This tough Cookie is grateful to have been asked to submit some articles for Tom Fox while he visits with his daughter during Spring Break. When I pondered what would be an appropriate topic for the week, immediately ‘communication’ came to mind. After all, it seems that an utter lack of integrity in an organization is attributable, in large part, to what, and how, management communicates to the larger organization. So it is fitting to dwell on this topic for a little bit, but given I just spent the greater part of a week surrounded by the largest gathering of privacy professionals in the world, I thought I’d start with a very specific type of communication – confidential communications. It is the nature of confidentiality that emboldens people to speak up and be heard, such as through whistleblowing schemes. Posting anonymously has emboldened the Two Tough Cookies to share with you our Tales from the Crypt last spring and summer. The cloak of secrecy has its value insofar as it peels back the protective filters we ordinarily engage in our everyday communications, and allows us to speak freely without fear of retaliation. This freedom that confidentiality and privacy gives us is a powerful tool, that can be used for the better, or for the worse, depending on your intent.
The opening remarks at this gathering of privacy pros were given by two very prominent figures in the world of privacy. The first who spoke was Glenn Greenwald, journalist for The Guardian who blew the Edward Snowden story wide open. Mr. Greenwald’s talk focused on what hasn’t, and has, changed since the Snowden expose came to light. What hasn’t changed is the law, surprisingly enough. Many Americans believe we have a fundamental right to privacy, much like our first amendment right to free speech. But as Mr. Greenwald was quick to point out, Congress has not enacted one single piece of legislation to protect our personal privacy since Snowden’s expose. Yes, we have a hodgepodge of laws that protect certain types of information (mostly financial and/or health info), and most states (47 at last count) have enacted complementary laws to ensure they can swiftly act to protect its citizens in the event of a breach or what have you. But our constitution and our federal legislature is remarkably silent with respect to a citizen’s right to be left well alone. Wake up America. You most certainly do not have a right to privacy. In fact, there is a bill that just passed (March 14) in a closed door session of the Senate Committee on Intelligence that, if enacted, would serve as carte blanche authorization to search your on-line history across the nation … Notably missing from the Cybersecurity Information Sharing Act of 2015? Why, privacy protections for US citizens, of course!
Greenwald reminded us all of the immense personal sacrifice embraced by Snowden when he made the decision to blow the whistle on the US government. I am not here to defend him, just explain him in plain English. Call him a traitor, send him off to Gitmo, hate him, adore him, do what you must. But like many whistleblowers before him, Snowden analyzed the situation, weighed the risk to his own personal freedom, and notwithstanding the overwhelming odds he’d be branded a criminal, he spoke up. He felt, simply put, betrayed by his country. The expectation of privacy which we all shared up to that point was a mere cloak of invisibility that would not withstand even the slightest scrutiny. The thought that innocent people could not happily surf the internet, or email, or enter into e-commerce, without someone watching their every move, did not sit well with Mr. Snowden. It was tantamount, in his mind, to a warrantless search with no probable cause. And for that, he was willing to rot in jail for the rest of his life to ensure that this “lawlessness” on the part of the US government was reined in, so to speak.
What has changed, according to Mr. Greenwald, is technology. Startled by the piercing blast of Snowden’s whistle, tech companies scrambled to close back doors, reinforce firewalls, patch vulnerabilities, and offer consumers free tools to encrypt anything and everything in response to one man’s cry. Snowden succeeded where many congressmen have failed. While we may not have a single uniform law to grant us that elusive right to privacy (yet), the tech companies have effectively (up to now) shuttered the lens of our government’s spying eyes with a liberal dose of encryption. That, however, may erode away if the full Congress passes the Cybersecurity Information Sharing Act of 2015.
I first understood the importance of encryption early on, and it was the number one reason I went to law school. I wanted to be a spy – or a counter spy. Whatever you want to call it, I wanted to catch bad guys, plain and simple. I was infected by the bug well before terrorism took root on US soil. It was, you could say, in my DNA. My grandfather had been an “intelligence officer” with the OSS during the 40’s and 50’s, monitoring the whereabouts of German “expatriots” in Latin America, using the cover of his father-in-law’s radio station to send coded messages back to the States. His brother, my great uncle, encrypted and decrypted messages sent and received by my grandfather, then moved over to the NSA when it was formed to eventually retire as a master cryptographer. My dad was in naval intelligence, as was my mother’s brother. I even wrote my upper level paper in law school on the implications of remote sensing on a citizen’s right to due process, and whether or not intelligence gleaned from such surveillance would be admissible in court without a search warrant (this was long before 9/11, when those satellites could only give you 3 meters resolution – today, it’s a far scarier prospect than many of us realize with satellite imaging resolution reduced to mere inches). But like many others, life got in the way of my career ambitions and I ended up on another path. I still get to go after bad guys, just not for my country.
The next speaker was an equally prominent figure, Professor Michael Sandel, who teaches Justice, Harvard University’s most popular course in its esteemed history. Sandel led his captive audience on a journey of discovery, exploring the morality of what I will term “compromised privacy.” Sandel probed for answers as to whether or not it was okay to bargain away pieces of your privacy in exchange for preferred pricing, or shared benefits. Why not exchange bits and bytes of data about yourself, if it’s going to customize your online experience “for the better” or perhaps get you deals you otherwise wouldn’t otherwise get? Or maybe use your data to enhance your health, improve your well-being? There were folks on both sides of the fence, until an audience member named Brad spoke up. Aside from being creepy, Brad pointed out that people change their behaviors when they know they are being observed, for better or for worse, and that not all change was necessarily good.
What came to mind as Brad and Professor Sandel were jockeying about was George Orwell’s 1984, with Big Brother watching every move of every citizen, who in turn suppressed every impulse to fit the expected norm. The premise of Brad’s position is that as people’s behaviors change, so do societal norms. These evolving norms can either serve to reinforce the moral compass, or erode it, dislodging our True North. It is beyond our capacity to foresee which direction compromised privacy will lead us, for the better, or for the worse. Given recent trends on social media, this Tough Cookie is decidedly of the mind that things are not looking for the better….
As leaders in corporate America, we too can influence the “social norm” of our organizations, as we are being observed daily by those we lead. Like the lesson to be drawn from Brad’s astute insight, we know we are being watched, and we know we should put filters on our communications. The truth is, many “leaders” either aren’t aware, or don’t care, to take a few extra precautions to communicate authentically and in a manner that is meaningful, relevant, and targeted for specific results. The Tough Cookie Tales from the Crypt have given you plenty of examples to prove that point. If you’ve taken the time to assess the culture of your organization, and have some data points that indicate there are some gaps that need filling, we suggest you go ahead and poke the bear. The goal, remember, is to influence your organization’s societal norms, and our hope is the tools and insights we’ll give in the next few postings will help you do so for the better.
This publication contains general information only and is based on the experiences and research of the authors. The authors are not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication.