Archive

Posts Tagged ‘software’

What’s a citizen to do about Equifax?

My professional career has revolved around software contracts. Initially, I negotiated and managed them; now I reference them heavily while performing a different kind of work. Throughout, I’ve been especially interested in terms related to Information Security (“InfoSec”).

Some software publishers offer customers fairly robust InfoSec protections. I generally felt pretty good about companies (1) whose starting positions guaranteed specific measures to ensure protection of customer data and (2) who promised some kind of compensation if customer data became available because of the publisher’s software and/or hardware offerings. Such software publishers had “skin in the game,” or incentive to really ensure their customers’ data was protected. Why would they be lax when they’d experience specific, sometimes severe consequences for breach resulting from failure to do so?

On the other end of the spectrum were publishers who offered vague assurances with no guaranteed compensation for any breach. This was the opposite of having skin in the game: “We’ll totally check our software once every other year for major flaws and give commercially reasonable efforts to fix them. If there’s a breach that reveals bunches of your data, we’ll send you cake.” I was much more concerned with these publishers, whose lackadaisical approach to InfoSec practically screamed, “We care more about the money you’re required to give us than your ability to stay afloat!”

This all left me with a keen interest in InfoSec, especially when I saw how much less care companies give individual citizens* compared to paying corporate customers. If corporate customers at the very least got a cake, individual citizens got … nothing. Giving more than nothing would cut into profit margins!

I’ve subscribed and unsubscribed to bunches of InfoSec newsletters over the years. The only one I continue to follow now is KrebsOnSecurity.com. Brian Krebs’s coverage of the Equifax breach is a perfect example of why. He critically analyzes the breach and presents it in language even distant non-experts can follow. More importantly, he lets individual citizens know what they can do to limit their exposure.

If you’re concerned about what to do following the Equifax breach of 143 Americans’ credit data, Brian’s “The Equifax Breach: What You Should Know” is a great place to start. If you’d like more excellent analysis of the breach, I’d suggest “Here’s What to Ask the Former Equifax CEO.” His proposed questions for U.S. legislators to ask reveal a great deal about companies that give prominent indications they care much, much less about citizen data protection concerns than for whatever revenue they can milk from citizens. If protecting citizen data costs money (uuuuugh, maintaining software and hardware is expensive!), they’ll cut corners and hope for the best.

As individual citizens, we don’t have the financial leverage to demand better protections the way individual corporate customers can. This means that it’s critical for individuals to (1) find and use those protective measures that are available to individuals (thanks for highlighting them, Brian!) and (2) consider how re-regulation** impacts citizens’ ability to collectively mitigate citizen costs created when some corporate entities treat InfoSec not as a valuable investment in citizen well being but a drain on profits.

Otherwise? It’s important to remember: Unlike corporate customers, we individuals won’t even get a cake. 

* I originally typed “consumer,” so prevalent is such phrasing in reporting, but I reject that. We individuals are far more than consumers. We are citizens, and are far more valuable than the dollars we spend.

** There is no such thing as deregulation, only reregulation. Changes to regulation typically called “deregulation” aren’t neutral but heavily lobbied for by specific corporate beneficiaries. As Kate Raworth puts it here,

There’s always going to be regulation shaping what can and can’t be done, you’re just shifting the regulatory space. You ask how are those shifts benefiting, or how are the costs and benefits of that shifting re-regulation falling on other people? So financial deregulation actually just shifts the costs and benefits of financial crisis onto a different group of people.

 

Advertisements

Fortunate

I graduated from law school in 2004. I had no interest in practicing law, so I moved to Japan and taught English there instead. Though I was supposedly the teacher, I learned a lot and had a blast.

I moved back to my hometown for family reasons and took a job temping in a small HR office. Job opportunities did not abound, so I was simply glad I could pay my bills. I felt the same when I took on a temporary administrative role at a larger company before long. I sucked at it, but did my best to find silver linings, of which there were many.

As my temporary admin gig neared its conclusion, a woman I’d met exactly once offered to take me onto her team as an admin. I sent her a copy of my resume; once she saw I’d gone to law school, she became determined to get me negotiating software contracts on her team. I rejected at first, saying I’d have taken the Bar if I wanted to do anything law-related.

She persisted, thank God. I soon began negotiating contracts, and felt (happily) challenged for the first time in years. I loved learning about hardware and software, which I had to do to be effective at negotiating. I enjoyed negotiating and was grateful to have an encouraging, supportive manager nudging me outside my comfort zone.

I worked on software contracts for a decade. Then, two years ago tomorrow, I began working as a software licensing contractor. My commute to a full-time job with great benefits was just too long. I accepted job uncertainty as a small cost compared to the benefit of not spending four hours in my car daily.

My first few months as a contractor were deeply uncomfortable. There was a lot of ambiguity, which frustrated me until I took it upon myself to lessen the ambiguity. If anyone didn’t like how I was doing that, I figured, they’d be sure to tell me. 

Taking risks, I found myself growing. I found joy in that growing, though I’d started out discombobulated.

As that contract wound down, an opening came up for a software asset management position. I seized the opportunity. Sure, I’d never done it before and didn’t know a thing about helping ensure neither too many nor too few licenses were procured, but I knew I’d grow. I knew that any frustration I felt at being a noob the first few months would be counterbalanced by the ultimate joy of learning.

I “knew,” but I didn’t really know. ‘Cause, see, I had no idea how much I’d learn, nor how much I’d be encouraged to learn. I couldn’t have fathomed how much support I’d have, nor how mistakes would be treated as just a part of the journey of learning. I had no idea what it’d be like to feel genuine psychological safety for the first time in my life, among a team that makes me laugh while pushing me to do better every day.

I took a risk two years ago tomorrow, and another one fifteen months ago. Because of those risks, my whole life feels so much richer than it did two years ago. For how rough my life began, it’s pretty rad now.

This is all a necessary background for another story to come. For now, though, I want to say that I am more fortunate than I sometimes remember.

I’m thankful to be challenged to remember this.

Farewell, Cult of Rules

O, bloggers and lovers,

Today a friend asked what I thought about dating men with kids. Some of her friends said it was cool. Others said it was a never-do.

I wouldn’t have offered an opinion unsolicited, but I’d been asked.

“Ugh!” I began. “All these stupid rules!”

I don’t support rules for love, or blogging, or most non-paying endeavors.

(I get enough from the government and the workplace, thank you very much.)

When people say you can never date someone who has kids, they’re strangling love before it can even begin to grow. Read more…

%d bloggers like this: