Royal Privacy

This week, we visited the Palace of Versailles, not too far outside Paris. It was simply amazing. But privacy…. not a thing. Originally, King Louis XIII built this “hunting lodge” as a way to escape palace life- to gain some moments of privacy.

palace and gardens

 

His son, King Louis XIV (any inaccuracies are completely mine….) expanded this lodge to a palace and moved the French court and seat of government to Versailles, where a complete town grew up around it to support the influx of nobles and their needs.

But Louis XIV essentially had no privacy. From the waking up ceremony at 8:30 am witnessed by over 100 members of the court to activities, dining, and retiring to bed, he was constantly in company. The court considered it a right to be in the presence of the Sun King.

 

Even childbirth was in front of hundreds of witnesses until Marie Antoinette, wife to Louis XVI, nearly died in childbirth. Hundreds of people from nobles to chimneysweeps (the latter of which climbed onto sofa backs to have a better, direct view) crowded the chamber to witness the birth. A royal birth must be witnessed to ensure the babe is truly the royal one.  Marie Antoinette fainted, supposedly from the heat caused by all the bodies, lack of air flow, and stress of a long birth. King Louis XVI, quite scandalously in love with his queen, had everyone removed (some forcibly) and the windows thrown open. He then declared that no royal births would be so public. The witnesses were thereafter decreased to those necessary, which still number a few dozen.

 

 

So, if one is a Royal (present author excluded), privacy is a rare and unexpected gift.

Advertisements

User or Loser: two factor authentication

img_20170212_075558

This week I have received 5 “congratulations,  your email blanketyblank.royal@gmail.com has been created. ” But for two factor authentication,  I would be hacked.

Let’s discuss what this is and why you need it.

Two factor authentication means you use two “things” to verify your account. You might use a password plus a security question: standard for banks.  Security questions are not the best type for two reasons: 1) the answers are the games you play on social media… where were you born,  what was your high school mascot, your favorite teacher,  your first car, etc.? And 2) if the questions are obscure enough,  you forget the answers. My first pet could be the first one I know of (my parents’ dog), the first one they got me, or the first one I got myself.  For kicks and giggles…Who out there doesn’t use his/her mother’s maiden name?

So, other second factors include recognizing a token upon log-in, biometrics, and sending a verification code to phone or email.  The latter is my favorite.

Why is two factor (or multi-factor) authentication important? To prevent theft and fraud. Is there anyone who uses a computing device who has not been affected by a data breach, such as Yahoo’s 2 billion email hack? If you think not,  you just aren’t aware of it yet.

When passwords are breached, thieves have fun. They have automatic scripts that run your email address (and any usernames in your email, such as account set up notifications) and password against all known bank and credit card sites. Often people use the same password and simple iterations of that password, like password11, password22, etc., on everything.  Stop doing that!!

With two factor authentication,  you’ll know if someone is trying to hack you and you’ll put a virtual foot up a hacker’s virtual butt… and his/her real fraudulent plans.

Use it or lose.

 

Privacy Officers are like Washing Machines

washing-privacyPrivacy Officers (whether attorneys or non-attorneys) are a lot like washing machines. Aside from the obvious resemblance that we handle dirty laundry, let’s consider some of the other similarities.

If there is no agitation going on, nothing’s really getting done: Like other compliance roles, privacy may not always sit well with colleagues who may see us as roadblocks to their great ideas. This is one reason why in Europe, privacy officers are afforded a huge measure of protection – they must be able to act independently without fear of reprisal or role reduction. On the other hand, we are here to help get the job done right, so sometimes, we just need time to churn and roll it around a few times!

Front Load  vs. Top Load: Privacy programs function in a variety of different ways and there are benefits in all. Personally, I prefer a front load (seeing privacy as an equal partner, horizontal) rather than top load (pushing duties and mandates down, vertical build), but they all get the job done.

Newer Models: Are the fresh new models really better? Or do they simply have more bells and whistles even though the core job is still a high quality result?

Added Technology: However, maybe those newer models do come with some extra technology, such as sensing the load, adding in steam cleaning, and using less detergent. There are lots of significant considerations when employers look for years of experience – maybe they need years, but maybe they need technical enhancements.

Washing Only, Please: Regardless of any bells and whistles, we really just want a machine that washes clothes. We don’t want a machine that does clothes, dishes, cooking, and floor cleaning (which sounds cool as a concept, but in reality would simply be overloaded and do nothing at a high standard).

Quiet vs. Clunkers: There are some who shake, rattle, and roll and others that are extra quiet. Neither really speak to quality, it’s just a different way of working.

We need the Right Settings to Deliver the Right Results: ‘nough said.

Capacity Limits (Overflows are Bad): Stuff too much in and expect too much done – and you get poor results. Sure, the laundry will be a little cleaner, but only marginally. Similarly, putting in too much detergent, bleach, softener – not good. Right amounts at the right times result in optimum work.

Wash first, then Dry: There’s an order to the process. Washing comes first. Cleaning by Design. If you just throw your clothes in the dryer without washing them first, you accomplish nothing meaningful other than getting warm sheets that feel good, but eventually the dirt on them causes real problems.

Don’t Leave the Laundry In: Ever had a load of laundry that was clean, but no one did anything with it after that?  Similarly, once we provide recommendations, if the business doesn’t act on it, the final product will smell a little musty.

Don’t Remove Laundry Before its Done: No one wants to manage soaking, sudsy laundry. Let the machine do its work. Now, if I could manage to be like the front load machines and simply not permit anyone to open the door without putting some controls in place…

We All Need Washing Machines: Seriously, who doesn’t use a washing machine? Whether you have one at home or use a laundromat (lots of machines, pay per load, able to handle huge loads – great business model), washing machines are simply a staple of modern life.

Consistent Work Product: Load after load. Great results. Doing the job right.

Complaints of Doing Laundry: So everyone complains about doing laundry, but the machine really does the massive, core job. Sure you have to give us the laundry to do along with the right tools – and yes, you have to do something with the clean clothes. And yet, complaints complaints complaints about “Ugh. Laundry Day.” Would you prefer not to have a washing machine or just have loads of dirty laundry lying around, getting in the way, stinking? Eventually, you could not actually walk around your house with all the piles of laundry or you’d just have to resign yourself to wearing dirty clothes. Oh wait – just go buy new clothes?  Eventually, you’d run into the same problem or run out of money. Just let the washing machine do its job and we’re all happier.

 

 

 

teaching, learning, doing,& dreaming

It’s been a dream of mine to teach college or more correctly, simply be involved with college students at some level. See, right out of law school, I worked at the Sandra Day O’Connor College of Law at Arizona State University. It was not named after that glorious woman when I started, but I was there during the renaming.

teachI’ve had this dream and as I write this entry, I have to wonder how this sounds. Do I think I am so great that I should have the chance to influence others? Or is it that those cannot do, teach? Not so narcissistic as the former and not so incompetent as the latter. Or so I hope.

I feel in love with the relationships one builds with students – how they change and grow, how they learn, how one small thing can change their lives and they can go on to change the lives of others. Yeah yeah. I’m a dreamer. But I truly believe in the power of people and only people can change this world. And we need all the people in this world to be part of the change – if you’re not part of the solution, you’re part of the problem, right?

I mentored a fabulous young man, Juan, starting when he was in 5th grade until he finished 8th grade. We stayed in touch and he came to live with us later to go to college. We had a conversation about why going to college was important when he could get (and he had) a job he loved that paid him well. It’s not about the money, it’s about the ability to participate actively in the governance of your community. Civic engagement. Now, that can happen at all levels, but in this nation, we have a huge problem – most leadership positions are held by a rather homogenous group. We need minorities and women to be equally represented. Until the leadership of this nation resembles that of its people, we will continue to experience the consequences of non-representation.

I had left academia due to my husband’s job and have been trying to get back to it ever since. Few colleges want to hire in someone who has been in the corporate world (and the pay cut is hard to take in order to work one’s way up the ranks), so my options are to volunteer and/or be an adjunct professor. (Now, if there is anyone with a college or university reading this – trust me, I am so worth the seeming risk. It’s my calling.)

This past year, my dream started coming true.  I am now teaching an online course in fundamental law to master’s students and an in-person course on privacy (big data and emerging technologies). And oh my goodness, the students are so worth it. I love the engagement, the discussions, the worries and questions. And I love having both populations of students: online grad students and in-person. Funny, I never considered that my in-person would include undergrad students, but it does! How cool is that?

I’ll never be a scholar (despite my PhD efforts) – I am not so eloquent or studious. I am a practitioner and a very practical one at that. I have the opportunity to combine my two loves – privacy and students. And for now, I am in hog heaven. good googli moo

 

first step to 642 PRIVACY things to write about

642 51WAhDYHNcL._SX418_BO1,204,203,200_There never seem to be a limit to issues about which to write involving privacy or data protection. However, I like to run a different path at times and well, when I want to run the same path as others, it may just be coincidence. Recently, we’ve had all kinds of good stuff to write about – the Wyndham decision, Microsoft slipping in tracking tools to Windows 7, voting selfies, and the Ashley Madison hack (to which I refuse to link). I just get bored.

I bought this book a while back and use it in place of a personal journal. I could never consistently keep a journal – I was bored rehashing my life…it’s a recurring theme with me – blame the ADD. So I use this book and date the entries. Of course, I just randomly choose pages and topics, so the dates are interspersed throughout the book.

It occurred to me that I could take this same tactic to privacy. 642 things to write about … in the privacy world. Sure, I’ll still highlight critical issues and add my own little commentary at times – and I’ll give HIPAA tutorials and professional advice. But, this sounds like a fun way to do it – and goodness knows what we’ll wind up with. It’ll be a fun little journey.

A privacy officer, a professor, and a patent attorney walk into a room . . .(what happened at the LSI community board)

A privacy officer, a professor, and a patent attorney walk into a room . . .brain

Wait for it.

Oops, there’s no punch line.

There is a whole lot of brain power, collaboration, and excitement.

And trust me, you have not seen excitement until you see those listed above along with about thirty of their colleagues gather in one place to discuss fascinating topics.

Last week, I had the honor to attend the first Law, Science, and Innovation Center of the Sandra Day O’Connor College of Law Community Board meeting. This is a school and a center to which my heart belongs. Along with professors of both the College of Law and ASU in general, there were alumni (some of my favorite people, such as May Mowzoon, a patent attorney), elite staff (such as Deb Pogson, the managing editor for Jurimetrics), and many community affiliates from small companies and large ones. In fact, I met a gentleman with whom I will soon be speaking on a panel with at the State Bar of Arizona’s 2015 convention – “The Perils of Connectivity – Privacy and Security on the Internet of Things.”

The format of the community board is geared to make the board more substantive rather than an operational board for the center. To this end, the center presented four topics and then we broke up into working sessions for each topic – we could each choose two working groups for thirty minutes each.

The two topics I was not able to make it to were:

Airspace in the Age of Drones by Prof. Troy Rule – which was not about military drones (unmanned aerial vehicles: UAVs), but more about personal use drones. The elements he brought into question were wonderful. He posed three issues:

  • Who should regulate these personal drones? The FAA? The airspace in which these drones are flown are not in the FAA-regulated airspace, but local agencies are reluctant to touch what may fall into the FAA area.
  • Where are the private property rights and where do they stop? What are the privacy rights? If someone is flying one of these drones with a GoPro camera strapped to it…do you have rights in the privacy of your backyard from 300 feet up?
  • What are the rights and limitations on law enforcement? A whole nest of topics arise here.

As the opening topics, loved the collegial competitiveness, he dared Prof. Hodge to follow that.

Public Health Law: HIV and the Religious Freedom Restoration Act in Indiana by Prof. James Hodge. Okay. wow. Two controversial topics. There is a lot of information out there about the RFA, but not a whole lot about how it may impact huge public health concerns. A rural area in Indiana saw more than 100 diagnosed with HIV – unprecedented.

One way that has been proven to control the spread of HIV is a needle-exchange program, which has opponents. Most opponents do so on religious grounds. How do these two controversial topics play together? What are the impacts to public health? Fascinating intersection of two seemingly unrelated topics that may well have big repercussions.

Now, the two that I did participate in the working groups:

Biomarkers for Concussion Susceptibility and Effects by Prof. Betsy Grey. This topic was about concussions, chronic traumatic encephalopathy (CTE), and biomarkers. The presence of traumatic brain injury seems prevalent in professional/college football, but football injuries account for a small percentage of events. Yet the news is sensational given recent actions by linebacker Chris Borland of the San Francisco 49ers and the University of Michigan offensive lineman Jack Miller.

The issues are numerous (and more details can be found here) – can biomarkers predict those vulnerable to CTE or are the biomarkers only slightly helpful and then only after repetitive injuries? Would there be an effect on waivers, disclosures, insurance, etc. if biomarkers were accurate? Is the root cause more to do with protection or false security in protection, such as helmets? Apparently, real football players and rugby players think we Americans are simply wimps. Yet, the over-reliance of inadequate protective gear can and does lead to worse injuries. The rules for rugby hits are much stricter than our football rules.

There is hope that a concussion could be diagnosed on the field with saliva.  Another route is to enhance the return-to-play laws in every state. Yet another route is to look at health professionals in/on/around the field, such as athletic trainers. As a former RN, this topic fascinated me. I have also done quite a bit of research into certified athletic trainers, so I know it is a growing field. As for biomaarkers…just because they are present, does not mean they are beneficial – is the company backing the research simply creating a false solution for a problem that is way beyond biomarkers?

Big Data by Prof. Gary Marchant. Now this is a topic that is popular pretty much everywhere and one that I live and breathe on a daily basis. To paraphrase one of my favorite poems:

     Data data everywhere, but no one stopped to think.
     Data data everywhere, and all the privacy rights did shrink.

Big data is the phenomenon with the massive accumulation of data on everyone. Prof. Marchant presented information from IBM that there are four characteristics of big data: volume, velocity, variety, and veracity. Love that synopsis. Many years ago, in law school, I started a paper on the impacts of location based services on cell phones. I never actually finished the paper (and have since apologized profusely to my professors, one of whom was Prof. Marchant). My research was at the very early stages and somehow, I should have known I would wind up in privacy. Technology simply fascinates me – and what technology means to data and further, to privacy simply gets my motor running.

Three aspects in his presentation really captured my attention: smart dust, life caching, and genetic surveillance. Here’s the issue I see – the technologies are built by people who develop technology: geeks. Then other people take this technology to use it to capture data in ways probably never imagined: business and marketing people. If it was imagined, many geeks don’t care about laws (sorry, married to a geek – am a privacy geek – it’s not an insult, just a state of being). The ability to capture data is sexy. The ways to use that data is sexy. The ways to match that data across machines and time is terrifying yet still sexy. Like a killer seductress. Data Succubi.

It was a great community board meeting. The attendees were enthralled by the idea of engaging in substantive work. It is a good move by the center to capture the interest of the community and alumni. I truly look forward to being more involved.