Category:Tech

Paul Ohm: Anonymization Has Failed

I recently had the privilege of attending a talk where Paul Ohm presented the main ideas behind his latest research paper.

I found his reporting on re-identifying users from supposedly non-personally identifiable information fascinating:

-87.1% of Americans can be uniquely identified by their 5-digit zip code combined with the date, month, and year of their birth.

-80% of anonymized Netflix users could be uniquely identified by 3 movie reviews (movie, date, review value).

His take-home message?

Data can either be useful, or perfectly anonymous, but never both.

The majority of laws and contracts dealing with personal information draw a line between “personally identifiable information” and “non-personally identifiable information” (aka aggregate, anonymous data).

But, if you can use non-personally identifiable information to derive personally identifiable information, then the two categories collapse into one.

It will be interesting to see how advertisers, social networks, governments, and end users respond to reality that the separate categories we’ve built into the laws and contracts may not actually exist.

Flexible Commitment

J.I.T.

On Demand.

The Cloud.

In the garden, this philosophy looks like medium sized tomato plants that have not yet been put into the ground despite a date in April in a temperate region of California. Sure, given how close we are to the bay and our average last frost date, we could have planted our tomatoes. We could be fully committed, and done with the major physical labor of amending the beds and putting in the plants.

But, the recent rains and cold weather have made me quite glad that we exercised some caution. We refrained and waited to plant — so we’ve been taking the plants out into the sun when it’s nice and taking them into the garage to protect them when it’s too cold, or too wet (like today).

As a result of waiting until the last possible moment to be irrevocably committed to the ground and exposure to the elements, we will experience less loss and will have the freedom to optimize where appropriate.

Yet another garden analogy that works for startups.

On Growth

About 7 weeks ago, I sowed the seeds of entirely too many tomatoes.

Some sprouted much earlier than the predicted germination time, and I found myself caring for spindly, tall, weak-stemmed seedlings.

Others died due to my lack of properly allocating resources to water them while I was on vacation.

Today, after hours of potting up over the last couple of weeks, I am left with 362 tomato seedlings in various stages of maturity:

P1020357_rotated

Tonight, we moved them to the garage to keep them out of the coming storm for the next few days.

If I am lucky, I will end up with at least one healthy plant of each of the varieties that we can plant for ourselves in our garden, and a couple hundred for gifts to friends and acquaintances and distribution to strangers to market Tech Law Garden.

Yet again, gardening shows me that it is an excellent metaphor for technology startups. You have to invest a ton in hopes of future rewards. Even if you think you know what you are doing, there is great attrition. There are unexpected obstacles. And, when things are good, the growth is much faster than you expected, which can be an obstacle to success in and of itself.

Please shoot me an email or give me a call if you’d like a tomato seedling or three.

Expectations

The rains have brought prolific propagation in the garden.

P1020337

The problem being, of course, that many of the big plants that took over in the absence of our discipline are weeds, or overly mature plants with nothing to offer but removal of nutrients from the soil. Sure, many of them are flowering pollinators (yay local bees!), but, if we are honest, they are weeds all the same.

This weekend, we spent much time culling. It was unpleasant and a task we put off for entirely too long, which made it even more difficult than it should have been. But now, after getting rid of the things that had been growing without a plan, we have room to put in the summer plants and enjoy bountiful harvests.

This post, of course, is a metaphor for my start-up companies. I’ll avoid the overly precise analysis, because experience has taught me that this is one of those lessons, whether in the garden, or a seedling company, that must be learned first hand.

Here’s to culling when you need to, new beginnings, and the celebrations of spring!

Open Source Legal Docs?

Ted Wang, with the support of Andreessen Horowitz, recently posted some open source legal document forms for companies seeking seed funding.

It’s an interesting concept, and in the abstract, one that I’ve been thinking about for quite some time.

I think, in general, the open source software movement has changed the game.  Not by devaluing the skills of the individual developers, but by decentralizing the control of the software they write from the few corporations to the many of the masses.

This change has resulted in amazing progress in some areas, and, of course, ridiculous amounts of navel gazing in others.  But, at a high level, what it’s really done is to move the value associated with the software from the centralized control of powerful corporations to the decentralized control of the skilled individuals who contribute the copyrighted works.

And, in doing so, it’s shown that In many contexts, the value of open source software is not in the copyright to the code of a particular project, but rather in the goodwill of the community that is supporting, maintaining, and potentially following the direction of the steward of the code of that project.

By analogy, it’s not like posting documents that are freely available in the legal start-up space is a new move.  The National Venture Capital Association has made its standard forms available for many years.

But, the difference with Series Seed is the stated goal.  The open legal document movement, if it is to succeed where it applies to start up companies, is in desperate need of a dedicated community, and most likely, a community-trusted steward who will take this project on and protect it, preside over disputes, and act as a neutral third party when folks with an interest in the project have different goals.

It should be interesting to see if the Series Seed project moves in this direction and is able to play this role in the seed funding community.

Schools? Google? Who isn’t invading privacy?

Today was an interesting day in privacy lawsuit news.

First, there are the parents of a Pennsylvania high school student who filed a complaint against the school alleging that the school remotely activated a school-issued laptop and took a picture of the child. At home. Without his or their knowledge. And without his or their consent.

Then, there’s the class action lawsuit against Google regarding auto-activation of Buzz and the information that was necessarily shared in connection with that activation. Specifically,


Google turned Gmail “into a social networking service and that’s not what they signed up for, Google imposed that on them without getting their consent,” said Kimberly Nguyen, consumer privacy counsel with EPIC of Washington, D.C. “The bottom line is, users should have meaningful control over their information.”

I’d say these lawsuits show that not everyone agrees with Mark Zuckerberg’s statement that Privacy is no longer a social norm.

All the Administrative IT things…

So, getting ready to run my own law firm is full of all sorts of responsibilities I haven’t had to think about in years:

– MSFT Exchange server on your domain?  Gotta hire someone to manage that.

– Email (and Exchange calendar) synch’ed to the phone?  Gotta figure out how to manage that.

– Bookkeeping?  Yeah.  Turns out, March is really sub-optimal in terms of timing for searching for a qualified CPA…

– Taxes?  See above.  Same issues with the CPA, but more serious concerns about penalties associated with getting it wrong.

– Time Keeping (where not on a project or subscription plan) and Billing?  Ugghhh.  That’s going to be fun…

– And hardware?  My laptop is 7 years old.  But it works fine, and much like my car, I’ll probably just drive it into the ground.  My phone, on the other hand, is an entirely different issue… ‘Droid? HTC? What’s a verizon customer to do?

And yet, despite all of these issues pulling me away from the core business I’m trying to start — I’m excited.  It’s fun and interesting to figure out which offerings in the marketplace make the most sense.  I feel like the research to figure out how to run my own practice makes me more able to relate to my clients that need to run their own technology businesses.

Code as Speech

The most recent newsletter from Daniel Munitillo discusses U.S. export law as it applies to code, and determines that, for the most part, U.S. export restrictions do not apply to open source software.

Why? The First Amendment.

Specifically, he states:

. . . [a]ny and all computer code not considered classified by, or, not for official use only (FOUO) of the United States Government, which is open source, freely and publically available, exchanged for any non prohibited end use is protected under the case law cited as free speech. The case law is clear*.

Export compliance is a pain for small companies. The fact that open sourced software is protected speech and thus not subject to standard U.S. government export compliance is yet one more reason in a long list of reasons why small companies should consider open-sourcing some or all of their code when evaluating their business options.

*In accordance with Junger v. Daley, 209 F. 3d 481 (6th Cir. 2000); Bernstein v United States, 922 F. Supp 1426 (1996), 945 F. Supp. 1279 (1996), and at 176 F. 3d 1132 (9th Cir. 1997); and Karn v United States Department of State, 925 F. Supp. 1, 9-10 (D.D.C. 1996), remanded, 107 F. 3d 923 (D.C. Cir 1997), Code is protected as free speech under the First Amendment of the Constitution of the United States.