Take ~4 minutes to learn about Kenya's Huduma Namba biometric and national ID card program, the data privacy concerns that have led the high court to declare it illegal (for the moment), the need for data privacy impact assessments past and future, as well as what you might call a diversity, equity, and inclusion narrative around opposition to the program.

Take a moment to absorb some notable details around the Twitch data breach including the perennial importance of infrastructure configuration, validation of data protection practices like encryption of passwords, unusual political intersectionality a.k.a. why Twitter was mad at random people for being rich this past week, market in e-sports. Also, turn on your two-factor authentication where you can.

I cover some important context on recent crypto currency regulation in China and argue that the news can both be true and also less important than it appears. I touch on topics like the ICO bans of a few years ago, China's current electricity crisis, perennial Chinese anxiety about capital flight, and where crypto mining is heading when it leaves China.

Some notable details around the 225 million GDPR fine levied on WhatsApp including the role played by the Data Protection Commission in Ireland in particular vs. that of other national regulators, the significance of the privacy policy, the nature of own volition investigations, and why this might be the beginning and not the end of heavy-duty data privacy enforcement.

Take < 4 minutes to hear Jack Phillips and I explain how easy it is to stand up Ghost PII on your favorite cloud platform and get started doing analytics via encrypted-data-in-use.

They say there is no such thing as bad press, and if it was not true before it will be soon. Much ink has been spilled on recent loss of trust of institutions, particularly among millennials, and the role this situation has played in the rise of cryptocurrency. The interesting marketing layer on all this is that the communications of these same institutions invariably function as viral advertisement for cryptocurrency - some view institutions like the IMF or the Federal Reserve, which have explicit mandates to comment on monetary matters, as nefarious (and many more are willing to flirt with such judgments) so their statements on possible dangers are received as positive. If the villains fear it, of course the heroes should embrace it. Right?

If you are looking for some examples, you might examine the social media response to IMF comment on the adoption of Bitcoin as legal tender in Honduras or the comments of Federal Reserve leaders on the stablecoin market. (As someone who is not entirely hostile to crypto, please take me seriously when I endorse the Fed's stablecoin concerns as substantive and in the consumer interest.) On social media platforms like Twitter, especially among users who do not participate in similar organizations, these comments are approximately the Illuminati defending its shadowy mechanisms for exercising power and thus a quite direct advertisement for adopting the cryptocurrencies in question.

I ran into a meme that got me thinking about this which I have enclosed below. Is it really telling you not to buy Monero? The banking system and state apparatus, especially stated this way, are not terribly popular institutions right at this moment...

To a significant degree, the core of many internet products like social media is not access to information, but rather curation of information. All the information is out there somewhere if you want it, but no one has the time to dig it all up or even a good way to know its there to be uncovered.

Along these lines, I perceive some travails of Gettr to be the fruit of deep contradictions in its mission. I understand concerns about the power produced by content moderation + market power, yet it is inevitably that a truly open and unmoderated app will be full of Sonic the Hedgehog porn because that is the full unvarnished reality of what lurks behind the curation that services like Twitter and Facebook provide.

Unless you read the news really carefully you might not know how often data breaches involve a vendor. The headline is "Famous Big Company Breached" but the reality is that one of their smaller, less-famous vendors actually lost data the larger company took from consumers and gave to them. There are a number of interesting and important things to point out about this phenomenon, including...

• The vendor typically lacks the cybersecurity resources and standards of the larger company, and even...

• The vendor often did something especially dumb like leave the data on the internet with no password, yet...

• The larger company often still bears explicit legal responsibility for the data loss, and...

• The larger company might take the brunt of the PR hit solely for being more visible.

My previous go-to example was Quest Diagnostic in the summer of 2019. They shared data with a collections agency called AMCA which then lost it. Even though the role of AMCA was disclosed, the headlines focused solely on Quest as the more recognizable company and the originator of the data. Quest was of course also still liable under HIPAA.

The examples have kept coming and will keep coming. Just in the past week, Volkswagen announced the loss 3.3 million consumer records. As in the case of Quest, the actual loss occurred at a vendor, in this case a company that had been providing sales and marketing services. As in the case of Quest, it is still Volkswagen that is in the headlines.

Private computation techniques like homomorphic encryption, or federated learning where machine learning and AI applications are important, can help solve these problems. Often data is shared with vendors for circumscribed purposes, and private computation is a way to ensure that data remains encrypted except where a human needs a plaintext insight to directly extract business value.

If you get around in the world of artificial intelligence professionals you have run into anxiety about where it might all take us. Are we presently creating our future A.I. overlords? If so, how do the choices of the moment determine the details of that future? LinkedIn is a great place to observe some ways we are already there. In particular, many LinkedIn users are on the site with a view on a new job and much of that process has become robots talking to each other.

When you edit your profile there is now an option to let LinkedIn auto-generate the "About" section. I have read a great many LinkedIn profiles myself, and while I think it is great that we are all similarly so "passionate" it is pretty obvious that lots of people are leveraging this feature. It seems a little silly, but the text of this part of your profile probably makes a difference on the margin when a recruiter is looking for a person with a particular skill or background. Long story short, a natural language processing (NLP) robot is reading your resume, deciding how to represent you to the search algorithm (another, perhaps more primitive robot), and these robots are having an implicit conversation about what recruiters you may end up talking to.

In the next leg of the pipeline, if you resume ends up in a pipeline at one of the large corporations that tend to dominate LinkedIn, then it is probably in the hands of robots again. It has been very common to algorithmically filter resumes to minimize what humans need to read (hopefully in the service of efficiency), and the name of the game for more sophisticated job seekers in some fields is, essentially, about writing in a way that is congenial for robots.

Thus, if LinkedIn is part of your journey to finding a job, you are really interacting quite a bit with a sort of decentralized Skynet Human Resources. An algorithm reads your history and puts forth some text on who you are, another algorithm reads it and vets which human beings need to learn about you. If you end up applying, you will go through another layer of robot vetting at the potential employer. Of course you still need to do the interview, but a lot of your journey there is actually about pleasing robots.

Why are people interested in cryptocurrency? In general, what IS money really? In hopes of starting a conversation, I examine some intersecting possible answers to these questions.

My end punchline, on which I would appreciate other perspectives, is that central bank digital currency (CDBC) is an invention nobody wants because it doesn't outperform fiat in any of the areas that seem to drive interest.

Wouldn't it be great if you could track and control data about you that is held by other people? You can! There are some edgy cryptography tricks that we have competitors for and this one I think we are best in the world

Over the past few weeks, we showed you an encrypted static webpage that our plug-in could selectively decrypt for access control purposes. Today, we'll do a string comparison analysis on that data same data and get the "right" answers you would get from the plaintext, but we won't actually look at it.

We're working on an ultra private survey app (that interfaces with the plug-in we've been demonstrating) both to demonstrate some exciting features of our developer tool and to eventually provide you with an ultra private survey app. Spare ~2.5 for the high-level ideas and a basic demonstration - we will have more to say in coming weeks about what makes the level of privacy really unique.

In the past we put out a similar story where we may have led people astray with some storytelling gimmicks. Here is the stock, fast version along with some discussion of other tricks we will be demonstrating soon.

Take ~2.5 minutes to let learn about a unique and cutting-edge facet of Ghost PII. It grants the ability to grant someone the ability to decrypt some data in an encrypted document while leaving the rest securely private. Here we demonstrate our plug-in performing this task automatically.

I'm delivering this webinar today at the 3rd Annual Greater Houston Isaca GRC Conference if anyone else is interested. I am talking data privacy, the post Schrems landscape, and the role privacy enhanced computation can play going forward.

I always take a moment to think about whether something wrong is also impractical. No sense preaching when you can talk brass tacks.

We live in a time of totally unprecedented surveillance of workers by their employers. There is a general trend towards building panopticons just to do it, technology has made spying feasible that certainly wasn't before, and the pandemic has attenuated worries about what people are really doing at home.

Maybe... this is actually just a waste of time. There are ethical and regulatory objections, sure, but maybe its also just not going to work in the end. If you suggest that the reason people should work is only because the boss is watching, and signaling that you can't actually determine directly if sausage production is up or down, you will end up in a downward spiral pouring more and more resources into harassing employees that actually spend more and more of their time in malicious compliance.

Good organizations will always be fueled by shared goals and trust.

Art imitates life, life imitates art, and why not in cybers0ecurity also?

No system should be regarded as unhackable, and if you are not a nation-state actor you should assume there are people out there with the muscle to hack you if they decide to do so. In an era where internet communities seem to have their own gestalt vitriolic intelligence, this creates a space for public relations and cybersecurity to feed each other in both directions.

For those out-of-touch with the gaming world, the boiling id of the internet has been angry with developer CD Projekt Red following the botched launch of its (unhealthily) highly-anticipated game Cyberpunk 2077.

https://www.cnbc.com/2021/02/09/cyberpunk-2077-game-developer-cd-projekt-red-hit-with-cyber-attack.html

NorthernIreland is naturally becoming a post Brexit flashpoint and in particular it exposes the particular status of PersonalData. Movement of data looks headed for a status similar to FinancialServices and specifically the Irish border is relatively open to goods it is closer to being the same old EuropeanUnion border when it comes to data.

The biggest risk to crypto markets is artless regulation. You'll feel the hammer if it comes down, but developments thus far have failed to leave lasting financial impact...

Ripple was the current best case study in regulatory risk. A few weeks ago, the SEC made some unfavorable announcements about investigating whether XRP was really a securities offering for RippleLabs in disguise, and subsequently XRP plummeted. Today it is flirting with all time highs again and has a more or less vertical graph the past few days. So that regulatory danger is still there, but its hard to put to any enduring $$$ consequences so far.