & Regulation: where no one jurisdiction governs the entire global Network of Computing humans, we must work to create rules that can be followed, that create stability & create protected & respected global data flows while remaining flexible enough to respect local culture and expectation.

Infrastructure & Interoperability: where we recognize that data about individuals can & will flow across technology infrastructures (Step one) & put our collective innovative thinking caps on to allow interfaces that work to protect connection rather than opening gaps ready for exploitation (Step two) & further figure out a way to manage to get rid of data about individual humans that no longer serves to create value but only to harm.

Governance: where we as individual 'owners' of a piece of this Network of You (& Me) start to expect better levels of respect, where we do not leave "governing" to others but take ownership of our own personal activities in gathering, sharing & deleting information about ourselves & others and where we do not exclusively rely on some piece of magical gear to take the place of thinking, planning and communicating. I suppose that brings us back to the Network to start to look for solutions...

Just a thought & perhaps the beginning of a really important new conversation about the root solution to the old problem of privacy & data protection I would very much like to continue with the Network of You...

It's NOT just about lost laptops and criminal behavior. It's NOT about big bad business or government. It's not about someone else. It's about you...and me.

A few thoughts...

Wednesday May 30, 2007

Don't Be a Loser

Like the flowers cropping up everywhere or perhaps the pollen triggered allergy attacks, the spring seems to have brought with it an abundance of data overflowing everywhere. You can't open a paper with out seeing tales of woe about badly configured files or broken processes allowing fraudulent access and laptop losses cropping up all over the globe.

I myself have recently been tormented by the recent loss of my Java smartcard that serves as both my access to my work facilities and as my workstation access card for my Sun Ray thin client. (If you haven't checked out these little beauties, you haven't really started thinking about governance yet, but that's another topic for another day when I'm not so grumpy that I've lost my card!!)

I have dug through suit pockets and handbags, briefcases and cars all to no avail. I even checked the diaper bag juuuust in case I had a moment & mixed goldfish crackers with secure authenitification. Now, if you have ever tried to navigate a secure campus without an access card you will understand why I have come to the following conclusion:

It's official; I am a loser.

Fortunately, in this case, I am of the relatively harmless variety. In true loser form, sure, I am ticked that I must drive down to the nearest Sun badge room to replace my all important access device. (Said badge room is in just about the least convenient location possible with limited openings that are all within the prime meeting witching hours.)

But, and most importantly, whomever finds my Java smartcard in Peet's coffee or on the playground or in some obscure conference room possesses only a goofy picture of me & a cool Sun logo-- no access to my workstation, applications or to the data for which I am a fiduciary.

I am a loser of plastic, not a loser of data & that has made all the difference to me.

If you must use a fat client (or tell yourself that you must because you feel lonely without your laptop), save only data to that device that you can lose. Public presentations-- okay loser; Financial, HR or other personally identifiable data-- BAD loser.

If you find that you have lost or have had your device stolen, run-- do not walk-- to your privacy and security teams. Speed is your best weapon to prevent harm when data goes wandering free. (If you don't have p & s teams, you really must get started. Switch off that 8 track & get with it already.)

Encrypted hard drives and secure applications are dandy, but a laptop or other fat client with no data is better and a 128 bit encrypted Javacard is divine.

Do your part to keep data pollution out of the air this spring.

Saturday Apr 28, 2007

What's user centric about systems that aren't centered around...ummm... the user??

We've been hearing the latest catch phrase "user centric" from just about everyone & their little dog Tim.

What does this really mean anyway? I suspect much poo flying about.

If you sell me a little card that holds my fingerprint & I present it to a supermarket who has decided that fingerprint authentication is the only way to be certain how many gallons of milk I buy, is \*that\* centered on me or my privacy? Of course not!

Vendor centric, perhaps. User centric, rarely, if ever given the current state of things.

User centricity is actually all the boring privacy geek stuff that happens to secure the entire data chain, not just the edge authentication piece & not just when it makes it easier for someone else to collect my persona elements.

User centricity says no to over collection without appropriate justification & transparency.

User centricity follows a decent document destruction schedule even where eDiscovery rules seek to throw a monkey wrench in the works by seeming to mandate saving every dot of data juuust in case.

User centricity is more than a card, a directory, a container, a thin client, a smart storage device or a what-ever-you-want-it-to-do-server. It's all this stuff architected together with a reasonable business case & good outcome for users & system owners, a good dose of common sense and a hefty industrial sized dose of giving a darn about the personas that pass by & thru these systems.

Watch for this "New & Improved" identity product catch phrase-- much of it's a load of balderdash at best, BS at worst. Stick in the fingerprint card into a system that wants more data than it needs but won't give you the service you want unless IT gets what IT needs, & you, the hapless & largely helpless user will know that this thingy certainly ain't centered around you!

Just a thought on a heat wave April night...

Thursday Apr 12, 2007

Goodbye Mr. Vonnegut

"Hello, Babies. Welcome to Earth. It's hot in the summer and cold in the winter. It's round and wet and crowded. At the outside, babies, you've got about a hundred years here. There's only one rule that I know of, babies -- God damn it, you've got to be kind." Kurt Vonnegut, "God Bless You Mr. Rosewater"

Your words were your kindness, baby. Thank you Mr. Vonnegut.

Friday Apr 06, 2007

RESPECT all, TRUST 1.0 no one....Trust 2.0 me.

This is of the longish ramblingish variety, so be forewarned. I'm in a mood. Privacy geeks proceed & please comment. This one is a struggle for me...

So here's my soap box about the T word of TRUST.

So many other privacy kids are always talking about trust-- transactions happen because there's trust, systems are designed to create trust, consumers trust this, workers trust that yadda yadda yadda. TRUST TRUST TRUST.

Have you ever repeated a word so often that it no longer makes any sense? Trust trust trust.

How do I \*do\* that? How do I \*lead\* that? I can be trustworthy but being trusted or \*starting\* with trust as though it were an obvious ingredient is something entirely different.

This bothers me. The current use & overuse of "Trust" is imprecise and not all that actionable. So, I've tried to mentally break this down a bit here.

There are 2 kinds of 'trust'. The "I have to" (Trust 1.0) kind and the "respect borne out of good and consistent treatment" (Trust 2.0) kind.

"I have to" says that you MUST trust me because I am your only option.

You are the only person on the mountain with a length of rope & my choice is participate in the getting hoisted up activity or drop down the mountain & splat. Neither are very good transactions over time even if you may be grateful that the rope person saved your onions-- he or she may still be a twit who provides bad service.

In the digital world, you may "trust" this service/ gear provider because you may really need to make a spreadsheet, for example. The fact that the means to make that spreadsheet makes your computer crash now or in the future or exposes your other stuff to bugs or hackers is the choice you must make because failing to produce that computer assisted output means you lose your job in a financial splat. Or you just don't get to do fun & entertaining stuff like all the other cool kids-- a social splat if you will.

I trust 1.0 because I have no other choice.

Now the second brand of Trust 2.0 on line is the kind we all are trying to achieve & the kind to which most folks are trying to refer to with that word.

It is a concept aimed at making our users \*feel\* something or \*experience\* something subjectively so that they will come back to us again & again or will tell their friends about us again & again.

Trouble is that subjective feelings on the part of others isn't exactly actionable to a bunch of rabble that gets to say "we are the trusted solution" because you can't break down that subjective measure before it's broken itself down-- back to the 'trust me, I have a rope' model.

SO, in my opinion (not shared by many, but I have been thinking about it for quite a bit), we need to break down the actions and parameters and as much of the objective activities that need to happen that are likely to lead to the second variety of "respect borne out of good and consistent treatment" Trust 2.0 kind.

This is more in line with the concept of RESPECT & good manners (ie, rules/ standards) on line. We can measure these concepts, audit their presence or absence & improve over time. We can't get better at making others have emotions.


First, these concepts allow for a continuum of activities that happen over time-- I key element of trust.

I liked my husband when I first met him; he was smart, pretty cute & seemed to enjoy putting up with my weirdness. Like & respect were not the same as Trust. 11 years later I know what he's all about, I usually know how he is going to generally behave & that he's here for the long haul so I trust him. Our brand of trust has grown over the years to create a new variety. Same thing happens in all of our other relationships. I can also trust that other people in my life would, given the chance always treat me like rat turds. I trust them too & know what do do if they get near me, tie run like hell & don't look back.

Time audits itself in a sense-- bad stuff happening? Check. good stuff happening? Check.


Second, for trust to fit into the second, Trust 2.0, variety, both parties need to understand what the context is, why they are there & what will happen (or won't happen) if they come together to participate in a transaction.

If I am back on that mountain again, transparency can be simple-- looks like a good rope & a person strong enough to haul me up.

In an on line transaction I'm not just talking about Ts & Cs (although those might help with clarification). Notices that say things like, "this is an international organization, so your data may move across borders, but will be given a consistent level of protection wherever you are on the planet" or present the user with an open box for an email address where there is an on line newsletter on offer.

The notice can be small where things are obvious & must be larger (or clear & conspicuous if you want to get all FTC on me) where something non obvious, outside of the norm or unexpected may occur. (Informed Consent ala 100 years of juris prudence.)

For example, when Sun workers leave a Sun internal workspace, they may have the link presented to click on a third party vendor site that has its own branding and it's own linked policies. The notices, logos & other branding on that landing site set the expectation that the worker is now transacting services outside of Sun's direct control.

We can audit whether notice was presented even if we can't audit whether it's been understood. (That's a tricky item we can virtually discuss another day.)


Third, standards are the red haired stepchild of Trust 2.0 in that they really don't get the attention they so richly deserve. Standards are the good manners of transacting business or coding that make the transparency of the interaction and the constancy over time so much easier to achieve & understand.

In the US, when you approach another person at work, extend your right hand & that person will know what to do. You have made a signal that you are friendly, willing to do business & that you know at least some of the context to be able to put others at ease to open a communications channel. That's a tall order for a simple handshake, but it works.

We also drive on the right side of the road here or heavily mark up the 'one way' street if we deviate from that standard. Commerce happens on top of those simple rules & we initiate new users to participate on that platform over time. (Time is important, after all!)

The easiest exemplar "standard" in on line privacy is the humble asterisk \*. If it calmly sits next to a text box-- sometimes it's even dressed up fancy in red-- the user understands that he or she must put something there or he or she will hit a digital wall.

The further standard of where & how email addresses are used to communicate on line helps things along as well. I can choose to lie or give out a piece of PII of lesser value to me (my hotmail email or other designated spam box, for example) if I haven't learned to Trust 2.0 yet but I still need to hand over \*some\* PII to get what I want.

The more complicated standard is, of course, less easy to understand in this Trust 2.0 context.

Technically we hope to lead, cojole & convince many organizations to separating their data into rational groups and only sharing that which is necessary to perform the value added service & that which is expected & agreed to by the user. (containers, role based identity suites, federated liberty standards, thin clients & the like.)

When the system design & execution does this, systems can interact in a predictable and expected fashion. They can be secured with some level of assurance (not perfectly because there will always be smart bad people too), but with enough assurance that all the smart good people are working to untie (& untie again & untie again) that particular Gordian Knot.

We can audit whether these are used or how they are noticed when there are deviations.


Fourth, we will mutually agree what is good, kind, likable, valuable &, as a community, will decide what is unexpected, fraudulent or destructive to assets.

We can audit whether these happened or not once we decide what they should look like.

GOOD MANNERS x STANDARDS x TRANSPARENCY x TIME = T R U S T...maybe. The customers & users control how they subjectively \*feel\* about it.

GOOD MANNERS x STANDARDS x TRANSPARENCY x TIME = RESPECTFUL TREATMENT. Definitely. We control the factors that lead to a more objective, reasonable standard.

Bubble bubble. I've slipped off my soap box. I realize it's a nuance, but I think a productive one!! (

BTW to my friend who set off this particular rant, I've made this discussion anonymous & have thrown it out to the blogasphere because I feel pretty strongly that we've all been talking around the right thing & using the wrong words. I also believe the lexicography can lead to action.

Just a rambling thought...

Tuesday Apr 03, 2007

I still love the Buckeyes

Disclaimer: this has NOTHING to do with data protection or privacy.

I am devastated that the Buckeyes lost the National Championship game AGAIN this year to the Gators AGAIN this year.

Not only did my beloved school come in 2d (NOT bad after all!) but I realized how far I have come since my rah-rah undergraduate days.

First, I was less worried about losing in the second half than I was worried that Oden was going to pass out on the floor from sheer exhaustion.

(I quickly got over that worry when I realized that his financial future looks far brighter than anything I can hope to attain in the corporate world & brighter than most of the guys on the winning team!)

Second, when that boy from Florida (with the markedly absurd & unflattering hairdo & kick butt free throw shot) scaled the stands, bypassing hundreds of adoring fans, to grab on to his momma it nearly broke my heart. Win lose or draw, that kid really got me.

I'm older now, I'm a momma too & those are the moments that make it all worthwhile.

Now, I'm still ticked the Buckeyes lost, but it doesn't hurt so much!!

Just a NON-privacy thought...

Thursday Mar 29, 2007

Scott McNealy's Top 10 Ways to Get the C-suite to care about Privacy

Scott McNealy-- yup THAT Scott McNealy-- was the keynote speaker at this month's International Association of Privacy Professionals (IAPP) meeting in Washington, DC. In addition to the more serious stuff about how technology fits into the puzzle of how we can collectively work to get control over information assets, he delivered a classic Top 10 about ways we, as privacy professionals, can be sure to get our CEOs' attention &, perhaps, gasp, some resources to be sure we are doing all the things we need to say & do. Upon popular demand by those present in DC, I shall post them today.

I do NOT recommend anyone tries these at home, but they are pretty funny to imagine:

Top 10 Ways to Make Privacy a CEO-Level Concern

10. Show him his daughter's MySpace page
9. Tell him the external auditors lost his personal data (on a laptop)
8. Install a hum generator in his handset
7. Pre-text his phone list-- okay maybe not such a great idea
6. Update his Wikipedia posting
5. Publish his recent Netflix orders (assuming your CEO would be embarrassed)
4. Tell him you lost the corporate archives
3. Re-route his security camera to YouTube
2. Remove sticky notes, with his passwords, from his computer screen
1. Spend $1,000 to do a security check on him

If all else fails, make your insipid privacy blog his homepage for both home & corporate accounts. That ought to get him. Devilish, but effective. He he he...

Just a thought...

Monday Mar 12, 2007

Body Piercing & Tatoos Aside, Millenials Will Care About Privacy

I have spent some time thinking about the "new" generation of Netizens who are cited as careless at best and completely clueless at worst about their own data privacy.

While I tend to agree with those that believe that privacy is a dead concept if we define privacy as the functional equivalent of secrecy, attempting to offer a compatible alternative point of view has been a worthy cause for me over the last several years.

Secrecy is not realistic nor particularly desirable-- never was except for rare breeds of hermetic cultures, but privacy-- the ability to maintain and control value for various persona elements-- is. Context & balance are king here. I do think too much surveillance is not only wrong socially, too much without a decent plan or management scheme seems to be a waste of time and resources. We are not any closer to physical security if we have a ton of junky unorganized data points in the basement, but we do acquire digital mildew that is just as sticky & hard to remove as the real stuff.

I have been talking to teen & tween experts to help us better understand how the Millennial generation really experiences putting their data out there and how they seek to protect themselves-- these folks, after all, are the Red Shift Company customers.

From what I have learned thus far from talking to this community is that they treat their passwords like we treat our bank account numbers. They care about who is visiting their social networking site and care very deeply about who is IMing them. (That they don't particularly understand nor protect their credit scores makes sense in context.) They care very much about the privacy of these data elements & their roles may not be as clearly defined as corporate roles, but they do have a hierarchy of who is allowed access to what.

Security for them is enforced thru IM or SMS flamethrowing & the techno equivalent to shunning where, for example, the cheating boyfriend finds himself off of the buddy lists of the cool girls & so on.

The other interesting thing about all these writings about the "new" generation fail to take into account that teens have \*always\* tried to stand out, to be daredevils in their quest for acceptance and for divergence from the old fogey generations. That they want to send pictures of themselves around doing naughty things is the 2007 version of bragging at a party-- far more lasting damage potentially & certainly a much wider circle of damage but that likely only makes it more fun for the rebellious set.

To prove the "new" generation cares about their brand of privacy, try this thought experiment: ask a 5 year old if they went to the potty today. Chances are they'll give you a straight answer without blinking an eye (you may get more details than you really desire as well.) It's not because they are stupid, or feel like keeping this data secret is a hopeless task or that they realize that their parents will eventually find out directly or indirectly. It's just not something that is a secret or that is private personally identifiable information.

Now ask a teenager with a networking page & her own blog who regularly reveals a ton of PII that same question. Chances are she's rather live in a hermit cave than relinquish \*that\* bit of personal data.

All in, the data I've seen makes me believe that privacy's not dead & never will be so long as individuals seek to remain individuals or that organizations derive value from interacting with humans who work for them or buy things from them or vote for them.

Protected data lifecycles for whatever various elements our customers hold most dear are the things that separate pure secrecy (impossible) from enterprise privacy (possible, just hard).

Here's the bit that triggered this chain of thought:

> The Transparent Society and Its Clueless Adult Enemies
>When David Brin published /The Transparent Society/
>in 1999, surveillance was something other people did to you. Brin made
>the radical argument that surveillance was technologically inevitable--a
>notion privacy advocates found unthinkable--and that the best protection
>for individuals lay not in trying to limit the right to collect data on
>other people but in making sure that surveillance didn't become the
>privilege of an unwatched elite. Everyone should be able to watch
>everyone, including government officials; hence, the "transparent
>society." People /hated/ that argument, because it accepted surveillance.
>How 1999. Another approach is simply to ignore old ideas about privacy
>and make your private life public. In /New York/ magazine, Emily
>Nussbaum argues that
>today's young people are doing exactly that and, in the process,
>completely redefining the idea of privacy.
> [W]hat we're discussing is something more radical if only because it
> is more ordinary: the fact that we are in the sticky center of a
> vast psychological experiment, one that's only just begun to show
> results. More young people are putting more personal information out
> in public than any older person ever would--and yet they seem
> mysteriously healthy and normal, save for an entirely different
> definition of privacy. From their perspective, it's the extreme
> caution of the earlier generation that’s the narcissistic thing. Or,
> as Kitty put it to me, "Why not? What’s the worst that's going to
> happen? Twenty years down the road, someone's gonna find your
> picture? Just make sure it's a great picture."
> And after all, there is another way to look at this shift. Younger
> people, one could point out, are the only ones for whom it seems to
> have sunk in that the idea of a truly private life is already an
> illusion. Every street in New York has a surveillance camera. Each
> time you swipe your debit card at Duane Reade or use your MetroCard,
> that transaction is tracked. Your employer owns your e-mails. The
> NSA owns your phone calls. Your life is being lived in public
> whether you choose to acknowledge it or not.
> So it may be time to consider the possibility that young people who
> behave as if privacy doesn’t exist are actually the sane people, not
> the insane ones. For someone like me, who grew up sealing my diary
> with a literal lock, this may be tough to accept. But under current
> circumstances, a defiant belief in holding things close to your
> chest might not be high-minded. It might be an artifact--quaint and
> naïve, like a determined faith that virginity keeps ladies pure. Or
> at least that might be true for someone who has grown up "putting
> themselves out there" and found that the benefits of being
> transparent make the risks worth it....
> In essence, every young person in America has become, in the literal
> sense, a public figure. And so they have adopted the skills that
> celebrities learn in order not to go crazy: enjoying the attention
> instead of fighting it--and doing their own publicity before
> somebody does it for them.
>As an old fogy, I find this behavior weird. Aside from the old-fashioned
>notion that some parts of life don't belong in public, I don't want to
>live in a small town where everyone knows everyone's business, and I
>wouldn't want my teenage persona following me around forever. But there
>is a certain kind of logic here.
>The problem comes not from old-fashioned embarrassment but from adult
>policing. As Greg Lukianoff, the president of the Foundation for
>Individual Rights in Education , and his colleague
>Officer Will Creeley write in the Boston /Phoenix/
>, colleges are using
>their speech codes to attack students for what they post on Facebook and
>other online sites:
> Students, be warned: the college of your choice may be watching you,
> and will more than likely be keeping an eye on you once you enter
> the hallowed campus gates. America’s institutions of higher
> education are increasingly monitoring students’ activity online and
> scrutinizing profiles, not only for illegal behavior, but also for
> what they deem to be inappropriate speech.
> Contrary to popular misconceptions, the speech codes, censorship,
> and double standards of the culture-wars heyday of the '80s and '90s
> are alive and kicking, and they are now colliding with the latest
> explosion of communication technology. Sites like Facebook and
> MySpace are becoming the largest battleground yet for student free
> speech. Whatever campus administrators' intentions (and they are
> often mixed), students need to know that online jokes, photos, and
> comments can get them in hot water, no matter how effusively their
> schools claim to respect free speech. The long arm of campus
> officialdom is reaching far beyond the bounds of its buildings and
> grounds and into the shadowy realm of cyberspace.
>Like Nussbaum's /New York/ piece, this is a must-read article
> full of specifics. As
>online communication erodes the boundary between private conversation
>and public speech, the repressive nature of speech codes is becoming
>more and more apparent. (Take a look at this scary example.
>They are, in fact, designed to squelch free speech--to prevent students
>from saying what they think, from using irony or humor in ways that
>might be taken as offensive, and to police not just speech but,
>ultimately, thought itself. (I serve on the board of FIRE, which is a
>great organization that deserves your support.
>It's watching the watchers.)

Thursday Jan 25, 2007


I've done some stewing about the notion of hermeneutics as applied to data protection. It's significance is exactly the essence of change that differentiates rote & slavish compliance to the letter of legislative rule making from the far more interesting & challenging dimension of governance of personally identifiable information.

My name is Michelle Finneran Dennedy. So what? There are various pieces of law & cultural norms that say others cannot assume that name & pretend to be me to get stuff if the other party gives it to them \*because\* that name means good credit, or an endorsement from a friend, fellow alumna, or whatever.

My name is Michelle Finneran Dennedy takes on an entirely different significance if the context is a list:

(of the true)

of mothers;
of married people;
of children of kooky parents;
of obsessive PD James fans;
of Sun employees;
of law school graduates;
of US citizens;

(or the false)

of Swiss bank holders in the billionaire club;
of reality show participants famed for eating bugs or crying on TV;
of Holocaust survivors;
of "terrorists".

My name is Michelle Finneran Dennedy takes on entirely new starting point for, as my Sun pal Masood says, "commentary, aphorism, subtext and interpretation" after any interpretive or contextual information is associated with it. Apart from spam is bad & annoying & people ought not know you just went to the dentist & had 2 cavities filled if you don't want them too. It is this more interesting element that makes the data privacy world intensely interesting & diverse to me.

Once context habit or history is associated with a name or other element of identifiable persona, the currency of that data is changed. The ability to spend, save or add to that currency is also changed.

Thus, the necessity to seek and maintain quality interpretation context and management of these critical data assets is highlighted. The tools that must be used to manage such a powerful asset must be accordingly tuned to meet the challenge. The processes and people that must execute around it's management must be able to use the tools and respect the value of the data currency & the context in which it resides.

Applied hermeneutics. \*That's\* what good privacy folks do & hopefully \*that's\* the thought process we can apply to technology to capture the "unintended consequence" before it is actual consequence.

Thanks Masood for kickstarting this thought process!

Wednesday Jan 17, 2007

Great personal privacy resource you should know.

I am taking time this year to be sure to pass on good stuff that I see to as many people as I can. We as a data governance community talk to ourselves too much & not enough to people who may be getting interested in this topic for the first time or who may have to care because they have become aware of the value of personal information & the many ways in which it can be exploited for good and for ill.

If you have not done so already, take a look at Beth Givens leads a team of consumer facing advocates/ teachers/ watchdogs who focus on identity theft issues for consumers. They put out a great newsletter that always has good information and important reminders regarding how individuals can take more control over their info to make it tougher for bad guys to steal your most important assets, info about you.

Take a look at this months offering. I did not write a lick of it. All rights belong to the good folks that did. If you like it, think about heading over to see Ms. Givens & her team & signing up for her newsletter. You will be glad you did:

"ALERT: It's Tax Time -- Take These Extra Precautions
with Your Mail.

During the month of January, check your mailbox for
information notices from organizations that have made
taxable payments to you during the previous year.

The most well-known information notice is the W-2 form
which reports your taxable wages. Another common
information notice is the 1099 which reports payments
of interest, dividends, unemployment compensation,
Social Security benefits, and pension income.

While these information notices are essential for preparing
your taxes, they also are a treasure trove for identity
thieves. A typical information notice has your non-truncated
Social Security number as well as the name of your employer,
your bank, mutual fund, or stock broker. Some payers also
include your account numbers on the notice, creating a gold
mine for identity thieves.

Here are some suggestions to help prevent these notices
from getting into the wrong hands:

-- Use a mailbox that locks or consider having your mail
sent to a Post Office Box.

-- Try to retrieve your mail as soon as possible after it
has been delivered. Never leave it in your mailbox overnight.

-- If you go on vacation, have your mail held at the Post
Office, or have a trusted neighbor retrieve it.

-- If you have moved during the year, notify any payers of
your new address. Do not rely on the Postal Service’s
change of address service

Here’s an additional tip for when you are ready to file
your tax return. Mail it at the Post Office or at an official
USPS blue mail collection box BEFORE the last collection time.
Do not put such mail into a mailbox if there are no more pickups
that day.

In other words, don't leave your mail in a collection box
overnight. Thieves have actually been known to steal the
entire box by chaining it to a pickup truck, yanking it off
its moorings, lifting it into the truck bed, and speeding
off into the night.

Never leave important outgoing mail in your mailbox or at
any other unsecured location for your letter carrier to pickup.
Anyone might come along and steal your mail along with your
personal information."

Good info & a reminder that the on line and off line worlds are connected by a gossamer thin thread.

Sunday Dec 24, 2006

Merry Christmas if that's your thing-- Happy Low Volume traffic if it's not!

My older child is off on a hike with my husband. My baby is sleeping peacefully for her morning nap. The house smells like cookies & homemade ham & bean soup. I am happy & unusually calm.

Wherever you are & whatever the challenges that lie ahead for us all on this crazy planet, I wish you at least one moment of peace & happiness-- maybe we can pass on as much as we can to one another this year.

Just a thought...

Wednesday Dec 20, 2006

Robin Wilton is a Naughty Engineer/ 5 Things little known about me

So, I received the latest in horrible chain letter online behavior from one of my favorite engineer/ identity experts wherein one is tagged to disclose 5 little known facts about one's self and then solicit 5 others to do so.

While I'm going to break the mirror or not win the lottery or whatever happens to those fine folks who do not continue the thread. I will step up to the disclosure plate to give you 5 relatively little known facts-- privacy related for this forum, of course:

Little known fact #1: I actually think Scott McNealy was right when he said. "You have no absolute privacy." Notwithstanding my nearly crazed devotion to the topic of data privacy, I understand that secrecy is not something we can have online. I lived for a good while in a tiny town of ~2,000 souls as a kid. Once a group of roughly twelve kids (all under 18) were busted with a six pack of beer by the river. The police officer took one look at my friend and I and told us to get home because he knew who our parents were and would be calling them in 30 minutes if we didn't move out. We did. We had no privacy in that town, but we were also safe and managed to make it through the rest of childhood unscathed. Cultural norming rules and customs kept exposed data under control but did not dictate secrecy. I've not been back to that town (technically a village back then) in a long time, but growth has necessitated far more anonymity but a price of a different sort has also been paid.

Little known fact #2: I worked as a maid for a very short while to put myself through school. This job ended when I was asked to change the sheets in someone's home in his room adorned with paint by number nudes (not kidding). The homeowner took out his pistol and proceeded to stand in the doorway polishing it. Fortunately, I think it was more of a sick joke for him rather than an imminent threat, but I quickly got the hell out of there unscathed, Not, however, before I learned an important lesson that at least \*someone\* should know where you are on the planet-- no matter how invincible you feel in your 20-dumb-thing years. GPS and mobile telephone technologies are good things on the whole even if they do often stop us from talking to the people next to us.

Little known fact #3: I hate to fly and I am terrified that if an airliner crashes in the ocean, I will be eaten by a shark-- forget the whole gravity and being squashed thing, it's the sharks that get me white knuckled on the plane. The movie Jaws had something to do with this irrational position to be certain. The only reasonable data protection tie here is that I don't see an abatement of necessary airline travel in my foreseeable future. The regulatory schema worldwide is badly fractured and we are likely years away from reasonable harmonization that will actually work to protect the fundamental human rights and the financial assets driven by personally identifiable information.

Little known fact #4: I am painfully shy by nature. Survival and career choices necessitate converting a private inclination to quiet kookiness into a public position, but I view data protection and privacy as too important an issue about which to remain still and, so, I shout, I write, I speak out and, gasp, I blog

Little known fact #5: I have not yet decided the horrors and the paybacks that await Mr. Wilton for including me in his chain letter. Nonetheless, how could I refuse to rise to the challenge?

Saturday Dec 16, 2006

Partner for Success!

These are some thoughts we have bounced around regarding partnerships that must exist to engage a data steward or to establish data governance. There are more questions for thought than proscriptive answers:

1. It is essential to have a relationship with anyone who can have an effect on your data; how do you initiate productive dialog with the IT team to develop a partnership? how do you determine who the other stakeholders should be per transaction? business partner? vendor? customer? employees? consumer advocates?

2. Part of your data protection obligations are to assure 'adequate protection' of data. How do you explain that obligation to your IT partner in his (or her) language? How do you get the legal team to meet data protection language & priority? (They may get excited when they are asked to share \*their\* info. but less enthusiastic if they have to spend extra resources providing support for complicated data transactions...

3. The CIO never wants to return your calls because he views you as 'those necessary evil people who must be in legal or something'? How do you get the call back? Better still, how to you get the tech teams and the policy teams and other stakeholders to be proactive about governance? How do you get system users to care \*before\* they have to share data and \*before\* there is a breach of some kind?

4. How do you overcome your own feeling that the CIO has all that technical stuff covered & surely security and privacy are covered-- ie How do you show that what you provide as a privacy expert is valuable?

5. Once you have initiated the partnership with your stakeholders, how do these best practices help keep that partnership robust & effective in the business and for the system users/ consumers?

6. So you've won the hearts and minds of your IT team-- what team comes next? Should you approach that team alone or as a collective force?

A few thoughts for a Saturday night...

Wednesday Nov 22, 2006

Absolute Certitude

I am currently reading Thunderstruck by Erik Larson & he cites an article written in 1900 in a publication called The Century Magazine where Nikola Tesla stated that he had "absolute certitude" that "communication without wires to any point of the globe is practicable."

He went on to say that he had an idea for a "word system" that would replace Morse code so that we could "be able to communicate with one another instantly irrespective of distance...Not only this, but through television and telephone we shall see and hear one another as perfectly as though we were face to face."

In 1900 he used the word television & guessed that one of the first technology platforms would be the telephone!!! Wow! This innovative thought considering they thought then that sound waves would not bend past the horizon.

Here we sit over 100 years later and we're \*still\* not communicating without wires worldwide, but we are pretty darn close. The telephone continues to be the proposed cutting edge platform for services. The television is the rock against which many a technology sailor has dashed his ship in the hope of integrated computing in the set top.

Now \*here's\* a guy who would also understand the depth of geek cool that is the thin client and, I believe, would wrap his arms willingly around the importance of data control thru privacy.

The cautionary part of the tale is, of course, that Tesla is never given historical reverence as are Marconi & Edison. Sun must continue to fight for execution & excellence if we plan to make it in as a full chapter rather than a footnote in 2100.

For our part, we here in privacy land will continue to take a deeper look to the technology that supports our governance efforts to keep fighting for innovation that endures and, I hope, takes less than a century to gain ubiquitous acceptance!

Just a thought...

Friday Nov 03, 2006

Privacy visits the United Nations November 20, 2006

Sun (& a bunch of other great companies that don't currently employ me) will be sponsoring a Web4 Deveopment conference at the United Nations Headquarters in NYC November 20-22, 2006. It's free. Come on by & talk about data protection with me & information security with our security expert & Distinguished Engineer, Glenn Brunette.

Here's the invitation they sent to me to send to you:


It is my honor to invite you to attend the 18th Annual IT Infrastructure
Conference and Exhibit that takes place in United Nations HQs, on November
20 – 22, 2006.

The conference is titled IT Infrastructure, InfoSec, SOA and Web-based
Communication, Collaboration & Best Practices.

The United Nations has asked SUN to invite a select group of Business and
Government IT Infrastructure, InfoSec, Connectivity, SOA, and
Web4Development Executives, to attend the conference. The goal is to
encourage these decision- and policy-makers to engage in interactive
discussions on Best Practices, Lessons Learned, Emerging Technologies &
Applications, and more.

Michelle Dennedy, Chief Privacy Officer Sun Microsystems, is the featured
Keynote Presenter. Michelle will address the United Nations on a topic that
is critically important: Governance and The Value of Data in the Participation Age

Michelle's presentation will cover governance and the inherant value of data about
People, how it is valued, and how it figures into Technology and Culture.
This information guides the business decision on who develops the Web, and
what we all get out of the Web.

The conference offers a variety of world-class presenters, from foremost
journals like CIO, CSO, InfoWorld, and Fortune, to foremost IT providers, to
leading edge business, government, and higher education end-users, to
respected diplomats and government officials. This mix of thought leaders
will ensure you receive a variety of tested approaches and alternative
solutions to your most vexing concerns.

Please take a moment to review the agenda and then register to attend at It is our hope that you will take advantage of this
unique learning, networking, and enriching event.

See you at the UN!


A bunch of other cool companies will be there as well as the founder of the Guardian Angels and other folks who care about making the world a better place for commerce AND a better place for people.

I have been lamenting having to travel the week before Thanksgiving (may favorite holiday) when my girls are out of school, but I am a true believer. Come and join us.

Just a thought...

Sunday Oct 22, 2006

Ask a new question, get a better answer

One of the major elements in any comprehensivew piece of privacy legislation is "reasonable" security for the personally identifiable information (PII).

I attended the IAPP (Int'l Association of Privacy Professionals) in Toronto Canada this week. My very brave CISO from Sun came along to do a talk with 2 Deloitte partners and me regarding the relationship between the CPO and the CIO in the protection of PII.

Two things struck me as very interesting. First, Sun's CISO, Mark Connelly, was shocked at how few CPO's have a good working relationship with the key players in IT. Second, the majority of CPO's we met lamented the lack of a good working relationship with IT and an even greater lack of understanding about the tools and technologies that are supposed to be in place to protect data within an organization and its partners/ vendors. (Now, I grant you that I don't have a perfect understanding of the zero's and ones myself, but I \*do\* have Mark and a gang of other really smart folks who help me out at Sun.)

Here's what I think is going on & how I think we, as a privacy community, can make things better. The trouble with a complex and largely horizontal responsibility is that it is easy to turn to your right and ask, "Is the data secure??" (That's the old question.) The new question should be "HOW is the data secured and how will you test/prove that it is secure?"

We ask only \*if\* PII is secure and not \*how\*. This is the critical difference.

I am not suggesting that we, the non-techs, all march back to school in one en masse engineering do over. I am, however, suggesting that we make certain that certain features are on the list of requirements before any IT is purchased, any vendor is selected or any system goes live. We need to ask more and better questions before we are forced to live with bad answers.

For example, Identity management systems are worthless if you can't use them to audit systems-- we need to \*prove\* the chronology of access in case of breach.

Or another example, an operating system should allow us to place different customer data into different containers to keep it separate-- or the defective OS systems that do not have containers should have mitigating features that compensate for their lack of compliant enhansing built-ins.

The \*how\* data is secured architecture is just as important, if not more, than a simple "yeah, data's secure" statement.

If you haven't buddied up with your technical team yet, please do. Be fearless. Get to know a little bit about pocket protectors and maybe Star Trek. You'll be glad that you did and the world's data will be a wee bit more safe and a wee bit more reliable because you did.

Just a thought...

Friday Aug 11, 2006

More thoughts about Security, Sharks and Privacy

Given the recent events regarding national & physical security, it seems a good time to think about how we are discussing the relationship between privacy and security and ask ourselves if we are looking at the problem from the right angle or if we are even looking at the right problem to solve.

Image I offer you the chance to hang suspended 1,000 feet (300 ish meteres) over shark infested, freezing cold water and further offer you the chance to breathe toxic fumes while you're hanging up there enjoying the view. MMM MMM fun.

Suppose I show you how the greatest engineers have put thousands of hours of work into making the likelihood of you falling into the water & subsequantly being eaten by those sharks quite remote?

Now I present you with studies on metallergy, tensile strength, benchmarks and other groovy technical documentation all to show you that your safety safety safety is my number one concern and I have invested a great deal to put that learning into action.

Would you let me dangle you? Probably not.

Based on this sad attempt to make security the primary focus over why the heck we want to get over the sharks in the first place, it's unlikly this dangling technology would ever get off the ground (so to speak).

And yet, thousands upon thousands make the dangle crossing over the Golden Gate Bridge to & fro San Francisco or the Brooklyn Bridge to NYC (& so on & so on) each hour of each day.

WHY? Are these mad shark lovers? Are they especially daring or crazy people who like freezing cold water? Okay, I get excited about a point, but you know what I mean.

Security is essential to the minute by minute decisions we businesses/systems/content creators or users of those businesses/systems/content are forced to make. It is the cumulative policy setting of contextual controls that gives us some comfort that bad things won't happen to us.

Just like safe shark avoidance is no way to explain the why for a bridge, not having bad stuff happen is not the reason to explain the why for participation in the Network economy.

This where I think data protection/privacy comes into play with security to make leveraging the Network a really good idea.

Who do you want to talk to via the Network? That's a privacy call. Security practices (including the people process tools trifecta) can make that communication get where it's going relatively safely. (Nothing's perfect, but getting better all the time!)

Do you need to know which people use the content you create in order to charge them a licensing fee? That's a privacy call. Security practices can aggregate that information if you just need to know how your sales are doing or we can secure payment schemes to get your content to user & get you rewarded for ceating it.

Would you like to do business globally with workers and customers tapping in from all points? that's a privacy call too-- with our best friend security practices coming along to secure the ride.

Privacy & security are indeed inextricably linked-- but not the same thing. I suggest that we think about the why security is essential beyond getting functions completed to keeping bad out.

Forget the exclusive focus on the big metal & concrete conveyance and think about getting to Napa for a fine weekend of winetasting & about getting back in time to get back to your manic Monday-- safely.

Just a thought...

Sunday Aug 06, 2006

Bedtime, Privacy & Dirt

So here's a little something on the lighter side of privacy...

I find that kids often have the best clarity and a way of simplifying even the most complex issues. My own older daughter is a notorious talker-- no idea where she get's it. Here is an exchange we had when she was just under 3 years old:

So, to set the scene, she's decided to go potty--again-- to avoid going to bed:

R: DAAAADDY...come and be with me, I'm on the potty & don't want privacy!!

Husband (grumbling & then, turning to smirk at me): Did you know Mommy's in charge of privacy at work?

Me (thinking to myself): Great Husband, our daughter will now think I work in the bathroom. (I realize it's sometimes not much of a leap, but that's a different story.)

R: Why do they need privacy there?

Husband: Well, sometimes we need privacy for our bodies & sometimes we need privacy for what people know about us-- like telephone numbers. We don't want the bad guys to know our number, right? (Gee, I had no idea he understood what I do but that's pretty good.)

R: Oh, yeah. It's like dirt.

Husband(confused -- grownups are like that): Huh, dirt??

R: Well, we grow grass to keep the dirt private.

Hmmmmmm. Not bad. Let's grow some grass.

Wednesday Aug 02, 2006

Cover your assets

A shamefully myopic observation: Your PII (personally identifiable data) is your greatest asset. This is so if "you" are the government, a closely held corp., a non-profit organization, a mega-multijurisdictional public corp, a pack of developers or a person. Money you can replace given time & good luck. Replacing lost squandered or never shared PII can never really happen: It's personal, temporal and highly context specific. What sale is never attached to a person or at least a person's bank account? What worker is not attached to some pay system? What marketeer can operate without a means of getting a message to a set of targeted people? And so on, and so on. Given this truism, it is time for communities to participate in a dialog that embraces the systemic nature of this asset; the people, process makers and tool creators that make it possible to preserve this value. I believe that many of our past mistakes have been in looping ourselves into a siloed discussion of this or that law or version of technology or "best" practice without the follow through discussion about what it would take to move the theory of protection for PII off of the drawing board and into the realm of accountability. Instead, let's start assessing the risk of data spills in the context of lost assets rather than a drudgery of necessary compliance duties-- a series of actions taken to satisfy the legal team & regulators rather than an exercise in getting the right data about people into the hands of those that would serve it & out of those that would squander or steal it. If I may suggest a place to make a start, we must examine the communication channels between workers and the organizations that pay them and provide them with benefits and a place to perform the work. We must make the decisions about how & when & to whom we will communicate to support our enterprise model. We must determine with whom we will partner and how these parties will provide value to eachother. Basic management 101 type stuff. Then, once that's done, a risk calculation can start to take shape --although perhaps without a direct objective ROI-- with an idea of the potential value, potential risk of failure and an idea of the ideal tools that will be necessary to get that work done. I'm not suggesting that this model is easy or readily measurable, but it beats the heck out of trying to bandage a system of communication networks and Network that isn't clear in purpose or proportion. Those banadages only lead to more pain. Just a thought...

Friday Feb 17, 2006

RSA Security & CPO week

So, I've resolved to blog a bit more frequently and perhaps a bit less esoterically. I was talking today to Sara Gates our Sun VP of IDm and chatting about our reactions to the RSA security-a-thon here in San Jose, CA. Although I think the show was very good, there are two words that we agreed were shamefully overused and are actually imprecise in their very generality: POLICY and COMPLIANCE. In this very broad forum of the security conference with 14,000 of our best friends often times we tended to generalize the terms to mean that some sort of rules must be created to follow some kind of requirements (typically legislatively driven, though not always). Here, one is forced to look at point solutions for this or that and it is very difficult to get to the architectural and functional view of systemic data management and control. Part of my discomfort in the policy and compliance terms as a generalization is that I don't know where to begin. As timing would have it, Sun hosted the CPO Round table (run by the Conference Board) here on our Menlo Park campus during this same week. (Yes. I am tired.) The topics in this much more intimate group of ~25 were, you guessed it, POLICY and COMPLIANCE. For the CPO group, we were all talking about managing the same risk and governed by the same type of ground rules. Here, we are better able to talk longer term solutions and control. If I am talking about how to reduce risk and maximize appropriate and timely access to personal information (privacy) in my organization and interfacing with other organizations-- regulators, customers, vendors, partners, etc, NOW we may not have ready answers, but at least we know what questions to ask to begin to meet the challenge. The conversation about POLICY and COMPLIANCE was actually meaningfully about just that and beyond to functionality. We can be much more down to earth with our technology, people and process requirements: for example: Gee, I have employees that like getting paid. How do I do that? Will I do that myself or hire someone else to do that? If someone else will do that, how much (& only how much) data do I need to give them to do it? How will I tell my employees what's going on so they know what to expect? How do we transfer that data safely? How do I get it back? What type of role will a person fill who has to manage it & when? How do I know if the relationship is going well? How do I know if it's not? Where are these employees and what are the legal requirements for setting something like this in motion for that place? How long to do I need to store data attached to each payment? How will I successfully get rid of it when I'm done rendering the service and keeping the greater organization in compliance with associated requirements like HR and tax management?.... And so on and so on.... Even one business process can be the complex and requires this type of analysis and that's only the privacy take on the thing! Can we PLEASE stop saying policy and compliance for everything and stick to using those terms to describe one thing at a time?? In a similar vein, PLEASE stop calling on customers (like me) to inform us that we need to have policy and get in compliance-- hate to be so inarticulate, but DUH man. If you have a faster, more efficient, safer, whatever way of getting there, I'm all ears. Rant over, there were some very very cool things said and done this week about which I shall endeavor to blog next week. Going home to sleep and dream of COMPLIANCE and POLICY...

Wednesday Jan 11, 2006

Building Blocks-- A love story

I am continually asked (as is proper), "What is special about \*Sun's\* role in data protection/ privacy?" After much thought, my over simplistic answer is this, "Architecture, building blocks, and a love story that sustains & endures" I'll start with the love story: Once upon a time, a brilliant designer and tinkerer was funded to do basic research. Across the bay, another young man applied his genius and creativity to extend basic operating of one computing machine to allow that machine to talk to another machine. The machine must be designed with efficiency; The OS to deliver messages from geek to geek unmolested and accurately (ie privacy although they didn't call it that then & few correctly do now). The MBA and Brilliant Investor guys part of the story shared this happy technology outside the walls of academia & into the world at large. Now for the basic architecture story: BOTH security & privacy are fundamentally all about Building Blocks: Why would a "box company" launch an open alliance for federation & safe sign on, buy an identity management company, invent & share Java technology, get seriously into ILM...etc etc? Simply because these are all building blocks that help geek number one talk to geek number 2 securely in an insecure world. This Network is the Computer(tm) thing is here..NOW and we have to deal with it. Fortunately, dealing with this is a matter of getting the architecture right and placing the right building blocks in the right places and that makes sense. Don't get me wrong; it's not easy and getting less easy by the day thanks to an explosion of users and devices who are \*all\* participating in this info ecosphere. That said, when you strip away all of the complexity what you get is the old love story supported by some good building blocks and the fundamental question from all data subjects, "Can I, a geek wishing to participate in the Networked economy, talk to you, another geek somewhere out there and know that you have securely received my communication? If you did, can I trust that you will value it as the valuable asset that it is?" Watching all of this happen is one of the many cool things about this time, these technologies and one of the many things that is special about Sun in the data privacy/ protection world.

Thursday Aug 25, 2005

Robert Frost Does Privacy

I am reviewing a stack opf Privacy Impact Assessment documentation today. It occurred to me as we tease out what types of data are segmented where, to whom will we grant access and why and how will we both secure it in fact and by custom and perception, that Robert Frost, one of the great 20th century poets, understood both the ritual and the necessity separating ownership of things. I am tempted to add in "elves" into the documentation regarding potential risk and mitigation strategies. See what you think: Mending Wall SOMETHING there is that doesn't love a wall, That sends the frozen-ground-swell under it, And spills the upper boulders in the sun; And makes gaps even two can pass abreast. The work of hunters is another thing: 5 I have come after them and made repair Where they have left not one stone on stone, But they would have the rabbit out of hiding, To please the yelping dogs. The gaps I mean, No one has seen them made or heard them made, 10 But at spring mending-time we find them there. I let my neighbor know beyond the hill; And on a day we meet to walk the line And set the wall between us once again. We keep the wall between us as we go. 15 To each the boulders that have fallen to each. And some are loaves and some so nearly balls We have to use a spell to make them balance: "Stay where you are until our backs are turned!" We wear our fingers rough with handling them. 20 Oh, just another kind of outdoor game, One on a side. It comes to little more: He is all pine and I am apple-orchard. My apple trees will never get across And eat the cones under his pines, I tell him. 25 He only says, "Good fences make good neighbors." Spring is the mischief in me, and I wonder If I could put a notion in his head: "Why do they make good neighbors? Isn't it Where there are cows? But here there are no cows. 30 Before I built a wall I'd ask to know What I was walling in or walling out, And to whom I was like to give offence. Something there is that doesn't love a wall, That wants it down!" I could say "Elves" to him, 35 But it's not elves exactly, and I'd rather He said it for himself. I see him there, Bringing a stone grasped firmly by the top In each hand, like an old-stone savage armed. He moves in darkness as it seems to me, 40 Not of woods only and the shade of trees. He will not go behind his father's saying, And he likes having thought of it so well He says again, "Good fences make good neighbors."

Friday Jul 22, 2005

Traditional good business meets the participation age

Data asset use & protection must be as "secure" as a bank; as "trusted" as a consumer good like Crest; and as "luxuriously" experience rich as a stay in the Four Seasons. Here are some early thoughts about the evolution of utility banking, privacy & security: For security & privacy to make sense together, banking, for me, provides a nice analogy. For example, I came to Sun post Gold Rush days so I live in an ugly little row house here in Silicon Valley. If you gave me all of your money, I could bury it in my back yard to protect it for you. I will do an on the spot risk assessment to say that it is a very appropriate risk for you to take even if that money that you give me is held in trust for your customers. Few know where I live or would think to look there for something other than Ikea cast off furnishings. The downside is that you have to come over with a shovel every time you want some cash & you don't get the benefit of "utility" saving by pooling your virtual cash with your fellow bankers. Security by secret is pretty good, but access to capital sucks. The scale of this solution stinks as well. Once I provide this service for more than a handful of customers, someone will either notice something weird going on at the Dennedys' (beyond our typical antics) or too many people will share our secret & I will have to build a safe that is at least as safe as a bank to maintain my competitive advantage. The cost advantage I had providing the services is money literally thrown into the pit. The final challenge is particularly relevant to developing a multi-tenant utility & where I have found some illumination from reading up on San Francisco's very own Bank of Italy that grew up to be the Bank of America. The challenge in the early 1900's was, if everyone knows that banks are the places where money is kept, & that bad people steal from banks-- how do you start a bank that can scale and gain those crucial first customers' trust? A.P. Giannini, the BofA founder and early 19th century visionary, was raised by vegetable farmers/ sellers & made his first market splash as a teenager by getting to know the farmers in Silicon Valley & reselling their goods in the booming San Francisco marketplace-- much of this early success can be loosely analogized as great turn of the century CRM program. He realized that the seasons forced a predictable boom & bust selling cycle for his suppliers & that only rich guys could get their hands on money with little or no backers. What his \*customers\* needed most to be successful year over year was a steady access to capital from a trusted & trustworthy source. So, when A.P. set up his bank, he proved to the farmers that he had \*both\* a strong safe and that he was willing to lend capital to extend to next season's harvest. He broke the trust barrier by providing great service with hours tailored to his customers' work days. He tirelessly beat the road up & down the peninsula to market his vision and the differentiator of mattress v. bank. He went to the little kids and allowed them to open savings accounts on Sunday mornings to get their parents in the door. In other words, he provided BOTH a technological and a business solution to the safe and ready capital problem. So, nice story, but how in the world does this analogy lead to illumination regarding data protection?? Simple. In the Participation or Virtual Age, we have a safe & ready capital problem at least as dire as that of 1900. The difference is that the capital we need most to run our businesses, governments & lives is data that is compiled into usable & trustworthy information delivered up in a timely, secure and convenient fashion. Data is our most valued asset in the Participation Age & great data management will be the ultimate competitive weapon. (It really always was, but we have a lot more to manage all at once & the same old brains that can only process finite details at once!) Security is the physical, digital and organizational secret keeping platform that ensures that the data management scheme will actually be in tact when you need it. Data protection/ privacy without the security is meaningless in that there will be no trustworthy information available to make decisions if you don't have a safe chain of custody for the underlying data source. Similarly, you may have secrets hidden in perfect Biggleman's safes that fail in either their size or overall usefulness if you do not design your security system with the data protection/ privacy fair processing principles as your guiding specifications. That is, the key principles of notice, choice/consent, access/accuracy, onward transfer control, audit/enforcement and, of course, security that is appropriate to the foregoing will be the fundamentals on the blueprints before we build and the secret to trust, scale and effective use of assets.



« July 2016