Silicon Valley Disrupts Cybersecurity with 21st Century Privacy

Friday’s Cyber Summit at Stanford looked like it would be business as usual for the Federal Government’s elites.

Two of the panelists are frat brothers and another was Penny Pritzker’s roommate. A small, powerful world on stage here at

Cabinet secretaries in the unusual role of panel moderators cracked jokes about one another and their families and read scripts about what their agencies are doing in cybersecurity.   The awkward diplomatic truth that the leaders of Facebook, Google and Yahoo would not grant an audience to the President and some of his top Cabinet officials sank in as we found occasional valuable information from the smart CEOs on the Summit screen; but our work on the other screens pulled us in more and more.  And then…

Tim Cook walked in (at 2:24 if it doesn’t go there immediately on a mobile screen), and we dropped our work and jaws as his intensity gathered us in and then took the discourse up to a level of vision and passion — for PRIVACY — that blew the event away.

History has shown us that sacrificing our right to privacy can have dire consequences. We still live in a world where all people are not treated equally. Too many people do not feel free to practice their religion or express their opinion, or love who they choose. A world in which that information can make the difference between life and death. If those of us in positions of responsibility fail to do everything in our power to protect the right of privacy, we risk something far more valuable than money, we risk our way of life. Fortunately, technology gives us the tools to avoid these risks and it is my sincere hope that by using them and by working together, we will.

Of course, there was no surprise in his invocation of Apple’s “selling products, not personal data” competitive strategy, but this was something more.  Privacy as freedom of speech, love and religion, without which we can be killed for what we say or believe or whom we love.   What I like about it is that even though it doesn’t make some of the biggest questions any easier to answer — you can be killed by a government or by a terrorist, so should there be exceptions to encryption if there were appropriate restraints on government power?  — it states principles capable of jumping the divide between all of Silicon Valley and Washington, D.C.   Good risk assessment starts with the big harms.

But there was so much more in what he said.  As he noted, his speech came right after the Anthem breach, which I argued is the most harmful breach of personal information on record, because it is a breach of the numbers that make up our broken, static, insecure system of identity management.   I noted that if we cared,  “we could redesign it either across the board or industry-by-industry with dynamic or other more sophisticated and resilient identity systems.”   I was referring to Apple Pay, with its one-time code per transaction per device, and to other dynamic identity management systems in the payments industry, where I have found and argued over the years that organizations can be resilient to breaches because the numbers change.   And here was Tim Cook, describing a future in which government identification can be stored digitally and securely, and announcing that  Apple Pay will be available for federal government transactions in September!

If I may, Washington, public-private partnership should not be primarily about going to California and telling them what you want them to do.  It should be primarily about letting them change what you ARE.  But why read what I write any further when you could be watching him?  Nobody can evangelize like an Apple CEO….