Microwaves, wiretapping, and genetics

Thanks to a friend and colleague, Prof. Gary Marchant at the Sandra Day O’Connor College of Law at ASU, I was invited to join Gary and Caroline Lynch to speak with 3TV’s Politics Unplugged’s Dennis Welch on March 19, 2017.

The questions were on three main topics…

It was quite lucky that each of us has recently researched or worked with one of these topics respectively.

Caroline took the first issue on wiretapping and discussed the relevant laws and historical context. It is possible, but it is unlikely that Trump was targeted directly.

On genetics, there is a bill working its way through Congress that would permit employers to collect genetic information, in this case related to wellness programs. Unfortunately, under the Genetic Information Nondiscrimination Act  of 2008, genetic information includes information about relatives, which is standard information doctors ask during physicals – do you have a family history of heart attacks, high blood pressure, cancer, etc.

On microwave spying – well, that one came to me.  Microwaves are not typically equipped with cameras and microphones, but they could be and the average consumer – or heck, even the sophisticated consumer – would not know it. In fact, in 2016, a hacker used a series of smart toasters to take down multiple major websites. It’s possible, but unlike Samsung TVs, not likely.

My favorite quote in the entire video is when Dennis asked for our last words of wisdom. Yours truly announced that we’re not paranoid if it’s really happening…

For the full video, watch here. https://www.youtube.com/watch?v=cX5UYk19Uhc&t=36s 

(and no, no one warned me that there was no table. they were in process of moving studios…so knees together, ladies!)

User or Loser: two factor authentication

img_20170212_075558

This week I have received 5 “congratulations,  your email blanketyblank.royal@gmail.com has been created. ” But for two factor authentication,  I would be hacked.

Let’s discuss what this is and why you need it.

Two factor authentication means you use two “things” to verify your account. You might use a password plus a security question: standard for banks.  Security questions are not the best type for two reasons: 1) the answers are the games you play on social media… where were you born,  what was your high school mascot, your favorite teacher,  your first car, etc.? And 2) if the questions are obscure enough,  you forget the answers. My first pet could be the first one I know of (my parents’ dog), the first one they got me, or the first one I got myself.  For kicks and giggles…Who out there doesn’t use his/her mother’s maiden name?

So, other second factors include recognizing a token upon log-in, biometrics, and sending a verification code to phone or email.  The latter is my favorite.

Why is two factor (or multi-factor) authentication important? To prevent theft and fraud. Is there anyone who uses a computing device who has not been affected by a data breach, such as Yahoo’s 2 billion email hack? If you think not,  you just aren’t aware of it yet.

When passwords are breached, thieves have fun. They have automatic scripts that run your email address (and any usernames in your email, such as account set up notifications) and password against all known bank and credit card sites. Often people use the same password and simple iterations of that password, like password11, password22, etc., on everything.  Stop doing that!!

With two factor authentication,  you’ll know if someone is trying to hack you and you’ll put a virtual foot up a hacker’s virtual butt… and his/her real fraudulent plans.

Use it or lose.

 

Privacy Officers are like Washing Machines

washing-privacyPrivacy Officers (whether attorneys or non-attorneys) are a lot like washing machines. Aside from the obvious resemblance that we handle dirty laundry, let’s consider some of the other similarities.

If there is no agitation going on, nothing’s really getting done: Like other compliance roles, privacy may not always sit well with colleagues who may see us as roadblocks to their great ideas. This is one reason why in Europe, privacy officers are afforded a huge measure of protection – they must be able to act independently without fear of reprisal or role reduction. On the other hand, we are here to help get the job done right, so sometimes, we just need time to churn and roll it around a few times!

Front Load  vs. Top Load: Privacy programs function in a variety of different ways and there are benefits in all. Personally, I prefer a front load (seeing privacy as an equal partner, horizontal) rather than top load (pushing duties and mandates down, vertical build), but they all get the job done.

Newer Models: Are the fresh new models really better? Or do they simply have more bells and whistles even though the core job is still a high quality result?

Added Technology: However, maybe those newer models do come with some extra technology, such as sensing the load, adding in steam cleaning, and using less detergent. There are lots of significant considerations when employers look for years of experience – maybe they need years, but maybe they need technical enhancements.

Washing Only, Please: Regardless of any bells and whistles, we really just want a machine that washes clothes. We don’t want a machine that does clothes, dishes, cooking, and floor cleaning (which sounds cool as a concept, but in reality would simply be overloaded and do nothing at a high standard).

Quiet vs. Clunkers: There are some who shake, rattle, and roll and others that are extra quiet. Neither really speak to quality, it’s just a different way of working.

We need the Right Settings to Deliver the Right Results: ‘nough said.

Capacity Limits (Overflows are Bad): Stuff too much in and expect too much done – and you get poor results. Sure, the laundry will be a little cleaner, but only marginally. Similarly, putting in too much detergent, bleach, softener – not good. Right amounts at the right times result in optimum work.

Wash first, then Dry: There’s an order to the process. Washing comes first. Cleaning by Design. If you just throw your clothes in the dryer without washing them first, you accomplish nothing meaningful other than getting warm sheets that feel good, but eventually the dirt on them causes real problems.

Don’t Leave the Laundry In: Ever had a load of laundry that was clean, but no one did anything with it after that?  Similarly, once we provide recommendations, if the business doesn’t act on it, the final product will smell a little musty.

Don’t Remove Laundry Before its Done: No one wants to manage soaking, sudsy laundry. Let the machine do its work. Now, if I could manage to be like the front load machines and simply not permit anyone to open the door without putting some controls in place…

We All Need Washing Machines: Seriously, who doesn’t use a washing machine? Whether you have one at home or use a laundromat (lots of machines, pay per load, able to handle huge loads – great business model), washing machines are simply a staple of modern life.

Consistent Work Product: Load after load. Great results. Doing the job right.

Complaints of Doing Laundry: So everyone complains about doing laundry, but the machine really does the massive, core job. Sure you have to give us the laundry to do along with the right tools – and yes, you have to do something with the clean clothes. And yet, complaints complaints complaints about “Ugh. Laundry Day.” Would you prefer not to have a washing machine or just have loads of dirty laundry lying around, getting in the way, stinking? Eventually, you could not actually walk around your house with all the piles of laundry or you’d just have to resign yourself to wearing dirty clothes. Oh wait – just go buy new clothes?  Eventually, you’d run into the same problem or run out of money. Just let the washing machine do its job and we’re all happier.

 

 

 

Do-Si-Do – dancing with privacy: Trump and Cybersecurity

Dprivate-danceruring the current U.S. president’s administration, we have seen a tremendous effort in protecting digital assets and cybersecurity. Industry experts tend to feel that although the initiatives do not take us as far as we need to go, they have covered immense mileage. Will this change under the new administration? Experts disagree on the answer.

President-elect Trump’s website provides an overview of his initiative, namely launching cyber-offense. We must keep in mind that this website is pre-office and like many presidents, subject to change once reality hits. But let’s look closer at some hints we have at what might be coming or disappearing.

On his campaign website, Trump declares four points as his vision:

  • Order an immediate review of all U.S. cyber defenses and vulnerabilities, including critical infrastructure, by a Cyber Review Team of individuals from the military, law enforcement, and the private sector.
    • The Cyber Review Team will provide specific recommendations for safeguarding different entities with the best defense technologies tailored to the likely threats, and will followed up regularly at various Federal agencies and departments.
    • The Cyber Review Team will establish detailed protocols and mandatory cyber awareness training for all government employees while remaining current on evolving methods of cyber-attack.
  • Instruct the U.S. Department of Justice to create Joint Task Forces throughout the U.S. to coordinate Federal, State, and local law enforcement responses to cyber threats.
  • Order the Secretary of Defense and Chairman of the Joint Chiefs of Staff to provide recommendations for enhancing U.S. Cyber Command, with a focus on both offense and defense in the cyber domain.
  • Develop the offensive cyber capabilities we need to deter attacks by both state and non-state actors and, if necessary, to respond appropriately.

These are ambitious goals and he further elaborated on them in several speeches, such as the one he highlights on that page to the Retired American Warriors.

Cabinet choices: some of the individuals selected for cabinet positions (Attorney General and Director of the CIA) are causing a few concerns in the privacy world according to CNBC.

The president-elect’s selections for attorney general — Sen. Jeff Sessions, R-Ala. — and CIA director — Rep. Mike Pompeo R-Kan. — have argued publicly that the government needs greater surveillance powers.

McSherry said Pompeo poses a particularly worrying risk to American citizens’ privacy, as he has advocated for things like the routine mass collection and use of “social data” from third parties, like Facebook and Alphabet‘s Google. Pompeo has also called for Edward Snowden to be put to death, said Chris Calabrese, vice president for policy at the Center for Democracy and Technology.

In addition, Trump reportedly disagreed stringently with Apple’s refusal to help the FBI hack into a terrorist cell phone (you remember that story, right?). Supposedly, Trump called for a boycott of Apple products. Now we all have opinions on what was the right thing to do there, but I personally know few people who supported assisting the FBI (I opposed it and I am a diehard FBI fangirl). The issue is no matter how much we love the law enforcement of the USA, we also love the people of the USA and that includes all of their rights and responsibilities guaranteed under the Constitution. We can argue all day long what exactly that means, but if the arm of the government kept its fingers in the pies it should, there would be no problem with privacy. Unfortunately, the zeal for ferreting out bad guys seems to carry no counterweight with some law enforcement. And the history there is unden
iable.

But let’s get back to the Trump administration and cybersecurity.

He is openly supportive of the US launching offensive cyberattacks (as evidenced by his own statement provided above). Now, I am not a politician or policy-maker, but I see both good and bad there. I’d love to hear from true cyber-experts if that is the way to go. In most competitions, being strong defensively as well as offensively is highly advised. But will there be a system of checks and balances that draws a clear, uncrossable line? BEFORE there is real harm?

I, for one, truly hope that the new administration continues to build on the advancements made by the current administration. As a nation, we must protect ourselves; but as individuals, we must also protect ourselves and each other. We must avoid a mob-mentality and not give in to mass hysteria…unless a situation becomes so untenable that it takes a national uprising to protect our rights and wellbeing.

I am just not sure what direction that takes or what music it’s dancing to…

What I am sure of is that Trump thinks more in terms of business than politics. Given his recent meeting with Silicon Valley icons, my hope is that he will play ball – or as the title suggests  dance like a businessman (sorry, not sorry) and look for the greater partnerships, which just might be a good thing for us, our privacy rights, and our national cybersecurity efforts. We will have to watch carefully and quickstep if we see it going the other direction. I am afraid this is not one issue that can be stopped easily if it gains tremendous movement – and that can apply in either direction. So here’s to dancing in the right direction!

“I think I’m Doing Too Much”

I think I’m doing too much. My family had never heard me say those words. Never. And I don’t just mean my kids – my mom, everyone/no one. Those who know me might recognize that I am a hyper-personality, high spirited, too “damn” perky – pick your descriptor. I have always been busy. I started work at maybe 13, 14 years old. I know in one job, I lied about my age….could never get away with that now!

I never cared much for grades, so it is not that I was one of those over-achieving students. I wanted the knowledge, not the external recognition. Given that I generally scored in the top half percent of the top 1% of all those standardized tests, I was classified as a classic underachiever. You laugh now.

But I became too busy. Personally and professionally. privacy lawyer, silicon valley global med tech company check. BCRs (controller and processor – first ever dual application) check. HIPAA check. Emerging tech check. lawyer check. executive check. consulting check. blogging check. start writing a book (check, but leave unchecked that I finished it) – same with PhD  in dissertation phase for 3 years now. Check check check. Happily married finally. 2 amazing, accomplished daughters. Leadership roles in global professional organizations. volunteering with non-profits. great friends. good books. loving pets. awesome home. 150+ pairs of shoes. Mrs. Scottsdale America. Speaking on a variety of subjects to different audiences. teaching law classes. Mercedes AMG. money in savings. off most lupus meds. I even lost 30 pounds. checking all over the place. BUT….

– I was busy, but things were getting accomplished. Yet for the first time in my life – I was overwhelmed. I mean, hell – I survived things that killed others. I know I am lucky – and I give the praise to the God I trust and worship. But I was overwhelmed. Even my adult ADD wasn’t saving me this time.

I have learned that when you need to slow down, you either do it or you’re forced to do it. 

So I have slowed down. I am able to take stock of my goals and my 5 – 10 – 15 year plan. I kinda sorta had a plan, and executed it immaculately despite myself. I know what it important for me professionally and personally – and everything else. everything. is nonessential to my life.

Face the hard decisions. And face them head on with determination and consideration. Be brutally honest with yourself about what matters – and what is simply busy work, or chasing a dream that you thought you should have, or doing things that are expected of someone in your field. Focus on what matters. And yes, professional goals matter too. We spend most of our waking hours working (which can suck if you don’t do what you love), so don’t knock having professional goals and dreams.

Some of us may not be in a position to be choosy, but if it is at all possible – take a step towards being in a place to choose. One step at a time. My goal, growing up poor in Mississippi was 1) be able to walk into a superstop (quickie mart, 7/11, whatever the local corner store is) and buy a coke without having to balance my checkbook first and 2) go on a great vacation every year. #1 I can do. #2 – my definition of a great vacation seems to be morphing.

I’m still young (I tell people I am 74 and looks dayum good for my age), but I am 47 years old. I am young and in a field (privacy law) that is growing leaps and bounds. I know and love some amazing people, both personally and professionally, and I work for some phenomenal people/companies that I respect and hope to continue those relationships.

And I still need to finish that dissertation. this year.

So being too busy was my come to Jesus moment. And I survived it with some hits to the pocket book, ego, health, and personal matters. Maybe that is what it took. I do not ever want to say or feel those words again. I want to be in deliberate control of my life. Live with purpose.

 

Lights! Camera! Privacy! wuuuut

privacy-movie-cutWhat?? Movies about privacy? I mean, cutting edge, action-packed, thriller movies about privacy! Not since the Alfred Hitchcock horror classic Psycho where the poor girl’s privacy was blown to bits (or stabbed to bits) has privacy been so prevalent in movies. (and anyone who doesn’t think killing a naked woman in the shower for entertainment purposes is about privacy .. . define “naked”)

Jason Bourne. Silicon Valley, megabillions, internet start-up conspired with the CIA to build in back doors in exchange for funding and then only tried to stand up for privacy once the start-up Deep Dream made all their money. I make no judgments about their lack of reality with technology, just that to the masses, when the CEO tells the CIA director played by the amazing Tommy Lee Jones, “Privacy – you should be protecting it!” (or something like that, I was writing on a napkin in the dark, people) – it was stellar!

There was a party in my privacy geek genes.

And then! Then it really went crazy when I saw Now You See Me 2. First, I love this movie. Movies that keep me guessing…don’t happen often. This one did. LOVED IT. Not to mention the amazing cast of characters. plus magic. equaled MAGIC!! And again, about privacy. The wizard, no wait, magician – no, he wasn’t a magician, he was a paranoid spoiled illegitimately-claimed illegitimate son of a millionaire who wanted to steal a chip that provided back doors into everyone’s life. He wanted to be private. And he claimed that you cannot reform the system from within it (which has major philosophical implications for a later discussion).

But wheeeeee – the privacy geek genes are still partying!

 

 

 

ACC WITH: Global Women in Law

20160621_172608Tonight, a dream came true. A vision took form.

The Association of Corporate Counsel (the organization for in-house attorneys with about 40,000 members worldwide) launched their global initiative supporting women attorneys.

It all started with one question “Does the ACC offer programming for women?” The answer was no, but we should. And two years later, here we are. In the brilliant hands of Jennifer Chen, the Director of the ACC Foundation, this program has not only been put in place, it has grown wings.

It took a cadre of amazing ACC attorneys (Tracy Stanton, Jennifer Mailander, Katia Bloom, and many others) along with the ACC (Veta Richardson, Tori Payne, and also many others) to share the vision and take actionable steps to make it happen. Last October, we did a soft launch of WITH at the ACC Annual Meeting, where we held a breakfast with inspiring, accomplished women attorneys. We did surveys, wrote articles, developed toolkits, and spread the word.

That word resulted in honoring three women tonight who have truly forged the path and had a vision and a plan long before us: Irina Bokova, Director-General, UNESCO; Gloria Santona, Executive Vice President, General Counsel and Secretary, McDonald’s Corporation; and Charisse R. Lillie, Fellow and Vice President of Community Investment
Comcast Corporation, Executive Vice President, Comcast Foundation. The fabulous Sunny Hostin, Senior Legal Correspondent & Analyst, ABC News led the discussion, which touched on many key points – mentoring and having a sponsor for one’s career, situations in which they noted “this is what it means to be a woman in the legal field,” salary, plans, and advice. They held the room enthralled – about 200 attendees all nodded their heads in agreement and there were more than a few “yeah. Yeah!” heard around the room.

And this was after David Nabarro, Special Adviser to the United Nations Secretary-General on the 2030 Agenda for Sustainable Development and Climate Change inspired the room with his talk on the 17 goals in the 2030 Agenda – and how many are related to the empowerment of women.  Knowing that 193 countries are committed to seeing women empowered is simply incredible.

And the room was not just women. There were many men present as well – as it should be. Men are a critical component if women are to “live under the sky” (as opposed to breaking the glass ceiling in a few spots here and there).

We all hope to see this field equalized and celebrate the difference that women make. One thing Irina said really resonated with the audience. When a woman reaches a certain position or role, there are high expectations – people are watching. She must do an exceptional job and far surpass expectations. Yet men in the same role are only expected to do the job. They don’t need to surpass expectations, no one is “watching.” At some point, we – as women – want to be average. Let us simply do the job. Because we can. But it is really hard to always exceed expectations that are only set for one half of the profession. Hitting a metric that should not exist is simply unreasonable.

We are excited about our next steps. And we welcome you to the effort. We have a huge initiative in place with Diversity Lab and the onRamp  Fellowships. Caren Ulrich Stacy, the founder, is truly a giant among giants (I think I fell a little in love with her). Five corporate powers have signed on to her program to help women re-enter the legal workforce.

You know you want to be WITH us. Feel free to contact me or the ACC Foundation to learn more. http://www.acc-foundation.com/