Privacy and security are typically good things. But the way they are implemented or presented to real people to follow in the real world are not always realistic. Sometimes they are just down right ridiculous.
Tuesday, December 31, 2013
Privacy: Word of the Year; Pursuit for the New Year
Every year over the past 5 years was supposed to be the ‘Year of Privacy’. So it is not surprising that Dictionary.com gave the word ‘privacy’ its 2013 Word of the Year award. (We can be thankful it wasn’t ‘twerking’ or ‘selfie’). Considering that their 2012 word was ‘bluster’ (?) or worse, their 2012 word was ‘tergiversate’ which means “to change repeatedly one’s attitude or opinions with respect to a cause, subject”, I think they got it spot on this year.
Typically, Dictionary.com selects a word that rose to prominence (or infamy) through common usage during the year (like ‘Occupy__’ or ‘Arab Spring’). It appears as though this year, they chose a word that encapsulated an overall quality of 2013. It’s about time.
Considering the ubiquity of the word and more so the very notion of privacy and its importance to everyone, ‘privacy’ deserves its day in the sun, and a nod to the words permanency, unlike the selections of the past few years.
It’s increasingly evident that people are really ready to embrace more than just the theoretical word. The fundamental understanding of the value of personal privacy has been assimilated this year like never before. Between the Wikileaks disclosures, the NSA spying on American’s cell phone calls, and the almost daily revelations of how companies of all stripes capture their customer’s data via browsers or mobile apps, the abstract value of privacy has more than congealed in the minds of consumers. There is even talk of the monetization of one’s privacy and how a consumer can ‘exchange’ their privacy for some nominal value to a business. Consumers realized that privacy and convenience has always been a trade-off, now it seems like the trades are just getting better. AT&T, for example, recently offered a 30% discount to users of their GigaPower broadband service to customers who must agree to participate in AT&T Internet Preferences behavioral tracking and ad service. According to AT&T’s Internet Preferences, they "may use your Web browsing information, like the search terms you enter and the Web pages you visit, to provide you relevant offers and ads tailored to your interests." Interestingly, some of the offers will come via snail mail.
Insurance companies are also in on the action. Progressive, Allstate and State Farm all have similar ‘monitoring for a discount’ offerings. State Farm’s program, named Drive Safe and Save, allows for a calculation of risk, by way of a small device added to a car’s diagnostic port that tracks real-time driver behavior. Factors such as speed, mileage, lane changes, location, time of day and braking urgency are captured, measured and analyzed. What’s the payoff for drivers? A 5 percent discount immediately, and then are eligible for further cuts of up to 50 percent after six months of monitoring, depending on what the record shows. Though somewhat financially intriguing for the cost-conscious, it implies that there are other not-so-good drivers who will make up for the discounts offered to good drivers. What is disappointing to some about this approach is that it makes privacy into a zero sum game: some have to lose if others are to win. You may feel, however, that this is the ultimate victory for consumers: choice. If you want to trade away your privacy for a discount (or a coupon, chocolate bar, rebate, etc.) then you should be able to; the ultimate luxury is having options.
Either way, it is very good news for consumers and the privacy-mindful everywhere that the notion and expression of ‘privacy’ has come forward in the consciousness of our society. Let us not make this year’s word a quaint and curious concept with a sell-by date only to be forgotten next year or tossed into the ash heap of grammatical history (‘Gangnam’ anyone?). It would be wonderful to never have to think of the word again as unique and something to strive for. Let’s take it off the pedestal, shall we? I’d rather that we take the word this year as a call to action for next year, and every year thereafter, and assimilate the word and its implications into our daily life, our actions and activities, and choices. What a better New Year’s resolution can you have than that?
Happy New Year everyone!
Monday, November 11, 2013
Social Media's Password Law Teapot Tempest
As of November 2013, 12 states have passed so-called ‘social media password’ laws. These laws are designed to prevent employers from asking existing employees or prospective applicants for their credentials to access their social media sites. The intent of the laws is to prevent employers from prospectively, and possibly erroneously, getting an idea of the behavior, opinions, lifestyle or actions or existing or prospective employees so as to, ostensibly, determine their current or future merit as employees, and, I guess, to pre-judge whether or not this person truly represents the ‘values of the company’. Companies are still free to view social media pages of people that have no restricted access on their sites, have information that is publicly available, are open to all, or are voluntarily offered by the employee/candidate. (As an amusing aside, the names of the laws range from the innocuous and vague – ‘Internet Privacy Protection Act in Michigan’ – to the laser-focused and definitive – ‘User Name and Password Privacy Protection Act’ in Maryland.)
Since mid-2012 there has been what I can only define as a legislative vogue as states trip over each other to pass these kinds of laws. I wonder: is there really some kind of epidemic among employers or HR departments asking employees or interviewees for their social media passwords? You would think there was by the kind of activity you see in state legislatures on this topic. The issue began in Maryland from a case where an interviewer requested a Division of Corrections officer’s Facebook account information during an interview after the officer returned from a leave of absence. Rumor has it that the request was more of a demand that the officer surrender his credentials, or lose his job. You might reasonably wonder why we need laws like these when people are perfectly happy to post and tweet all kinds of self-sabotaging things about themselves and their opinions on a variety of topics without any kind of restrictions or privacy controls in place.
So really, why the need for laws to eradicate the scourge of social media password requests like it’s the polio of our age? First, demagoguery aside, I think the drive is primarily perception. It shows that politicians who are often accused of doing nothing can actually show some bi-partisan cooperation once in a while and pass a law benefiting their constituents. Second, it makes the politicians look like they are in-tune with technology and are addressing real-time concerns about issues that real people can relate to.
So what’s the fuss? I think most companies (finally) realize that protecting their employee’s privacy is as important and relevant as protecting the data of their customers. You want to send the right message to employees that ‘we care about you’, yes? (FYI to HR Depts: You know, that kind of stuff does help attract the right talent). Altruism aside, the concern of many companies, especially those in the financial services and academic worlds is the conflict that some of the existing laws have on employee oversight vs. employee privacy. Most states have an exception to the law if the request is related to an investigation of alleged employee/student misconduct or illegal activity or to ensure “compliance with securities or financial law and regulations.” But not in all cases! In fact, not in Maryland, Michigan or New Jersey. For example, once cooler heads prevailed and the New Jersey law was amended, a provision in the law originally said that no access to employee social media was allowed “in any way.” This significant restriction would have posed an enormous challenge for financial institutions that must oversee and audit (per the SEC or FINRA) what their registered representatives are saying to customers about financial products, returns, performance, etc. If access to what your employees were saying (possibly as a representative of your brand!) is not able to be monitored and reviewed, how could an institution reasonably say that they were providing supervision of their employee’s actions?
In a worst case scenario for employers who operate in multiple states, they may have to one day decide: whose law do I violate? The State of Maryland’s or the SEC? So far, this case has not been tested in a court of law. Once it does, the teapot may just bubble over.
Since mid-2012 there has been what I can only define as a legislative vogue as states trip over each other to pass these kinds of laws. I wonder: is there really some kind of epidemic among employers or HR departments asking employees or interviewees for their social media passwords? You would think there was by the kind of activity you see in state legislatures on this topic. The issue began in Maryland from a case where an interviewer requested a Division of Corrections officer’s Facebook account information during an interview after the officer returned from a leave of absence. Rumor has it that the request was more of a demand that the officer surrender his credentials, or lose his job. You might reasonably wonder why we need laws like these when people are perfectly happy to post and tweet all kinds of self-sabotaging things about themselves and their opinions on a variety of topics without any kind of restrictions or privacy controls in place.
So really, why the need for laws to eradicate the scourge of social media password requests like it’s the polio of our age? First, demagoguery aside, I think the drive is primarily perception. It shows that politicians who are often accused of doing nothing can actually show some bi-partisan cooperation once in a while and pass a law benefiting their constituents. Second, it makes the politicians look like they are in-tune with technology and are addressing real-time concerns about issues that real people can relate to.
So what’s the fuss? I think most companies (finally) realize that protecting their employee’s privacy is as important and relevant as protecting the data of their customers. You want to send the right message to employees that ‘we care about you’, yes? (FYI to HR Depts: You know, that kind of stuff does help attract the right talent). Altruism aside, the concern of many companies, especially those in the financial services and academic worlds is the conflict that some of the existing laws have on employee oversight vs. employee privacy. Most states have an exception to the law if the request is related to an investigation of alleged employee/student misconduct or illegal activity or to ensure “compliance with securities or financial law and regulations.” But not in all cases! In fact, not in Maryland, Michigan or New Jersey. For example, once cooler heads prevailed and the New Jersey law was amended, a provision in the law originally said that no access to employee social media was allowed “in any way.” This significant restriction would have posed an enormous challenge for financial institutions that must oversee and audit (per the SEC or FINRA) what their registered representatives are saying to customers about financial products, returns, performance, etc. If access to what your employees were saying (possibly as a representative of your brand!) is not able to be monitored and reviewed, how could an institution reasonably say that they were providing supervision of their employee’s actions?
In a worst case scenario for employers who operate in multiple states, they may have to one day decide: whose law do I violate? The State of Maryland’s or the SEC? So far, this case has not been tested in a court of law. Once it does, the teapot may just bubble over.
Thursday, October 24, 2013
Bitcoin: Bank's Betamax?
Is anyone else as fascinated by the concept of Bitcoin as I am? For those of you who are not aware of Bitcoin, it is a virtual currency which is nothing more really than encrypted computer code that is accepted as a form of payment among users and businesses. The value of the currency fluctuates and is set by a market and not by any country or central bank. (As of October 24th, 1 Bitcoin is worth $196 USD) Bitcoin is a system to replace a centralized banking intermediary (that we have to trust to accurately record electronic financial transactions), with a decentralized intermediary that we don't have to trust. That decentralized intermediary is the network of Bitcoin users.
People frequently call Bitcoin a peer-to-peer electronic currency, which like music and file sharing peer-to-peer networks, implies that you could share or send bitcoins directly to someone else with no intermediary involved. However, there is a third party involved; it's just that the third party is a decentralized network of people rather than a single centralized institution like a bank. It is 'peer-to-peer' in the sense of being a payment system under the control of no single institution, but it involves more than just two parties to a transaction. What is also interesting about this virtual currency is that, unlike hard currency and bank notes which can be printed in quantities at any time by central banks, the Bitcoin money supply will be capped when it hits a pre-determined total number of 21 million bitcoins.
To me, the most interesting aspect of this new technology is what the threat might be to traditional financial outlets and channels, like banks. Bitcoin and the threat it might contain, if more broadly accepted and adopted, may go beyond what alternative payment channels (e.g. PayPal, Square) now pose to traditional financial institutions. More and more mainstream websites and retailers are starting to accept Bitcoin as a means of payment. The biggest issue to more widespread acceptance and usage of this currency now, however, is the perception of Bitcoin as a way for criminal activities to hide behind and be facilitated. Money laundering, drug purchases and even gun purchases allow buyers to avoid the usual screening and background check processes.
Financial institutions, to the degree that they are aware of or acknowledge the existence of alternate currencies like Bitcoin have argued for their demise and asked legislators to rule them as unlawful for some of the reasons noted above. But I think it may be closer to the scenario which existed when the Betamax player was released in to production in 1980s. In the early ‘80s, Jack Valenti, head of the Motion Picture Association of America lobbied against the creation of the VCR. Valenti actually said, in front of Congress no less, that the “VCR is to the American film producer and the American public as the Boston strangler is to the woman home alone.” Yet, what did the VCR eventually do the movie industry? It saved it! Imagine how much better off the industry might be today of the fear of that new and unknown technology was embraced rather than discouraged. Let's hope that financial markets and institutions in general can learn from past, otherwise, they may be doomed to repeat it.
People frequently call Bitcoin a peer-to-peer electronic currency, which like music and file sharing peer-to-peer networks, implies that you could share or send bitcoins directly to someone else with no intermediary involved. However, there is a third party involved; it's just that the third party is a decentralized network of people rather than a single centralized institution like a bank. It is 'peer-to-peer' in the sense of being a payment system under the control of no single institution, but it involves more than just two parties to a transaction. What is also interesting about this virtual currency is that, unlike hard currency and bank notes which can be printed in quantities at any time by central banks, the Bitcoin money supply will be capped when it hits a pre-determined total number of 21 million bitcoins.
To me, the most interesting aspect of this new technology is what the threat might be to traditional financial outlets and channels, like banks. Bitcoin and the threat it might contain, if more broadly accepted and adopted, may go beyond what alternative payment channels (e.g. PayPal, Square) now pose to traditional financial institutions. More and more mainstream websites and retailers are starting to accept Bitcoin as a means of payment. The biggest issue to more widespread acceptance and usage of this currency now, however, is the perception of Bitcoin as a way for criminal activities to hide behind and be facilitated. Money laundering, drug purchases and even gun purchases allow buyers to avoid the usual screening and background check processes.
Financial institutions, to the degree that they are aware of or acknowledge the existence of alternate currencies like Bitcoin have argued for their demise and asked legislators to rule them as unlawful for some of the reasons noted above. But I think it may be closer to the scenario which existed when the Betamax player was released in to production in 1980s. In the early ‘80s, Jack Valenti, head of the Motion Picture Association of America lobbied against the creation of the VCR. Valenti actually said, in front of Congress no less, that the “VCR is to the American film producer and the American public as the Boston strangler is to the woman home alone.” Yet, what did the VCR eventually do the movie industry? It saved it! Imagine how much better off the industry might be today of the fear of that new and unknown technology was embraced rather than discouraged. Let's hope that financial markets and institutions in general can learn from past, otherwise, they may be doomed to repeat it.
Monday, July 1, 2013
When Privacy is on the Menu, But You Order off the Menu...
"Vicarious goal
fulfillment."
You may not have heard of this phrase, but you may
unknowingly be guilty of doing it. Here is the idea behind the term: In a
recent New
York Times article, we
learned why otherwise healthy-eating people sometimes take a very unhealthy
u-turn on their diet. The psychology of why this occurs struck me that this
kind of similar self-defeating behavior in eating, can also make its way into
privacy-related decisions.
More so than ever before, restaurants and other venues have
begun to add healthy food options to supplement their classically unhealthy
offerings. The thought is that making nutritious alternatives more available
will lead customers to select the superior food choices. However, a number of studies have
shown that merely having but one healthy food option on a menu of unhealthy
choices cause people to both select the least healthiest option on the
menu, and yet feel still like they have fulfilled their goal of healthy eating -
even if they didn't choose the
health option. And, ironically, the study goes on to say, this consequence is
strongest for people with a high-degree of self-control. That is, people who should
know better.
Think this topic can't possibly relate to privacy? The parallels
are striking. Think about how the mere presence of the privacy policy on a
mobile app you use on your phone or tablet comforts, or how the policy on the
website you visit gives you a false sense of security that the company has a
privacy policy to begin with, and that they actually honor the actions outlined
in that policy. I have written about this before,
especially where we read that consumers outspokenly demand high levels of
privacy and strict adherence by businesses to the use of the customer data they
collect, yet their behavior in many cases blatantly contradicts what say they
want. (Trade your password
for a bar of chocolate anyone?)
Just like sex sells, so do the unhealthy food selections on
most menus, even if healthier options exist side-by-side. The restaurants say
that they only offer the people what they want, and it is not their dominion to
police people’s eating habits or modify bad habits. It is still a free country,
yes?
So why shouldn’t we take the same tact with companies,
browsers, applications or services that simply give the people what they want –
entertainment, free access, little or no costs apps, etc. – and their privacy be
damned? Does the notion of privacy hold more currency than a person’s health?
As long as there is no unfair or deceptive practices occurring, and there is
full disclosure on what is being done with the data, why shouldn’t people be
allowed to act in a manner that is not in their best self-interest? We do it every
day with food, tobacco, alcohol and spandex already. Should privacy be a loftier
goal? If it is, then it should be achieved directly, and not vicariously. Like
seeing a Cobb salad on the menu, but ordering the Double-Double Bacon
Cheeseburger.
Friday, April 19, 2013
Boston, Big Data, Privacy and other Trade-offs.
As the world awaits the resolution of the Boston marathon bombers
situation, one thing is clear: what led to their identification and, hopefully capture,
was a combination of two elements: Big Data, and what might be termed the ‘lack
of privacy’.
The contribution of Big Data to the identification of the
criminals is evident: by collecting and collating millions of images and videos
from myriad sources, the FBI and police were able to do a phenomenal job of pinpointing
likely suspects who did or were likely to have committed the crime in question.
Getting to the same place without Big Data may have been possible and eventual,
but only because of a preponderance of data and the correlation activities was
the situation that is happening now able to occur so quickly.
As to the ‘lack of privacy’ element, this was the obvious
result of the hundreds of video/CCTV cameras in question all around Boston, and
most evident along the marathon route that captured (in astounding clarity, by
the way) the two primary suspects toting around black backpacks.
At this point, I wonder if we’ll see any hardcore privacy
advocate step-up and say that though there was a positive by-product of all of
this covert surveillance and yielding of privacy expectations, we should still
not indulge the urge for more of the same. I doubt anyone will be so fearless. On
the other side, it may be more likely that we will see more advocating for the
existence of or proliferation of the ever-present ‘eye in the sky’ that is leading
the authorities to an efficient conclusion of this tragic event.
I think the conversation will continue, as it usually has,
around the practicality of trading-off more security for less privacy, along
with the benefit to the greater good (i.e. more personal privacy) versus the
loss of solitude or discretion, even in public places. At this point that most
of us think we have no or should have no expectation of privacy in public
places, but if you watch closely some of the surveillance footage that captured
the two suspects, you can see other people doing things that I am sure they
would not necessarily want broadcast on public TV (that is, scratching places
and picking places our mothers told us not to…).
The easy question at this exact moment is ‘Do we ask folks
to surrender their humility to the greater good of catching bad guys?’ I think many people at this point in time,
with emotions running so high at this horrific and senseless act of brutality,
would say ‘Absolutely. That is an easy trade-off.’ And so we tolerate the inconveniences
and make sacrifices.
What I think is the ultimate question though is ‘What is the
right amount of trade-off?’ Where is that sweet spot of just enough security
and just enough privacy? The answer is of course, highly personal and
subjective; it is also contextual. Though most of us agree (or are not disagreeing)
with what is being done by the authorities in Boston right now, I am not sure that we would accept another
lockdown of a major American city for anything less than the most extraordinary
series of events. Though data gets bigger all the time, our tolerance for
trade-offs, however, gets smaller.
Tuesday, January 1, 2013
In 2013, Companies will need to differentiate themselves with data (Guess whose data?)
As more online applications and services begin to proliferate in the webisphere, the likelihood is that the similar services will all begin to converge to sameness as competitors race to fill in the void of uniqueness. As the characteristics of distinction begin to dissipate between all of the various services and applications, there leaves but one thing that the companies will rely on to differentiate themselves from their competitors - data. And of course whose data will they use to achieve that distinction? Yes, of course. Yours.
If information is the new oil of the 21st century, then companies will need to constantly be 'drilling' or mining for it in the form of data collection - be it overt or covert. Right now companies that collect data for personalization purposes do it in a way that reminds me of awkward and unsophisticated teenagers fumbling their way through the initial stages of romance. But a few years from now - 5 years at the most - the level of personalization that online companies will offer up to users will be so slick and fine-tuned it will be transparent to the average person how the decision to offer up that product was arrived at.
Remember that scene in the movie, Minority Report, when Tom Cruise was walking into the Gap store and the store's cameras were reading his eyes and offering him personalized ads and even clothing suggestions? That is the future - both literally and figuratively - for consumers. The irony of course in that scene is that Tom Cruise had just had his eyes replaced with another set from a dead person so that the police would not be able to successfully track him. If you recall the scene in the movie Cruise had had a set of eyes from a Japanese man, so the ads (and the accompanying hologram lady) was personalized for him. ("Welcome back to the Gap, Mr. Yakamoto. How did the assorted tank tops work out for you?"). This is approximately the state where we are at now with personalization, all due to the rudimentary way data is collected on us now as we move across mobile platforms online.
Most (rational) people agree that the Faustian bargain that the internet has offered us all in exchange for its low or zero cost is the trade-off for our data and small pieces of privacy. You would be hard pressed to find people willing to pay for the free service they have enjoyed for the last 10 or fifteen years, just so that they don't see any ads. What most of us object to really I think, is the misguided ads or offerings that waste our time and screen real estate. (Do I need to see ads for e-cigarettes if I am not a smoker?)
Big Data is what it's called but it might be better called 'Big Dumb Data.' At least for now. Yet, some companies are very rapidly moving up the pace of innovation and sophistication with the use of the resources that they are filling their Oracle databases with. Slowly but surely you can see the flashes of refinement happening, and you see a unique company or two take the lead with the information that they possess and truly differentiate themselves from their competitors. As I said, 5 years from now when we may even be at a point to be able to make sure it is indeed Mr. Yakamoto who is in need of some more tank tops when the pitch is made to him. And the only way that can be done is with data.
If information is the new oil of the 21st century, then companies will need to constantly be 'drilling' or mining for it in the form of data collection - be it overt or covert. Right now companies that collect data for personalization purposes do it in a way that reminds me of awkward and unsophisticated teenagers fumbling their way through the initial stages of romance. But a few years from now - 5 years at the most - the level of personalization that online companies will offer up to users will be so slick and fine-tuned it will be transparent to the average person how the decision to offer up that product was arrived at.
Remember that scene in the movie, Minority Report, when Tom Cruise was walking into the Gap store and the store's cameras were reading his eyes and offering him personalized ads and even clothing suggestions? That is the future - both literally and figuratively - for consumers. The irony of course in that scene is that Tom Cruise had just had his eyes replaced with another set from a dead person so that the police would not be able to successfully track him. If you recall the scene in the movie Cruise had had a set of eyes from a Japanese man, so the ads (and the accompanying hologram lady) was personalized for him. ("Welcome back to the Gap, Mr. Yakamoto. How did the assorted tank tops work out for you?"). This is approximately the state where we are at now with personalization, all due to the rudimentary way data is collected on us now as we move across mobile platforms online.
Most (rational) people agree that the Faustian bargain that the internet has offered us all in exchange for its low or zero cost is the trade-off for our data and small pieces of privacy. You would be hard pressed to find people willing to pay for the free service they have enjoyed for the last 10 or fifteen years, just so that they don't see any ads. What most of us object to really I think, is the misguided ads or offerings that waste our time and screen real estate. (Do I need to see ads for e-cigarettes if I am not a smoker?)
Big Data is what it's called but it might be better called 'Big Dumb Data.' At least for now. Yet, some companies are very rapidly moving up the pace of innovation and sophistication with the use of the resources that they are filling their Oracle databases with. Slowly but surely you can see the flashes of refinement happening, and you see a unique company or two take the lead with the information that they possess and truly differentiate themselves from their competitors. As I said, 5 years from now when we may even be at a point to be able to make sure it is indeed Mr. Yakamoto who is in need of some more tank tops when the pitch is made to him. And the only way that can be done is with data.
Subscribe to:
Posts (Atom)