Tag: technology

Categories
Compliance in popular culture

Selected TED/TEDx talks on self-driving cars

In a follow-up to yesterday’s post on current compliance trends in the emerging autonomous vehicle technology industry, the below is a collection of videos from TED and TEDx talks about self-driving cars. The possibilities of this technology at this point, its infancy, seem almost infinite. The impact autonomous cars could have on modern society and culture are fascinating to contemplate; it seems like this technology could disrupt and indeed improve people’s lives in many ways.

First, a primer on the technical basics of the self-driving car systems that are under development now, and the machine learning and artificial intelligence technology that will be imperative to make it practical and affordable, from Self-Driving Cars of The Near Future (Raquel Urtasun).

Of course, along with the tremendous potential of this autonomous vehicle technology also comes risks and decisions that must be carefully and thoughtfully made with compliance and ethics considerations in mind. In developing a technology that will have such a wide-reaching impact on so many people, both those who use it and those who do not personally do so, it is critically important to have in mind from the beginning all the interests concerned and how those might be conflicting or impacted.

  • Autonomous ride toward a new reality (Limmor Kfiri) – The benefits of self-driving cars must be taken alongside the issues and ethical dilemmas they prompt. In considering these challenges – which include, for example, cybersecurity risk in the possibility that someone could remotely hack a car’s self-driving technology system and take over control of the steering or brakes from the human inside it – creative approaches for handling the problems without stifling the technology are necessary. Governments and individuals who are involving in the designing phase can have a huge impact from the beginning in this effort.

 

  • The Overlooked Secret Behind Driverless Cars (Priscilla Nagashima Boyd) – There are many very practical problems of driving that technologists hope self-driving vehicles can help to address. For example, which route to select for the best commute or where to find a parking spot are all decisions people must make when driving now that semi-autonomous or autonomous driving systems could take care of in the future. However, with these conveniences there are some serious potential effects to privacy. People must ask themselves whether they are comfortable with location sharing, for example, something which has been an uncomfortable subject for some with social media or smartphone apps already. This may require a change in attitude and expectations toward privacy, and a heightened trust in technology, that during this time of cybersecurity breaches and leaks, some people are not so eager to normalize.

 

  • What’s the perfect driverless car? It depends on who you ask (Ryan Jenkins) – Design ethics and artificial intelligence meet in the development of the technology for autonomous vehicles. Technologies which can so deeply impact human life – such as smartphones, software algorithms, and indeed self-driving cars – bring with them many moral questions about what the character of and oversight on that impact might be. Any technology which can transform the way people live can do so helpfully or harmfully. Therefore, designers, engineers, lawmakers, and compliance and ethics professionals must collaborate to ensure that autonomous vehicles are produced so that they will meaningfully and positively shape human lives.

 

  • Are we ready for driverless cars? (Lauren Isaac) – Maybe the technology for driverless cars is great, but what if humans are the ones who are not ready? Like all systems, it can be designed with all the necessary controls and considerations in mind to make it as safe as possible, but if people do not use it appropriately or with good intentions then everything can go wrong. If people are not prepared to share with each other as well as redefine some of their inflexible ideas about ownership and control, then the technology will struggle to succeed in its bolder ambitions for society as a collective. Lawmakers and regulators can intervene early to ensure the philosophical intention of the driverless vehicle includes that people are safe and their interests are served, rather than neglected or abused, by the technology.

 

  • Are we ready for the self-driving car? (Tyron Louw) – While the previous lecture addresses people’s behavioral capability to handle self-driving car technology, in their attitudes and their openness to change and responsibility, this one focuses on people’s performance capacity. People are often frustrated when their laptops freeze or their phones have a dead battery – how will they react in the moment if a self-driving car has a technical malfunction? How can driverless vehicles be designed to take into account the possibility that the unsafe part of a self-driving car is the human driver in or near it?

 

The potential of the technology for autonomous vehicles, as expressed in these lectures and many others, is so striking, that it would be an inexcusable loss to not manage its growth and advancement in a way that ensures its sustainability. In the absence of regulatory action, and with tremendous respect for and power to the unchecked ambition of innovation, organizations and individuals working in this space must takes a value-based approach to developing, testing, and launching this technology. This way, its risks and challenges can be properly controlled against, and its greatness can be realized.

Categories
Trends in business compliance

Round-up on compliance issues with self-driving cars

The science fiction world of the future is in active development. Projects involving artificial intelligence are on the forefront of the business strategy of many Silicon Valley technology companies and the venture capital firms that finance them, as well as traditional automotive companies and electronics manufacturers. Advancements in automation are the focus of major investments by these organizations, all of which hope to stake a competitive claim in this disruptive market.

Artificial intelligence innovations and specifically those involved automation do include robots and computer-generated personas serving functions ranging from assistants to recruiters to reservationists like the writers of earlier decades once imagined. However, one of the more practical applications of this emerging technology is in the transportation industry. Self-driving cars offer fascinating efficiency and improvement possibilities for a world that is increasingly urbanized. Organizations working in the self-driving cars industry all hope to address the constant dilemmas within the automotive industry – design and production safety, environmental sustainability, distracted driving, how to handle congestion and commuting.

Of course, as this advanced technology develops, obvious compliance and ethics considerations emerge. Consumer protection, safety and privacy, design ethics, and regulatory response are all challenges which business interests in the self-driving car industry must confront. one of the Many of the challenges of modern society in general are writ large in the world of higher education.

  • One of the first questions that comes up in any discussion about autonomous vehicles is of public relations. How will people – both other drivers and pedestrians – react to seeing a car with no driver behind the wheel? Will this be a distraction in and of itself? Virginia Tech and Ford tested this recently by sending out a fake self-driving car onto the streets of Arlington County. This car was intended to look like it had no driver, as an autonomous vehicle would, but in reality, there was a driver “dressed” as a car seat, complete with a face mask, in a specially-configured seating area. Such studies should help to determine the best design for autonomous vehicles taking in considerations of their surroundings, as well as to give ideas of what indications need to be provided outside of the vehicle to let people know what it is:  “Driverless van” is just a VT researcher in a really good driver’s seat costume
  • Ford is far from the only corporate giant interested in self-driving cars. From the consumer electronics sector, Samsung has made a major investment of money and resources with a dedicated business unit to developing autonomous technology. Samsung would like to compete with startups already working in this space, such as Mobileye, which is partnered with major automotive companies including BMW and Fiat Chrysler. Samsung acquired Harman, a major audio technology company, last year toward preparing for this effort. This work will be done in California, which has been granting self-driving permits via its Department of Motor Vehicles rather aggressively. Removing regulatory and administrative hurdles that might have prevent granting the permits has given California a leg-up in attracting businesses which hope to exploit this growing market:  Samsung makes a $300 million push into self-driving cars
  • Like the California DMV, the federal Department of Transportation has been quick to provide guidance on autonomous vehicles so that development and testing for the technology can proceed expediently. These guidelines are recommended but not mandatory and suggest fewer restrictions in the development process, hoping to facilitate innovations and advancements by manufacturers in a technology which is seen as positively disruptive for public safety and access to mobility. The DOT plans to have an evolving approach to addressing automated driving technology as the industry develops, indicating that the government wants the industry to take the lead in setting its agenda:    Department Of Transportation Rolls Out New Guidelines For Self-Driving Cars
  • In general, this deregulatory agenda seems likely to rule the day in the autonomous driving business, at least for now. Federal safety regulators will take a hands-off approach for the time being, deferring to the objections of organizations developing the technology, especially with regards to a proposed requirement that the National Highway Traffic Safety Administration would have had the ability to approve or reject autonomous vehicle systems before they were offered for sale. A light regulatory touch has been deemed the way forward in order to support what is seen as a transformative technology. Rather than legislate and establish oversight and review standards from the beginning, in this instance lawmakers and regulators have chosen to let the technology lead the way and presumably will intervene when development and testing leads to actually using and selling the vehicle systems in consumer and public applications:  Trump’s Regulators Ease the Path for Self-Driving Cars
  • On the same day that the deregulatory posture of the DOT and NHTSA was announced, the National Transportation Safety Board, an independent federal entity that investigates plane, train, and vehicle accidents, announced that a manufacturer was partially to blame for a car accident involving semi-autonomous driving technology. In this case, a motorist died in a high way accident using Tesla’s Autopilot feature, which handles steering and speed when engaged. In the accident, the Tesla crashed into a truck that entered its lane without the Autopilot system recognizing it. In its own investigation, the NHTSA laid the blame for the accident on human error, saying that the driver should have been monitoring the car despite having the feature engaged. The NTSB however, said that the Autopilot system had insufficient system controls to prevent the accident. As autonomous vehicles make their debut on the road, and semi-autonomous vehicles become even more widespread, it is very important for consumer safety and protection that this control framework is considered in the design and manufacturing process to protect against insufficient monitoring by drivers or abuse of the system, however possible:  Tesla Bears Some Blame for Self-Driving Crash Death, Feds Say   

Check back tomorrow for a companion post to this round-up: selected TED/TEDx talks on self-driving cars and what autonomous vehicles may mean for individuals, organizations, and society.

Categories
Compliance in popular culture

Selected TED & TEDx talks on ethical dilemmas

An ethical dilemma is a problem in decision-making between two or more possible choices which involve conflicting interests and challenging possible consequences. Often this can be understood as a scenario in which making one decision has an impact on the interests involved in the other decision(s) not made. Choosing to not make a decision is also, in its own right, a choice which implies these consequential dynamics. The below TED/TEDx talks are a sampling of some different dilemmas encountered and the ways that the speakers have thought about and attempted to resolve them.

  • The ethical dilemma of designer babies (Paul Knoepfler) – Biotechnology which was once the stuff of science fiction is now becoming an everyday reality, or at least a possibility that is easy to imagine for the not-so-distant future. For many years now there have been ethical questions about the use of gene editing technology in human embryos. This could allow scientists to mitigate the risk of certain auto-immune or congenital diseases, which would be a marvel of modern medicine. However, it could also make the way for individuals to use the technology to also alter physical appearance and pre-determine many of a person’s traits, perhaps also eventually personality characteristics. What answers does bioethics have for this dilemma? Is it worth the risks, too dangerous to justify the benefits, or somewhere in between – a technology that should be progressively and thoughtfully developed with both those risks and those benefits in careful balance?

 

  • Can we engineer the end of ageing? (Daisy Robinton) – While the prior talk considers the beginning of life, there are also bioethical considerations to scientific advancements made concerning the end of life also. Just as there can be cellular interventions on the biological makeup of embryos, therapeutic mechanisms of stem cell identity may already be useful in increasing longevity and health, such as by reversing the growth of cancerous cells or addressing other developmental diseases. However, what about the possibly to “edit” one’s DNA not for survival or to cure a sickness, but to improve capabilities or change aesthetic qualities? If some physiological differences are editable at the cellular then is it ethical to do so?

 

  • The Social Dilemma of Driverless Cars (Iyad Rahwan) – Self-driving cars have been in the news a lot recently as leading organizations such as Ford, General Motors, Tesla, and even Samsung are making major investments in developing field. In the US, the federal government has indicated that it prefers to let technological innovation take precedence over anticipatory regulation, perhaps taking lessons learned from the initial failure of the electric car industry in the 1990s and early 2000s. The artificial intelligence of self-driving cars is ethically challenging, in consideration that these driverless vehicles will share the road with pedestrians and conventional vehicles. Will they be safer than cars with human drivers, or do they bring up all kinds of new safety and privacy concerns?

 

  • Machiavelli’s Dilemma (Matt Kohut) – More to the point of typical everyday interactions than the abstractions of the limits of medicine and technology, what about character judgments? The classic question remains – do we want to be loved or feared? Liked or respected? Most people of course would say some combination of both, but in first impressions or in difficult leadership situations, sometimes the choice to be one at the expense of the other is unavoidable.

 

  • The paradox of choice (Barry Schwartz) – The thing of all these different dilemmas have in common is, of course, choices that individuals, organizations, and sometimes society as a whole must make. Facing the responsibility of making a choice indicates that there is freedom of choice in the first place. The privilege of decision-making can also be a burden. One must be able to decide in the beginning in order to feel some sense of personal dissatisfaction or insufficiency provoked by the idea that other choices, and other outcomes could have been possible.

 

As the above demonstrates, there are many diverse examples of ethical dilemmas which come from all areas of business and life. This effectively points out how ubiquitous these challenging situations are. From simple, everyday interactions to matters of life and death, ethical dilemmas present challenging, compelling moral questions.

Categories
Compliance and ethics business case studies

Instagram and the internet’s code of ethics

Instagram is a very popular social media app based on sharing photos and videos, publicly and to selected users as well as via direct, private message. It was launched in 2010 and since April 2012 has been owned by Facebook, another giant in the social media industry. In less than the decade of its existence, Instagram has grown a very large and active community, where users can interact with their friends and “followers” as well as other communities who maintain a presence there, public figures, media sources, and corporate brands.

All of these wildly different groups, from all over the world, sharing content and commentary on one platform, is exciting and promises many opportunities for collaboration. Along with these positive connections, though, of course come negative surprises and possibilities for challenges and abuses. With all the influence Instagram has through its popularity comes also responsibility for defining the standards and limitations of the community as well as what it will put out into the internet and the world.

Instagram has faced its share of criticism for its efforts to implement and maintain effective controls and reporting mechanisms.   Instagram relies heavily on user reporting of inappropriate content, such as posts depicting illegal activity or the use of “coded” hashtags and emojis to conceal but continue on with such practices. Understandably, even the most aggressive attempts to keep up with the pace of this behavior on social media will fall behind quickly, leading to criticism the community is unsafe. When Instagram is too proactive or reaches in deleting comments, posts, or users, however, then controversy about overreaching into privacy and expression begins in response.

Kevin Systrom, one of the original creators of Instagram and its current CEO, wants to work this balance between protection from abuse and freedom of expression. Under his leadership, Instagram is dedicated to ensuring that the content and tone on the platform is compliant with its community guidelines. Changes to the comments sections on photos – including allowing users to filter out comments that had certain words, or to post photos without comment sections available – are intended to encourage safer self-expression by the posters who might otherwise fear harassment or offensive content in response below their photos.

Platforms such as Instagram, of course, can never be neutral – any technology’s relationship with its user is one that is fraught with moral concerns, starting right at the ethics of its design, which is made only more complex by algorithms, robot users, and the real users who make their own decisions about the content to share and promote that run the gamut from universally appropriate to offensive, harassing, or even illegal. In such a context, applying a code of ethics is a very hard task, but perhaps it is the inherent difficulty of doing this that makes it so important to try.

Creating filters and tools to hide and promote, prevent and engage, either when deployed by the community management behind the scenes or when elected by users, is just the beginning of the design choices engineers have made at Instagram to implement technical responses to problematic tone in some corners of the platform. Instagram tries to deploy artificial intelligence to help also, to sort real posts from fake and to learn from the data to understand why innocent comments or content may be abusive to the context, a concept called word embeddings. AI has its limitations, of course, but in any rules-based approach to governance it’s necessary to start with something good and then make continual efforts to make it better, rather than leave risks un-addressed while in hopeful pursuit of the best.

Time will tell how effective Instagram’s efforts to make the platform a safer place for expression really are, and what they really accomplish – a place which is open for creative sharing and communication creation, but not to toxicity and abuse, or a censored, sanitized, disingenuous photo collection where self-expression is restricted and speech censored? Perhaps Instagram will succeed in going against the tide on the internet and in much of life, where the level of social discourse seems to have gone low, tinged by anger and dark with people’s worst impulses, and make a place where the conversation can be a bit more civil, even if it has to be filtered first to get there.

For more detail on Kevin Systrom’s ambition of making Instagram a safe haven and role model platform on the internet, and the challenges that both motivate and complicate this mission, see Nicholas Thompson’s story on Wired.

Categories
Compliance in current and historical events

Compliance lessons to learn from the 2017 Equifax cybersecurity breach

Equifax is one of the major US-based consumer credit reporting agencies. It operates globally and due to their nature of its business, maintains sensitive and personal information on more than 800 million individuals and more than 80 million organizations.

In September 2017, Equifax announced that it had experienced a cybersecurity intrusion in July 2017 which impacted the data of up to 200 million consumers from the US, Canada, and the UK. The handling of this breach by Equifax was widely criticized and questioned. Among the controversial aspects of it were the two month delay in publicizing it, the lack of specific information about the data compromised, the inadequate and possibly even unsafe system and support provided for impacted consumers, and the perception of possible insider trading by company executives in the days after the breach took place but before it was public.

As the problematic response to this cybersecurity incident unfolded, Equifax’s various blunders and missteps in the public handling of the situation formed a guide for worst practices in such a scenario. As the dialog around Equifax’s response has shown, poor crisis management in the public eye only compounds the consumer protection problems.

  • Companies do often have legitimate reasons for delaying notifying consumers, regulators, and the public at large about data breaches. Sometimes companies do not even know they have been breached right away. Even once they are aware, sometimes law enforcement will request that they do not disclose the breach. Different types of data may be subject to different disclosure requirements, so companies also sometimes have to take time to determine what data was involved. However, these delays still can be very problematic for consumers, who can be unknowingly at risk and make assumptions about the seriousness with which their data is stored and maintained which might be very far from reality.  Why it can take so long for companies to reveal their data breaches 
  • While Equifax was taking its time notifying consumers and regulators of the data breach, questions abound about when – and what – people on the inside knew about it. This is because only a few days after the July 29 cybersecurity intrusion, on August 1 and August 2, several executives at Equifax sold shares. These transactions were not part of scheduled trading plans, but they were not total liquidations of their positions, and the company says that the executives were unaware of the breach at the time of the trades. However, the perception of possible insider trading is hard to avoid once the timing of this activity is revealed. If they truly did not know about the cybersecurity problem, it would have been wise at least to inform key senior management of the breach and advise them to avoid trading in the stock while in possession of inside information.  Three Equifax Managers Sold Stock Before Cyber Hack Revealed
  • Despite how secret most people in the US see their financial data as being – especially social security numbers and bank account or credit card information – current privacy laws are lacking in many key areas when compared to those in other parts of the world such as the EU. Top of mind among privacy concerns, including the need for consumers to input personal data to check whether their other personal data has been compromised, is that over a month went by before Equifax notified the public of the cybersecurity incident at all. In the 40 days that went past, the data could have been used for many illicit purposes without consumers even being aware they were at risk. Laws in the US currently differ between states with regards to breach notification requirements. There is no unifying directive in the US for the standard where personal data is concerned, such as there will be next year in the US under the General Data Protection Regulation, which requires notification within a maximum of 72 hours. Perhaps a higher standard in the US such as this one would reinforce seriousness of these events to organizations and improve consumer protection and communication processes when they occur.  Equifax breach disclosure would have failed Europe’s tough new rules
  • While these data breaches are unfortunately becoming so common that the public is often less alarmed by them now than in the past, irresponsible or insufficient responses by organizations to these breach still provoke justifiable outrage and calls for change. Consumers being desensitized to the exposure of their personal data just shows how widespread the problem is and how insufficiently the interests of the consumers are guarded. However exhausted the public may seem to be with the ongoing leaks and hacks of their private data, this is no excuse for organizations affected by them to respond with the same passive, indifferent attitude. Equifax’s lack of detail and inadequate communication displayed to the public that they did not care about the invasion consumers were suffering, which is quite a different message than one of fatigue by victims who have had this experience too many times to excuse. The reputational risk suffered by such corporate carelessness is extreme, and hopefully will drive consumers to advocate for a higher standard of responsibility and responsiveness from keepers of consumer data.  The Banality of the Equifax Breach
  • As the public contends with the reality of the Equifax data breach – that subsequent hacking attempts stemming from this breach are inevitable and that companies like Equifax do not meet the standard of care for protecting this private information in their possession – what can anyone do in the future? Holding companies accountable for their poor service by taking their business elsewhere is often the only choice consumers have to voice their displeasure. In the current system individuals aren’t really able to avoid the consumer credit reporting agencies, but organizations could opt to create and use independent systems with more secure infrastructures. These corporate users could drive a technological shift that would also benefit individual consumers. Blockchain and related technologies could provide the solutions to these vexing and chronic security concerns that the existing system seems unable to address.  It’s time to build our own Equifax with blackjack and crypto

Given the ever-increasing risks surrounding cybersecurity, compliance professionals and individuals interested in cybersecurity risk management can take many cues from the above on what not to do in such a situation from Equifax. Hopefully as organizations continue to live with the risk of such intrusions, and improve their control frameworks to prevent and mitigate them, they also pay attention to the public responses in such situation, to make sure that the statements made and guidance provided are adequate and accurate.

Categories
Trends in business compliance

Round-up on ethics of design in technology

One of the most interesting and challenging inquiries in the evolving ethical code of technology has to do with design choices. Ethical decision-making and process design has direct impact on the fluid, complex process of creating the devices, interfaces, and systems that are brought to market and used by consumers on a constant basis. In such a disruptive and innovative industry, there are moral costs for every design decision: every new creation replaces or changes an existing one, and for everyone who has new access or benefits, others experience the costs of these decisions. Therefore the ethics of design as applied to technology and, of particular interest, social media, have concrete importance for everyone living in a world increasingly dominated by user experiences, communities’ terms of service, and smart devices.

  • Former Google product manager Tristan Harris has gone viral with his commentary on the ethics of design in smart phones and platforms creating apps for them. There is a balance in online design where the internet platforms go from being useful or intuitive to encouraging interruption and even obsession. Many people worry about the effect “screen time” may have on their attention span, quality of sleep, and offline interactions with people. Design techniques may actually keep people attached to their devices in a constant loop of advertisements, notifications, and links, as content providers and platforms compete to grab viewers’ attention. Alerting people to the control their devices have over their attention and time is one step, but urging more ethical choices in the design process is the next frontier for innovation reform:  Our Minds Have Been Hijacked By Our Phones.  Tristan Harris Wants To Rescue Them. 
  • The above phenomenon of addictive design has become so imbedded in the creation of app features that even the most subtle changes can have a huge impact on the consumption practices of users. But when do features go from entertaining and user-friendly to compulsive, even addictive? Refreshing an app can be like pulling the lever on a slot machine, giving the brain rewards in the form of new content to keep the loop going at the expense of other activities and priorities. These design improvements, then, may actually affect users more as manipulations:  Designers are using “dark UX” to turn you into a sleep-deprived internet addict
  • These small, ongoing redesigns are intended to make apps more readable and consumable. These periodic improvements are intended to make content more captivating and enable longer browsing – again prompting the question, what is the ethical code for the control designers wield over users with these choices? From a design ethics perspective, these small changes can be viewed as more alarming than major ones, as they are so incremental that many users do not consciously notice them and therefore “optimization” tips into “over-optimization,” meaningful interaction becoming possibly destructive:  Facebook and Instagram get redesigns for readability
  • Artificial intelligence always captures the public’s imagination – thrills and fears about the possible developing capabilities of robots and predictive algorithms that could direct and define – and perhaps threaten – human existence in the future. AI has been developing in recent years at a breakneck pace, and all indications are that this innovation will continue or multiply in the coming period. The science fiction-esque impact of AI on society will grow and bring with it all kinds of ethical concerns about the abilities of humans to define and control it in a timely and effective way:  Ethics — the next frontier for artificial intelligence
  • Social media platforms have developed into social systems, with all the dilemmas and dynamics that come along with that. These networks may face the choice between engagement and all of the thorny dialogs that come with it, and a simpler, more remote model that can be enjoyable but is less interactive and therefore, perhaps, less provocative:  ‘Link in Bio’ Keeps Instagram Nice

Queries into design ethics and choice theory in technology, especially social media, ask the questions of what human experience will evolve into in a world which is increasingly digitized and networked. The design decisions made in the creation of these devices and systems require an ethical code and a sense of social responsibility in order to define the boundaries of what are the best collective choices.

Categories
Compliance and ethics business case studies

Silicon Valley and undoing the normalization of sexism as corporate culture

Much of the attention on Silicon Valley in recent months has been not for new technological innovations or advances in the markets. Unfortunately, the public discussion surrounding the high-tech and start-up world, and the individuals and companies that finance that industry, has been focused on worst practices for corporate cultures. As society at large grapples with gender equity, racial and ethnic representation, generational workstyles, politics in the workplace, and many other diversity challenges, the most frequent conclusion seems to be that the state of things in 2017 is not as progressive or integrated as may have been assumed.

Many high-profile Silicon Valley organizations have coped with this revelation of corporate intolerance very publicly. Among them is Kleiner Perkins Caulfield & Byers, a high-profile venture capital firm. Managing partner John Doerr was an investor in some of the highest profile first generation technology companies to come to market: Intuit, Netscape, Amazon, Google. When he hired Ellen Pao in 2005 as his chief of staff, it seemed like he was assertively signalling that Kleiner Perkins wanted to take the lead on elevating qualified women to visible leadership roles in Silicon Valley, where men have overrepresented women in management, and within the even more traditionally male-focused venture capital domain.

Pao’s experiences throughout her tenure at Kleiner Perkins, capped off with her 2015 gender discrimination lawsuit and her firing before that lawsuit came to trial, indicate a different environment. Rather than being valued for her contributions and promoted on her merits, Pao alleges that she was harassed after a workplace romance went bad and that she was often marginalized in her role, expected to take on essentially personal assistant type duties while investing or higher level tasks went to male colleagues. Instead of contributing to a gender-integrated workplace where individuals were elevated for their accomplishments, insights, and commitment to their jobs, Pao paints the picture of a dysfunctional and increasingly hostile environment.

Kleiner Perkins did not have policies or training against sexual harassment at the time Pao worked there. A control framework to identify, prevent, and address these corporate culture issues is imperative. Any company that does not set a tone on these matters and take the time to thoughtfully and proactively set expectations for an integrated, balanced organizational culture demonstrates no credible commitment to workplace equality and the merits of the diversity of viewpoints this brings with it.

Many cultural changes have been underway for so long that they are taken for granted or even pushed against by now as creating an undue burden in the other direction. The truth, however, is that these movements toward a more balanced, integrated workplace are still stymied by a lack of genuine commitment. Ideally the office would looks much more the best version of the world, where people are elevated for their merits and not their demographic traits, and are not kept from even getting on the road to success because of someone else’s decisions about their right to work because of a trait like gender. In order for this to really develop, though, leaders in business (both established ones like Kleiner Perkins and start-ups who are defining their corporate values for the first time) need to take ethical stock of where they stand and if they can commit to creating a culture where all people are accepted and utilized for their merits, then they need to do so visibly and meaningfully. The time of tokenism or promises without true intention needs to be past so that people of all kinds can get into legitimate leadership positions and then pay it forward to the next generation behind them.

Pao did not prevail in her lawsuit, but perhaps it will endure anyway as a test case. While it did not result in a guilty verdict, cases like this one can be a cultural watershed for policy and enforcement standards in companies to mitigate legal risk. Perhaps also other women working in, or fired from, Silicon Valley under similar circumstances can see where Pao succeeded and failed in her legal strategy and take up the cause on their own behalves. Bringing these issues into the public light can certainly drive change in creating a cultural imperative for women in tech to speak up and out.

For more insight on Pao’s experiences in Silicon Valley and happened with her lawsuit against her former employer, see this excerpt from her book on The Cut, originally from New York Magazine.

Categories
Compliance in current and historical events

Cybersecurity and the hacking of Hollywood

Cybersecurity appears near the top of any compliance officer’s risk assessment. Addressing the ever-evolving concerns around it is a priority on the strategic annual plan for any compliance program. Modern society’s reliance on technology and the internet is always increasing. Along with the many benefits of technology’s interconnectedness and conveniences comes risks to data privacy, information theft, unauthorized intrusions, and security breaches.

While all businesses are vulnerable to these threats, recently the spotlight has been on Hollywood and some high-profile hacking campaigns that have seriously impacted the entertainment industry. Damaging emails have been published, produced shows and scripts have been ransomed, and private photos have been leaked due to storage and server facilities being breached.

  • In November 2014, Sony Pictures was hacked by a group calling itself Guardians of Peace. The cyberattack used malware to steal and then overwrite and delete the data on half of Sony’s computer network worldwide. Not only did Sony have to deal with a major technology infrastructure crisis, but shortly after, the leaks began. The stolen data from the company that was subsequently published ranged from embarrassing personal emails of executives and celebrities to unreleased movies to sensitive employee information. The hack was eventually blamed on North Korea and their effort to suppress the film The Interview, a claim which is still disputed by some today. The fallout from the cyberattack and the insufficiency of the company’s preparations against it offer many difficult lessons in cybersecurity and corporate defences within it: Inside the Hack 
  • Netflix was compromised by a hacker going by the name thedarkoverlord, who posted ten episodes of the network’s hit show Orange is the New Black to a torrent site on the internet. The leak occurred after a ransom request was not met, first by a production vendor affiliated with Netflix and then by Netflix itself, demonstrating that cybersecurity at third-party vendors can also be a business risk: A Group Of Hackers Is Holding Hollywood Captive — & Here’s What It Wants
  • In another ransom case, Disney suffered a hack involving the latest movie in the Pirates of the Caribbean franchise, compromised while on the servers of a post-production facility. Work is often sent out to vendors in the industry who will do it for the lowest cost, but may not promise the most robust network security to prevent intruders from accessing the content and ransoming it to the owners. This phenomenon is becoming increasingly common and expensive: Cyberattacks once again roil Hollywood, but can anything be done about it?
  • HBO sustained a major cyberattack, possibly from various sources, on their servers which demonstrate how vulnerable major organizations can be to leaks, hacks, and social media hijackings. This event shows that HBO, and other organizations like it, face cybersecurity threats from a variety of sources: suppliers, insiders, intruders, and more. Ransom demands were involved here too, but other threats seemed designed just to test security protocols or to intimidate and embarrass: Breaking Down HBO’s Brutal Month of Hacks
  • Other than content owners such as networks and studios, Hollywood talent agencies, such as UTA, ICM, and WME, have all also been the target of cyberattacks. In the case of UTA, the intrusion occurred through the phone system and spread from there to the computer network, with a ransom demand following. Many of these hackers openly acknowledge they are motivated just by financial gains from ransom payments, so some companies are being advised to pay up and avoid damaging or embarrassing information and valuable content being leaked online: FBI Gives Hollywood Hacking Victims Surprising Advice: “Pay the Ransom”

The increasing frequency and visibility with which the technological systems of Hollywood companies are being targeted for cyberattacks indicates that this will remain a top risk for some time to come. The threats to the reputations of individuals and organizations involved, as well the economic and reputational risks, require that lessons learned from the situations above be implemented into practical and technological improvements to cybersecurity programs.

Categories
Trends in business compliance

Round-up on compliance issues in food technology

Food technology, concerning the production processes that manufacture, transport, and distribute foods, continues to expand as disruptive technologies in general advance. As any practice that impacts food has obvious heavy impact on consumer safety, food technology practices are coming under increased scrutiny. While public attention was once mostly limited to risk-benefit analysis of various foods and the resulting consumer preferences and perceptions, innovative technologies are driving further questions and desires for customer protections and process disclosures.

  • In response to perennial consumer demand for more flavorful and interesting plant-based products to present vegetarian and vegan friendly burgers, Impossible Foods created their Impossible Burger, with soy leghemoglobin giving it an uncanny resemblance to meat and a regulatory problem with the U.S. Food & Drug Administration; can high-profile investors and customer interest overcome food safety concerns and the burdens of government supervisory challenges:  Impossible Burger’s ‘Secret Sauce’ Highlights Challenges of Food Tech
  • Walmart and a consortium of major food companies including Unilever and Kroger are experimenting with blockchain technology to simplify and automate their supply chains, in hopes of making a very complex set of production processes much more agile and enabling quicker investigations into outbreaks of food-borne illnesses, with improved documentation:  Walmart and 9 Food Giants Team Up on IBM Blockchain Plans
  • Another fascinating, developing use of blockchain in order to make the supply chain safer by combating food counterfeiting and tampering, illegal shipping, and industry malpractice by tracking products through the process and requiring non-anonymous, reliable documentation, all informed by industry “spying” that has uncovered the causes of abuses across food business sectors and country cultures:  Inside the Secret World of Global Food Spies
  • Personalized nutrition plans combine the trend for home genetic testing with consumer desires for at-home meal delivery or menu selection services, but how does freedom of choice and a culture of individual preference with emphasis on customization fit in with the goals of libertarian paternalism that can be espoused by suggesting biometrically-determined food choices:  I sent in my DNA to get a personalized diet plan. What I discovered disturbs me. 
  • Amazon continues to search for growth opportunities in the food business after announcing plans to acquire Whole Foods earlier this summer, this time turning to U.S. military technology to aim to deliver meals that do not need to be refrigerated, but will consumers be enthusiastic or will this solution only create new potential problems in trademarking of kits and safe fulfillment of orders:  Amazon looks to new food technology for home delivery

Blockchain will likely continue to pose the most challenging and exciting advances in the food technology industry. Making the supply chain for food more transparent and accountable, and also simpler to navigate, is a lofty goal which would serve the public interest. Integrity and consumer choice in the food business, with or without the impact of regulatory supervision, should drive innovation going forward.

Categories
Compliance and ethics business case studies

THINX, Miki Agrawal, and the immature leadership of a visionary entrepreneur

THINX was founded by Miki Agrawal with the ambition of disrupting the feminine hygiene industry. The company makes underwear specially designed to be worn by women on their menstrual periods. In line with this female-centered product and its revolutionary approach to a timeless need, THINX has a mission to re-center the public discussion about periods and women’s bodies. The company has become known for its provocative, bold advertising campaigns on the internet and in the New York City subway.

However, the company has also become known for something less progressive: allegations that its founder-CEO Agrawal created a hostile work environment with inappropriate behaviour and insufficient management controls.

THINX started with the objective to normalize the way people talk about periods, making it no longer a taboo topic. This societal change is an admirable goal, but at THINX it was undermined by an immature compliance culture that perverted this openness into permissiveness for mistreatment and poor conduct. It may be a positive societal change to open and encourage dialogs about feminine hygiene practices and women’s bodies, but the standards for treatment of others and respect for people’s personal boundaries, everywhere in life but especially in the work place, should not be subverted in interests of promoting this message. Empowering women does not stop at the office door, especially in a company with this ambition as its supposed core value.

Agrawal, who has successfully started several businesses, has not been so successful in taking a professional approach to ongoing operations at those organizations. Her ideas and approaches to entrepreneurship may be disruptive in a good way – novel, unique, bold – but her management style appears disruptive in a bad way – immature, overly casual, confrontational. Personal conduct and character ethic should distinguish the profile of a CEO, not tarnish it. A true leader should focus his or her philosophy into appropriate behaviour and interactions with employees and a tone at the top of professional integrity.

Despite Agrawal’s own behaviour that crossed the line, she could have made up for her managerial shortcomings by placing people around her whose leadership could contribute to a more acceptable corporate tone for the employees while still servicing the cultural change Agrawal wanted to encourage in the world at large. Adequate management controls such as a formal, experienced HR department and written employee policies and procedures would have helped to set a standard towards which the company could mature.

THINX replaced Agrawal as CEO with Maria Molland Selby, a more traditional leader who was worked in a variety of established companies included Thomas Reuters and Dow Jones. Selby also is a passionate about the THINX product from a personal perspective, hopefully she can value the people working at THINX as individuals by treating them positively and focus on a corporate culture that will support the company’s goals of destigmatizing feminine and changing the product market to make it better. As for Agrawal, she has rebranded herself as a SHE-eo and a disrupt-“her,” indicating that her interest is really on focusing on her perceived positive accomplishments and the future, rather than learning from the criticisms of the past, which she perceives as obstacles or tests rather than self-created challenges or failures to mature.

For more detail on THINX and Miki Agrawal, read Noreen Malone’s story on The Cut.