Last week, at the Electronic Signature Records Association (ESRA), I delivered a keynote address that surprised me. For awhile, I have been advocating that risk management is dead as a business discipline. Why? Because RM is only funded out of the net profits of an organization. When companies seek the monies to meet budget requests for managing risk, their only sources of funds are the monies left over after all the other expenses of producing their goods and services have been spent. RM spending, as such, does not do anything that increases the value of the goods or services of a company to its customer base. But it has always been challenging to make that point clearly, and to illuminate … Read More
Last week, Harvard University’s Berkman Center for Internet and Society convened a conversation between Professor Jonathan Zittrain and Microsoft General Counsel Brad Smith to discuss “Privacy, Surveillance, and Rebuilding Trust in Tech”. I could not be more pleased with the observations offered in their dialogue. According to two media articles tracking the event, Smith reported a “double-digit percentage drop in trust.” Forrester Research reported in March, 2014 that the NSA-Snowden disclosures likely cost the cloud computing industry up to $180 billion in losses. Those are enormous in their expressions of the impact of a lack of digital trust and effective governance.
But here is the quote from Brad Smith that is the most important: “You cannot restore trust without greater … Read More
In my class at the University of Oxford, one of the key take-aways was that information governance is not about e-discovery; it is all about creating and managing information that is an authentic record of facts. It is just that simple. When companies retain information, the information is being retained because of its value as objective, authentic recordations of some event, a specific transaction, the occurrence (or non-occurrence) of a defined process, the existence and content of a communication, the account balance at a moment in time.
Each of these are merely illustrative snowflakes in the blizzard of information we are endeavoring to manage. But there is no value to business, government, education, or to any of us as users … Read More
On August 1, 2014, I crashed while riding my bicycle and was seriously injured. It was one of the misfortunes of bad circumstances we all possibly fear—something knocked my front wheel out of control and a normal fall to the ground became much worse as I fell, instead, over the side of a bridge and plunged nearly 20 feet into a deep creek gully. The ensuing discovery of my breathing, talking, but broken body, and the recovery, transport, and surgical repair that followed did something simple to state and profound in its meaning—teams of EMTs, helicopter pilots, trauma center doctors and nurses, and one kick-ass neuro-surgeon saved my life. I was conscious through much of the rescue and trauma activities—none … Read More
A fascinating legal theory is beginning to come out of the oven that may change how we think of digital information as property. What do you think?
An unauthorized computer access event occurs. System logs and other operating data provides evidence that personal information records were accessed. The logs indicate that the information records were copied and exported; however, there is no further evidence, including from named individuals, that the personal records have been improperly used, such as for identity theft.
A second variation involves the physical theft of a laptop or other computer equipment on which personal information was stored, perhaps even in unencrypted formats that would allow fairly easy access and use of the information. Again, there is … Read More
Two posts ago, I speculated on the future need for real witness chairs and suggested that the birth of quantitative law was nearing. In quantitative law, compliance would be measured, not judged. The recent indictments against Chinese government employees provoked the discussion. Now, a new development accelerates the need to ask, “What digital information can be trusted as evidence of the truth?”
Many press reports covered the indictment and arrest in Canada of Su Bin, described as a Chinese citizen and permanent resident living in Canada. Su is accused of stealing production data from Boeing’s systems on several military aircraft and then attempting to sell that data to Chinese buyers. The US government asked Canada to arrest him and extradition … Read More
It is my pleasure to be sought out by law students on occasion wishing my advice on a great law journal note to write as part of their journey through law school. Last week, I was asked about the recent announcement of indictments against Chinese government employees for computer hacking. What were the tough issues that an aspiring digital lawyer could analyze?
In our exchange, we looked at various angles—international law, “minimum contacts” for criminal law enforcement, and sovereign immunity were just three. But then we confronted another question: what would be the evidence used to prove, beyond a reasonable doubt, the conduct that was the basis for the indictment?
It became quickly clear that the only evidence that was … Read More
Recently, searchcompliance.com invited me to comment on whether the Digital Age requires companies to toss their entire 20th century records management programs and technologies out and start fresh with information governance for digital records. In fact, there are a number of important features of vintage records management programs worth keeping. To find out which ones, just click on their link above (may require free registration to access). … Read More
The Internet of Things is a great noun. In just three words, it describes an entirely new generation of interconnectivity among the devices with which we intersect in our daily lives—toasters, refrigerators, ovens, HVAC in the home, pet monitors, baby monitors, televisions, sound systems, smoke alarms. The Internet of Things installs in all of these appliances connectivity to the Net and the Cloud, enabling you better electronic control and, as reported in many sources, increased surveillance of how you live your life. Consumption patterns, usage patterns within the home, food preferences, sleeping styles, and on and on. But the Internet of Things also invites malicious actors—hackers that intrude electronically. One story I saw this weekend reported hacking into a baby … Read More
Why is privacy such an enormous headache for companies? For centuries, knowing your customer is an essential requirement for success in commerce. Each evolution in business is shaped by an improvement in the capacity of companies to better identify their customers and how to best create products and services that align to the customers’ profiles. Collecting information about a customer is how companies create new wealth—the information enables the companies to produce something that customers will value. The economics are simple: the more useful a product proves to be in meeting a customer’s needs, the more value the customer is prepared to pay. For most customers, sharing information with suppliers is part of the negotiation required to secure the best … Read More