Times and Measures

A "Personal Statement" on Privacy

May 13, 2023

[Update 2022-06-06] IAPP has awarded me the FIP credential, either because of or despite this statement. :-) [/Update]

I’ve picked up several IAPP certifications, and having done so, I’m able to apply for their “Fellow of Information Privacy” credential. They require, as part of that application, that I give “a personal statement of how your experience and expertise qualifies you to be a Fellow of Information Privacy,” so I wrote one.

I fight to make corporations live up to the trust that users are forced to place in them.

In the vast majority of cases in 2023, human beings have no functional choice whether to surrender their private data to an endless parade of companies promising to use their personal data however they see fit. Amazon is trying to normalize demanding a complete HIPAA release for all one’s patient data for the privilege of seeing a healthcare provider, 1 just as Charles Stross predicted in 2005. 2 The pittance that US states give to the impoverished, just under 70 years after the creation of a system to provide meaningful support to those not fortunate enough to have substantive income, is now distributed via FinTech corporations who have nearly no restrictions on how they monetize the lives and data of the most marginalized groups. 3 Women, pushed to delay having children to protect even their meager share of pay relative to men in the workplace, turn to fertility-tracking apps to conceive, which sell key information about their bodies to advertisers and formula companies 4—even in the face of heartbreaking tragedy 5. Employers are now mandating that they, too, collect this information as a condition of employment, on the grounds of tracking “employee efficiency.” 6 The hottest trend in technology, as I write this, is what Naomi Klein called “the wealthiest companies in history… unilaterally seizing the sum total of human knowledge that exists in digital, scrapable form and walling it off inside proprietary products….” 7 This is both an objective harm to a civilization that relies upon the progression of knowledge, and a subjective privacy harm to all creators of knowledge, whether or not their work has been stolen. As Dr. Ryan Calo put it, “This is the exact lesson of the infamous Panopticon. The tower is always visible, but the guard’s gaze is never verifiable.” 8

Given this, why is my expertise relevant to protecting privacy? My postsecondary education consists of two degrees in computer science, focused on information security, and one in law, in a program focused on the best achievable outcomes in a given situation, rather than one focused on solely academic principles. While in law school, DARPA was kind enough to fund my research into low-cost methods for large-scale privacy violations; 9 since then, my professional work has focused on building systems to protect the data privacy of end users at corporations ranging from startups to the Fortune 10, including working variously as an outside consultant on security and privacy for corporations building new programs, an assessor of ecosystematic harms to privacy in extant billion-user deployments, and as an in-house security engineer working to ensure that corporations’ statements of their security stances corresponded with the on-the-wire reality. Outside work, my research and volunteer efforts focus on the liminal zone between the wishes of a people and the mechanisms employed by their representative government to carry out those wishes—whether those mechanisms are the kind of privacy violation engendered by Palantir’s software, or the kind of physical violation made with flashbang and baton.

Fighting for users’ trust requires more than interpretations of law; it requires people who work where bit meets platter, where voltage meets wire, and where tear meets cheek. This is the work I do, and the work I will continue. I trust this explains my interest in and qualification for the Fellow of Information Privacy credential.

← Back to all articles