In the sport of bullfighting, there is a phrase that is often used: Torear la suerte. Literally translated it means “bullfight your fate”, but it is often interpreted to be understood as a kind of code, a way of life, a philosophy about adversity and the fortitude to persevere. And succeed while putting on a fabulous show at the same time. Disorder, chaos and unrest in your personal life or business life does not build character, it actually reveals it. Every battle is an opportunity to exhibit what lays beneath your surface, and reveal the real you. Much is at stake here.
So with paraphrase apologies to Frank Underwood on House of Cards, I like to say that there are two kinds of Chief Privacy Officers: Door mats and matadors.
All day, every day, there are lot of ‘bulls’ coming at you, the matador: the woman or man whose job it is to protect data and ensure the privacy of that data, and generally to provide peace of mind to a lot of people. The business, regulators, legislators, negligent or malicious employees, hackers, and malware are all like a bull coming at you. You have two choices: you can either be trampled, like a doormat is, or you can use your cape (skills) as a metaphoric instrument to solve the risks and challenges of modern day privacy.
Increasingly, and for good, reason, the role of the Chief Privacy Officer is gaining the visibility it has long sought and deserved. Thanks in no part to the myriad number of high profile data breaches of the past 3 years affecting every sector, the CPO role has begun to get its 15 minutes of fame in the bull ring (‘plaza de toros’).
No longer buried in Legal, Compliance or even IT, the CPO role increasingly gets a seat at the table to not only clean up the messes that upstream control failures have wrought, but is now being asked to become more thoughtful and strategic in her/his thinking to avert the next crisis.
Much like bullfighting itself, managing the privacy of information for a firm has become a kind of choreographed ballet of tradeoffs. Is there too much security? Too little security? Are we over doing the security for convenience? Should we emphasize features or privacy? The CPO now has taken the decision reigns and weighs in with influence like never before. The most judicious companies ensure that the CPO has both voice and a vote for every initiative that involves customer or employee data.
As recently as a decade ago, the CPO position was just another piece of a hat someone in the organization (likely the General Counsel, CISO or CIO) had to wear because it sounded like a good idea to have one in the company. But the gesture was largely symbolic, and the role was often a dead end, or met with infrequent success. But unlike in bullfighting where the bull has little chance for long-term success, a CPO now has a likelihood of survival success that has never been better.
Sunday, December 21, 2014
Tuesday, October 14, 2014
Privacy’s Special Place in the Heart of the Customer
I once worked at a company where in addition to responsibilities for privacy, I also was in charge of records management. Though the discipline of records management and retention was interesting, I seem to recall that every night when I walked out the door, the thought of records never crossed my mind. (Nor any of my fellow employees' minds either, I’ll bet). Not that this responsibility wasn’t important, it’s just that the work never created any serious passion or enthusiasm in me.
Privacy, on the other hand, without overly romanticizing it, is an entirely different matter. I understand that it’s easy to feel no connection or relationship to some disciplines you deal with at work every day. You just do it in the office; you leave the office, and you leave those thoughts and concerns there as well. See you tomorrow, old job! Privacy, I always argue, is different. It’s special. It’s accessible. When you walk out of the door from work, you still carry your anxieties and thoughts about privacy with you. Since everyone now has either a LinkedIn profile, a Facebook page or both, or their kids have it, we are conscious of privacy, and everyone cares about it, or is at least mindful of it. Everyone has a smartphone and everyone goes apoplectic if they think they’ve lost it – and the thought of everything in it. Not because the phone or the contents contained therein are not replaceable, but because it means that a little bit of their private space has been lost, Or worse, maybe intruded upon.
I’ve always been somewhat grateful when I've had to create the training curriculum for privacy awareness courses because the concept is easy to convey to even the most non-technical user. Teaching someone about anti-money laundering concepts or risks of currency fluctuations or the benefits of dual authentication is a lot harder than teaching them that privacy matters to both the customer and to them. Why? Because they already get it! They deal with it all day every day outside of work already so they have a familiarity that makes them realize the urgency for your business that much easier.
The problem institutionally though is that privacy still largely serves as a compliance-related function in most organizations; a box to be checked. In many cases, the privacy team sits obscured in Legal or Information Security, even HR (!) and does not always get the visibility they need to provide the true value to an organization. Very data intensive and customer-facing businesses where data pays the bills, however, realize the worth of a strong privacy program. Their privacy teams are highly leveraged, CEO or Board-facing entities because those kinds of companies realize the strategic asset that is data today.
Data, and lots of it, has always been a by-product of most businesses. Historically, ‘data’ had been looked upon as just another company commodity to be managed or warehoused like an extra tractor or overruns from last season’s fashions. The confidentiality and privacy of the data was mostly an afterthought. Today, data is like a new natural resource for companies. Certain highly regulated industries like healthcare or financial services where privacy is almost a duty to the customer, however, know intuitively that properly using privacy can be a competitive advantage that, though intangible, is a brand differentiator. (See DuckDuckGo)
Building and maintaining the trust between company and customer is paramount for a long-term and profitable relationship, on both ends. Without the sense that a company will respect and protect the privacy of the data entrusted to it, the association between the two is simply a transaction; complete it, and move on. Companies don’t want that, and customers really don’t either.
People value their privacy and they want the businesses they do business with to do so too. Consumers want to associate a brand with the notion of privacy, especially if an exchange of sensitive data is involved. Do it right and customers will place that notion right in their hearts.
Privacy, on the other hand, without overly romanticizing it, is an entirely different matter. I understand that it’s easy to feel no connection or relationship to some disciplines you deal with at work every day. You just do it in the office; you leave the office, and you leave those thoughts and concerns there as well. See you tomorrow, old job! Privacy, I always argue, is different. It’s special. It’s accessible. When you walk out of the door from work, you still carry your anxieties and thoughts about privacy with you. Since everyone now has either a LinkedIn profile, a Facebook page or both, or their kids have it, we are conscious of privacy, and everyone cares about it, or is at least mindful of it. Everyone has a smartphone and everyone goes apoplectic if they think they’ve lost it – and the thought of everything in it. Not because the phone or the contents contained therein are not replaceable, but because it means that a little bit of their private space has been lost, Or worse, maybe intruded upon.
I’ve always been somewhat grateful when I've had to create the training curriculum for privacy awareness courses because the concept is easy to convey to even the most non-technical user. Teaching someone about anti-money laundering concepts or risks of currency fluctuations or the benefits of dual authentication is a lot harder than teaching them that privacy matters to both the customer and to them. Why? Because they already get it! They deal with it all day every day outside of work already so they have a familiarity that makes them realize the urgency for your business that much easier.
The problem institutionally though is that privacy still largely serves as a compliance-related function in most organizations; a box to be checked. In many cases, the privacy team sits obscured in Legal or Information Security, even HR (!) and does not always get the visibility they need to provide the true value to an organization. Very data intensive and customer-facing businesses where data pays the bills, however, realize the worth of a strong privacy program. Their privacy teams are highly leveraged, CEO or Board-facing entities because those kinds of companies realize the strategic asset that is data today.
Data, and lots of it, has always been a by-product of most businesses. Historically, ‘data’ had been looked upon as just another company commodity to be managed or warehoused like an extra tractor or overruns from last season’s fashions. The confidentiality and privacy of the data was mostly an afterthought. Today, data is like a new natural resource for companies. Certain highly regulated industries like healthcare or financial services where privacy is almost a duty to the customer, however, know intuitively that properly using privacy can be a competitive advantage that, though intangible, is a brand differentiator. (See DuckDuckGo)
Building and maintaining the trust between company and customer is paramount for a long-term and profitable relationship, on both ends. Without the sense that a company will respect and protect the privacy of the data entrusted to it, the association between the two is simply a transaction; complete it, and move on. Companies don’t want that, and customers really don’t either.
People value their privacy and they want the businesses they do business with to do so too. Consumers want to associate a brand with the notion of privacy, especially if an exchange of sensitive data is involved. Do it right and customers will place that notion right in their hearts.
Sunday, September 7, 2014
Stop the credit monitoring madness!
You’ve seen headline after headline on data breaches. Then, shortly thereafter you see the obligatory, and often perfunctory, statements like the ones below (actually excerpted from recent public breach notification messages):
- If we confirm a breach, we will offer free identity protection services, including credit monitoring, to any potentially
impacted customers.
- For extra assurance, we will offer free credit monitoring services for everyone impacted.
I am in no way castigating any company that steps ups and tries to do the right thing by its customers; I applaud that. That’s what a great company does. I do, however, question the value of epidemic-like, knee jerk reactions of providing identity theft services/credit monitoring for everything and anything that smells like a data or security breach.
* We lost your package. Have some credit monitoring!
* A box containing your monthly statements fell off of our truck. Have some credit monitoring!
* Your bill arrived in the mail without the envelope hermetically sealed. Have some credit monitoring!
* We accidentally told your ex-spouse your new address with the replacement spouse. Have some credit monitoring!
I kid, of course. But it is a de facto ‘best' business practice that if anything comes close to appearing that a customer’s data is compromised, a company throws free credit monitoring at the customer. The problem is that, for most scenarios, credit monitoring does little or nothing to remediate the situation. In fact, all it really does is placate a customer who feels as though they should receive ‘something’ for their troubles, and gives the appearance that the company is contrite (and of course mitigate some legal liability). In the situation where real personal and sensitive data elements (Name, address, social security number, tax returns, etc) are compromised, then the absolute right thing to do is offer identity theft services to prevent further harm to an individual’s financial integrity. But if, say, a debit card number is lost or stolen, or if a credit card is lost or stolen, what does credit monitoring actually do for the person? As far as I can tell, nothing. Can you open another credit or revolving account at a department store with a debit card as the only valid form of ID? Not that I’m aware of? Does credit monitoring prevent the thief who stole your credit card from continuously using it? Don’t think so.
What should the company do? I vote to immediately cancel the the cards in question and reissue them ASAP to the customer; refund any amounts that are patently fraudulent; apologize for the inconvenience; and thank the customer for their continued business Those actions to me effectively mitigates the existing and future risks to the customer. And doesn’t add to the hysteria.
An informal poll of my peers on the popularity of identity theft / credit monitoring services amongst their customers indicates that less than 10% of the offers actually get used. So, greater than 90%(!) of the customers who are offered the service, don’t activate it - not don’t use the services, but actually do not call up the credit company and turn on the service! Why? I suspect that in this age of breaches we as customers have gotten so many notification letters with identity theft offers that we have either enrolled five times over already and don’t need a sixth service. Or the once valued-service is now nothing more than a commodity to be tossed aside as casually as the letter that accompanies it. Or, we have become so desensitized to the threat that any level of effort to enroll in one of these services is effort better spent playing Candy Crush or watching Shark Week. Since almost every financial institution makes you 100% whole on any fraudulent charges as long as you report the charges in a timely manner, you may at worst suffer a little anxiety when you first see that charge for a big screen TV (that was subsequently returned for cash) on your ‘new' instant charge from Best Buy.
So can we all do ourselves, including customers, a favor? Let's save the offer of identity theft/credit monitoring services for when it is actually warranted? Let’s spend the time and money on efforts that will make all truly safer: upgrading encryption technologies, migrate to chip & PIN cards, deploy tokenization, stronger access controls…the list goes on. How to fund it all, you ask? Think of the savings on stamps from not having to mail all those offer letters!
Saturday, January 11, 2014
How being a grumpy old man protects my privacy...
I don’t know about you, but every time I am in a retail store, finalizing a purchase at the register, the 17-year old clerk asks me for my zip code, or e-mail address or phone number. I have always just said “Nope.” I can then almost pluck the contempt from the air around us, it is so thick. I am sure this teenybopper wonders “What’s the concern Old Man? It’s only your zip code I’m asking for. We only use if for demographic analysis.” Really? That’s all, huh? Harmless is it?
Well, if you have been following the news of late with some high profile data breaches in the spotlight, you know that it is not just the usual suspects of non-public information that has been compromised: name, social security number, credit card or account numbers. In fact, many seemingly other innocuous data elements have also been taken along with NPI elements. Though many think that since their name or e-mail address or zip code is already semi-public information they have nothing to worry about. The fact is, that semi-public information along with any NPI that bad guys harvest will lead to a more intense and serious strain of identity theft since the picture about you and your profile is much more complete and fulsome.
It is takes is just a moment of grumpiness at the point of sale to better protect your privacy in the long run. Though it benefits tremendously both the retailer and the data brokers they partner with to have that additional bit of information you might surrender at the register, it does you no good. It is a lop-sided deal.
So just say “Nope.” You may suffer a puzzled look from some young punk behind the register, but what does he know? It will be worth the financial peace of mind
Well, if you have been following the news of late with some high profile data breaches in the spotlight, you know that it is not just the usual suspects of non-public information that has been compromised: name, social security number, credit card or account numbers. In fact, many seemingly other innocuous data elements have also been taken along with NPI elements. Though many think that since their name or e-mail address or zip code is already semi-public information they have nothing to worry about. The fact is, that semi-public information along with any NPI that bad guys harvest will lead to a more intense and serious strain of identity theft since the picture about you and your profile is much more complete and fulsome.
It is takes is just a moment of grumpiness at the point of sale to better protect your privacy in the long run. Though it benefits tremendously both the retailer and the data brokers they partner with to have that additional bit of information you might surrender at the register, it does you no good. It is a lop-sided deal.
So just say “Nope.” You may suffer a puzzled look from some young punk behind the register, but what does he know? It will be worth the financial peace of mind
Tuesday, December 31, 2013
Privacy: Word of the Year; Pursuit for the New Year
Every year over the past 5 years was supposed to be the ‘Year of Privacy’. So it is not surprising that Dictionary.com gave the word ‘privacy’ its 2013 Word of the Year award. (We can be thankful it wasn’t ‘twerking’ or ‘selfie’). Considering that their 2012 word was ‘bluster’ (?) or worse, their 2012 word was ‘tergiversate’ which means “to change repeatedly one’s attitude or opinions with respect to a cause, subject”, I think they got it spot on this year.
Typically, Dictionary.com selects a word that rose to prominence (or infamy) through common usage during the year (like ‘Occupy__’ or ‘Arab Spring’). It appears as though this year, they chose a word that encapsulated an overall quality of 2013. It’s about time.
Considering the ubiquity of the word and more so the very notion of privacy and its importance to everyone, ‘privacy’ deserves its day in the sun, and a nod to the words permanency, unlike the selections of the past few years.
It’s increasingly evident that people are really ready to embrace more than just the theoretical word. The fundamental understanding of the value of personal privacy has been assimilated this year like never before. Between the Wikileaks disclosures, the NSA spying on American’s cell phone calls, and the almost daily revelations of how companies of all stripes capture their customer’s data via browsers or mobile apps, the abstract value of privacy has more than congealed in the minds of consumers. There is even talk of the monetization of one’s privacy and how a consumer can ‘exchange’ their privacy for some nominal value to a business. Consumers realized that privacy and convenience has always been a trade-off, now it seems like the trades are just getting better. AT&T, for example, recently offered a 30% discount to users of their GigaPower broadband service to customers who must agree to participate in AT&T Internet Preferences behavioral tracking and ad service. According to AT&T’s Internet Preferences, they "may use your Web browsing information, like the search terms you enter and the Web pages you visit, to provide you relevant offers and ads tailored to your interests." Interestingly, some of the offers will come via snail mail.
Insurance companies are also in on the action. Progressive, Allstate and State Farm all have similar ‘monitoring for a discount’ offerings. State Farm’s program, named Drive Safe and Save, allows for a calculation of risk, by way of a small device added to a car’s diagnostic port that tracks real-time driver behavior. Factors such as speed, mileage, lane changes, location, time of day and braking urgency are captured, measured and analyzed. What’s the payoff for drivers? A 5 percent discount immediately, and then are eligible for further cuts of up to 50 percent after six months of monitoring, depending on what the record shows. Though somewhat financially intriguing for the cost-conscious, it implies that there are other not-so-good drivers who will make up for the discounts offered to good drivers. What is disappointing to some about this approach is that it makes privacy into a zero sum game: some have to lose if others are to win. You may feel, however, that this is the ultimate victory for consumers: choice. If you want to trade away your privacy for a discount (or a coupon, chocolate bar, rebate, etc.) then you should be able to; the ultimate luxury is having options.
Either way, it is very good news for consumers and the privacy-mindful everywhere that the notion and expression of ‘privacy’ has come forward in the consciousness of our society. Let us not make this year’s word a quaint and curious concept with a sell-by date only to be forgotten next year or tossed into the ash heap of grammatical history (‘Gangnam’ anyone?). It would be wonderful to never have to think of the word again as unique and something to strive for. Let’s take it off the pedestal, shall we? I’d rather that we take the word this year as a call to action for next year, and every year thereafter, and assimilate the word and its implications into our daily life, our actions and activities, and choices. What a better New Year’s resolution can you have than that?
Happy New Year everyone!
Monday, November 11, 2013
Social Media's Password Law Teapot Tempest
As of November 2013, 12 states have passed so-called ‘social media password’ laws. These laws are designed to prevent employers from asking existing employees or prospective applicants for their credentials to access their social media sites. The intent of the laws is to prevent employers from prospectively, and possibly erroneously, getting an idea of the behavior, opinions, lifestyle or actions or existing or prospective employees so as to, ostensibly, determine their current or future merit as employees, and, I guess, to pre-judge whether or not this person truly represents the ‘values of the company’. Companies are still free to view social media pages of people that have no restricted access on their sites, have information that is publicly available, are open to all, or are voluntarily offered by the employee/candidate. (As an amusing aside, the names of the laws range from the innocuous and vague – ‘Internet Privacy Protection Act in Michigan’ – to the laser-focused and definitive – ‘User Name and Password Privacy Protection Act’ in Maryland.)
Since mid-2012 there has been what I can only define as a legislative vogue as states trip over each other to pass these kinds of laws. I wonder: is there really some kind of epidemic among employers or HR departments asking employees or interviewees for their social media passwords? You would think there was by the kind of activity you see in state legislatures on this topic. The issue began in Maryland from a case where an interviewer requested a Division of Corrections officer’s Facebook account information during an interview after the officer returned from a leave of absence. Rumor has it that the request was more of a demand that the officer surrender his credentials, or lose his job. You might reasonably wonder why we need laws like these when people are perfectly happy to post and tweet all kinds of self-sabotaging things about themselves and their opinions on a variety of topics without any kind of restrictions or privacy controls in place.
So really, why the need for laws to eradicate the scourge of social media password requests like it’s the polio of our age? First, demagoguery aside, I think the drive is primarily perception. It shows that politicians who are often accused of doing nothing can actually show some bi-partisan cooperation once in a while and pass a law benefiting their constituents. Second, it makes the politicians look like they are in-tune with technology and are addressing real-time concerns about issues that real people can relate to.
So what’s the fuss? I think most companies (finally) realize that protecting their employee’s privacy is as important and relevant as protecting the data of their customers. You want to send the right message to employees that ‘we care about you’, yes? (FYI to HR Depts: You know, that kind of stuff does help attract the right talent). Altruism aside, the concern of many companies, especially those in the financial services and academic worlds is the conflict that some of the existing laws have on employee oversight vs. employee privacy. Most states have an exception to the law if the request is related to an investigation of alleged employee/student misconduct or illegal activity or to ensure “compliance with securities or financial law and regulations.” But not in all cases! In fact, not in Maryland, Michigan or New Jersey. For example, once cooler heads prevailed and the New Jersey law was amended, a provision in the law originally said that no access to employee social media was allowed “in any way.” This significant restriction would have posed an enormous challenge for financial institutions that must oversee and audit (per the SEC or FINRA) what their registered representatives are saying to customers about financial products, returns, performance, etc. If access to what your employees were saying (possibly as a representative of your brand!) is not able to be monitored and reviewed, how could an institution reasonably say that they were providing supervision of their employee’s actions?
In a worst case scenario for employers who operate in multiple states, they may have to one day decide: whose law do I violate? The State of Maryland’s or the SEC? So far, this case has not been tested in a court of law. Once it does, the teapot may just bubble over.
Since mid-2012 there has been what I can only define as a legislative vogue as states trip over each other to pass these kinds of laws. I wonder: is there really some kind of epidemic among employers or HR departments asking employees or interviewees for their social media passwords? You would think there was by the kind of activity you see in state legislatures on this topic. The issue began in Maryland from a case where an interviewer requested a Division of Corrections officer’s Facebook account information during an interview after the officer returned from a leave of absence. Rumor has it that the request was more of a demand that the officer surrender his credentials, or lose his job. You might reasonably wonder why we need laws like these when people are perfectly happy to post and tweet all kinds of self-sabotaging things about themselves and their opinions on a variety of topics without any kind of restrictions or privacy controls in place.
So really, why the need for laws to eradicate the scourge of social media password requests like it’s the polio of our age? First, demagoguery aside, I think the drive is primarily perception. It shows that politicians who are often accused of doing nothing can actually show some bi-partisan cooperation once in a while and pass a law benefiting their constituents. Second, it makes the politicians look like they are in-tune with technology and are addressing real-time concerns about issues that real people can relate to.
So what’s the fuss? I think most companies (finally) realize that protecting their employee’s privacy is as important and relevant as protecting the data of their customers. You want to send the right message to employees that ‘we care about you’, yes? (FYI to HR Depts: You know, that kind of stuff does help attract the right talent). Altruism aside, the concern of many companies, especially those in the financial services and academic worlds is the conflict that some of the existing laws have on employee oversight vs. employee privacy. Most states have an exception to the law if the request is related to an investigation of alleged employee/student misconduct or illegal activity or to ensure “compliance with securities or financial law and regulations.” But not in all cases! In fact, not in Maryland, Michigan or New Jersey. For example, once cooler heads prevailed and the New Jersey law was amended, a provision in the law originally said that no access to employee social media was allowed “in any way.” This significant restriction would have posed an enormous challenge for financial institutions that must oversee and audit (per the SEC or FINRA) what their registered representatives are saying to customers about financial products, returns, performance, etc. If access to what your employees were saying (possibly as a representative of your brand!) is not able to be monitored and reviewed, how could an institution reasonably say that they were providing supervision of their employee’s actions?
In a worst case scenario for employers who operate in multiple states, they may have to one day decide: whose law do I violate? The State of Maryland’s or the SEC? So far, this case has not been tested in a court of law. Once it does, the teapot may just bubble over.
Thursday, October 24, 2013
Bitcoin: Bank's Betamax?
Is anyone else as fascinated by the concept of Bitcoin as I am? For those of you who are not aware of Bitcoin, it is a virtual currency which is nothing more really than encrypted computer code that is accepted as a form of payment among users and businesses. The value of the currency fluctuates and is set by a market and not by any country or central bank. (As of October 24th, 1 Bitcoin is worth $196 USD) Bitcoin is a system to replace a centralized banking intermediary (that we have to trust to accurately record electronic financial transactions), with a decentralized intermediary that we don't have to trust. That decentralized intermediary is the network of Bitcoin users.
People frequently call Bitcoin a peer-to-peer electronic currency, which like music and file sharing peer-to-peer networks, implies that you could share or send bitcoins directly to someone else with no intermediary involved. However, there is a third party involved; it's just that the third party is a decentralized network of people rather than a single centralized institution like a bank. It is 'peer-to-peer' in the sense of being a payment system under the control of no single institution, but it involves more than just two parties to a transaction. What is also interesting about this virtual currency is that, unlike hard currency and bank notes which can be printed in quantities at any time by central banks, the Bitcoin money supply will be capped when it hits a pre-determined total number of 21 million bitcoins.
To me, the most interesting aspect of this new technology is what the threat might be to traditional financial outlets and channels, like banks. Bitcoin and the threat it might contain, if more broadly accepted and adopted, may go beyond what alternative payment channels (e.g. PayPal, Square) now pose to traditional financial institutions. More and more mainstream websites and retailers are starting to accept Bitcoin as a means of payment. The biggest issue to more widespread acceptance and usage of this currency now, however, is the perception of Bitcoin as a way for criminal activities to hide behind and be facilitated. Money laundering, drug purchases and even gun purchases allow buyers to avoid the usual screening and background check processes.
Financial institutions, to the degree that they are aware of or acknowledge the existence of alternate currencies like Bitcoin have argued for their demise and asked legislators to rule them as unlawful for some of the reasons noted above. But I think it may be closer to the scenario which existed when the Betamax player was released in to production in 1980s. In the early ‘80s, Jack Valenti, head of the Motion Picture Association of America lobbied against the creation of the VCR. Valenti actually said, in front of Congress no less, that the “VCR is to the American film producer and the American public as the Boston strangler is to the woman home alone.” Yet, what did the VCR eventually do the movie industry? It saved it! Imagine how much better off the industry might be today of the fear of that new and unknown technology was embraced rather than discouraged. Let's hope that financial markets and institutions in general can learn from past, otherwise, they may be doomed to repeat it.
People frequently call Bitcoin a peer-to-peer electronic currency, which like music and file sharing peer-to-peer networks, implies that you could share or send bitcoins directly to someone else with no intermediary involved. However, there is a third party involved; it's just that the third party is a decentralized network of people rather than a single centralized institution like a bank. It is 'peer-to-peer' in the sense of being a payment system under the control of no single institution, but it involves more than just two parties to a transaction. What is also interesting about this virtual currency is that, unlike hard currency and bank notes which can be printed in quantities at any time by central banks, the Bitcoin money supply will be capped when it hits a pre-determined total number of 21 million bitcoins.
To me, the most interesting aspect of this new technology is what the threat might be to traditional financial outlets and channels, like banks. Bitcoin and the threat it might contain, if more broadly accepted and adopted, may go beyond what alternative payment channels (e.g. PayPal, Square) now pose to traditional financial institutions. More and more mainstream websites and retailers are starting to accept Bitcoin as a means of payment. The biggest issue to more widespread acceptance and usage of this currency now, however, is the perception of Bitcoin as a way for criminal activities to hide behind and be facilitated. Money laundering, drug purchases and even gun purchases allow buyers to avoid the usual screening and background check processes.
Financial institutions, to the degree that they are aware of or acknowledge the existence of alternate currencies like Bitcoin have argued for their demise and asked legislators to rule them as unlawful for some of the reasons noted above. But I think it may be closer to the scenario which existed when the Betamax player was released in to production in 1980s. In the early ‘80s, Jack Valenti, head of the Motion Picture Association of America lobbied against the creation of the VCR. Valenti actually said, in front of Congress no less, that the “VCR is to the American film producer and the American public as the Boston strangler is to the woman home alone.” Yet, what did the VCR eventually do the movie industry? It saved it! Imagine how much better off the industry might be today of the fear of that new and unknown technology was embraced rather than discouraged. Let's hope that financial markets and institutions in general can learn from past, otherwise, they may be doomed to repeat it.
Subscribe to:
Posts (Atom)