IBM and the Future of Privacy

IR PODCAST

IBM AND THE FUTURE OF PRIVACY

FEBRUARY 9, 2006

To hear this podcast and others from IBM, please visit www.ibm.com/investor.

In many ways information is the currency of the electronic age. We transmit our credit card numbers over the Internet when we shop online. We allow supermarkets to keep records of our shopping patterns in exchange for discounts on selected items. The sharing of personal health and genetic information promises to help physicians and researchers develop new methods of preventative care and potential cures that might save millions of lives. But do these benefits come with a trade-off?

BARGER: I'm Christopher Barger. In many ways information is the currency of the electronic age. We transmit our credit card numbers over the Internet when we shop online. We allow supermarkets to keep records of our shopping patterns in exchange for discounts on selected items.

The sharing of personal health and genetic information promises to help physicians and researchers develop new methods of preventative care and potential cures that might save millions of lives.

But do these benefits come with a tradeoff? Whenever uniquely identifiable data about individuals is collected and stored, concerns quickly arise. Legitimate concerns about disclosure control and the desire to prevent information about ourselves from becoming known to people other than those whom we've chosen to give it to can make our relationship with technology a wary one.

With me today are two IBM experts on the evolving relationship between technology and the right to or expectation of privacy. Harriet Pearson is the chief privacy officer of IBM, and Jeff Jonas is a Distinguished IBM Engineer who is the chief scientist for IBM Entity Analytics solutions. Welcome to you both.

BARGER: All right, so with respect to protecting people's privacy and civil liberties, what are the challenges around keeping personal information private today? I mean, is information sharing a good thing or a bad thing?

PEARSON: Well, I think the way to look at it is that in today's economy and society, information flows are very important to facilitating business. Think about whenever you go to a hospital or your doctor, the Department of Motor Vehicles or anywhere else, the kind of information that is needed to process your application, to deliver your credit card, to get you approved to go buy a car, that kind of thing.

Information is the lifeblood of our economy. So I think the better way to look at the questions of privacy and security of personally identifiable information is, are you striking the right balance?

Are you making good use of information and getting value and at the same time protecting the information and having the ultimate consumer, the individual, all of us, have confidence that the system that their information is being managed in is under control, that there's a certain amount of trust in it. And at the end of the day the word trust is the key word.

JONAS: And I think with that comes that the consumer really hates being surprised in this area. When the consumer suddenly realizes that their data is flowing in a way that they had not anticipated or it's been revealed in a way that they would never have expected, then with that comes serious consequences, I mean consequences that affect companies' brands when they're surprising consumers.

PEARSON: That's a good point, Jeff. Think about what's been happening in the last year and a half or so. Incident after incident, very reputable companies all around the world frankly, United States, Japan, Europe, Canada, Australia... incident after incident of data being leaked or compromised or made vulnerable.

BARGER: You bring up a good point, Harriet, that this is a worldwide issue. Attitudes towards privacy change or vary depending on where you are in the world; is that right?

PEARSON: Yes, and I think actually it's useful for us to try to define the terms that we're using here. But I think for clarity and for business purposes it's good to think about privacy as being more the policies you apply to data when you think about, are you going to share it with somebody? How far are you going to share it? Who's going to get to manage it? Who's going to get to look at it? When? Those kinds of things.

And then private data needs to be kept secure. And security is all about making sure that you, once you figure out who you're going to share it with, how you actually comply with those policies. And security in and of itself is a huge topic but those two are very linked concepts.

And you're right. As you go around the world, you know, you just go to France and Germany, ask those kinds of questions and go to the U.S., ask those kinds of questions. You will get very

different kinds of answers and responses.

JONAS: Currently companies do a lot of sharing but the amount of sharing is just going to continue to grow. And they're doing it, they're sharing because they're trying to maximize their business value, how much they can deliver to the consumers, at what price. They are trying to lower that price. So they share data.

One of the consequences of this is data tends to cascade or waterfall. So it will occur, it will originate in a system of record and then it will be transferred to another organization. Then from there it might get repackaged, integrated with other data and then shared again and you end up with this cascading series of shares for which is almost impossible to keep it tethered and current.

And when governments are involved in this, then as you move far enough down the line with regard to privacy and expression of private data to governments, if governments cast their nets too wide, it immediately becomes civil liberties.

BARGER: That brings up I guess the natural question then. Given the state of things of today, is losing some of our privacy just a natural trade off that we have to accept? Is this just the state of things the way they are right now?

JONAS: You know, it has...it has been repeatedly shown that consumers are willing to trade in a little bit of privacy for efficiency. And a question I would pose is, do they always know to what degree they are actually giving that up?

PEARSON: I guess I have in my...in my, I guess in my DNA the conviction that every generation and every society strikes its balance between the conveniences and the benefits brought by information management and proper sharing. And so if you accept the premise that none of us can hold back technological advances -- and I don't know who can, frankly – then we just have to deal with it.

And dealing with it means understanding and confronting the issue. You can't run away from it. And clearly IBM has had a global privacy policy and a privacy officer for many, many years now. You can't ignore it. You have to be strategic and then you have to innovate around this societal issue that I think everyone understands is important.

JONAS: You made a point there that is, I would just like to reiterate, and that is that years ago when you lived in a village, you have a notion of what others know about you. I think, too, as Harriet just pointed out, today a consumer really doesn't quite know who knows what. So it's back into the category of surprise to the consumer.

JONAS: I was going to go right to this point of transparency that to the extent that the consumer has the awareness of where their data is, then suddenly you put them a bit more at cause.

PEARSON: But at some point I would have transparency fatigue, right? I wouldn't go to portals to go look at everything. I'd have to figure out how to, in a shorthand sort of way, figure out who I can trust, where I had to go do some due diligence, what are the rules of the road.

And so I guess I say that because ultimately it really comes down to businesses and governments and others who are actually managing data figuring out what those best practices are, communicating that but establishing a certain level of trust.

JONAS: See, I'm not sure the consumer would actually go and go to my portals and look at every place their data's ever been shared.

PEARSON: I'd tell you where I would go. I would, for healthcare information I would very much be interested who saw my health information. Wouldn't you?

JONAS: Absolutely, yes. And so the consumer would pick which ones are more important than others.

PEARSON: You know, Jeff, my reaction to what you've been talking about is that there's a very strong trend here that I think will only get stronger over the next, oh, I don't know, decade or more which is, increasing amount of discipline that organizations have to use in managing information properly.

You can call it a security thought, you can call it privacy thought. I happen to like the word, data governance. You have to govern your data in the same way that in the industrial era most businesses have ended up governing or managing their chemicals or their modalities of production in a very disciplined way.

And in order for that to flourish, we believe, I believe at least, that you have to have a strategy for managing or governing the data that is part of your mode of production or adding value. I think there's almost like a quick top five list of things one can do to address this issue. First I guess a very simple thought is know what data you are using, managing, where is it going. Do an inventory or some kind of a look-see.

So first of all start with an audit or an inventory, something that tells you what you know and what you have access to and whom you are sharing it with, which becomes very important.

Secondly get a group of your senior people to figure out what your policy or strategy is around what kind of company you are, how do you want to market, how do you want to be respected? What laws do you have to comply with?

And get your strategy together so that you can express it to yourselves, your employees, and don't tell it to your clients yet, your customers, until you figure out whether you've got your act in order -- because then the third step is go to work quickly, figure out how to map your desired state to your existing reality of what you have, what you have access to, with whom you're sharing it.

And then when you're comfortable, you know the gaps between where you are and where you want to be, go ahead and say to the world carefully what your intentions are. And if you have gaps, you know, figure out how to express that or not express it but work to meet those gaps, to close those gaps.

And one of them can be, I cross my fingers, I really hope we can anonymize the data so that we can extract value from it, but your underlying identity isn't known to anybody that you don't feel comfortable having it known to.

JONAS: If you put the lens on so you could observe data that's being shared that is related to identities, you would find billions and billions of records that are being shared every day.

And these are being shared, I mean just for marketing reasons: a bank will send its customer data to a data aggregator to learn more about their customers. Hey, what kind of neighborhoods do they live in, what kind of cars do they drive, do they have presence of children? And these kinds of things.

Well, turns out there's this new technique that would allow that bank to anonymize the data about the identities and that basically means shredding the name and the address and the phone number and the Social Security number, shredding it in a way that is not recoverable, and sharing only the shredded data. And the aggregator then being able to match shredded data and return to the bank this demographic information for marketing.

If the data gets released on its journey by accident, there's nobody who's conducting identity theft is going to be able to take any value out of it because it's shredded. They can't observe the name or the address or the date of birth.

PEARSON: Another approach that folks talk about is encrypting end to end. Jeff, can you comment on that, because I know you understand the technologies here, and so much of the legislation that is now pending in the U.S. and a couple of other countries has to do with....

If you have a breach of security that exposes data, you've got to disclose what's just happened and get to the ultimate consumer and raise the alarm bells and all that. But if the data were encrypted so that it was not possible to use it or get to the underlying information, you're okay.

JONAS: So Harriet, on the subject of end-to-end encryption, you're ensuring that the data is in a form that is not likely to be breached throughout its entire lifecycle. Companies can be doing more of this and it brings greater protection to their information assets.

And there's this new zone of capability that says you can actually do deep correlation on data while it remains in an encrypted or anonymized form.

And while end-to-end encryption is something anybody can do today, dealing with and doing analytics on anonymized data is brand new and is something that will become another pillar of an overall privacy and information management strategy.

BARGER: You were talking, Jeff, about taking a step from identifying people in networks and starting to make those connections to being able to anonymize that. How did you make the leap and when did you personally start shifting your focus?

JONAS: That's somewhat of a funny story. It was rather sudden. Yes, I've spent years figuring out working when people were the same or related and companies use this to better understand the data they hold.

Well, having done a fairly significant amount of work for our government and national security, I'm aware that our government has some fairly large lists of people that we wouldn't want to let into our country.

And at this particular point in time I was getting ready to take my kids on a cruise. And in I think it was USA Today comes out with this story some months before my cruise that said there's a threat on Port Canaveral with scuba divers. Now, this makes it very personal.

BARGER: Right, right.

JONAS: And I went, geez, I know about these large lists of people they never let in the country, and I realized that the cruise lines, for good...and for very good and for privacy reasons, don't send all of their data every day to the government. And I went geez, you know, companies can share with themselves but in this case how, if a government doesn't want to release its data to a cruise line, then the cruise line doesn't want to release its data to the government, you really have no way to protect yourself.

And literally in 20 seconds I figured out how to take the leap from using clear text analytics -meaning data that's not encrypted or anonymized --and achieve all of the same capabilities using only data that's been shredded.

So even though you have Dick, Dicky, Ritchie Ricardo, it's all really the same name. And even though the street address has, you know, it's South Main Street versus Main Avenue.

So even though the data's different, the ability to compare it after it's been shredded is a really new technique. And what comes out of this is it tells in this example, it would tell the government that Record 1, 2, 3, there was a match. It can't tell them who.

They actually have to look it up in their files and find out that Record 1, 2, 3 is Billy the Kid. Then it tells them they could ask the cruise line about their Record number 4, 5, 6.

And so it creates this thing called discovery without disclosure. So you can find out which five records you would have in common and only observe those. And all of the other records are non-observable.

BARGER: Well, we're coming up to the end of our time together. I just want to ask you each just one last question. You are two of IBM's leading thinkers on privacy, each of you.

Look into your crystal ball a little bit. Tell me how things are going to shape up in the next five

years, in the next 10 years. Where is privacy protection going?

PEARSON: What's going to happen in the next five or so years, no doubt the issue of how to achieve or meet privacy expectations is going to continue to be a business issue. It's always been a policy or societal issue but I think it continues to be a business issue.

The way to achieve privacy and privacy expectations is through stronger security. So that's the foundational element.

Another area where I think the next five years it will be extraordinarily interesting and important with respect to privacy is in healthcare.

The advances in the last even five years in unlocking the secrets of the human genome to facilitating the adoption of electronic health records and the modernization of healthcare in many countries to be more efficient...

...and have more data available to doctors is leading to questions about how do we deliver better healthcare, better healthcare outcomes but at the same time be sensitive to the fact that I don't necessarily want you, my insurance company or maybe my employer to know as much as you might be interested in knowing.

So I would watch healthcare for the next five years. I would watch security requirements and the need for investment there.

JONAS: So there's this thing called the Universal Declaration of Human Rights written by Eleanor Roosevelt and it has all these points about freedoms and civil liberties and things one...free people should expect. It comes to mind, what if we're creating technologies that kind of go into the face of something like this.

For example, in the Universal Declaration of Human Rights, Article IX is, no one should be subjected to arbitrary arrest, detention or exile.

Well, there's actual specific things you would build into technologies that could contribute to this and make it harder to violate this fundamental human right.

So I'm considering how to take these Universal Declaration of Human Rights, all these articles and creating a parallel way to think about them with respect to technology.

The checklist. And you would look through the checklist and if you're building something that could impact one of these articles, you're building it in a way less likely to infringe later.

BARGER: It's not just responsible use; it's responsible creation at that point.

JONAS: Yes, actually that's a term...it's so funny that you said that. I've been contemplating this notion of responsible creation right out of the gate, right when you're creating it.

BARGER: This is interesting stuff and something we all need to be thinking about with corporations and consumers alike. Jeff Jonas, Harriet Pearson, thank you very much, both of you, for joining us today.

PEARSON: And Chris Barger, thank you for hosting us. JONAS: Yes, thank you very much.

BARGER: This has been an IBM Podcast.

[END OF SEGMENT]