Microwaves, wiretapping, and genetics

Thanks to a friend and colleague, Prof. Gary Marchant at the Sandra Day O’Connor College of Law at ASU, I was invited to join Gary and Caroline Lynch to speak with 3TV’s Politics Unplugged’s Dennis Welch on March 19, 2017.

The questions were on three main topics…

It was quite lucky that each of us has recently researched or worked with one of these topics respectively.

Caroline took the first issue on wiretapping and discussed the relevant laws and historical context. It is possible, but it is unlikely that Trump was targeted directly.

On genetics, there is a bill working its way through Congress that would permit employers to collect genetic information, in this case related to wellness programs. Unfortunately, under the Genetic Information Nondiscrimination Act  of 2008, genetic information includes information about relatives, which is standard information doctors ask during physicals – do you have a family history of heart attacks, high blood pressure, cancer, etc.

On microwave spying – well, that one came to me.  Microwaves are not typically equipped with cameras and microphones, but they could be and the average consumer – or heck, even the sophisticated consumer – would not know it. In fact, in 2016, a hacker used a series of smart toasters to take down multiple major websites. It’s possible, but unlike Samsung TVs, not likely.

My favorite quote in the entire video is when Dennis asked for our last words of wisdom. Yours truly announced that we’re not paranoid if it’s really happening…

For the full video, watch here. https://www.youtube.com/watch?v=cX5UYk19Uhc&t=36s 

(and no, no one warned me that there was no table. they were in process of moving studios…so knees together, ladies!)

Advertisements

Privacy Officers are like Washing Machines

washing-privacyPrivacy Officers (whether attorneys or non-attorneys) are a lot like washing machines. Aside from the obvious resemblance that we handle dirty laundry, let’s consider some of the other similarities.

If there is no agitation going on, nothing’s really getting done: Like other compliance roles, privacy may not always sit well with colleagues who may see us as roadblocks to their great ideas. This is one reason why in Europe, privacy officers are afforded a huge measure of protection – they must be able to act independently without fear of reprisal or role reduction. On the other hand, we are here to help get the job done right, so sometimes, we just need time to churn and roll it around a few times!

Front Load  vs. Top Load: Privacy programs function in a variety of different ways and there are benefits in all. Personally, I prefer a front load (seeing privacy as an equal partner, horizontal) rather than top load (pushing duties and mandates down, vertical build), but they all get the job done.

Newer Models: Are the fresh new models really better? Or do they simply have more bells and whistles even though the core job is still a high quality result?

Added Technology: However, maybe those newer models do come with some extra technology, such as sensing the load, adding in steam cleaning, and using less detergent. There are lots of significant considerations when employers look for years of experience – maybe they need years, but maybe they need technical enhancements.

Washing Only, Please: Regardless of any bells and whistles, we really just want a machine that washes clothes. We don’t want a machine that does clothes, dishes, cooking, and floor cleaning (which sounds cool as a concept, but in reality would simply be overloaded and do nothing at a high standard).

Quiet vs. Clunkers: There are some who shake, rattle, and roll and others that are extra quiet. Neither really speak to quality, it’s just a different way of working.

We need the Right Settings to Deliver the Right Results: ‘nough said.

Capacity Limits (Overflows are Bad): Stuff too much in and expect too much done – and you get poor results. Sure, the laundry will be a little cleaner, but only marginally. Similarly, putting in too much detergent, bleach, softener – not good. Right amounts at the right times result in optimum work.

Wash first, then Dry: There’s an order to the process. Washing comes first. Cleaning by Design. If you just throw your clothes in the dryer without washing them first, you accomplish nothing meaningful other than getting warm sheets that feel good, but eventually the dirt on them causes real problems.

Don’t Leave the Laundry In: Ever had a load of laundry that was clean, but no one did anything with it after that?  Similarly, once we provide recommendations, if the business doesn’t act on it, the final product will smell a little musty.

Don’t Remove Laundry Before its Done: No one wants to manage soaking, sudsy laundry. Let the machine do its work. Now, if I could manage to be like the front load machines and simply not permit anyone to open the door without putting some controls in place…

We All Need Washing Machines: Seriously, who doesn’t use a washing machine? Whether you have one at home or use a laundromat (lots of machines, pay per load, able to handle huge loads – great business model), washing machines are simply a staple of modern life.

Consistent Work Product: Load after load. Great results. Doing the job right.

Complaints of Doing Laundry: So everyone complains about doing laundry, but the machine really does the massive, core job. Sure you have to give us the laundry to do along with the right tools – and yes, you have to do something with the clean clothes. And yet, complaints complaints complaints about “Ugh. Laundry Day.” Would you prefer not to have a washing machine or just have loads of dirty laundry lying around, getting in the way, stinking? Eventually, you could not actually walk around your house with all the piles of laundry or you’d just have to resign yourself to wearing dirty clothes. Oh wait – just go buy new clothes?  Eventually, you’d run into the same problem or run out of money. Just let the washing machine do its job and we’re all happier.

 

 

 

Do-Si-Do – dancing with privacy: Trump and Cybersecurity

Dprivate-danceruring the current U.S. president’s administration, we have seen a tremendous effort in protecting digital assets and cybersecurity. Industry experts tend to feel that although the initiatives do not take us as far as we need to go, they have covered immense mileage. Will this change under the new administration? Experts disagree on the answer.

President-elect Trump’s website provides an overview of his initiative, namely launching cyber-offense. We must keep in mind that this website is pre-office and like many presidents, subject to change once reality hits. But let’s look closer at some hints we have at what might be coming or disappearing.

On his campaign website, Trump declares four points as his vision:

  • Order an immediate review of all U.S. cyber defenses and vulnerabilities, including critical infrastructure, by a Cyber Review Team of individuals from the military, law enforcement, and the private sector.
    • The Cyber Review Team will provide specific recommendations for safeguarding different entities with the best defense technologies tailored to the likely threats, and will followed up regularly at various Federal agencies and departments.
    • The Cyber Review Team will establish detailed protocols and mandatory cyber awareness training for all government employees while remaining current on evolving methods of cyber-attack.
  • Instruct the U.S. Department of Justice to create Joint Task Forces throughout the U.S. to coordinate Federal, State, and local law enforcement responses to cyber threats.
  • Order the Secretary of Defense and Chairman of the Joint Chiefs of Staff to provide recommendations for enhancing U.S. Cyber Command, with a focus on both offense and defense in the cyber domain.
  • Develop the offensive cyber capabilities we need to deter attacks by both state and non-state actors and, if necessary, to respond appropriately.

These are ambitious goals and he further elaborated on them in several speeches, such as the one he highlights on that page to the Retired American Warriors.

Cabinet choices: some of the individuals selected for cabinet positions (Attorney General and Director of the CIA) are causing a few concerns in the privacy world according to CNBC.

The president-elect’s selections for attorney general — Sen. Jeff Sessions, R-Ala. — and CIA director — Rep. Mike Pompeo R-Kan. — have argued publicly that the government needs greater surveillance powers.

McSherry said Pompeo poses a particularly worrying risk to American citizens’ privacy, as he has advocated for things like the routine mass collection and use of “social data” from third parties, like Facebook and Alphabet‘s Google. Pompeo has also called for Edward Snowden to be put to death, said Chris Calabrese, vice president for policy at the Center for Democracy and Technology.

In addition, Trump reportedly disagreed stringently with Apple’s refusal to help the FBI hack into a terrorist cell phone (you remember that story, right?). Supposedly, Trump called for a boycott of Apple products. Now we all have opinions on what was the right thing to do there, but I personally know few people who supported assisting the FBI (I opposed it and I am a diehard FBI fangirl). The issue is no matter how much we love the law enforcement of the USA, we also love the people of the USA and that includes all of their rights and responsibilities guaranteed under the Constitution. We can argue all day long what exactly that means, but if the arm of the government kept its fingers in the pies it should, there would be no problem with privacy. Unfortunately, the zeal for ferreting out bad guys seems to carry no counterweight with some law enforcement. And the history there is unden
iable.

But let’s get back to the Trump administration and cybersecurity.

He is openly supportive of the US launching offensive cyberattacks (as evidenced by his own statement provided above). Now, I am not a politician or policy-maker, but I see both good and bad there. I’d love to hear from true cyber-experts if that is the way to go. In most competitions, being strong defensively as well as offensively is highly advised. But will there be a system of checks and balances that draws a clear, uncrossable line? BEFORE there is real harm?

I, for one, truly hope that the new administration continues to build on the advancements made by the current administration. As a nation, we must protect ourselves; but as individuals, we must also protect ourselves and each other. We must avoid a mob-mentality and not give in to mass hysteria…unless a situation becomes so untenable that it takes a national uprising to protect our rights and wellbeing.

I am just not sure what direction that takes or what music it’s dancing to…

What I am sure of is that Trump thinks more in terms of business than politics. Given his recent meeting with Silicon Valley icons, my hope is that he will play ball – or as the title suggests  dance like a businessman (sorry, not sorry) and look for the greater partnerships, which just might be a good thing for us, our privacy rights, and our national cybersecurity efforts. We will have to watch carefully and quickstep if we see it going the other direction. I am afraid this is not one issue that can be stopped easily if it gains tremendous movement – and that can apply in either direction. So here’s to dancing in the right direction!

“I think I’m Doing Too Much”

I think I’m doing too much. My family had never heard me say those words. Never. And I don’t just mean my kids – my mom, everyone/no one. Those who know me might recognize that I am a hyper-personality, high spirited, too “damn” perky – pick your descriptor. I have always been busy. I started work at maybe 13, 14 years old. I know in one job, I lied about my age….could never get away with that now!

I never cared much for grades, so it is not that I was one of those over-achieving students. I wanted the knowledge, not the external recognition. Given that I generally scored in the top half percent of the top 1% of all those standardized tests, I was classified as a classic underachiever. You laugh now.

But I became too busy. Personally and professionally. privacy lawyer, silicon valley global med tech company check. BCRs (controller and processor – first ever dual application) check. HIPAA check. Emerging tech check. lawyer check. executive check. consulting check. blogging check. start writing a book (check, but leave unchecked that I finished it) – same with PhD  in dissertation phase for 3 years now. Check check check. Happily married finally. 2 amazing, accomplished daughters. Leadership roles in global professional organizations. volunteering with non-profits. great friends. good books. loving pets. awesome home. 150+ pairs of shoes. Mrs. Scottsdale America. Speaking on a variety of subjects to different audiences. teaching law classes. Mercedes AMG. money in savings. off most lupus meds. I even lost 30 pounds. checking all over the place. BUT….

– I was busy, but things were getting accomplished. Yet for the first time in my life – I was overwhelmed. I mean, hell – I survived things that killed others. I know I am lucky – and I give the praise to the God I trust and worship. But I was overwhelmed. Even my adult ADD wasn’t saving me this time.

I have learned that when you need to slow down, you either do it or you’re forced to do it. 

So I have slowed down. I am able to take stock of my goals and my 5 – 10 – 15 year plan. I kinda sorta had a plan, and executed it immaculately despite myself. I know what it important for me professionally and personally – and everything else. everything. is nonessential to my life.

Face the hard decisions. And face them head on with determination and consideration. Be brutally honest with yourself about what matters – and what is simply busy work, or chasing a dream that you thought you should have, or doing things that are expected of someone in your field. Focus on what matters. And yes, professional goals matter too. We spend most of our waking hours working (which can suck if you don’t do what you love), so don’t knock having professional goals and dreams.

Some of us may not be in a position to be choosy, but if it is at all possible – take a step towards being in a place to choose. One step at a time. My goal, growing up poor in Mississippi was 1) be able to walk into a superstop (quickie mart, 7/11, whatever the local corner store is) and buy a coke without having to balance my checkbook first and 2) go on a great vacation every year. #1 I can do. #2 – my definition of a great vacation seems to be morphing.

I’m still young (I tell people I am 74 and looks dayum good for my age), but I am 47 years old. I am young and in a field (privacy law) that is growing leaps and bounds. I know and love some amazing people, both personally and professionally, and I work for some phenomenal people/companies that I respect and hope to continue those relationships.

And I still need to finish that dissertation. this year.

So being too busy was my come to Jesus moment. And I survived it with some hits to the pocket book, ego, health, and personal matters. Maybe that is what it took. I do not ever want to say or feel those words again. I want to be in deliberate control of my life. Live with purpose.

 

Lights! Camera! Privacy! wuuuut

privacy-movie-cutWhat?? Movies about privacy? I mean, cutting edge, action-packed, thriller movies about privacy! Not since the Alfred Hitchcock horror classic Psycho where the poor girl’s privacy was blown to bits (or stabbed to bits) has privacy been so prevalent in movies. (and anyone who doesn’t think killing a naked woman in the shower for entertainment purposes is about privacy .. . define “naked”)

Jason Bourne. Silicon Valley, megabillions, internet start-up conspired with the CIA to build in back doors in exchange for funding and then only tried to stand up for privacy once the start-up Deep Dream made all their money. I make no judgments about their lack of reality with technology, just that to the masses, when the CEO tells the CIA director played by the amazing Tommy Lee Jones, “Privacy – you should be protecting it!” (or something like that, I was writing on a napkin in the dark, people) – it was stellar!

There was a party in my privacy geek genes.

And then! Then it really went crazy when I saw Now You See Me 2. First, I love this movie. Movies that keep me guessing…don’t happen often. This one did. LOVED IT. Not to mention the amazing cast of characters. plus magic. equaled MAGIC!! And again, about privacy. The wizard, no wait, magician – no, he wasn’t a magician, he was a paranoid spoiled illegitimately-claimed illegitimate son of a millionaire who wanted to steal a chip that provided back doors into everyone’s life. He wanted to be private. And he claimed that you cannot reform the system from within it (which has major philosophical implications for a later discussion).

But wheeeeee – the privacy geek genes are still partying!

 

 

 

Why Work in Privacy?

top 5Often, when asked what I do, the person is totally flummoxed when I respond that I am a privacy attorney. Sometimes, they will even ask – what does that mean? Well, if I said I was a contract attorney or a patent attorney, they would understand, right? It means I handle contracts or patents – or specifically in my case, I handle privacy.

Ah – that’s the problem, they don’t understand privacy. I mean, seriously, how do I find enough work to fill 40 hours a week?

Privacy is the concept that information about ourselves is only shared to individuals/companies  whom we want to know those things about us.

Simple, right? Not so much.

So why would anyone want to work in privacy? All day long, every day, the whole year, for decades, we fight a battle that few people ever see. It’s like starring in a vampire drama – there’s a fight happening in a world that most people don’t see and would not believe. And like vampires, we typically work in the dark, our emergencies happen at night, and we live off a critical element that is very personal to people….data. And to most of our colleagues, we’re the boogie men who come to steal your profits while you’re sleeping (or when you’re bad).

So why work in privacy?

My top five reasons:

  1. I’m such a geek rebel that I C# and bleed java. I am building a complete Padme parade dress costume for ComicCon. My UAV isn’t even registered. I speak in movie quotes. And Sheldon is my hero. Bazinga!
  2. Unlike most corporate attorneys, I may work for the company, but my job is to protect the little guy. I always did go for the underdog – I liked Tom Wopat not John Schneider and I preferred Larry Wilcox to Eric Estrada. I may look like a heartless corporate attorney, but really…I’m all squishy inside.
  3. The field is growing by leaps and bounds. Everywhere you turn, there is data being collected, used, shared, abused, lost, forgotten, manipulated, and more! Technology is getting smaller, stronger, and can  hold more data.
  4. The privacy field is a gender neutral one.  Perhaps because of the way it grew up, women tend to  have equal pay and leadership roles.
  5. My ADD (Attention Deficit Disorder) has free reign! I am  never bored; I can work on 46.3 projects at a time; and given how fast the field changes – if I don’t like something, it is likely to be different tomorrow.

Being a privacy professional is a calling for certain people and requires flexibility, rampant curiosity, thick skin, and a relentless gift for persuasion. If you don’t love it – don’t get in it. It is not a profession for those seeking glory or an easy desk job.

Teachers gone Wild: Lifestyle Privacy

Many public sector employees are held to higher standards than the average person due to the nature of their position and their potential influence on other people. Should they be? Is this discrimination? Is the discrimination justifiable?

bad teacher

courtesy of sony pictures

At times, we see a morals clause used to address potential misbehavior. A morals clause is a contract provision, typically used in relation to public figures (athletes, acting, news and political personalities) that prohibits the employee engaging in certain acts. These disallowed acts may include inappropriate sexual acts or drug use, but can include requirements that the employee “dress neatly in public, to conduct himself according to the highest standards of honesty and sportsmanship, and to refrain from doing anything that would be detrimental to the best interests of the team or league” (for further information, please see this article).   Engaging in social media insults of one’s employer could fall within a morals clause, but would not be something the typical employee/employer would encounter – although it is becoming more common for executives.  This, however, completely aside from the National Labor Relations Board’s decisions and guidances on social media policies.

Additionally, there are still certain career fields in which the employees are seen to be role models to our youth. One example of this relates to the private lives of teachers (see this story on a kindergarten teacher fired for nude photos). Before the advent of social media, teachers’ private lives were more easily separated from their professional lives. While being subject to public scrutiny may not be new, having one’s personal life so easily available is relatively new, as is facing severe repercussions from them (and this does not acccount for the egregious phenomena of impersonators).  Courts have taken two avenues to evaluate whether a teacher’s private actions are subject to employer review: a public official view or a student-speech view (whether the speech would substantially interfere with the educational duty) (Miller 2011).

Miller states that “[t]here are basically four types of internet speech that could put at risk a teacher’s relationship with his or her school district: 1) befriending students on social media sites and communicating inappropriately with them, 2) criticizing the district, school, students, parents, or the community online, 3) posting what school districts may deem as inappropriate photos  or comments (usually things that are sexually explicit or that promote alcohol or drug use, and 4) commenting on political or social issues.”  Teachers may see more disciplinary action and control if their private-life postings are viewed from a perspective of being a public official and in a position of trust than if considered whether their posting substantially disrupt the educational duty.

The question that we face is “Is this right?” Is it okay to restrict a teacher’s private life because we feel that they should be held to a higher standard than other people? What about cops, firemen, nurses, doctors, lawyers, preachers, etc.? More specifically – or more generally, I guess – is it fair to hold anyone to a certain standard in their private life as long as the behavior is not illegal?

Which brings us to lifestyle laws (more appropriately called lifestyle anti-discrimination laws, but for the sake of brevity and ease of conversation, I will call them Lifestyle laws). Lifestyle laws prohibit discrimination against someone at work based on their personal lifestyle choices – and in most cases, this is directed towards risky health behaviors, such as smoking, as applied to health insurance premiums through one’s employer.  In many states plus the District of Columbia, employers are prohibited from banning employees from smoking off work premises. Plus, twelve states protect the use of any lawful product during non-work hours, such as alcohol or even unhealthy foods. Currently, only California (CAL. LAB. CODE § 96(k)), Colorado (COLO. REV. STAT § 24-34-402.5(1)), New York (N.Y. LAB. LAW § 201-d(2)), and North Dakota (N.D. CENT. CODE § 14-02.4-03) have comprehensive protection statutes that protect employees for any lawful activity outside work.

Not only do the various state laws differ in what behavior they protect, but courts interpret them differently. Once you mix in social media, it’s a circus out there! People should be free to do what they want to do within legal boundaries and laws should not be required to permit people to do so. Good googli moo.

Keep in mind that there are federal laws (Title VII of the Civil Rights Acts of 1964) against discrimination of protected classes and disabilities (Americans with Disabilities Act)- so lifestyle laws are in addition to any protection under these areas. Plus, in general, government employees are protected by equal protection and due process clauses of the federal constitution.

I leave you with this thought – are we as a society free to engage in lawful behavior even when it indirectly impacts others’ lives (such as higher health care costs)?