An Interview with Peter Cullen by Christopher Budd
CHRISTOPHER BUDD: Hello. I'm Christopher Budd. I'm a communications program manager with Microsoft's Trustworthy Computing group. I'm here today with Peter Cullen, our Chief Privacy Strategist at Microsoft, and I'm here to talk with Peter about a keynote he'll be giving today on March 5th at the CyberSafe California Summit. The talk is entitled "The New Privacy Landscape, and Why it Matters".
So, Peter, what can you tell me about the CyberSafe California Summit, and our involvement, and what will you be down there speaking about?
PETER CULLEN: Well, California has been a really interesting state to watch. They've I think for all intents and purposes led the country in terms of the focus on privacy, the focus on cyber-security, both from a legislative standpoint, but also from an education standpoint, and this event is just a classic example of that. It brings together business, government, cyber-security experts, academics, really with a goal of helping to solve what are becoming increasingly complex challenges for consumers.
CHRISTOPHER BUDD: Great. So, the summit is a two-day conference, I understand, and you'll be speaking on the second day, on the fifth, in the morning. What will you be speaking about exactly?
PETER CULLEN: Well, the theme of the conference or the theme of the speech is "Why Does it Matter", and what -- as Microsoft becomes increasingly aware of what's going on in the environment, we're becoming increasingly aware of that challenges are going to require different approaches and perhaps more broad approaches.
So, for example, as consumers continue to get the benefits of rich access to information, a lot of it enabled through information technology, what we're also seeing is the entry of different threats to consumers, particularly from the criminal element.
This means that for business what becomes very much at stake is this concept of trust, which is really why does it matter.
So, whether we're an organization in the commercial segment or whether we're a government agency attempting to provide more access to citizens, one thing is becoming every increasingly clear is trust is an absolutely key determinant of whether we are all going to be successful, whether consumers are going to have access to these services, and whether businesses, organizations, enterprises are going to be able to also generate value from these types of services.
CHRISTOPHER BUDD: Okay. So, can you give me kind of a feel for what the kind of privacy landscape is these days, kind of the background against which the conference is being hosted, and what some of the concerns, some of the specific concerns are that you'll be speaking to there?
PETER CULLEN: It's absolutely true that today information is the currency of value. We have just countless examples of all of us having access to services, much of it through technology, that are providing incredible value, enriching our lives, whether it be 7/24 access to services virtually anywhere in the world, to just new types of products and services. So, this is a great value generator for business, for organizations, for government, and more importantly for consumers.
What we're seeing though is that this same access to information is also creating value for the criminal element. So, we're seeing a dramatic rise in threats, for example phishing or attempts to manipulate stealing of personal information from consumers. These are done in very, very innovative terms, challenging for even the most educated, technology savvy consumer to protect themselves of this.
This means that all organizations need to take a different approach to both providing protection for consumers, to even educating consumers, to even partnering with perhaps even competitors; all of this really designed to help increase the trust of consumers, allowing them to have a very safe online and very happy online experience.
CHRISTOPHER BUDD: Okay, great. So, taking a step back, as far as your work and some of the things that you'll be talking about there, that we at Microsoft do, what are some of the key privacy issues that we at Microsoft are focused on, and what are the things that you and your team are working on these days?
PETER CULLEN: You know, using Microsoft just as a bit of an example, but then transferring it to what at least in our view the community at large needs to think about, what Microsoft has learned about whether it's dealing with spam, phishing, other sorts of online attacks, viruses and worms, it's increasingly becoming clear that three ingredients are required.
Certainly technology can play a role in helping to provide a safe online experience, and being a technology company, many people would expect us to invest in solutions that help protect our customers' data.
One of the things that's perhaps not so obvious is where we invest in is that the technology we provide that helps our customers have safer online experiences in their dealings elsewhere, not just with Microsoft.
But that's just one pillar of investments. We've increasingly become aware that it needs also investments in education, education for both consumers, education for developers and other information technology professionals about how to design and deploy safer online experiences. So, that's the second bucket, the customer education.
The third investment area is in partnerships, and this is where we're really pleased to be able to provide support to even California in terms of its legislative agenda. So, a partnership example is helping to provide guidance to a policymaker on how they might think about the policy implications of a particular challenge that they're facing on. That also means partnering with other companies to help develop consistent best practices that could be deployed across the industry.
What's becoming increasingly evident is that investments in all three of those areas are being required. So, that's what Microsoft is doing.
What's also becoming very important is that those investment areas are important for all companies, for all organizations. In other words, we've got to think a little bit more broader than perhaps our own business, our own value proposition, and think about how we can help create a much more trusted environment for our customers; in other words, if they're trusting elsewhere, they're going to be trusting with our business as well, so net-net everyone benefits.
CHRISTOPHER BUDD: And so things like the conference that you're going to speak at is an example then of some of the partnership work to go out and share some of our learnings and help foster a better ecosystem overall for users then?
PETER CULLEN: Yeah, our goal at this conference is not to suggest that Microsoft has all the answers, but is to help share what Microsoft has learned, some of the investments that we are making as an example, but more importantly to share, at least in our view, the need and the opportunity for all of us to play a role in helping to grow trust across online.
CHRISTOPHER BUDD: Okay. As far as organizations, what are some things that organizations can do to help ensure the privacy of their customers' personal information, speaking to fostering an ecosystem of trust, like you said?
PETER CULLEN: Well, it starts off with some very, very basic stuff. If we look at even another area that California has led in terms of data breach notifications, the sad reality is that well over 100 million U.S. consumers have had their data lost or breached in some fashion.
Putting aside for a moment whether that data is used or just simply misplaced, the sad reality is that erodes consumers' trust about how well their data is being protected.
So, organizations need to start with ensuring that appropriate data management and data security practices are in place in all their organizations. So, that's the absolute number one.
And number two, they can start by taking a more proactive approach with educating consumers. So, for example, even a financial services company can play a very key role in helping to educate their customers about how to have a safe online banking experience, but in effect educating them about how to have a safe online experience more generally.
And I think the third area is that when all companies, when all organizations are designing products and services, they need to build privacy in. They need to think about the user experience and design it in a way that really does not just actually provide privacy, but actually communicates the control over information that the consumer definitely wants and definitely thinks of in terms of having a trusted online experience.
CHRISTOPHER BUDD: Now, as far as building privacy in that you mentioned, is there any guidance that Microsoft has provided that some of these other organizations might look to, to build off of?
PETER CULLEN: We started thinking about how to design privacy into product development in a more systematic way about four years ago, and today our developers are guided by a very specific rich set of requirements that, to be frank about it, the product doesn't ship unless it meets those requirements.
About two years ago, when we started sharing this information with our customers and with our partners, they said, you know, boy, this information would be super valuable for us.
So, a year ago last October, we made a public version of these developer standards available. In essence they're free to use for anyone, again, not to suggest that we have all the answers, but as a way in which organizations can leverage from some of the deep thinking we've done around building privacy into products and services, and perhaps apply those same standards to the way that they deploy and build their services. Those are freely available from Microsoft, and we welcome anyone to use them.
CHRISTOPHER BUDD: Great. Okay, well, thank you for taking time to talk with me, Peter, and again you'll be speaking March 5th at the CyberSafe California Summit, and that's in Burbank, California, and thank you very much.
PETER CULLEN: My pleasure. Thanks for the opportunity to talk.
Hello, I’m Christopher Budd and I’m a communications program manager in the Trustworthy Computing (TwC)