The Tension between the Private Individual and Technology

The recent hacking of celebrity iCloud accounts (which happens to others) and the Home Depot data breach, has the media once again chirping about the importance of secure data systems.    There’s a lot of talk about how these events bring privacy issues into the light, but I think it is safe to say that most of us live in a digital spotlight now. Long gone are the days where data security and privacy issues reside in darkness.

However, these events are reminders of two realities in the digital world; 1) technological advances are both freeing and limiting to individuals; and directly applicable to 2) the evolution and expectations of personal spaces.

As I’ve been writing about business and governmental viewpoints on data, I haven’t really touched up the individual.  The individual, you and I, are at the very core of data – we provide it to banks and governments when we use services.   But we use communications technology for personal reasons in ways that are not meant to be public or seen/used by others, or at least no one outside of our choosing. Intimate thoughts and pictures obviously fall under this umbrella.

The expectation of privacy in personal spaces is not new, but technology has altered how we must think about personal space and our expectations of privacy and who is ultimately responsible for protecting privacy.

What is the difference between an envelope containing a private letter stashed in a drawer, and a personal email with its code held on a server or your home computer?  The letter could be intercepted in the mail or stolen from our homes or briefcase, but there was a sense of privacy in those spaces.  The email though could be held on a home pc, on the cloud, accessed from work, or on a mobile phone via public or private network.  Is there an expectation of privacy in all these spaces?

The digital word has physically separated us from our data and made interception easier from people we will never know or meet.  The expectation of what constitutes private spaces has been expanded, which is why it is so difficult to control  our data, or to prosecute those who steal it.  The account might be managed by a multinational corporation with offices and servers in several countries, where anyone can access it.  Having what we want or need at any time and anywhere is a wonderful convenience, but it challenges us to think about how we maintain those parts of ourselves we do not want others to see.

Recently we have seen a barrage of headlines asking “Can you trust the cloud?” This question really suggests many things – Can you trust technology to care as much as you do about your data?  Can you trust that you own and control your data? Can you trust that you will be the only one to access your data (Insert a million links to the importance of authentication here)?

Technology is not full-proof.  Like the locks on your front door, there are services that are more difficult to get into (but still vulnerable), while others are there to keep people honest.  It is important to keep these limitations in mind because whether we like it or not, we are not in control of them, there are inherent weaknesses (just like the lock on the door can be picked), and a data breach can impinge on how others see us.

Simply speaking, as individuals we present ourselves in certain ways to certain people.  We tell them things we want them to know, and withhold other details for various reasons. (The Germans call it Persönlichkeit, add Recht to it and you get the legal basis for privacy – “the right to personality”). In a professional atmosphere talking about your home life might not be acceptable so you don’t share it.  You also might feel more comfortable talking about one part of your life with a friend, and another person not so much.  Your relationships are constructed by the type of information that people know about you.

When someone steals your private information and puts it on the web, or controls who has access to it, they are also shaping others’ perceptions about you.  Using technology to store or transmit our thoughts can make data, or behaviors, our view, our beliefs, and our bodies, vulnerable to exposure when others maliciously break into our accounts and steal our data – the bits of information that compose the multifaceted existence of our identities.   They are in control of our personas, not us.

So we have choice I suppose.  We can stop using technology because we cannot be certain that we are protected.  That seems like an unfair and unnecessary option.  Free flow of information can be a good thing and it can expose fraud or ill-intent.  However, I’ve been thinking about how security, or the lack thereof, also has the power to limit my ability to utilize technology in a manner of my choosing.  “If you don’t want something to get in the hands of someone not intended to see it, then don’t post it to the cloud.” Individuals, and companies then, are faced with a dilemma which involves a calculation of risk.  I want to use this service, but by doing so I’m exposing myself too.

A recent interviewee commented that my knowledge about privacy issues was unique and that most people  were fine with allowing others (government, corporate etc.) to control and use their data for the sake of convenience.  While this might be true, he also mentioned that this made me a lucrative niche market for innovation – providers will create services to cater to people like me. As I wrote in Harvard Business Review, I agree with this, but I wonder how much of this is a constraint on my access to technology.

We love technology but our decision to use it and the consequences of doing so increasingly fall under the discretion of others who may not hold our personal interests in mind.  Why should anyone have to find a special service in order to feel safe from prying eyes no matter who that might be? I do not pretend to have these answers, but it is something that should make everyone a little uncomfortable.  It’s a choice, of course. In the meantime, I’d suggest to keep those intimate records a little closer to home because there are few protections.


Finance, Secure Systems, Regulatory Compliance, and Data Protection are Not the Same

I’ve been reading a lot about privacy and financial data (including studying for the CIPP/US and EU exams) since returning from Europe for a new book I’m writing about the politics and practice of financial data in transatlantic counter-terrorism cooperation, which I will write about in future posts.

Most people do not think about money and data surveillance. It’s more common to talk about how governments monitor our emails, phone calls, Facebook entries, or mobile data because they are communications technologies in their unambiguous forms, but we don’t put much thought into what makes money tick.  The reality is that money is data and we have to view it as more than an instrument of wealth. 

Financial data is money, and it reveals behaviors.

Banks run entirely on information technologies for everything they do no matter what type of transaction or industry, and they are keen to use that data (or Big Data) as a commodity onto itself to sell you things, create market strategies, and to get ahead of their competition.  If a bank’s IT systems are down for 48 hours, that bank is gone, gone, gone.

And the dawn of a digital currency is not new either (e.g. Bitcoin). The anchor of the international monetary system, Special Drawing Rights (SDRs or XDRs, its formal currency code), were created by the G10 governments in the 1960s and have never existed except in digital form.

It’s time to focus on how money is data because financial institutions and governments certainly do so, since our spending habits reveal our behaviors and intentions.  As the old saying goes – “put your money where your mouth is.”  We tend to invest when we believe in things or people, and not much happens without at least a little money changing hands.

Which brings me to financial data protection and privacy.

The common refrain I heard from regulators and those in the financial services was that “finance is already heavily regulated so privacy isn’t much of an issue.” This is false logic.  Assuring client data confidentiality, compliance with record-keeping and accountancy guidelines, or ensuring sound security protocols does not automatically guarantee data privacy.  It’s a mistake to assume that because banks make sure that their data systems are not hackable, or that they are regulatory compliant, that the privacy of client data naturally follows.

My own bank failed to do this, and I offer this narrative as a small example of the disconnect among these concepts.   My visa application to Belgium required a bank letter stating that my accounts were in good standing.  I was not required to provide amounts, but in the end the bank gave me no choice but to disclose this information to 3rd parties.  I received a letter from corporate (after I tried to obtain the letter at the local branch I was told that they did not have that information – so you can decide to give me a loan, but this is too much?) with all the amounts of my accounts incuded.

The legal disclaimer was priceless:

 “Our response is commensurate with the purpose and amount of your inquiry. The information provided is strictly confidential and intended for use solely by the requesting party and in reliance on your statement of intended purpose or use.”

No, the letter was not generated to the “purpose and amount” of my inquiry, and it certainly exceed my intended purpose and use.  I specifically asked for no amounts to be listed in the letter.  The customer service representative said that it was a form letter, they could not alter it, and it “was generated by our lawyers.”

  “The information is furnished as a matter of courtesy without a duty to do so and without responsibility, liability or warranty, express or implied, on the part of ________________ to you to any third party. Information is obtained from electronic data sources, which may not contain all information in _____________ possession’ information is not guaranteed to be accurate and may be a matter of opinion. We do not accept any responsibility for errors, omissions or alterations after delivery. The information is constantly changing and therefore subject to change without notice.  _______________ will not update this response unless another written inquiry is received. This information applies to the name of the subject of the inquiry as styled in your request and does not include any indirect or related accounts or obligations, unless expressly specified in our response. _______________ encourages you to contact more than one credit reference prior to making any credit decision. If you received this response by FAX and you are not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error, and that any review, dissemination, distribution or copying of the information contained in this message is strictly prohibited. If you have received this communication in error, please notify us immediately by telephone and return the message to us by mail.”

I could comment about a lot of this, but the last part is precious.  So if you send this to someone by mistake, just let us know.  No damage done.

I hope that my bank’s data systems are secure.  I hope they comply with regulations.  But I also know that US law gives me little control of how my data is handled, and corporate procedures imbue precious little concern about my financial privacy into their practices. So my financial data, my financial behavioral data, gets compromised more than I’d like to believe.

Companies, and the law, need to stop thinking of privacy, security, and compliance as mutually inclusive.  They do overlap, but one does not necessarily represent another, and these systems and safeguards need to be developed in tandem.

p.s. I did write to complain and I received a mundane corporate response claiming that they could not do anything about it. They did thank me for bringing it “to their attention” which is corporate speak for telling me to fly off a building.



Google, Innovation & Trust

Today a piece I wrote for Harvard Business Review hits the “virtual” stands.  There are times when researching a hot topic is a curse (Mr. Snowden made privacy and surveillance touchy) but there are other times when it is a blessing.  The Google European Court of Justice’s (ECJ) decision  or “Right to be Forgotten” case has given me a chance to showcase the importance of privacy and data protection in the business world.

I have written a few pieces about data as it pertains to the financial services (here and here), and on the clash of US and EU privacy cultures and its impact on transatlantic counter-terrorism cooperation. The HBR piece focuses on how privacy can lead to profit and it draws heavily upon my interviews with the IT and corporate communities while I was in Europe.

In the popular imagination, the internet exists as a borderless world. In reality, there are many internets, and the rules that govern each of them reflect local beliefs about the role and responsibility of technology within society. The ECJ ruling classified Google as a data controller, and therefore under obligation to remove certain links to personal data upon an individual’s request, and it is a prime example of how localized privacy cultures and laws can assert themselves beyond their sovereign borders.  Although it specifically mentions search engines, it has implications for multinationals as well.

I think that the IT world was shocked by the ECJ decision because it holds the borderless internet view, it sees any curb on the free flow of information as censorship and a threat to its business model, and it is accustomed to the US-based view of data as property where corporations self-regulate data collection and usage.  Also, the Judge Advocate’s opinion, which concluded Google was not a data controller, set expectations for the final outcome of the case.

As the EU itself has been trying to figure out the legalities of balancing human rights with good commerce, the legislative ambiguities of the EU Data Protection Directive have in the past provided businesses, including European companies, with some wiggle room.  The ECJ verdict tightened the space to wiggle in some instances, but legal instruments are notoriously difficult to rely upon for definitions or guidelines for enforcement when applied in practice.

Problems of balance remain.  There is the balance of responsibilities between controllers and processors (are these distinctions even the way forward? One interviewee said we need to think of this in terms of accountability), the balance between human rights and national security, and human rights and the economy, the balance among differing views of privacy, and the realities that the physical structures in which the internet operates are transnational, which make it difficult to restrict the flow of data to certain transmission paths, let alone implement regional or national standards when doing so.  “You shouldn’t, and can’t, make Europe an island.”

No, the ECJ ruling does not mean you can be completely forgotten once you are on the global information superhighway, but it does mean that there are opportunities for government and business to innovate how data is managed, transferred, and used.  In short, legal instruments are not enough, the private sector needs to take privacy beyond compliance because its clients are demanding protections even when the law doesn’t require it.  In the HBR piece, I assert that this is part of a growing trend, spearheaded by consumers themselves (in the US, they talk about consumers, in the EU they speak of individuals) who believe that corporations feel entitled to use every bit of information they can find as part of a ‘big data’ marketing plan to endlessly feed algorithms for their own profit.  American IT firms did not help this image either.   EU legislators and privacy activists were not accustomed to the aggressive nature of US style K-Street lobbying in Brussels as IT firms campaigned against aspects of the new EU Data Protection Regulation.  The Snowden revelations only added fuel to their ire.  But this disgust has not been confined to the EU, Americans are increasingly suspicious of where their information flows end up too.

I have spoken about trust on this blog before regarding regulatory-corporate relations, but it applies here as well.  Corporations have to maintain the trust of their clients to keep them, whether they refer to them as individuals or consumers, and treat their data with respect. Individuals have a strong sense of ownership over their data because it reflects their personal choices, and while some consumers love the convenience that data analytics provides, some do not.  So I ask (somewhat rhetorically because I know there are some efforts, but will tackle them in later posts) businesses to consider services for those who want (and legally demand) more control over their data.

The HBR article touches upon some fundamental issues and I hope to follow up with another piece that connects data privacy to data security.  Unfortunately it is often treated as a separate issue, but privacy, security, and trust are endemic to any business relationship and when done right, they are, again, profitable.

It’s a Wrap, Folks. Well, not quite.

 I’m back in the US from living Europe for 4 ½ months and I am energized and exhausted at the same time.  The past week has been a jet-lagged frenzy of unpacking, catching up with family and friends, and personal reflection.

In sum, I feel really good.  I am grateful for the opportunity to travel and for the people who have been generous with their time and views, and for everyone who made this trip possible.  Which is also why this blog suffered a bit – I was nearly constantly going somewhere and meeting someone! Nothing to complain about there.

I did the majority of this trip solo, and it might sound strange but the confidence that you get from traveling alone is a lesson in confidence and leadership.  You are responsible for all your decisions and you will feel the consequences of them too, but as inaction is not an option it forces you to take those leaps, no matter how large and small.  Things that seemed essential to your life when you are at home in your comfort zone become non-existent or less important.  You learn to adapt and absorb because you have to.  You learn to pause, but not cease.

The value of pause was among the best understandings I gained from this experience.  People underestimate pause, taking it for hesitation or uncertainty.  While that might be true in some circumstances, a pause can be used skillfully as a part of a process.

Music, for example, embraces the pause.  It can control the actions of various actors in a performance in order to guide the tempo, create a certain mood for the audience, and serve as an instructional tool.

  •  Fermata: extends a note or instructs a pause until signaled by the conductor.
  • General Pause or Long Pause: used for longer durations at the discretion of the performer or composer that “interrupt the normal tempo of a composition.”
  • Caesura or Grand Pause: “often a sudden stop in the performance with an equally sudden resumption of sound.” Metrical time is not counted.
  • Breath Mark: directs a vocalist or instrumentalist to take a breath, but not intended to interrupt the tempo.

Pausing to develop an idea. Pausing to choose the right words.  Pausing to realize you chose the wrong words. Pausing to listen. Pausing to observe and consider.  Pausing to enjoy.  Pausing for weakness. Pausing for strength. Pausing to communicate. Pausing to let others be heard.  Pausing your expectations. Pause to allow the world to infringe upon your space.

Pausing doesn’t mean you stop doing something – it is a temporary (and focused) halt before moving again.  The results of that pause may result in continuance, a change in direction, or a return.

My time as a Fulbright-Schumaner was in itself a pause from my norm. I was placed in foreign worlds that enabled me to focus on interesting people and places that contributed and strengthened my understanding of my research.  There is so much I have to follow-up on professionally, and I will get to all of it, with appropriate pauses in all their glorious forms.

But personally speaking the pause has been an enriching lesson that there are periods of time that are necessary to stand still.  There is a time and place for everything as a popular saying goes, and the pause is no exception.  Too often we forget that recognizing opportunity usually takes the form of a Eureka moment where you disengage yourself from the norm, for just a moment, to see it.

So let us pause, for tomorrow we begin anew.


Networks – Human & Technological

Much of this blog has focused on the value of human communication, how understanding different viewpoints is crucial to political analysis and policy-making.   I’ve continued on this path in Malta, most recently with the help of the wonderful team of people at the US Embassy. This week, the American Ambassador to Malta, Her Excellency Gina Abercrombie-Winstanley and her husband Gerard, graciously hosted an afternoon tea in my honor at their beautiful home.  With a gathering of impressive individuals from all areas  – IT, finance, commerce, and security – it was another one of those rare occasions that being a Fulbright-Schumaner delivers.

But when you think about privacy or data you cannot help but think about the importance of another type of communication – technology.  It is a constant, and yet mostly silent,  presence – the stuff that makes it all ‘happen.’

I’m doing my best to understand the technology because without it humans would still be communicating writing letters instead of using telephones and computers.*   Right now I’m reading a lot about the fiber optic cables that transmit data.  There is a massive superhighway of tangible bits and bobs that connect us to the internet and a host of other means of communication, which is illustrated in a pretty stunning way at the Submarine Cable Map website.  The Oxford Internet Institute made an effort to create an “Internet Tube Map” (Apologies to Senator Ted Stevens) from this information to give you an idea the types of the physical networks through which our data travels (there are others like satellites, too).  Then there’s the matter of the hubs and servers that direct, store, and process that data.  As a Smithsonian article on author Andrew Blum’s book, Tubes: A Journey to the Center of the Internetexplains there are some definite geographical centers that are crucially important, and most of them are in the US.

So the internet seems everywhere and no where at once.  We have cables crisscrossing the globe, some in international waters where no one presumably has jurisdiction, but in the end they end up on someone’s sovereign ground.  I mention this because those lines are placed and owned by telecommunications entities, private companies, and governments, and used by a myriad of clients all of which reside somewhere.

So, who governs that data?

This is a difficult question with an ‘it depends’ answer.  Does it depend on where that data originates?  Does it matter where that data is stored?  What about which provider(s) own(s) the network?  Is it the company’s or the individual’s? Is it up for grabs in international waters (apparently, yes and as evidenced in this article from 2001 that is not a new ‘revelation’)?

I am particularly keen on understanding the technological network because international finance as we know it today exists because of it.  Internally, financial institutions depend on their IT software and hardware systems to run smoothly so they can place orders, record transactions, analyse client data, and report to regulatory and other authorities.   When it comes to transaction data outside the firm most financial institutions lease that service from telecom providers, who will pass that data through those internet tubes.  That one transaction might be handled and processed by more than a few entities and all this might occur in several different states.  The client might be German, the company might be American, and the data might travel to subsidiaries and partners in Belgium or the UK, who all use different ICT providers, and it will travel over a few more tubes in less than a minute.

When there’s a security breach by one of the links in this chain, or authorities in one state issue a subpeona to the firm or the provider then you can start to see why data governance gets complicated.  How can you make sure that the right people are asking for the right data for the right purposes when it could be intercepted by so many people?  And who is ultimately responsible? This is, incidentally, a serious concern of many Europeans who note that the current Directive and proposed Regulation still does not put equal responsibility upon data controllers (i.e. banks, businesses) and processors (ie. ICT providers, clearing houses).

I can’t answer these questions in a post, you’ll have to wait for the book, but my purpose here is to point out that we cannot lose sight of the technology or the codes that connect them. These physical and syntactical infrastructures connect us, and they are inseparable because they make the whole thing ‘go.’  And at the same time, they cannot be separated from the human element either because their development is shaped by the society and culture from which they emerge.

Communication is part machine, but it is guided by human needs and relationships.

At the end of the month I’ll be in Rome for a conference about internet governance and I’m hoping that some of these questions are addressed.  In the meantime, I’m doing more reading and writing and thinking about those ever present networks…


*You should still learn to write letters by the way.  Unfortunately, it is a dying art.  I implore you to at least keep the personally written thank you note alive and work on your penmanship. Next time I go abroad, I have decided to bring stationary because sometimes that thank you email just doesn’t seem appropriate.

Advantages of the ‘Interdisciplinary Dilemma’

“You are very unique.”

“Yes, I’ve often been called the weird kid.”


This week I arrived in Malta for the second half of my Fulbright Schuman experience.  The Fulbright Schuman is a unique program because it is jointly supported by the U.S. Department of State and the European Commission. It is also one of the few Fulbright awards that requires its recipients to do empirical (that’s experience-based, for all you non-academics) and transnational work.  An applicant must present a topic that is of interest to both the US and EU and justify why they need to live in two member states to conduct the research.  Perhaps unsurprisingly, it is also the type of program that attracts, and thankfully welcomes, interdisciplinary people like me.

If you know me, or have read my CV, you know that I have training in a variety of fields.  I hold degrees in language, history, and political science, but rather than this representing a set of unrelated and flighty interests, all these areas fit together, complement the other, and reinforce weaknesses.  It makes it very difficult to check a box that describes who you are and what you do.

This has presented some difficulties in my career.   Multidisciplinary people are praised for their ability to understand the inter-tangled perspectives of many actors and issues, but there’s also suspicion as to how much of an ‘expert’ they can be in any one of them.  [I am the first one to admit that interdisciplinary work needs a focus, by the way.]  However, there is a minority of actual support (in my experience) that sees interdisciplinarianism  as a desirable trait- events don’t fit into neat packages, organized by discipline, department, or theory.

Any institution with a bureaucracy relies on box-checking.  If you fall between those boxes or check more of them then necessary they don’t know what to do with you.  People like neat packages even though intellectually they know reality isn’t that simple.  Does this mean that we should abandon interdisciplinary work?  No.  Understand that there are people who do appreciate it, but it may take a bit longer to find them, and your niche among them. I know my niche, but I am still searching for that place.

Yet, dwelling in those “between-the-box niches” can be advantageous.  As a historian and political scientist who understands global governance and examines finance, data protection and privacy in the international economy and national security (whew),  I work among, with, in between disciplines, because my research topics lay among, with, and in between professional worlds.  I have to learn a different jargon to interact with politicians, the financial services, and the technology enthusiasts.

Needless to say, my time here has been extremely productive, but professionally I’ve never felt more in my element.

EU officials were incredibly generous with their views, and I found the business community to be similarly engaged.   I have been able to use my understanding of  interstate politics, law, finance, and IT extensively, but I have learned much as well.  It’s been wonderful to switch those pieces of my brain back and forth, to compare and contrast, to test and retest what I know and try to make all the pieces of the research puzzle fit.  (Incidentally, all of the pieces will never fit.)

A few weeks ago someone explained the role of academics from the perspective of these groups – they perceive us as nontoxic neutrals (my phrase).  Academics can bring up subjects that are considered taboo, and this is the role researchers are expected to play. Academics are expected to ask those questions and draw attention to known and unknown issues.  They make those subjects somehow more palatable by forcing commentary from the outside. Academics don’t have to consider their electorates, or the shareholders, they are outsiders without an agenda.

I consider myself one of those neutral catalysts, and my multidisciplinary training allows me to play this role from a variety of perspectives.  As part of the ones “without an agenda” I can gently prompt more discussions on topics that are too sensitive for members of several circles to engage, but conversations that even they believe are necessary to have – even if they don’t realize it themselves.  As I do, I learn from them, and I (hopefully) see how their interests conflict, or better yet, work together.  That’s what they want – research that engages them, that they can use, and is not divorced from their realities.

I began this entry with a comment received from more than a few of my interviewees, which was given and received as a compliment.  I’ll say what I’ve always said  – it’s good to be the weird kid.  There’s some great niches there.


As I write this post, the International Studies Association just wrapped up its annual conference.  I usually attend, but I could not do so because of my commitments as a Fulbright-Schuman Scholar.  This year I had the honor and pleasure of serving as Chair of the International Political Economy  (IPE) section award for Mentorship.  The Society for Women in International Political Economy (SWIPE) Mentor Award goes to an individual who has “who have invested in the professional success of women in the IPE field”.  I had a great committee with enthusiastic members, and I got to virtually (through email) meet some really interesting people – which is the point of this academic thing, eh?

The committee was important to me because my career, and my life, have been influenced by a few individuals who have helped me along because they believed in me.  Earning a PhD is daunting for a number of reasons, and the profession is not easy or glamorous. You need to be a strong person on your own, and you need a good sherpa.

Patricia Weitsman, one of my strongest sherpas, changed my life.   In her first semester at Ohio University Patty pulled me aside, a history MA student, and said “you should be doing International Relations Theory.”  I was the only person to get an A in her class, and it was the first IR theory course I’d ever taken.  She got me funded in the department.  When I insisted on completing my history MA alongside the political science MA, she cut through red tape like a Highland warrior wielding a clamor (an analogy of which she cheerfully approved).  From there I went to Texas A&M and met others who became mentors and friends like Bill Brands.  Patty continued to be there – writing letters, a visiting position at OU, my first tenure-track job, and too many pieces of advice to count regarding publishing, writing, and life.  I was her first graduate student to finish the PhD and she was fiercely protective, and proud, of me.

Over those years, the relationship shifted from one of teacher-student to colleagues.  I was happy to be there for her too and offer perspectives when she needed it.   And, in a sign of how close that friendship had become – we could also argue and challenge each other.  There was that kind of honesty.

Mentors do more than show you how to get through the system or cultivate your abilities, they show you that success, failure, and perseverance is about character.  Mentors give you the tools to overcome obstacles (either made in your own head or roadblocks put there by others) and find that courage to make things happen.  Patty led by example.  My teaching was influenced by her, a woman who had such a rocky start her first year in the classroom that she worked to become a two-time winner of OU’s presidential teaching award.   Anything she did she had to “own” she told me once.  She worked out 6 times a week and taught kickboxing.  When she was diagnosed with leukemia and was in for her bone marrow transplant she had a treadmill in the hospital ward.  During her two year remission she wrote a book on war and alliances, chaired the largest section of ISA, the International Security Studies group, was the director of the War and Peace Studies Institute at OU, campaigned for bone marrow donation, and raised two kids with her loving husband.  All of this she did with tenacity, strength, and love.

Patty’s battle with leukemia ended today.  We began and closed every conversation we had in the past few years with “I love you.”

I had been working on this blog post about mentorship for over a week but now it’s something more.  In these early hours of learning this news, I have been trying to come to grips with what has happened.   A friend of mine said there is “no point to get out of it all.  Someone dies and they are un-replacable.”  There’s nothing to understand.  And she cannot be replaced, no.  Because I cannot get her back to feel better, the only thing I can do is to maintain Patty in my life with what she has always given me – love.

“Sending love. xoxo”

The Problem of Trust

I’ve been examining the politics of money for over 10 years.  Most of those efforts have gone into understanding how executive-level politicians make decisions that affect the governance of the international monetary system.  In the past few years I’ve gotten more into the financial services side of things, which requires a different kind of thinking.

When you want to know how an industry ticks you have to interact with them.  I know that sounds like a no-brainer, but some academic research lacks that touch.  The only way to understand a group is to mingle, learn the jargon, ask a lot of questions, and play devil’s advocate, nicely.  You can’t do that with a survey and you certainly aren’t going to gain their trust to get them talking and eventually understand their perspectives without showing you are interested in establishing a professional relationship.  This is true when you do research with politicians or really anyone in a decision-making capacity.  You are asking them to describe the challenges they face and frustrations and they have to know that you do not have an agenda – you want to ‘get it right.’

So as building trust underlies the research process, the same principles apply to the business of finance.  Bankers make money for their clients so it is profit driven, and by default this means it is also relationship driven.  The trust between client and financial representative is at the heart of the industry wealth and money is personal.  And, the lack of trust among finance and regulators is, in my mind, problematically related.

Last week I went to London to attend the Future of Financial Standards conference sponsored by the SWIFT Institute and the LSE Standards Forum Team.   It brought together most of the major players, former regulators (a current regulator in the form of the keynote speaker Commissioner O’Malia of the Commodity Futures Trading Commission (CFTC)), bankers, statisticians, academics and a few technology experts (coding, database operations and design).  The mind mapping boards below illustrate an outline of discussions.

To summarize: Regulations are often written by politicians and lawyers who do not have a working understanding of how financial markets operate or how their databases are structured.  Each national regulator wants different types of information, which pose problems for financial institutions that operate in many states.  Standards in financial language are notoriously difficult to establish because products are classified in different ways across firms, markets, and within regulations.  This makes it very difficult to collect and report accurate data and comply with these regulations.  Data taken from one type of database cannot easily be transferred to another database (it might show errors in one and not another) because of coding issues, so there’s an inconsistency in the IT as well.

The general consensus was that regulators, bankers, and tech people all see the problem from different angles; they blame each other for reporting shortcomings, but they agree they should talk more to each other too.

And yet, most participants saw a solution that involved the industry setting the standard on its own and then presenting it to regulators.  You can see the disconnect from the process and the solution, right?  They are all mutually dependent, yet still thinking sectorally.  Unfortunately, this attitude also pervades regulatory and legal thinking.

One panelist hit the nail on the head though – trust.  Regulators aren’t going to listen to the industry because they do not trust it.

Does the industry know its business better than regulators? Yes.  Does it have more resources? Yes. Do regulators and banks have different objectives? Not really, no.  (They both like stability and manageable risk, but yes they do have different roles in promoting these aims.) Do they have different opinions about what this is and how to do this? Yes.

As one participant told me, “Every suggestion is not an attempt to hijack the process and assert corporate interests.  There are international standards that have been in place for a while now, like the ISO, which are a good starting point.”

The (not new) lesson here is that the financial services has a reputation problem with officials (and some of their clients) that requires a change in its culture.  Building trust with regulators means that a relationship must be cultivated, just like they do with their clients.  But, have we come too far off the track to mend it?  I don’t think so.

Data is the foundation for the financial services industry.  I argue that record keeping and reporting is good for business because it helps banks take stock of what they have, what their employees are doing, and highlights areas where they can offer their clients better services. Accurate record keeping costs less in the long run and means that officials are less apt to come knocking on their doors for miss-behaviors.  The more that the industry does on its own the more that they will make money and by default improve that regulatory relationship.

Similarly, regulatory officials might get more bees to the honey if they understood how financial  IT networks worked, how these companies recorded their data (or not) and began to talk a little in terms of profits.  Governments have to learn to speak in terms that finance understands rather than dictate terms or make threats.  This tactic does not mean that regulators will get what they want – it just causes confusion and produces complaints about costs.  The data they end up getting is not the quality they expect either.

The forum did an excellent job of presenting the problem of banks faced complying with regulation – it is a technical problem; a language problem; a communication problem; and ultimately a cultural problem.  The culture problem, which exists on both sides of the coin (If we add the technologists then we need a 3 sided die) is more difficult.

There are some trying to bridge the divide and emphasize Corporate Responsibility, or Corporate Social Responsibility. (i.e. Ruggie, and Abbott and Snidal)., but I think we need to examine the regulatory mindset too.  It starts with the realization that the effort is worthwhile both for profit and for the whole of society, and that the time invested to build that trust produces a system in which we all can live and prosper.


Notes from the Field

Just a few observations-

The Long View in Leadership – From time to time I am engaged in conversations with individuals, who possess what I call ‘a long view’ of issues and events.   On one hand, they can place complex issues in short term contexts, but the value is how they can see these evolve from long term perspectives.  That’s important because you can’t know where are are unless you know where you’ve been and how you got there.  Those who study the historical evolution of processes (no matter what their form) are at an advantage here, but those who lived through it also share these traits (although one must also push through first person biases).  I think that we are losing a generation of policy-makers who have a long view and producing persons who play to immediate contexts instead.

Now, yes there are those who will challenge this and I’ll readily admit that politicians as a rule have had to ‘live in the short run’ because their survival depends on it.  They always have to insure that their electorate is happy, or their leadership depends on support for their positions from other entities.  However, (and I have seen this in academia too, there are blinders everywhere) without the long view you cannot hope to see subtle deviations or catastrophic events on the horizon. Nor can you see interconnections.

This is related to;

Being a Boss & Having a Boss:  Those who have always served in the public or private sector under someone’s direction are at a certain disadvantage when they are suddenly elevated to positions of leadership.  Their mindset is one of taking orders rather than giving them.  This does not mean that leaders should be resolute in their convictions and shun compromise, far from it.  It means that a leader is one who understands his/her role in that institution and has a duty to act in accordance with its mandate.  ‘No’ is not a dirty word.

And finally;

Transparency, Democracy, and Knowledge – An open information society is fundamentally important for democracy.  A populace must be aware of what its government leaders are doing to know that they are faithfully following the law and representing constituent interests.  This is a two way street though – citizens have to educate themselves and demand facts over senseless pandering sensationalism (I’m looking at you US media).

However, there are appropriate degrees of transparency depending on each situation.

While at a talk  in Brussels, an official advocated for total transparency in the Transatlantic Trade and Investment Partnership or TTIP negotiations – “Why can’t these discussions be public?”

This was right after they admitted that MEPs (Members of the European Parliament) could not be expected to know everything about the issues that landed on their desk.  They depend on experts to tell them what the texts meant so they could act on them and represent their constituents.  I’m sympathetic to this as it is a common problem with executive  leadership.  Where a Parliamentarian, Congressperson, President, or Prime Minister and so on, is elected or appointed to make decisions on a host of issues, there is no way that they can be experts in all of them.  Public officials do not have time to carefully scrutinize every detail – that is the job of their immediate advisers, other government bureaucracies, and NGOs, and sometimes – lobbyists (And in the opinion of some, lobbyists are a bit too involved, but due to time and money these voices are pretty loud and they do get access to decision-makers). It is for that reason that I have always maintained that it is the advisers who hold the most influence – the decision will reflect the information that the leader receives, or to whom he chooses to listen.

Transparency not only requires MEPs to understand the texts, it requires the populace to be very responsible in educating itself on issues too.  So, how, may I ask, do those advocates to total transparency expect the populace to do what they themselves find impossible?

The fact is that negotiations such as these are incredible complex and technical.  The circles that understand them are small and specialized.  If this process was done in the open people would be pointing to a host of false starts and statements that really have no chance of making it into a final agreement.  That’s why they call them drafts.  There’s a lot of posturing, poking, feeling the other side out, demands that go nowhere, and if it finally manages to make it through to the end-  it will look nothing like what is being discussed today. (The US has wanted some sort of trade agreement with the EU since Nixon so it’s telling that they are even sitting down now.)  In the US Congress, there are about 10,000 bills introduced into each session and less than 400 on average make it through.  If I had a dime for every alarmist saying “Look what they are doing!” on a bill that was introduced but never made it through the first committee, I’d be a millionaire.  (Spoiler: I’m not.)

Please understand that I’m not advocating secrecy here.   I’m saying that understanding the processes of decision-making at these levels is just as important as having the expertise to comment on those issues.  So I wonder, great you get all that transparency – would most people understand what they were reading or read it at all?  Debate, I love it – bring it on!  But only if it’s going to add value.  I doubt total openness would achieve that end.

The subject matter of this blog is taking directions that I did not anticipate, but I’m not complaining.  If anything it’s been a reminder to come to careful reflection, and not cling to expectations.  Going to London next week where I’ll be in the company of the finance community and it promises to be a total paradigm shift.

SMART Surveillance Conference

I just returned from a conference on SMART Surveillance, which stands for Scalable Measure for Automated Recognition Technologies.  It is an effort sponsored by the European Commission that involves several university and researchers to draft an EU Directive.  You can read the particulars here, but essentially its an effort to outline a legal and operational toolkit for police and security personnel for the use of technologies that collect and process data in an automated manner.

The project is headed by the University of Malta’s Department of Information Policy and Governance, one of my Fulbright-Schumann hosts, which works with many partner groups.

The discussions were enlightening for a number of reasons, but as someone who has always been fascinated by the process by which decisions are made, it was especially interesting to watch.   The majority of my work in monetary relations has been at the executive level.  These are, for the most part, political decisions since many of these persons are not experts, but they do set the agenda for things to go forward – meaning they tell the experts to make it happen.  There are, of course exceptions, sometimes the executives come from one of these expert areas.  This was the case with Helmut Schmidt and Valery Giscard d’Estaing who served in their respective government finance and banking offices, became Chancellor and President, and then pushed through the European Monetary System, which was the precursor to the Euro.

For two days, I sat with these experts and watched them offer different perspectives to influence the wording of one draft Directive. Think of an EU Directive as a standard set of rules for Europe – it is then up to the national governments to pass laws that reflect these principles in their home countries.  So, sometimes (OK, all the time) you get variations.  In some states they’ll do the minimum; in others they’ll go above that, or they will already have stronger laws on the books and make sure the Directive doesn’t water them down.  By contrast, a Regulation sets down ONE law for everyone. Regulations are not easy to make.

You can begin to see the complexities of the past two days I’m getting at here, and this project began in 2011.

Ladies and gentlemen, the project’s aims are immense, and this process is daunting because of the groups immediately  involved. Lawyers, Human Rights activists, academics from sociology, informatics, engineering (and more), members representing the private sector, the European Commission, the European Parliament, national intelligence services, police ,  data protection authorities,  and INTERPOL – and more.

After they revise the draft, it will go on to be scrutinized by several European institutions, and change there as well.  Many of us Americans understand the difficulties of getting the US Congress to agree on just about anything these days, but the process of policy-making in the European Union is more complicated.  There are the groups I mentioned above, who all have interests at stake, but there are also 503 million inhabitants, with and 28 sovereign governments which will also have a say in the matter and be impacted by the introduction of this draft.

The general lesson here that I wish to impress is that the EU is very diverse.  Many Americans (and some of my fellow academics) have a tendency to think of Europe as a homogeneous entity.  It is not.  The European Union as an organization is complex, and the national identities, interests, and historical experiences are still very much alive to affect the process.

And then there are the laws.  As I said, we were discussing an EU measure that will impact all the member states, should it be adopted.  Time and time again we were reminded of the legal differences among them that had to be taken into consideration.  Then there were the conflicting interests (and terminologies) among the groups present.  Police and intelligence officials felt that they didn’t have enough tools to do their jobs, and this would make it harder for them to protect citizens, or that it didn’t apply to them because these technologies were being used by criminal enterprises more than the police.  (Criminals don’t have to pay attention to laws and warrants, we do.)  Believe me there were very good cases made for that.  Privacy advocates countered with the frequency of data abuses and the rights of citizens to be protected from not just the state but from private corporations.

And yes, there was Snowden.  As the only American in the room, I was asked, “Isn’t it good that there has been more debate in the US?”  Yes and no, I responded. People are talking about surveillance, but they are too focused on the government and I don’t believe there will be reform.  Oversight will still be handled internally and officials will still be in control unfortunately.  Americans seem totally ignorant of the threat from private companies.  This was the big difference I saw between US and European views.  Many, not all, Europeans are more suspicious of Google than their governments.  My guess is that it’s probably because they have protections and rights guaranteed in law to check government abuses.

For many EU politicians Snowden was a ‘wake-up’ call that Europe needed to forge ahead on its own to maintain and protect its beliefs in privacy and Human Rights – away from US based technologies.  That political will seems to be present in some circles now but it remains to be seen if we will see it implemented or if Europeans will simply wait for the next ‘revelations’ to act.

Layers, many layers, all trying to answer the question – How do we balance security and privacy?

One of my interviewees last  week observed that governments “think about the problem horizontally” meaning that there was little consideration for how  businesses operated – the groups that officials depend on to make that policy happen.  The SMART teams have tried to look at the problem both vertically and horizontally.  However, I fear some of the groups involved in the conference did not follow this example.  It’s something I have to be cognascent of as I approach the transatlantic divide too.

Next: Bruges is coming, I promise.