Wednesday, October 26, 2016

Day 2 Executive Womens Forum Conference

Those of us who wanted to engage in such a discussion began at breakfast with an honest conversation on how to support and promote women of color in our professions.  Ours was an especially lively conversation featuring women from Bloomberg, the Santa Fe Institute, from the Department of Energy, from Wells Fargo, JPMorgan Chase, and from Fannie Mae, among others.

Breakfast was followed keynote address by Susan Keating fro the National Foundation for Credit Counseling, who went back to her days as a CEO in banking to describe risk architectural components in a large trading loss: people, processes, systems, data and reporting, and culture.

Now I'm listening to a marvelous panel on e-discovery, which features two jurists as well as an interactive "You Be the Judge" exercise.  Just excellent.

The panel I'm on this afternoon features Patty O'Boyle from Wells Fargo and CEO Galina Datskovsky.  Can't wait to hear what they have to say.

I'll add to this blog later this afternoon after I hear others speak.  But it's clear this is an excellent conference.

Tuesday, October 25, 2016

Three Days of Women Talking Risk, Infosec and Cyber

Something happened to the rest of my summer.  I never got back here to blog on volatile issues like both political conventions, or the natural disasters across the country that must be connected to climate change, or even to talk about the long chapter on root causes of conduct that I finished.

But I've stepped away for a few days from home and the university, to spend time with about 400 senior women who are immersed in risk, security, privacy issues -- and who are increasingly concerned with what were just called "digital vortexes."

There's a lot of laughter too -- witness a discussion on pseudo-anonymization of data, which deteriorated when one panelist pointed out there were two different styles of trust -- the older panelist left her purse at the table, the younger panelist brought her purse with her to the stage.

I'll be back later to report on some of the other sessions here at the conference.  As a speaker just said, "We compartmentalize but also collaborate better than the other half of the planet."''

Monday, August 1, 2016

Can the center hold?

The world just seems to get more unstable every day. Here's the opening of my column for The Risk Universe magazine this month:

  “Turning and turning in the widening gyre
    The falcon cannot hear the falconer;
    Things fall apart; the centre cannot hold;”

             William Butler Yeats, “The Second Coming” (1919)

"These first three lines of a poem that Yeats wrote after the first world war resonate with us today, and have been referenced in American political debate – and perhaps also around the Brexit vote as well.  Going it alone or going it together with other countries appears at least to be the question as discord and violence present themselves more regularly, in no small part because of the technology now available to us."

The level of political discourse has never been more base; and the level of trust for either U.S. political candidate seems to be at an all time low.

Some of us fancy we know that we are at a critical turning point in our history.  Others seem so filled with irritation and rage at the current environment that they cannot see the shape of things unfolding.

I plan to continue not to use the current election as fodder for risk-based speculations.  But I will continue to speak out when employee safety and situational awareness issues are at stake.

Wednesday, June 15, 2016

Thoughts on Domestic Terrorism

Eiffel Tower, Paris, France
City Hall, Brussels, Belgium

In our American history, only twice before have so many citizens been murdered at a single time -- first, at Wounded Knee, where 150-300 Native Americans were gunned down by the U.S. Army; and then of course on 9/11, when even more of our fellow citizens were killed by terrorists recruited to Al-Qaeda.  This is not to say that there have not been other episodes of domestic terrorism since 2001.  Since early 2015 alone, we’ve witnessed such acts in Charleston, Chattanooga, Merced, Colorado Springs, San Bernardino, Philadelphia and Columbus.  

I had a remarkable briefing on terrorism last week, before the Orlando nightclub murders took place.   Since then, as a more detailed picture of the terrorist is painted, I marvel at how closely the profile as described of a domestic terrorist align.

Photo courtesy CNN.
Research indicates that the average age of what are primarily young men is in the 20s.  The terrorist is usually already known by law enforcement; and has often tried to join either the military or a police department.  Most are converts to Islam, a conversion made easier by ISIS' presentations on the web and the graphic violence embedded in them.

Though there are subtle differences with this terrorist, in that he was a Muslim and apparently attracted to others of the same sex -- grounds in Mideastern countries for death by stoning, being dropped from a great height, or beheading -- there are enough similarities to see how sophisticated ISIS has become at appealing to alienated, ostracized and perhaps bullied, lone wolves.

At this time, we have no civil society mechanism to identify in advance and take care of such individuals in something like a diversionary program.  It is well worth thinking about what such a program would include if we could identify them before they caused such enormous damage to our society -- not just to the families and friends, but to our anxiety levels as well.  It is worthwhile for members of the community to come forward to identify dangerous citizens before they act -- this is evidently one of the hardest communications for law enforcement whether working with, say, a militia group, or a religious group.  We still have strong familial and community  loyalties and notions of "tattle tale" that get in our way, no matter how Americanized we have become.

It is inappropriate to blame the FBI for having investigated but released the murderer for lack of "reasonable cause."   In fact, as I have just explained to a good friend from France, it is that very definition of reasonable cause that protects all of us from unreasonable encroachments by law enforcement.

I won't spend a lot of time here on the topic of gun control, except to note that it is time for Congress to stand up to the NRA and pass legislation that prohibits the sale of assault weapons, to authorize background checks and forbids sales of weapons to those on the U.S. watch list.

My heart goes out to the LGBT community, the direct target of these and other such acts of late.  Just a year ago, the community won a legal battle to marry.  To have such violence and hatred spewed in this particular way, in a club that was considered a safe space, is especially wrenching.  We are better than this.

Please practice situational awareness as you go about your life, especially in public places.

Thursday, May 12, 2016

How far can finger-pointing and bad-mouthing take you?

Catholics are taught at an early age that someone is always watching you.  As a child, I didn't think of this as surveillance (not a term that the Baltimore Catechism is familiar with), but rather as being benignly supported in my efforts to be a good person.

On the irreligious side, I learned early about being a good citizen and helping others -- to "put myself in their shoes," as my mother would say.  This behavior seemed to square up with my heroes, Nancy Drew the Hardy Brothers, and with the principles taught by the Brownies and (later) Girl Scouts.
I had no sense of limitations or boundaries growing up.  I was there to grow into myself.

I've tried hard in my career to explain to colleagues and to shadowers that 1) honesty is the best policy because it's most efficient; 2) that "Every wall is a door" (Ralph Waldo Emerson); 3) that harboring resentments or engaging in finger-pointing hurts you most of all because it sucks your attention and focus into proving your hypothesis; and 4) that there is always something to learn from another, especially if you can put yourself in her/his shoes.

There's not enough time left on my runway to spend my energy negatively.  Observing the current state of politics is enough of a time sucker.  I'll spend my time working to change the world, one project (or one class) at a time.

Tuesday, April 26, 2016

Us vs the Europeans

The European Union definition of personal information and of privacy is so much more restrictive than ours that it should come as no surprise that the Europeans are not as interested in using massive data suction tools to find terrorists as this government is.

I wish I could say that any of the presidential candidates understood the issues around privacy, in particular digital privacy, but I'm afraid we are going to have to leave that to the Supreme Court.

The FBI director says he was greatly misunderstood, that he's simply interested in being able to read "clear text."  Meanwhile, we learn that there was nothing of interest on the work phone in San Bernardino that caused the FBI to take Apple to court to break the device's encryption and to create software most of us in the business call a "back door."  The FBI however is still hopeful that they might be able to figure out what the terrorists did in time not yet accounted for by checking out their GPS data.  (If they were smart enough to use burner phones, they would have been smart enough to turn off "Location Services," thus turn off GPS.)

I am looking for a leader, perhaps a former government official, to become the clear spokesperson for privacy and in particular for digital privacy.  I don't think that Tim Cook can do this and run his business at the same time.  We need a private sector leader to explain clearly to the American public what is at stake in these skirmishes. 

Thursday, April 14, 2016

A reasonable expectation of privacy.

I'm in my office before class, having started my morning with a New York University-hosted forum on the Zika virus, which actually will be up for discussion in class this afternoon. About an hour after that forum concluded, Microsoft announced that it was suing the U.S. Department of Justice, "challenging as unconstitutional the government’s authority to bar tech companies from telling customers when their data has been examined by federal agents." (Wall Street Journal)  

Now, class prep completed, I'm listening to an address that FBI director James Comey gave at Kenyon College's "Expectation of Privacy" conference.  He is of course arguing that there needs to be a way Hinto encrypted systems, with many examples being tossed out, usually about terrorists or kidnappers or murderers.  He rejects absolutely the "slippery slope" argument. He asks for a substantive thoughtful conversations of security and liberty.  He ignores the issue of the back door becoming accessible to the criminals, nation states or terrorists.

The late Antonin Scalia argued some time ago that "There is nothing new in the realization that the Constitution sometimes insulates the criminality of a few in order to protect the privacy of us all."
Let's hope that the Congress can remember this, divided as it is, as one or more anti-encryption bills go forward.

I admire Director Comey enormously, including his references to FBI agent training he has instituted via a visit to the Holocaust Museum, and the order from Bobby Kennedy to wiretap Dr. Martin Luther King Jr.'s phones.  I think, though, here you will find the other side of the article missing -- the side that makes the "slippery slope" argument, that believes that source code is protected speech, and that resists creating a tool that the government asks for, one that breaks its own product.

He is right, we have never been closer to a condition of complete privacy with the advent of encryption. May I also point out that the question and answer session that follows his talk is well worth listening to.  He is a good teacher.