Strategy, Info System Security Russell Mickler Strategy, Info System Security Russell Mickler

There's No Such Thing as Privacy

What is Privacy?

This image of a button makes it look so easy,  doesn't it?

Well, first off, privacy doesn't exist. Privacy is a subjective feeling in that there's no specific measurement anyone can use to suggest absolute privacy; what is private to one party may be inherently public to another.  

All the word means that it's a state or condition that we believe is free from observation or eavesdropping. In terms of technology strategy, privacy reflects the confidence we have in systems to protect confidential information about individuals.

Let's break a few of those components down for a minute.

  • Confidence. Yet another subjective feeling, confidence reflects how assured we feel that our safeguards are thorough, comprehensive, and resilient to attack. Example: we have confidence in a deadbolt on our front door to protect us from an intruder; we have confidence that a locked file cabinet will prevent unauthorized inspection of classified data. Confidence reflects only our intellectual and emotional trust in our safeguards.
     
  • Systems. These are the policies, processes, training, controls, and automation that we've put in place to guarantee outcomes, to provide us with greater assurance that privacy can be maintained. Systems help ensure confidence.
     
  • Individuals. In technology, we collect information all the time. That information is usually aggregated and reflects many anonymous data points that help paint a picture over a problem. This kind of data and its collection yields competitive advantage: we want this data, need it, collect it, and utilize it, to maximize profitability for shareholders. That's different than the information of individuals which is specific and representative of personal details that uniquely identifiable. It's about understanding what uniquely identifiable information we maintain and what we're responsible for.

 

So, in terms of information sciences, we look at privacy as an artificial and subjective construct. It's not an absolute thing - flip a switch, a button to press, and, hey: your stuff is private! Rather it's a feeling that we have that the systems we've put in place give us the confidence that information about individuals remains confidential.

The degree to which that feeling can extend is relative.

  • If you want a feeling of maximum assurance and the highest confidence, we must come to thoroughly understand the information of individuals we maintain, and, to implement very rigorous systems to control it.
     
  • If you want reasonable assurance and reasonable levels of confidence, we implement the bare minimum of systems to protect and control the information in our care. 
     
  • If you're unsure of what information you're responsible for, and, aren't aware of the systems put in place to protect it, then your confidence is misplaced - you're blindly believing everything is okay. You've taken no action to understand what you're responsible for, then you can't have any reasonable expectation of privacy.

 

Further, privacy isn't a defined thing in the United States. It isn't even a right. There isn't a consensus in this country of what degree of systems are sufficient, what specific information about individuals should be confidential*; there's nothing written into the Constitution or Bill of Rights that guarantees citizens a right to privacy (in fact, just the opposite, with the 1st Amendment); aside from a smattering of Federal and State laws, case law has attempted to define what privacy actually means. In this country, there is a limited legal framework that defines what is private and what your obligations are (as a business owner) to maintain it.

So privacy isn't a right; what information about individuals should be private hasn't been universally defined; safeguards to elevate confidence haven't been universally defined; privacy is just a subjective feeling. 

Beyond that, there is not an absolute economic imperative behind privacy.  It won't improve shareholder equity; it won't return on investment. You're simply investing in safeguards. And for individuals, implementing inconvenient systems to safeguard their privacy may be perceived as too tedious or time consuming. Why should any business or individual what to do something that costs money, delays action, or causes irritation, when the payoff seems so limited?

So surely, privacy doesn't exist. It's a feeling that resides only in our minds.

Yet, ephemeral as privacy may be, the recent data breach from the Federal OMB affecting 7-percent of all Americans should remind everyone that the threats are real and the impacts are material. Indeed, a return on privacy does exist in the form of damages, losses, trust, and reputations. 

The question is: in witnessing this massive failure of privacy within the Federal Government, will you - today - overcome your base assumptions about your company's safeguards, verify their integrity, and implement stronger safeguards, as to validate the confidence that you have in systems that keep the personal private information of individuals confidential? Will you change your habits as an individual? Or, will you keep doing what you've always been doing, presuming your systems and habits should never have to change?

R

* With exception to some classified forms of information determined by Federal and State Governments. Example: Data subject to the Federal Privacy Act, FERPA, HIPAA, GLB, Matter Subject to State Data Breach Laws, etc. These pieces of information have been defined as classified and there are system requirements to raise our confidence levels.

Read More
Systems, Strategy Russell Mickler Systems, Strategy Russell Mickler

Should I Upgrade to Windows 10?

Should your small business sign-up for the free Windows 10 upgrade in July? Probably not. Understand the risks of upgrading to manage your computing experience, and, your patience.

Microsoft will release the latest edition of it's Windows operating system on July 29, 2015.

It's branded Windows 10 yet it is actually the 9th iteration of the product. My working theory is that they want consumers to believe that they're so, so far away from Windows 8 that they can trust the product again. 

Meanwhile, it's also the last version of Windows to supposedly carry with it a number or a year; Microsoft will simply rebrand it as Windows and update it with incremental bundled patches just as Apple updates OSX.

Windows 10 is also distinctive in that this will be the first o/s release from Microsoft to be streamed in addition to a DVD offering. Further, Windows 10 will be released for free to Windows 7 and Windows 8 users. Even now, users of these operating systems are being hustled by Microsoft to sign up for a pre-release for their systems. 

Should you upgrade to Windows 10? 

First of all, I think one should critically think about Microsoft's strategy here for a minute.

  • Currently, any PC running Windows 7 and Windows 8 can upgrade means that many PC's that have under-market processor and memory and hard disk space are about to take on even more overhead. I can imagine tens of thousands of people subscribing to Windows and it automatically updates only to slow down their computer even more.
     
  • As with any major o/s release, there will be new driver requirements. Imagine, after an upgrade, your printer stops working, the video display doesn't work right, or a camera interface fails, and the user has to troubleshoot the driver problem. 
     
  • Along that same idea, with any major o/s release, there will be new software requirements. I can imagine major software OEM help desks being flooded in August with irate customers who installed Windows 10 and something went wrong, looking for the vendor to fix it.
     
  • This is Microsoft's first time at hot updating a consumer o/s like this. Their first time. What could possibly go wrong? Well, everything. and Microsoft must feel really emboldened after their Windows 8 fiasco that this will work flawlessly. Color me skeptical. Windows - at maybe sixty million lines of code, something will go wrong, and wrong will happen to hundreds of thousands of users. I've been reading from insider sources how Microsoft's intending to push Windows 10 out with tons of bugs with the intention to update the fixes later; again, more Microsoft crap.
     
  • Finally, it's free. Free. Why is Microsoft releasing their cash cow for free? They've traditionally made hand-over-fist money with this product. Why give it away? How will shareholders respond to this? How else will Microsoft make money? I envision a world where Windows might be free and the tools to write for the o/s made free, but its features are premium subscriptions.

Again, though, should you upgrade to Windows 10? Perhaps the only compelling difference between Windows 7, 8, and 10 (because it's not the kernel - it's the same code) will be the user interface. Metro will be tamed and the Start Menu (with Metro integrations) will be re-introduced. Beyond that, it's still the same, dumb, slow, consistently-erratic Windows Experience. Except, this time, with more risk.

Who would want to subject their own personal computing or professional/business computing to that kind of risk? Not me. My recommendations:

1. Don't automatically subscribe for the update. Update it later, manually, perhaps a quarter or two after the initial release. Let others be on the bleeding edge and absorb the risk.

2. If you want Windows 10, actually, don't update through the stream. Instead, buy a new PC with Windows 10 already on it. Therein you've warranties and return policies to help manage the risk.

3. If you're planning to upgrade your small business office place, check with your major software and hardware providers for Windows 10 issues and compatibility before upgrading. At least walk in to the upgrade wide-eyed, knowing what to expect.

Microsoft knows that it's operating in a world where consumers have more choices than ever before, and they're trying to entice the consumer with a freemium model to keep their loyalty and engender a sense of relevance as it relates to the PC. Myself, I think it's going to (again) blow up in their face, encouraging yet more people to flee the Windows Experience for something else.

R

 

Read More
Strategy Russell Mickler Strategy Russell Mickler

Interconnecting Brand Experiences Digitally

Brands are culmination of experiences. In technology, little interconnectedness yields larger value. How can you create more value in positive experiences through interconnecting even the smallest technology?

Your company, your product and service, are a brand. Your brand is a combination of visual arts and markings, logo, mottos and sayings, persons and representatives. Your brand has a message. Your brand hopefully makes and keeps its promises. A brand is a culmination of experiences.

Technology affords businesses an opportunity to connect those experiences digitally. A great example is a technology both my bank and financial software implemented this week on their iOS apps: touch ID authentication.

Touch ID on the iPhone 6 allows your thumb print to act as a security passphrase. It securely uses this biometric to allow access to the phone itself and these applications. It's a great feature of the iPhone.

When I think about experiences with these brands, though, touch ID offers something more than reasonable platform security. It's an ease-of-use - a convenience that enhances my user experience - that only strengthens my relationship with those brands. It's now easier for me than ever to access account data, tools, and resources, offered by these companies, and doing so cements my loyalty.

Meanwhile, on other apps where I access financial information, I still have to provide passwords. A manual process that takes a little longer and is less convenient, and that idea "Less Convenient" now interconnects my idea about that brand. 

I feel the same way about digital cash registers running on something like iPads as compared to traditional POS / registers. It takes seemingly forever to provide a credit card, swipe it, insert a code, walk through the cash back stuff, confirm the PIN, and execute the transaction on a traditional register. Then I have to wait for a printed receipt! Meanwhile, on the iPad, I swipe, tip, and go; the receipt is emailed to me. And in the future, I'll just be able to wave my phone in front of the register. Wow, what a convenience. What a pleasant experience.

Small and mid-range businesses have an opportunity to leverage inexpensive technology to create better, digitally-interconnected experiences, that enhance brand and cement loyalty. I think this is a fun exercise for management:

How are our technology solutions (both back stage employees and front stage consumers) providing for a fun, easy, compelling, or convenient experience?

If the answer is "Not sure" or "how is this relevant?", I think management is missing a huge opportunity to strategically apply technology to create such experiences, and to thereby differentiate their brand from competitors. In modern technology, it's the small digital interconnectedness of things that lends much larger (synergetic) capability and intelligence, and, offers compelling brand experiences.

R

 

Read More