A Blog dedicated to exploring privacy and technology

Archive for March, 2010

Finally, almost published …

Posted by Wayne on March 27, 2010

About 18 months ago I took a (premature) shot at publishing a paper on cloud … I was neither ready for the level required for the paper nor was the topic mature enough when I had started writing it. When I finally heard from the organization I submitted the article to I also almost gave up ever trying again … the whole process of submitting, waiting, etc. is really a trying process. The amount of friction involved likely drives many away from even bothering when there are so many other avenues with a much lower coefficient of friction.

For those who are prolific peer-reviewed researchers and writers my hat is off to you. With all the work work, school work, dissertation efforts, and errata activities I decided to give “published” writing a break.

In the past 2 months a funny thing happened – call it aligning the stars or something in the water – whatever it is I had a brainstorm for a paper, ran across a great venue for it, and my idea was accepted. I had blogged about and posted on other sites about cloud transparency so I thought why don’t I do the real research and empirically do a quick (small population study). The process forced me to analytically break down the notion of cloud service provider transparency, do the literature review, and come up with a workable scorecard. Then I studied six cloud providers to see how they fared based on the scorecard. The process all forced me to re-evaluate the scorecard. I also had a few friends help out – like Randy Bias at Cloudscaling who made a few suggestions on the scorecard.

The second event came about through someone sending me the link to a venue and saying to me – “hey Wayne – you should present at this”.  “This” happens to be this summers Usenix HotCloud conference. When I read the event structure and topics I knew I wanted to do something for the conference but … how do I do something that is related to my dissertation without spilling all the beans on what my study is about (this is a primal fear in researchers – for good reason – stolen work)? So I asked a colleague at work who I am so privileged to know Dr. Burton S. Kaliski, Jr. and who has so very graciously agreed to be on my dissertation committee. He suggested – why not take your thesis topic and we do something related as a position paper? So the scramble began and in two weeks we wrote a position paper on Risk Assessment as a Service in Cloud Environments … won’t hear if we got in or not for a few weeks. The whole process of working with such a knowledgable person who can write a paragraph faster than I can read one! He is amazing and so fluid with his thoughts. We took a years worth of white board discussions and came up with a closely related topic that has already provided me greater insight into what I have to clarify in my thesis process.

So now the fun begins – I wait and hopefully go from – almost published … to published. Either way the experience and learning was well worth it. Now back to my thesis …


Updated May 7th:

We (Dr. Kaliski and I) got accepted into the Usenix HotCloud workshop on June 22. We have some minor edits and then I will post the paper. You can find the program for the day here which has sections on Performance/Power, Economics/Pricing, New Programming Models and Usage Scenario’s, and my favorite Security and Reliability.

Updated June 25th:

My second article got accepted by IEEE Privacy and Security. The article will appear soon online and be printed in a special edition on Cloud Computing this fall.

Posted in cloud, risk, security, Uncategorized | Leave a Comment »

What hat do you wear in private?

Posted by Wayne on March 15, 2010

I’ve been studying privacy for about three solid years now and have sat in graduate level classes, read some 300+ research papers, 100’s of blog postings/articles (thanks IAPP – the dailys are awesome). and own/read some 25+ books on privacy (checkout my library), and even follow some great minds in twitter (like @privprof!) ,- so this all totals up to hours and hours (north of 1500 hours) of thought after thought about privacy.

What strikes me as a point of interest is that 99.999% of the content seems to be about the user/consumer/citizen – the person. Not that this is a bad thing – because lets face it – most private information comes from people.  We have contemporary privacy scholars who focus on the legal aspects of privacy like Daniel Solove (if you haven’t read his book “Understanding Privacy” – I highly recommend it!). Software Engineering privacy experts like  Lorrie Cranor who has driven incredible changes in how software, user interfaces, and web tools gather and use privacy related information. Roger Clarke who has looked at privacy statements and privacy impact assessments in-depth. Or Herman Tavani who has shaped much of the theoretical basis for IT Ethics (he has published some excellent research on Privacy & Ethics) And I could go on and on with the list of really great minds.

Recently I have had a few discussions with folks who are privacy experts – in fact a few of them are world-renowned in the academic circles. When I bring up the fact that business has a privacy requirement too – let’s just say I usually get a pretty strong negative response to that. One person even suggested that maybe I’m just working for a business and not really doing research.

Let’s face it – particularly here in the U.S. companies have been very liberal with their controls of their customers (and even just prospects) information. Take the days of the 3×5 warranty card. How is it that a company that sold you a baby carriage needed to know your annual income or your age? All that they need to know (if they need to know anything) is the date it was purchased, where it was purchased, a serial number, and your address.

But … what if we thought about privacy a little bit different? What if we thought of it as if the corporation were a person. For example – a corporation has to worry about the data of their employees, customers, and their own “information”. Their own information could include protected things like intellectual property or more grey area things like temporal or tribal knowledge (e.g. current incentives given to sales to drive sales behavior against a competitor).

Also – has anyone every heard the phrase “it would be like pushing on a rope”. In other words if the discussion/argument/definition is one sided – how do you really move your position forward if there is nothing there to resist the progress? Benjamin Franklin said “Reading makes a full man, meditation a profound man, discourse a clear man.” How can the tension between man and corporation when it comes to privacy be one-sided? It seems valuable to research and understand the privacy privilege, violation, protections, perspective, and purpose from the corporate side of the coin seems to be not only valuable – but a requirement. How can we fully understand where the line needs to be drawn with regard to individual protections if the fight is one-sided?

H. Jeff Smith wrote in his book “Managing Privacy” that corporations only respond to privacy requirements when there is an external event (breach, lawsuit, regulation) – why not choose to find a different – proactive course? One which embraces the needs of the enterprise, assesses it against the needs and rights of the citizen – so that we can find the middle ground? Why constrain our forward movement in the realm of privacy to just the outcome of complaint or the past tense of lost privacy?

And no, my research is not for the corporation or by the corporation. My personal opinion is that corporate America does have too many liberties with our private information and we’re not adequately protected. However my opinion doesn’t count when it comes to research and one of the most interesting ways to study a problem is to reverse it.


Posted in privacy, risk, Uncategorized | Leave a Comment »

What it is like to be a diabetic …

Posted by Wayne on March 4, 2010

Its been a while since I’ve posted anything so I figured to get back into it this year I’d start by exposing some thing about myself – that I wish more people would talk about…   

   Today marks the one year anniversary of my finding out I’m a Type 1 Diabetic. With over 20 million Americans currently diagnosed with Diabetes and evidence that the number is going to more than double of the next decade – you might actually know someone who has this disease. In a recent American Diabetes Association Magazine article I read that every 20 seconds someone becomes a diabetic. Every 20 seconds! Wow.

I thought I would share some of the things I’ve gone through and learned in the process … so lets start with a year ago. Everyone asks did you have symptoms? Yup … did I ignore them – yes, for a few months. The symptoms were weight loss – 35 pounds in 3 weeks. I was going to the gym so I was thinking – wow this was working great. The problem was I really only wanted to lose about 15 pounds and what I didn’t know I was losing fat and muscle. The next symptom I had was that I was run down all the time – in fact I would get home from work (which took everything I had to get through and commute home) and would sit on the couch and fall asleep – sitting up. Now I’ve always found it easy to catch a cat nap but my wife knew something was wrong and was urging me to go see the doc. Nope, not me – I was fine. The final symptoms were I had to urinate all the time – every 20 minutes, and was craving sweetened drinks like Gatorade and coke which I’ve never been big on.

So on March 3rd last year, I remember that it was a Monday and that we had a snowstorm – so I opted to work from home. My wife said that was it – I was going to see the doc who probably had openings due to the storm. I went to the Dr’s and shared my symptoms and he took the usual fluids to test and said he would call me the next day. Three hours later I get a call from him and he said go to the hospital – now and to have someone else drive – because he was pretty sure I had diabetes and my glucose levels were off the charts. The healthy person usually ranges from 75-150 my levels were in the 800’s! Needless to say I spent a few days in the hospital while they stabilized me and spent 2 days teaching me what my life was going to be like as an insulin dependent person.

I thought I’d share some of the experiences – which for me has been a life changer. Not because I have to eat better and workout to stay healthy – because I already did that for the most part. No, it is more that for me I’ve always had relatively perfect health and never had anything serious happen to me health-wise. No broken bones, no hospital visits, no pills required – to having to test my blood 4-5 times a day, count my carbs, and inject 2 kinds of insulin into my body 4-5 times a day.

When I first started dealing with the insulin – I would scurry into the bathroom if we were out or hide in my office and test and inject. Why? I was afraid to have anyone see me do what I’ve done over 1500 times in the past year. At the time I was very self-conscious (still am somewhat), worried people would think I was damaged goods at work, and didn’t want people to stare at me. For the most part I’ve found people are mildly curious or have seen it all before and don’t care – plus I can get through the whole process in less than a minute at this point. Some people stare at me – but hey I have to get over it – and it is my lifeline and the technology and products are so much better now than even 1o years ago. I’ve got it easy compared to those who didn’t have the medical tech we have today or have had to deal with diabetes since they were small children – I’ve had decades of great health (and plan on many more).

I also went through the whole denial, anger, why me stuff. That took most of the last year – and still comes on in short blasts still even a year later. The Dr’s not being able to explain to me what caused it, what I should have/could have done differently, etc didn’t help me understand the question of “why me”. For my trip in this journey – I’ve become more focused on my health overall – more gym time, dialing in the food/diet/insulin ratio’s and reading/learning what I can about the disease and the medical technology and progress toward curing this disease. I’ve also learned to listen to my friends and family and couldn’t have made it this without their caring and support – they have been awesome. The last thing is I’ve dialed back  pushing myself quite so hard. It means things slip off the list until I can get to them – this is probably the hardest thing of all for me.

So one last bit before I end this posting. I had to share one moment that was really hard for me. I finished working out at the gym was stopping at Dunkin’s on the way home for a nice hot coffee and walked in and stopped and just stared at the racks and racks of donuts. For some reason it just hit me so hard – here was all this stuff which I liked to have as a treat once in a while – and it was all off-limits – why did I have to be different? The moment passed and I can actually have a donut once in a while (as long as I take my meds and don’t make it a habit). What I did learn is that – yes my life is different now, I have to plan my days and stay on track with my changed ways – and maybe someday Diabetes will be cured. In the meantime – I’ll do my part.

My call to action to you is – get your glucose levels tested, find out what your A1C  number is, watch your diet, exercise, and live long. Oh – and cheers to another year that we get to walk the planet.


Posted in Uncategorized | Tagged: , | Leave a Comment »

%d bloggers like this: