Click for Full Transcript

Intro 0:01  

Welcome to the She Said Privacy/He Said Security Podcast. Like any good marriage we will debate, evaluate, and sometimes quarrel about how privacy and security impact business in the 21st century.

 

Jodi Daniels  0:21  

Hi, Jodi Daniels here. I’m the founder and CEO of Red Clover Advisors, a certified women’s privacy consultancy. I’m a privacy consultant and Certified Information Privacy professional, providing practical privacy advice to overwhelmed companies.

 

Justin Daniels  0:35  

Hello, Justin Daniels here I am passionate about helping companies solve complex cyber and privacy challenges during the lifecycle of their business. I am the cyber quarterback, helping clients design and implement cyber plans as well as help them manage and recover from data breaches.

 

Jodi Daniels  0:52  

And this episode is brought to you by drumroll Red Clover Advisors. We help companies to comply with data privacy laws and establish customer trust so that they can grow and nurture integrity. We work with companies in a variety of fields, including technology, SaaS, ecommerce, media, and professional financial services. In short, we use data privacy to transform the way companies do business together. We’re creating a future where there’s greater trust between companies and consumers. To learn more, visit redcloveradvisors.com. Well, I’m super excited about today. You’re always I am super excited. I’m just a happy, happy, happy, happy, happy person. And it’s podcast day so it makes me extra happy. But today we have Chris McLellan who is a data ownership advocate and community organizer who specializes in the advancement of leading edge innovations, particularly data centric technologies. A veteran of startup life, he has led growth teams in Europe, the US and Canada at ventures backed by the likes of Sequoia and Sir Richard Branson. And in 2017, he founded Ask AI, a podcast and free event series focused on artificial intelligence. And in 2019, he joined the Data Collaboration Alliance as Director of Operations, a nonprofit dedicated to meaningful data ownership and global collaborative intelligence. Welcome to the show.

 

Chris McLellan  2:19  

Thank you very much. It’s great to be here.

 

Jodi Daniels  2:21  

Well, so much to cover today, I’m really, really excited, we always start with understanding how you found your way here. And I don’t get to say Sir Richard Branson too often. So it has to kind of include a little stop and without part on the journey.

 

Chris McLellan  2:38  

Well, that’s part of the hashtag startup life part of my bio, where I was, I was a growth manager at a company called Halo, which was backed by Sir Richard Branson, that was like a Taxi app where, you know, it was very good. We expanded to 1000s of drivers globally, and dozens of metropolitan markets around the world, but eventually came up face to face with Uber, who kind of changed some of the ground rules of startups at that time by raising incredible sums of money, which were, I guess, you know, were may even still be somewhat unprecedented amounts of money. And, but it was, it was a great adventure learned a ton, learned a lot about it was another marketplace. And that’s a big part of what I’ve always been involved with in digital technologies. And you’ll learn a lot about the dynamics of marketplaces, whether it’s ecommerce or taxi drivers and passengers, or, or even data for that matter. Yeah, so Sir Richard Branson was a was a backer of that. But I guess that speaks a bit to my journey. You know, I have to have been involved in startups of various types consumer business for many years. And my path towards the Data Collaboration Alliance and my passion for data ownership really started with that podcast we mentioned called Ask AI, which, as a growth marketer, I was looking around seeing increasing automation of what I was doing for a living, and I was like, huh, are the robots gonna take over my life? The way I earned my bread in 10 years? And so I started to look a lot more look more into it. And the underlying technologies being AI ml related, I thought, Hmm, well, it’s probably wise for me to learn more about that. So I started to do meetups, back when those were a thing, you know, and sort of 2015 2016 A few people in a room, I sort of started with the marketing sector and said, you know, there’s an increasing amount of automation. Are you aware of this? Let’s get together and get some speakers here to tell us what this artificial intelligence stuff is all about. That basically grew and grew and grew to the point where I launched a podcast and the events grew to hundreds of people, mainly in Toronto. But, but online as well, we live stream. And so that led me to more and more knowledge and understanding of the world of data data management. And one thing that came really to clear out of that was that the the challenge? The challenge of artificial intelligence and machine learning is for sure algorithmic development. That’s there’s no question we need to make smart algorithms. But at the same time feeding those algorithms with data is actually the Don’t Pass go don’t collect $200 moment. And so where are these companies going to get that data from? Well, they can create synthetic data, they can buy it, they can take it from like a fire hose from Twitter. But to get the really good stuff, let’s say personal healthcare data and personal information, they’re going to have to get that source that from partners or individuals, and then you’re like, Okay, so what’s the problem there? People aren’t going to share their private healthcare, mental health, insurance, driving, etc, etc data with some app developer doing AI. And that led me to think, Hmm, so how could you share data without making copies? And because that seems to be the trick here, like people? How could you share data without losing control of it. And you know, I did a lot of looking up in a thesaurus about what the right word for that is. And it’s collaboration. Collaboration is a form of sharing where you don’t give up agency of the thing you put in, you know, so if you’re collaborating on a song, you’re not walking away. It’s two people or more people, or multiple people collaborating toward the same outcome. And that’s very different than cooperation, which might mean sharing resources, but for two different outcomes. And so I was like, okay, so it’s collaboration seems to be the engine of what could make AI become a growth sector. And now I start looking around, so who’s supporting data collaboration, and, and I discovered a only one twitter feed in the world that mentioned it, who later turned fast forward, turned out to be my employer, fast forward, turned out to be the sponsor, and helped me launch the data collaboration lines. That’s my origin story of how I came about to focus on data collaboration, data, privacy, data ownership

 

Jodi Daniels  7:02  

of stories like this. And I think your nuanced word of collaboration versus cooperation is is really important. And are you’ve seen that in different areas that you had the in the concept of public versus private collaboration, things along those lines?

 

Justin Daniels  7:17  

Yeah, I think I’ve seen it, kind of with the public government and the private sector collaborating on threat intel from a cybersecurity perspective, that’s really the ideal of collaboration. But sometimes that’s been a challenge. So Chris, can you tell us a little bit more about the Data Collaboration Alliance?

 

Chris McLellan  7:36  

Sure. So maybe just dive a little bit more into what we mean by collaboration there, and some of the forces that work and all of this. So it’s our worldview, that the privacy, when it comes to data is really largely about control? Who can see my data? Who can access my data? How are they going to use my data? And use me? So if you think about control, what’s the opposite of control chaos? And so how would you describe the world of data today? I think it might be fair to say that it’s more better described by chaos than control. And, and and how, why is that? It’s not all simply just malicious actors making, doing bad things. It’s really how technology is built. And there’s two sort of engines of chaos, I sometimes refer to them. And so one is the is data silos. So an app for everything. 40 years later of that ethos, we have millions and millions of silos of information, everything from spreadsheets to app specific databases, and everything in between, including sort of attempts to aggregate those silos into data warehouses and data lakes and stuff like that. And then the other engine of chaos is really copies, which is the other side of the coin from silos. Because once as an organization or an ecosystem, you’ve established management of data in silos, you have to then, you know, connect those silos somehow. And that’s generally done through a process known as data integration, which is another way of saying copies. And that is not only a huge tax on innovation, like it data integration can take 3040 50% of any IT project, but it erodes the access controls on data. So if, if control of access was set on App one, by the time you get to integrated app 25, the the odds of the access control set by the original owner being persisted through to app 25 are very slim. And furthermore, even if that was able to be audited and detected, the the app number whatever I said 25 could be in another jurisdiction entirely outside of the original application where the data was collected. So that’s the chaos we’re looking at. And so the as far as the Data Collaboration Alliance goes, that’s the problem. We’re trying into tackles. So we treat data ownership similar and from, from a paradigm point of view, to money. So if you think about how societies control other things of value, like identity cards, or intellectual property or currency, they make it difficult, if not impossible to copy. And that’s exactly the principle that we’re working at the data collaboration alliance to introduce to data and it can work for data too.

 

Jodi Daniels  10:29  

So that’s really interesting. Can you can you expand upon that a little bit? So if I’m a company, and I want to employ some type of AI to solve some types of problem, and I come and say, Well, I’d like to hear more about what you all are doing? And how you, how can I help? How can you help me? What does that what does that look like?

 

Chris McLellan  10:47  

The the, the inspiration for this solution is is so often the case is really close to home and right before us all along. And it’s from nature and evolution, and it’s right between our ears. And it’s the brain. So if you think about the brain, it’s it’s really a network of information. We know it doesn’t make silos and copies of information, it interconnects it all, do, you can use the same concept of let’s say, of a carrot to come up with unlimited variations and ideas and ways to operationalize, if you will, the the data that is the carrot. So the there’s a lot of there’s an emerging pack of technologies. And vendors that are using the principle of the this architectural does network based architecture and other capabilities to enable data to be connected and not siloed. And that’s really one of the main inspirations behind the Alliance is to advance accelerate, support, do pilot projects that demonstrate that innovation does not have to come at the expense of data ownership. In fact, it’s quite the opposite. If you give people agency and control of the information, they’re more inclined to want to collaborate on their data. And so it’s actually an agent of acceleration of innovation, which is, which is amazing. So the innovation and ownership are not enemies. In fact, they’re their best friends.

 

Justin Daniels  12:09  

So Chris, knowing that you have a big interest in web three, can you talk to us a little bit about some of the privacy challenges? Like one example I can think of is how do you balance privacy when it comes to digital wallets versus knowing that maybe somebody from an OFAC country or a person cybercriminal is using a wallet? And how do we start to balance those things out?

 

Chris McLellan  12:35  

It’s a good question. And I’m, you know, one of the projects are doing the data collaboration alliance is called the Collaborative Intelligence Network, which is a or CIN, or cin for short. And it’s really a research initiative where we’re trying to look into the basis of web 3.0 and how it can be moved, advanced and move forward. Because today, I think most people would probably describe web 3.0 is a purely blockchain based entity. There shouldn’t be debate about that, because it’s our view that blockchain is just one of multiple technologies that need to come into play here to to advance, you know, the that thing that future web that we all want and deserve. And, and so there’s many technologies that come into play, as I said, and so that’s really what we’re trying to do is, is to support that through, you know, we do interviews with thought leaders, we have a blueprint doc, that’s an open google doc, where people can contribute ideas. And we’re actually doing a through our community and other efforts, creating nodes, if you will, in a in a future global network of owned and where data ownership is preserved, and data collaboration is enhanced. So I’m conscious that I’m not specifically answering your questions a little bit, because it’s hard to get specific use cases in the time we have. But maybe Jodi, could you go back with that in context now and maybe ask your question again. So because of lost the thread a little bit.

 

Jodi Daniels  14:11  

I’m gonna pass it back to him because he was the the asker?

 

Justin Daniels  14:14  

I think, Chris, part of what I think is happening as web three is once again, the technology hairs outpacing the legal tortoise. And so web three is throwing off volumes of data. And so one of the things I’m trying to think through is, well, how do we balance privacy when it comes to your identity on the web, say, through the digital wallet that you have, versus having controls in place so that you’re able to identify if that wallet is being controlled by some type of cyber criminal who wants to engage in some kind of cyber mayhem? I don’t I don’t know yet know what the what the right balance is?

 

Chris McLellan  14:49  

Yeah, I think there are a ton of questions just like that, that are open, but I guess, to reapply our paradigm that whatever the outcome of ownership, privacy, and control that’s desired. And I think it’s a high one, that reducing copies and silos is certainly going to be part of that mix. And so, you know, what’s good is a data wallet if that data is then copied, you know, 1000s of times in the process of supporting an outcome. So I think the I would take the similar approach I do to web 2.0, which is copies are the enemy of control. Silos are bad for control. So it’s whatever we do, let’s not try to repeat the mistakes of data fragmentation and data silos and with three dot o that we did and and I think the dog agrees with me.

 

Jodi Daniels  15:35  

Yes, Basil would like to join the conversation, he sometimes makes a special guest appearance. What are you seeing from companies in terms of who needs to be at the table to be able to have these kinds of conversations and be able to move away from copies and silos, as you’re talking about in towards this idea of collaboration?

 

Chris McLellan  15:58  

That’s a good question. And the if you look into organisations, particularly larger ones, public sector ones, traditionally, I suppose data governance, data privacy would be the domain of the legal minds or the CDOs or CSOs, to some extent, as well. But if we’re looking to stem the tide, to fish future, to draw a line in the sand and say, look, the way the cause of the chaos is the silos and the copies, then we need to start to include in data privacy conversations, the developers and the people responsible for accelerating new technologies within an organisation. It’s kind of like a case today where the the IT team may be racing ahead. And even now a citizen developers using low code platforms are racing ahead. Creating silo after silo is silo of information, often customer information and sensitive data. And and it’s left to the CDOs and the compliance and the governance and the data protection teams to try to pick up the pieces. Whereas this conversation really needs to be held by all of these stakeholders right up front. And I think so what I’m seeing today is that those commerce, you know, people aren’t getting around the table is inclusively on that side as they should, what needs to happen is the application developers, those the innovation teams, need to start to think about privacy from the very beginning and include the CDOs, and data, data, privacy, lawyers and everyone else at the beginning. And, of course, there’s a well known framework called privacy by design out there. And that certainly provides one methodology for approaching all that. And at the data collaboration lines, we’re actually working on a new, a new framework as well, it takes it a bit further called zero copy integration, which is let’s build our new app or our next our next IT project. But let’s build it without silos or copies.

 

Jodi Daniels  17:55  

I would love to hear a little bit more about that. So Can Can you kind of further explain what is in that zero copy framework?

 

Chris McLellan  18:03  

Sure. So currently, it’s in its in its third round of technical committee review through an organization that is called the CIO strategy Council. They’re an agent of the Standards Council of Canada. And with the current, I would estimate that it would be a national standard in Canada sometime around this summer. And and so within that framework, what it does is articulate a few key elements for developing new technologies, new apps, new dashboards, new automations, new AI, ml tools, new algorithms. And I think the essence of it is that it decouples the application, the data from the application. So what it what it provides is an alternative to the app application specific database and instead power, multiple solutions from a network of information. And there’s more information about this on our on our website at data collaboration.org. But, but I think if there’s one key takeaway about what this standard is, is is offering the world of innovation, it’s to decouple data from applications because if we continue to embed data for every each and every application as a silo, then the problem as we discussed at the start are going to persist and get worse.

 

Justin Daniels  19:21  

So is it fair to say, when you talk about zero copies, we’re really talking about copying over data as little as possible and people working from the same set because it limits the proliferation of this data everywhere. That creates challenges with securing it and things of that nature? Is that the best way to understand what we were talking about?

 

Chris McLellan  19:42  

That’s a great way to describe it, and it’s it’s a process so zero copy integration is like it’s a way to intercept the projects you’re going to do anyway and start building new apps, new systems, new dashboards in in that way you describe rather than trying to fix the no overtime You would look seek to use those new solutions to decommission the old silos. So it’s it’s it’s, it’s an evolution, not a revolution for sure as a framework. But I think the way you described is really well, with one caveat is that yes, you connect your legacy data into an environment or network, the network data environment, you could add net new data to this environment. But when it comes to build new solutions, as you described, what you’re doing is creating low tea is a fancy word, a transient data model. And that really mimics the plasticity functionality of the brain. So you can use one set of physical data to produce hundreds of data models from the same physical data without making a copy of it. And those those models can be used to produce an API to power the experience, they’ve put it a very, very fast way. But it’s, it’s it’s, it’s fascinating. And it’s, it’s, uh, we hope to be a big part of the future of how web three Dotto and applications will be developed in the future. Because it guarantees it preserves the access controls the ownership,

 

Jodi Daniels  21:04  

I was literally about to ask around ownership. So if you, it feels almost as if there’s kind of this massive central home for data. And so my question is, well, who owns that who’s responsible for obviously, privacy laws, you know, securing you mentioned access controls, and then just this idea of, if I’m Company A, but then I’m also Company B, and it kind of goes into this almost little shared universe, who’s whose data is, so it

 

Chris McLellan  21:33  

gets. So more a little bit more nuanced. So imagine that environment I described as a node in a bigger network. And each node can be managed by an individual or an organisation or a government agency. So they could be as small as a wallet to take our previous reference, or as large as what currently is to run an entire organization. That the key is that each node, the data owner or owners within each node has full controller information. And that’s what our infrastructure project is all about is like, how would these nodes connect to each other to click Create, kinda like how society works like us three all have our own individual brains. And yet, we’re collaborating on this thing called a podcast right now. And we each have control over what we say, the only difference being in the digital world that I’m proposing is that I could actually delete what I said, from the podcast. So I have the right to be forgotten, as it were, as well. But I don’t have that in the podcast unless you gave me that right. But, so that gives you a better sense of how this would work. So it’s not a monolithic, it’s not like there’s one big brain in the sky. It’s It’s It’s imagining a network of data management environments called nodes, of which there are millions, potentially, and which agency within each but each can interconnect as well.

 

Jodi Daniels  22:52  

So in that interconnection, if we kind of think about, you know, security and bad actors and things like that, would each company we respond in this concept? Is each company responsible for the protection of it against all the other nodes?

 

Chris McLellan  23:08  

Yeah, exactly. So that that’s the our wire hashtag for the Data Collaboration Alliances, access not copies. And so what would actually the engine of innovation would actually become not data sharing through copies or integration, but data sharing through granting access to my information, which would enable you but it could expose my data via API, to your to your node, your environment, and to contribute data to your solution that you may be hosting and building in your environment. But I but the access controls I set on the data are preserved in that API. And I can shut that API down at any time and withdraw my access to your environment. So this is kind of an this is comes back to our chat about web three Dotto is, you know, can blockchain weave into this, this ecosystem as the transactional manager of choice? Sure. And that’s exactly what we’re trying to do is figure out ways to so the technology I was just describing happens to be called a variation. It’s called dataware Tim Berners Lee has something called the solid protocol, which your viewers your listeners should check out. And he has a company called in rut, but these are all very similar in terms of they’re trying to enable applications and solution digital solutions to be developed, while giving data owners control. And that’s, that’s what we share in common with those. And so I think it’s it’s a fascinating world, there’s a lot of technologies at play here. And at the collaboration Alliance are trying to, you know, live up to our own name and provide an environment for all these technology vendors to come together and trying to make sure there’s at least interoperability moving forward between our solutions. And and, as you know, and try to get around the table and a key key outcomes, ie copies in silos are bad data privacy and data ownership.

 

Jodi Daniels  24:57  

Excellent. Thank you for the additional explanation. I think really, really

 

Justin Daniels  25:00  

So as we ask all of our guests, based on your experience, what is your best privacy or security tip for our audience?

 

Chris McLellan  25:07  

Well, at the risk of being a little self indulgent here would be to check us, we have a community of the Data Collaboration Alliance called node zero. So it’s it’s actually a bunch of professionals that love working on data, you could be a spreadsheet person or a database person, or a data scientist, even that love working on data to solve problems. So the idea here is node zero, you log in, you get to experience the technology and the ideas I was just describing firsthand. But you do it while collaborating on datasets and building free tools for good causes. And one of our primary groups is a data privacy group. And they’ve done some amazing work that you can see datacollaboration.org/community, they’ve done some amazing work, creating something in beta we call the data privacy gateway, which your your listeners may or may be interested in checking out. So it’s a whole bunch of tools for data privacy pros. But beyond that, as far as personal and individual’s, what things they can do. It’s a good question. I think one thing is in in COVID, and healthcare, when you think about privacy, and you think about risk, I think about what can be weaponized against you now or in the future. And I always tell my friends, please don’t you know, think about, think about it before you share your COVID and vaccine related information. That’s your personal private healthcare information. I know it’s fun to say I, you know, I didn’t or I did get vaccinated and, and all that on Facebook or Twitter and but that that goes into an environment over which you have no control how that information will be packaged up, sold and used. And it can be in healthcare above most data, including political data, but can be weaponized against you in the future. And so, you know, you don’t want to curtail people’s free speech and right to express opinions in a respectful way. But healthcare data, do your friends really? does social media really need to know your healthcare data? I would suggest probably not. And that’s one thing I was asked my friends to think about.

 

Jodi Daniels  27:09  

I think that’s very, very good advice. Now, when you’re not giving such advice, and creating collaboration, alliances, what do you like to do for fun?

 

Chris McLellan  27:18  

Well, I lived in the UK for 18 years in London. So that that was just a beautiful place to see the world from because everything’s everything I wanted to see growing up as a kid was like an hour, two hour flight away. And so I did it all. And so that was really, I travel for fun. And recently, of course, I’ve discovered the weekend, just get in the car, get on the bike and just explore the local area, because that’s been more practical option. But now, I am very keen to, you know, buy some plane tickets this year. And they’re one of my, my, on my itineraries a go to a wedding in Australia in the fall. So I’ve never been that’s one of those trips of a lifetime type type of things for for most North Americans, because it’s so far away. But I can’t wait to resume travel. It’s really what I do for fun. And I’m where I live, I’m very privileged to live close to a couple of great cities like Chicago, and Montreal, and New York. And so you’re never going to get bored to go into those places.

 

Jodi Daniels  28:15  

Australia is definitely on my bucket list. What a wonderful, wonderful place. Well, thank you so much for sharing all of your great information and insights and helping to explain this new world, where would be the best place for people to learn more and to connect with you?

 

Chris McLellan  28:32  

For sure. It’s a datacollaboration.org. And we have three partnerships, and you just hit the program’s button, and the navigation, you’ll see what we do. And yeah, visit that website. It’s all kind of there. And people are free to reach out to me at Chris at datacollaboration.org. And we’re really excited about the partnerships. I mean, I’ll just end with this. I’ve had three calls today about projects we might be able to support to our free software programme for children. One one, you know, one with a household name, global organization, and a couple another that’s a hospital in Australia, of all places, and another that’s a meet a large region, urban region in North America. And the reason why we’re talking to these organisations is that, you know, when you think about it, I often say to people, it’s probably too late for us. You know, my day, I’ve been sharing everything. Oh, boy, Facebook came out Twitter’s out, you know, I’ve been at it for quite a long time. And so my, my digital footprint is pretty expansive, and all over the place and copied to the kingdom come. But for children, they still have a long digital future ahead of them. And so it’s projects like that, that get me really excited is that if we can build a better future for them now. You know, that’s that what could be better than that? Because it’s there’s still hope for their data to be less copied and silent.

 

Jodi Daniels  29:55  

Absolutely. Well, on behalf of our kids, thank you for all the great work that you’re doing. absolutely well thank you again, Chris.

 

Chris McLellan  30:03  

Thank you so much. I I’ve been a fan of your podcast for a while. And you guys do a great job, so keep doing what you’re doing.

 

Outro  30:14  

Thanks for listening to the She Said Privacy/He Said Security Podcast. If you haven’t already, be sure to click Subscribe to get future episodes and check us out on LinkedIn. See you next time.

Privacy doesn’t have to be complicated.