Interview: Privacy Technologies, Data Protections, Government and the Private Sector
foreign [Music] CTO and co-founder of Duality Technologies a venture-backed technology startup focused on commercializing privacy Tech but also breathing bringing this technology to the commercial industry for use of unlocking value of data uh with me is Admiral Mike Rogers former director of the NSA including several other very senior positions in U.S government who were very happy to announce has recently joined duality's Advisory Board so Mike thank you very much for joining me hi now it's I who thank you so if you don't mind would you please introduce yourself sure so my name is Mike Rogers I am a retired four-star Navy Admiral I've been out of the Navy about coming up on five years now I spent 37 years in uniform I tended to focus on Cyber and intelligence Associated things ended my career for a little over four years as a four star as the commander of U.S cyber command and the director of the National Security Agency so cyber core Mission area in those two organizations and for much of my career of that 37 years and very focused on cyber security in particular how do we defend systems how do you defend data how do you Ensure privacy compliance with you know federal and state and international regulations those are always areas of concern and interests to me in my previous life which is one of the reasons why I thought Duality was a great was something I was interested in great well thank you very much um and to kind of you know ask a couple questions about your background a little bit you know obviously you know given your position as a uniformed officer um obviously you have a major national security Focus can you explain how you're interested not just in and you know government you know per se security but also how that would expand into the private realm for example uh both industry and and us as Citizens sure so when I was in the government um I I was focused on Cyber um and cyber security being a significant portion of the duties of the organizations and the interesting thing to me always was one of the takeaways from that experience as I was trying to defend government particularly DOD networks and data as well as our weapon systems and some access to our unauthorized access to our platforms I quickly came to the conclusion that number one the private sector is going to be core in R the government's ability to do that um both because look we all doesn't matter if you're in the government in the private sector literally almost everyone in the world is using commercially based Solutions to both operate and defend their networks as well as maximize the value of their data so when I was in government I was spending a lot of time with the private sector trying to look at opportunities tools capabilities insights that we could use in the Department of Defense from a cyber security perspective and so as I transitioned from government to the private sector I was very interested in how could I get involved in those Mission areas but do it now from the private sector instead of as I had done for so long in the government great well thank you thank you very much you know one thing that I'm really proud of for Duality is our our background in in government s t government technology development you know coming out of DARPA and one of the things that we we've tried to balance is how we both very proud of our Legacy coming out of DARPA how we are familiar with some of the government needs associated with cyber security and data sharing but how we're getting Traction in the commercial space and what we found is as we get more traction in the commercial space government gets uh you know even more assured you know more interested in what we have at higher technology Readiness levels this is just one tiny little data point and I'm sure you had a much broader view of this how do you see about the public private partnership and Technology development technology maturation and particularly adoption for for operational production use you know whether it's government or private sector yeah so in the perfect world though I still look we got to do a better job about making this a two-way street yeah historically it tended to be government going to the private sector saying hey you know what can we access what can we buy what can you help us with um and the government tended to focus on sharing information while it created Regulatory and compliance Frameworks with respect to cyber security data privacy Etc um and I thought not that those are bad but I thought if we're going to really maximize value here this is about how we a lot how we ensure Insight capability technical development new uh new ways of doing business how are they shared back and forth I mean I I think you're seeing that in Ukraine for example which is one of the reasons why they are proving to be so much more resilient in the face of some really high levels of attempts to penetrate their systems um they've achieved a pretty high level of resilience in fact to me in part because they've managed to transition to much more of a two-way model here that brings together both the government and the private sector because I'm the first to acknowledge I thought I was very proud of everyone on the team that I was a part of in government I thought we had some great strengths but I also thought there were some areas where the commercial sector was just going to be far superior and quite frankly also had greater capacity I thought look if I can if I can access the insights and knowledge of a broad number of companies out there I mean that's so much more effective efficient and quite frankly gives you a lot more capacity to adjust our own Workforce as good as that Workforce was and as proud of them as I was and still him to this day so let's turn this a little bit into privacy and economies for privacy both in society at large you know government civilian and otherwise if there is such an otherwise one of the things that we see emerging that's driving some of duality's business is the emergence of privacy regulations privacy laws privacy standards both in the us both Federal and and across the various States and internationally actually for that matter the World is Flat as those courses we've been saying for decades now in interactions what you see is driving the need for Pro or driving the the desire for for privacy regulations at least initially and what do you see as driving it going forward yeah so I I think clearly there is a broad societal imperative to ensure the privacy of individuals their activities their data the commercial transactions that they do how you know what they look for out there and governments are reflecting that governments are aware that their citizens have concerns here and their citizens have a strong desire um that privacy be addressed as something very foundational foundational in a sense that hey look there should be a regulatory or legal or compliance framework and that's what governments do governments generate that that kind of thing it's interesting to watch in Europe which has probably been the most aggressive certainly was the first major area in the world to come up with um privacy legislation that applied across a large number of nations and had a global impact you've seen other nations subsequently develop their own legislation I mean there's some interesting things in China and other areas for example but it's also been interesting to watch the to look at the way this has not played out in the United States so far in the U.S we have not been able to achieve a broad consensus consensus at the federal or Congressional level as to what the components of effective privacy legislation should be in the absence of federal legislation in the U.S what you've seen is individual
States California than cpra probably being the most visible or well known in the absence of federal legislation individual states trying to enact legislation my concern about that approach is if I'm a company and I'm going so let me understand you want me to potentially comply with 50 different privacy and Regulatory regimes in the United States so what I wish and what I hope to see is can't we come together with some fundamental principles that we can use to create a legislative you know or legal or policy framework with respect to privacy that can apply across the United States so we've got a common Baseline both for companies as in individuals the current approach is less than optimal to me because it's very fragmented yeah no I I am often reminded you know the growth of Privacy Law is kind of like the growth of um you know environmental regulations you know almost like this two-tier solution there's the federal and there's California which you know a lot of states have adopted California and I I sometimes wonder about this so to speak balkanization of privacy regulations both internationally and and across the country us the United States so good point so hopefully we'll get it but it also goes back to look in the U.S we traditionally have a strong aversion has nothing to do with parties just based on our history we traditionally have a broadly speaking have a strong aversion to a very strong and deep government roles in in private activities we just historically as a society it's the way we were created 240 some odd years ago look we said to ourselves the government's not going to intrude on our rights as individuals I mean all of our legal documents our foundational documents for example they don't start out by talking about the power of the state and the role of the government they start out by talking about the rights of the individual and then they further go into and those rights cannot be trampled or overridden by the government in the name of some higher purpose you know ensuring the power of the government privacy security Etc so we've always had this tension in the US about what's the right role of government just not just in this issue but in a whole lot of others throw on top of that then technology has proceeded as it normally does so much faster than the legal and Regulatory Frameworks that governments use to address it and we we just have had this big time lag in the U.S right no I think you actually make a good point about American society and American political thought you know given you know balancing the the the rights and the needs of the individual against what I might broadly frame as communal goodness so to speak like what is good for the the betterment of society that balances against you know the individual and I think actually privacy is a great example of this about privacy is inherently driven by protecting you know individuals you know right to be forgotten or whatever you want to actually want to say or limiting um you know the exposure of one's data well the balance against that the use of privacy Technologies for individuals to to act communally to share their data to do something that might for example help fight cancer you know better better Grant making decisions at the federal government level you know all different kinds of things where one can notionally help contribute to good communal action while also protecting one's rights as individual and I wonder if he might talk about that as privacy technology as a way of both not just protecting an individual but also helping individuals work together uh for for a communal good I mean look the reality is we want to do both in a perfect world we want to be able to do both we want to ensure we want to maximize security privacy and productivity while we're also trying to ensure that we address the broader security and defense of the society as a whole so there's always those those imperatives if you will that are rubbing against each other in our system and you know for governments one of the challenges for them I always thought man was part of government for 37 years was the government has this unique task if you will to provide for the defense and security that's kind of their role it's we don't do that collectively necessary just as individuals we task our government in our name to do that and so government has this this role in some ways that the rest of society doesn't at the same time government is also very much charged with hey you're the representative so to speak of the values and the desires of the citizens of this nation hey you can't enact policies you can't focus on security defense Etc without ensuring that you're addressing these other skills that's the task we give our government hey you've got to be able to maximize both these areas and sometimes there's a rub between them what might make sense from a security or defensive standpoint hey that really collides with my desire to ensure the Privacy the anonymity and my rights as an individual um so I that's not something new I think it's always going to be there um the challenge is how do you try to find Solutions but also quite frankly we need to work collaboratively one of the frustrations in our society to me is at times we're very divided at the moment speaking about America and so a lot of times we're just talking past each other and we're not really listening to each other you know government bad oh but these individuals who are obsessed with privacy they don't understand the needs of of ensuring the Safety and Security of our society that there's a lot of Nations and individuals out there who want to use these Technologies to do bad things and it's not that one is right one is wrong it's that guys got it we've each established our initial positions now let's figure out how we work together to try to maximize the ability to meet both of those desired States realizing sometimes one is going to be more important than another now then the nice thing is which is again one of the things that attracted me to Duality was where you can find technology or solutions that enable you to do both I'm like man that's a winner that's the kind of thing we need to be focusing on this is a great segue Mike and and maybe we should then talk about you know so privacy good privacy is also you know for all these various reasons that you brought up related to American political thought and the rights of individual and and onward you know what role do you see as advanced technology particularly Advanced privacy technology playing and helping us as a society both as Citizens and and you know voters who have a participation in government how do we try to uh find this this optimal middle path using advanced technology going forward and I would love to hear this clearly technology is going to be an important component of the solution because technology gives you potentially increased confidence in a solution and Technology also lets you scale because part of the challenge here is look we got to come up with solutions that scale across a massive environment we can't come up with solutions that work for one particular sector now when we're talking about privacy now well it works for one particular sector but it doesn't work for another or hey look the answer is we got to come up with 15 different approaches to doing this so I think technology is a bit of an equalizer here it tends to hopefully help to create a common base so you know what we've seen and I've seen this as a technology CTO is that growth of privacy Technologies and and companies at both large and small uh offering privacy Technology Solutions has basically exploded over the past small number of years you're a very well-known individual you're very well known in this space you have quite a legacy and background sure you get requests to be on advisory boards endlessly probably every five minutes for all I know uh can you tell me a little bit about why you chose Duality what what you see in the company what you see in our solution what you see in the team and everything else the first thing was the company's DNA its Legacy it sprang up as part of the broader teammate family of organizations if you will and I have been Affiliated in working with teammate literally since I I got out of the military I just I thought they had broad Solutions against tough problems cyber security Focus because I had no I refuse to get involved in offensive cyber activities in the private sector my view is hey that is not an appropriate role for the private sector I won't have anything to do with it so in terms of an interesting problem set within the realm of cyber security one of the things I was wondering was is there a way to apply technology in a way that increased the ability to both access data while simultaneously increasing the level of protection associated with it and as I I was that was the problems that I was thinking of in my mind based on my previous service trying to meet those kinds of challenges in the government and when I saw a duality I thought hmm interesting problems that very relevant problems and I I really thought that the technical approach that I saw was really interesting what finally tipped the balance for me so to speak with was the people I owe anything that I do I always say look before we get into anything I want to understand your mission I want to understand your culture I won't understand your technical solution and then perhaps most importantly I want to sit down with you people I want to understand them as individuals and I want to make sure that the ethos and values of the organization align with my own I won't do anything just for the sake of money I got zero it's probably why I spent 37 years in the military the monetary aspect of life I'm not saying is not a not an element I don't mean to imply that but it has never been the biggest driver in my life um I just there's other things that for me are more important even as I want to try to provide for my family and my future don't get me wrong and I just really liked the people and the culture and the technical solution that Duality had for what I thought was a really important very relevant and very interesting problems well Mike we we all greatly appreciate your confidence and and the kind words you know we do take it apart yeah you know do some good we're gonna do some good things and that motivates me I love doing good things sure thing um so what you see is the future of privacy Technologies as you've kind of been looking out at the field both for you know I've particularly focused on data collaboration and whatnot what you see as a future what what should either technology buyers or technology providers be paying attention to do you think so clearly the economic models of today in the future are in no small part almost regardless of sector or size of organization are built around the idea of how do I maximize the value of data how do I use data as a source of insight and knowledge how do I use data to generate competitive Advantage how do I use data to help me get to a scale that I wouldn't be able to achieve without it so as I look at problem sets I'm going looks almost everybody is interested in maximizing the value of data at the same time if you're going to build models dependent on data then access privacy compliance confidentiality those are all Concepts that become incredibly important because you don't want to build models around data in which boys security is poor there's limited if any privacy confidentiality can't be assured and oh by the way we're not complying with regulatory or legal Frameworks that that is not the way to build a solution set for how you're going to maximize the value of data so I always thought the best thing to do was how can you come up with technical as well as organizational applications but how can you come up with the Technical Solutions then enable you to maximize collaboration and the manipulation or study of data to generate value and if you can come up with tools that enable you to do that while at the same time ensuring you know privacy confidentiality and compliance with regulatory regimes man you got a winner and part of the challenge which goes really to duality in many ways part of the challenge has been Hey look how do I do this in a way that it works both with data at rest data in movement and enables me to simultaneously collaborate with the same data across multiple elements whether it's internal within an organization or it's actually external those things start make the problem more complicated they're key to an effective solution if you can't do that then you can't maximize value for sure for sure Point well made yeah um is there anything in particular that you you would like me to ask you or you would like to talk about um again you can give them what we talked or haven't talked about so far oh probably you know one of the things that interests me is this is a problem set that doesn't know that doesn't recognize Geographic boundaries right and so we got to come up with solutions for these problem sets to me that transcend individual Nations or individual regulatory Frameworks because increasingly as business is more and more integrated globally we're talking about hey I need to access and collaborate with data sets that are spread all over the world and that different individuals who are who are working in different parts of the world can access and work simultaneously and work collaboratively so I was always struck by you know just this cyber doesn't recognize Geographic boundaries as a whole our Network structures broadly in the way we've created this global telecommune telecommunications and I.T backbone we also got to come up with Solutions with respect to data collaboration data privacy data security we got to come up with solutions that enable us to maximize productivity across Nations and why Geographic dispersions so maybe this is actually maybe a a really nice statement and also kind of brings up another question because this is something that we track all the time at Duality um what kind of Frameworks and what kind of justifications and motivation not that we need justification but what kind of Regulatory Compliance do we need when we need to span geographies and something in particular that we've been watching super closely is this entire us UK initiative and more recently this us EU Shield set of regulations that just came out very recently uh the usuk initiative is is between White House census Commerce and and similar organizations in the UK as a bit of a Sandbox activity in this privacy Shield which of course President Biden has recently been been pushing uh for for you know interactions between us and EU on on data data sharing I wonder if you might comment about you know the various kind of momentum that's kind of going forward internationally to how help um you know get everyone lined up for how to Foster you know interaction yeah and what do you think might actually what do you think has the right chances is it going to be a Groundswell of just Banks wanting to work together so you know Commerce is going to drive regulation or do you think it's going to be more of a top-down uh you know Department of Commerce or are you creating some sort of framework and then people fitting into that or is it going to be meet in the middle or how do you see that potentially going going you know going forward yeah so so my sense would be first it's very positive to me that there's a recognition that we need to come up with solutions that integrate the the viewpoints in the regulatory Frameworks of multiple Nations that creating all of these individuals uniquely you know unique approaches that just doesn't optimize productivity it just doesn't optimize speed or efficiency and it creates problems at times for okay how am I actually going to implement this if I got one set of requirements I gotta meet here I get another set of requirements I gotta meet there and for some companies that might be based in one nationality but do a majority of their business somewhere else or their business model is very you know transnational we've got to come up with solution sets that work my sense is we're probably going to start in some particular sectors Finance probably is going to be the first one in my mind in part because there's just broad acceptance that Finance is a global model um and so governments have for a long time built regulatory policy and legal Frameworks around this idea that Well Finance is something that tends to transcend National boundaries and to maximize productivity and efficiency and ensure economic growth hey we got to come up with solutions that recognize that and account for that so my inclination is to think that we'll probably start there then I'd like to see you know how how can we expand it's interesting though we got to acknowledge there are some differences for example the U.S could have just said five years ago hey we're going to just adopt the gdpr framework it's established you know we're just going to take it now the US fell from a government perspective hey there's some aspects of it that we don't necessarily agree with that we wouldn't choose to implement the same way and so the decision was made look we're not just going to uniformly adopt that and in fact the reality is at the moment there is no single global standard or regulatory or compliance framework with respect to data security and privacy it doesn't exist yet now maybe at some point in the future I don't see that I don't see us coming to a global standard in the immediate near term unless it's amazing what trauma if we have some significant event or series of events that highlight the importance of this problem in the current shortfalls we have in terms of the legal and Regulatory Frameworks that often tends to be an accelerant but it hasn't so far anyway yeah you're right thank goodness in some regards because of that that there hasn't been some significant trauma driving this you know yeah um you know at the same time I've always been a fan of you know particularly really into standards and and whatnot of something like the ietf model and this is kind of like the old internet style that's how we started internet governance so yeah you know working working Solutions drive you know what what people adopt and and maybe this is exactly what you know what you're what you're saying with the financial you know interoperability is hey Banks need to collaborate they need to fight fraud they need to fight money laundering they have all these kinds of directives and so they got to come up with solution whatever solution they have that protects privacy is probably gonna you know grow into a broader set of Standards what it is yeah so that could be really interesting I think you make a really good point you know the way we work the re the when we were looking at the early days of the World Wide Web in particular as the internet shifted to the World Wide Web we we came up with this idea of you create capability you take it to a standards body and then a standards of body reviews it and ultimately decides to adopt it and it starts to have a global basis you know might that be a way to do this right on right on first off on behalf of Duality you know for from myself thank you very very much for your time we're all very very excited to have you on our Advisory Board and uh I appreciate the conversation and I'm sure we'll have many more you know not recorded and recorded and talking about the future of privacy Technologies as we we go about our business and try to change the world together yeah no Kurt thanks very very much hey it's always great to get to talk to you and it's an honor to be part of the team and I look forward to what Duality can do but also what we can do to help address this idea of hey look we gotta enhance that we gotta enhance collaboration we got to do it in a framework that also gives us high confidence from a privacy confidentiality and a regulatory framework and I look forward to that because that's a definite need out there but hey have a great day it's good talking to you all good take care thanks girl [Music]
2023-02-27 12:17