Lightning Talk (slides, podcast)
Privacy, Identity, and Innovation Conference
Santa Clara
May 20, 2011 

For those that don’t know, Intelius is a direct-to-consumer provider of public information about people and businesses. As for me, let me be clear, I’m not an attorney although I work with some great ones. I’m an engineer trained in signal processing, cryptography, software, and big data. So, I’m more of a geeky nerd—but relatively high functioning I’m told. I started my career designing avionics systems for space vehicles at, what’s now, Lockheed-Martin.

So my first job out of college was working on the Space Shuttle. On January 27 1986, I show-up for my first day. The next day, the Challenger disaster happened. In the ensuing Rogers Commission investigation, Nobel Laureate Richard Feynman famously demonstrated how the o-rings failed in that rare below freezing Cape Canaveral morning. It turned out that the Morton-Thiokol engineers knew about the risk, but were overruled by corporate brass. The moral: politics can’t trump imperatives from physics or economics. And it takes an innovative generalist, like Feynman, to cut through the politics with the truth.

Innovators like Feynman shape technology and how we think about it. We know these others. But I wanted to highlight Norio Ohga, the President of Sony during the invention of the compact audio disk in the late 1970’s. Being an opera student, he mandated that the CD hold 74 minutes of music so that he could listen to Beethoven’s 9th uninterrupted. Mr. Ohga died last month. I think he’s a great example of the class, taste, and technical know-how that goes into eclectic innovation.

And it’s the eclectic innovator who, I believe, is the prototype for how the Chief Privacy Officer role is evolving and where I professionally and, quite accidentally, find myself these days. Clearly, environment drives evolution and social networking is driving us from an innocent age without privacy officers, to today’s frontier era of regulatory privacy officers, and pushing privacy officers to be first class members of product teams—ones who have the privacy sensibilities and technical chops to get a product out the door. [BTW, a special shout out to Austin Alleman for pulling this cool drawing together. Austin is a student at Santa Clara University, friend of my son Quin (I see the SCU posse is here in force). Follow Austin @allemanau. He’s a tireless, talented kid who, literally, works for food.]

Let’s get a bit of historical context. When towns were small, typical of the 19th Century, everyone knew everyone’s business and there was little expectation of privacy. If you cut school, the whole town knew by dinnertime. In the 20th Century, privacy expectations rose with growth of big, dense, anonymous cities. And now social networks are returning us to the intimacy of the small town with huge growth in data availability.

20 Exabytes of data were created (and replicated) from the dawn of civilization thru 2002. Four times that amount was created in April alone. And April was a short month. Privacy expectations just haven’t kept pace with the data deluge giving us, what I like to call, privacy vertigo. And consumers are starting to notice. They are actually finding their privacy settings, and realizing when privacy policies abruptly change.

So is there any hope? Is there any overlap between the Internet and privacy? I’m a pragmatic optimist, and think there is common ground. I saw some really cool, privacy solutions just last night at the Innovator Spotlight.

But compliance alone won’t cut it. Compliance is too prescriptive, too slow, and too blunt. You know Einstein’s adage: “make things as simple as possible, but not simpler”. Compliance, alone, is just too simple.

Well, to dabble in the heretical for a moment, how about ditching compliance for innovation? To borrow from Hilary Mason, the Chief Scientist at Bit.ly, Math+Code = Awesome, but as some of you are thinking, there’s a bit of a problem with this. Sometimes “awesome” means awesomely destructive—like when the Wall Street “quants” nearly destroyed the world’s economy by concocting derivatives, “financial weapons of mass destruction”as Warren Buffet called them.

So maybe we need a corollary to Mason’s Maxim that scales technology with values. Negative values, super bad. Positive values, like fine-grained privacy controls, super awesome. An example, when I first joined Intelius nearly 3 years ago, I went on a listening tour of the company’s toughest critics (some in this room). Top of the list was Cindy Southworth, an exec at the National Network to End Domestic Violence. I asked her what Intelius could do better. She said bluntly (not uncharacteristic for those of you that know Cindy): “get my women out of your data”. I said absolutely, but as we began to work through the details, she suggested that it would be better to simply remove the latest contact information so the trail would run cold, frustrating any offender or stalker. I loved the suggestion and worked to get it on the product roadmap. This feature is now offered to all customers of our TrueRep product.

Another example is our opt-out. Our opt-out is free, doesn’t require a reason, but we do require proof-of-identity so we opt-out the right record. Folks have asked us to make this proof-of-identity easier. So, now (making news at pii2011) we allow secure photo upload of ID in addition to fax and mail. And something we added that wasn’t ask for. We’ve integrated our opt-out into our online ads, so self-searchers on Google can easily find and use the new opt-out.

Compliance is about “yes and no”; innovation is about “what if”; and I think it takes a new breed of privacy officer to tell the difference. If you start to see more engineer CPO’s like me, it will be because of our historical awareness, frontier spirit, regulatory caution, technical chops, and innovator’s curiosity. If you don’t, it will have been an educational evolutionary experiment. And, after all, isn’t that what innovation is all about?

Thank you.