Wednesday, October 30, 2013

To talk, or not to talk, that is the question

I sat down at lunch with three of the biggest corporate guns in the field of privacy.  We're all old friends, and more than a little battle-hardened, and over a cool bottle of Sancerre, we started a heated debate about the benefits of talking, or not talking, about privacy, in the public arena.  

Person A:  We never talk about privacy.  It's a loser.  You can't say anything about it, without offending someone. Talking about privacy is like talking about religion or politics at a dinner party, frankly it's no-go.  Let privacy advocates talk about privacy.  As far us, the less said, the better. 

Person B:  We talk about privacy in a pedagogical sense.  We all know that it's important, and complicated, and we know that consumers need to be educated, to help them make their own decisions.    Transparency is fundamental and ethical, and we're committed to being open about it.

Person C:  We talk about privacy, but only to attack our competitors.  Our most successful marketing initiative this year was to copy the attack-ads that have been part of US politics for years.  Of course it's cynical, and perhaps dishonest and hypocritical, but it works.  

Person A:  It's a myth that you can build trust by talking about privacy.  Actually, the opposite is true.  It's sad, but that's the reality.  If a college kid walks into a bar and tells everybody in the bar that he's never had any sexually-transmitted disease, do you think he's more likely to score than the guy with herpes who doesn't tell anybody about it?  

Person B:  You can talk about things that support privacy, like privacy controls, privacy settings, and strong security.  Those things build trust, and they're objective, and people deserve to know about them.

Person C:  You are so naive.  If you're in a race, you want to win.  Sure, you can try to be the fastest, strongest, smartest, but if you're not, you can still win by hiring some thug to break your competitors'  kneecaps.  And trust me, privacy is like a kneecap.  

I sat back, and said nothing, and sipped my Sancerre, and unconsciously perhaps, crossed my legs and put my hands on my knees.  

Tuesday, October 29, 2013

Tinker, Tailor, Soldier, Spy, They hacked my phone, I don't know why

Why was it candy to hack the Handy of the world's most powerful woman?  Did she park her Porsche in a public place without locking it? 

The press are outraged and the politicians are indignant that Merkel's phone has been hacked for years by the NSA.  Obama did or didn't know about it. This diplomatic squabble makes for good headlines, but it's not the real lesson of this story.

Indeed, why was Merkel using an unsecured phone?!  According to press reports of the Snowden revelations, she was using the sort of phone service that you or I could buy by popping into a shop in Berlin.  

If the NSA has been listening to Merkel's phone for years, and the German authorities only learned about it from the Snowden revelations, then one has to assume that other sophisticated national surveillance organizations, like the Chinese and the Russians, have been listening too.  State surveillance secrets in China and Russia are less leaky than in the US, and I doubt we'll see a Chinese or Russian Snowden expose their practices to the world.  

So, the most powerful woman on the planet apparently needs help in recruiting a staff of competent computer and communications security experts who could help protect her and her role.  

Any privacy lawyer who works in the field of security breaches always asks a basic question of the target of a breach/hack:  were you using "adequate security"?  Seriously, would you park your Porsche in a public place without locking it? 

Friday, October 25, 2013

My Mom and Dad trust each other

Imagine if your mom and dad didn't trust each other. Imagine if they spied on each other, and hired private investigators, and tapped each other's phone calls. They'd yell and fight, and the kids would be unhappy.

Then, into the house came a woman, saying she was from Brussels, and she could fix things.  She said we needed fair rules to re-build trust.  Everyone listened. 

She said we needed the following rules:  the children should never be allowed out of the house, except to go to school, since no other place could be trusted.  She said that the children should never use Twitter or Facebook, since they couldn't be trusted.  She said that the children could only play games that had been pre-approved by their teachers or parents, since other games couldn't be trusted.  She said the children needed discipline, and severe sanctions if they ever violated these rules.  

She said that the only way to re-build trust between the parents, and to stop their spying on each other, was to impose these stern rules on the children.  

Everyone sat quietly for a moment.  Then I said:  "isn't it unfair to punish kids for our parents fighting with each other?"  She said:  "be quiet, child, I'm sick of your lobbying." 

After a few more moments of silence, the parents both said:  "look, we're adults.  This is our problem.  We need to work it out between ourselves.  Our children have nothing to do with this.  Get out of our house, now! "

As she walked towards the door, the woman from Brussels turned to us children and said: "You wicked little things.  Unless you are subject to strict supervision, your parents will never trust each other again, and it's all your fault!"

Editor's note:   if you don't get the point of my little story, please read this expert commentary by Mr Jeppesen:
"...the E.U. Data Protection Regulation (DPR) was first proposed in 2012. Unfortunately, government surveillance issues cannot be solved by this legislation....
it would not regulate E.U. Member States' national security intelligence programs, nor would it address the surveillance programs of the United States. The European Parliament and the European Commission simply do not have the authority to address national security matters... The only path forward for true reform around global surveillance practices is a much harder slog. It will require a joint European-U.S. effort to find agreement on proper legal standards and safeguards."

Thursday, October 24, 2013

Jeff Koons' Private Parts

I was invited to a fancy charity dinner in Paris, and was treated to a delicious feast of suave irony.  It's not every day that I sip Dom Perignon with Jeff Koons and Laurent Fabius, paid for by a tax-exempt charity. The conversation went something like this:

Jeff:  I love France, I love Versailles.   They just did a show of my work.  For centuries, people with wealth and power have bought the world's best art to show the world their excellent taste.

Laurent:  We're so happy to invite our American friends to France.  I come from a long family tradition of art dealers. In France, we support culture.  
Silly rich person at our table:  Jeff, which artist had the most influence on you?

Jeff:  My favorite artist has always been Monet, or Manet, I mean Monet.  

Me:  I start howling with laughter.  I am kicked in the shin by my partner. 

Silly rich person at our table:  I adore la France.  My entire house in Dallas is decorated in French style.  and Peter, what do you do, she asks, feigning interest.

Me:  I work in privacy, and I'm bemused by Jeff's soft-porn art and the idea of an artist exposing his erection as a statement about what's private and what's public. 

Laurent:  Apologies, dear American friends, I must leave you now to speak with Assad.  So vulgar, but his wife is charming. 

Jeff:  Apologies, too, I have to catch a flight with Francois to Venice tomorrow, he says, with an ah-shucks tone and a million-dollar smile that had all of us swoon.  

Silly rich person at our table:  I just loved them both!  So down-to-earth!  but, Peter, I think your comment about his nude art made him uncomfortable.  Did he really show his private parts in his art?  I'd like to see that.  

Tuesday, October 22, 2013

Two farmers and a donkey

Two farmers owned fields that lie side by side.  They don't like each other, and they never have.  But fate has put their fields next to each other.  Farming is a tough life, and neither makes much money.  So, the two farmers agreed, with heavy-hearts, to buy a donkey jointly, and to share it to till their fields. 

For a while it worked, but as the spring wore on, and the days started getting hotter, both farmers wanted to till his fields in the early morning, when it was cooler.  

The donkey stood in the middle, on the line between the two fields, while each farmer tugged as hard as he could, trying to pull the donkey in his direction. The donkey didn't move.  He couldn't.  He was being pulled in two opposite directions, by farmers of equal strength.  After several minutes of excruciating pain, the ropes around the donkeys neck, being pulled in opposite directions, choked the donkey, and he fell to the ground with a dull thud. 

The farmers glared at each other for a few minutes.  Then they grinned, shook hands, and agreed that it was a damn dumb donkey not to follow their commands.  

oh, and except for the damb dumb donkey, everyone grinned and applauded this.  

Sunday, October 20, 2013

Dear Diary

Dear Diary,

You're the only one I can talk to.  You're the only place where I can share my secret fears.  I feel safe, because I know that no one else will ever read what I write here.  

Even now, after all these years, I don't feel safe as a gay man.  I know there are a lot of people who hate me for that.  I feel sick to my stomach when I read how another young gay man was murdered:  They broke Mr Zamudio's leg with a heavy stone, beat him up with bottles and carved swastikas into his body with broken glass before walking away.

I am very proud to spend my working life in the field of privacy.  I believe that it's the foundation of human dignity, and I hope that I can contribute something to it.  But in a dark mood, I realize that I can no more hold up the tides of technology than an oyster can stop the tides.  

I know that secret algorithms roam the Internet, analyzing, recording, and data-mining every piece of data that they find, billion by billion.  But I assume they won't read this blog, because it's just my blog and it's not very important, except to me.  And even if they do read this blog, I assume it's just to show me an ad, which isn't a big deal.  I mean, they wouldn't create a psychographic profile of me, would they, to use to decide whether or not to hire or fire me?  I mean, I'm not a public figure, like a politician, so why would they create a profile of me?

I had a funny dream yesterday, that I went to dental school to start a new career.  In my dream, I realized that no one would ever thank you for your work in privacy, because it was always a losing fight, so I thought I'd look for a career where you could help people.  Well, that's something I could only tell you, dear diary, since I wouldn't want anyone else to know that I'm nagged by doubts.  This facade is getting exhausting, like pretending to be straight when you're not.  I'm willing to fight the good fight, but I know that I'll lose, in the end.  Well, dear diary, at least I can confide in you, and I feel better already, since I know you'll keep my secrets.  

Friday, October 18, 2013

Lovely, lovely, let's not change a thing

While I was on St Bart's, a lovely French island where plutocrats play, I had a chance to chat with the image-savvy CEO of a major tech company based in California (not Google). We were talking about privacy in Europe, and she said:  "yeah, I know, Europeans think different, Nazis and stuff".  Then she realized I was not an important person, and turned away to talk to someone else. 

Indeed, stuff... She's right, of course, on a basic level, that privacy expectations reflect each country's culture, history and ideology.    

But the Nazis and stuff don't quite explain Europe.  Take France, and its "stuff".  I love France.  I love the country, the people, the culture, the language.  I do not love its government.  I think France is poorly governed by an entrenched "political class" and run by an army of grumpy functionaries and enslaved to a socialist ideology stuck in a 1970's rut.  And lots of people think that it will be run by the far-right Front National in a few years, as mainstream voters get sick of their "mainstream" parties and Socialist taxocrats.  

France is a deeply conservative society, in the sense that it does not like change.  This country is deeply uncomfortable with globalization, and even with capitalism, based on a widespread pessimism that France's best days are behind it.  Innovation is not popular in a country that thinks it's more likely to lose from the change that innovation brings.  The innovation that is popular in France is inventing new taxes (innovating a new global financial transactions tax?, innovating a new "data" tax? innovating the highest marginal income taxes in the world?).  

Paris was once more welcoming to foreign businesses.  The Economist's article recently struck a lucid and painful blow to French self-esteem:   The article pointed out that Paris was Morgan Stanley's first international office, a decade before London!  Can you remember the 1970's and 1980's, when American technology giants like IBM and Microsoft chose Paris as their European headquarters?  The entire new generation of American tech companies have chosen London or Dublin or Luxembourg or Zurich for their European headquarters. I can't think of a single American company that has chosen Paris for its European headquarters in the last two decades. Understandably, this is all hard for Paris to swallow.  
Against this background, it's easier to understand why the French government is campaigning to weaken the European Commission's proposal to institute a one-stop shop in Europe.  Most US companies would find their lead regulators in Dublin or London or Luxembourg.  As far as I know, not a single foreign company would have its "main establishment" in Paris.  

Looking at the increasingly barren business landscape in Paris, I'm reminded of Voltaire's advice:  "Il faut cultiver notre jardin".  I'm often amazed that anything grows here at all, like a pretty flower in the dry, hostile desert.    

Tuesday, October 8, 2013

From Warsaw to Mauritius

I'm just back from a privacy commissioners' conference in Warsaw.  I detected a theme of privacy-war-weariness there.  It's tiring, spending your days navigating the constant conflicts of privacy and protectionism, privacy and politics, privacy and Prism.  

I'm sympathetic to people who are tired of sitting in drab conference centers from Brussels to Belgrade, half-listening to tedious talks and self-righteous rants and anti-American tirades. 

How can I blame civil servants for voting to hold their next annual global conference on an Indian Ocean resort island of Mauritius?  Ok, I admit, at first I thought it was a joke, but then I was told it wasn't.    

This could be fun:  in sunny Mauritius, you'll see your global privacy colleagues in an entirely new light, discussing Binding Corporate Rules on the beach, or monitoring international data flows in the Indian Ocean.  Ever heard a speech about transparency from someone in a Speedo?  engaging in a little surreptious surveillance by snorkeling.  

At the last conference in Warsaw, I can't remember much, and I always tune out the anti-American rants, but someone said personal data on social platforms was like "urine in a swimming pool", which made me sit up and listen, since I'm a swimmer, and ponder the analogy, and at my pool, we drain the water twice a year, which is sort of like a Right to be Forgotten, or at least it gets rid of the urine eventually, unlike the Web.  Then someone started another anti-American rant about why can't Americans be enlightened enough to create euro-bureaucracies like us to "accompany innovation", so I sighed and zoned out again and watched swimming videos on YouTube. 

Indeed, it's been a tough year in privacy-land, tempers are frayed, and we all deserve a break (well, except the taxpayers).  As the International Association of Privacy Professionals reported:  

To celebrate, Mauritius will play host to next year’s International Conference of Data Protection and Privacy Commissioners on September 22, 2014.