The Shifting Privacy Left Podcast

30 Episodes
Subscribe

By: Debra J. Farber (Shifting Privacy Left)

Shifting Privacy Left features lively discussions on the need for organizations to embed privacy by design into the UX/UI, architecture, engineering / DevOps and the overall product development processes BEFORE code or products are ever shipped. Each Tuesday, we publish a new episode that features interviews with privacy engineers, technologists, researchers, ethicists, innovators, market makers, and industry thought leaders. We dive deeply into this subject and unpack the exciting elements of emerging technologies and tech stacks that are driving privacy innovation; strategies and tactics that win trust; privacy pitfalls to avoid; privacy tech issues ripped from the headlines; and other...

S2E28: "BigTech Privacy; Responsible AI; and Bias Bounties at DEF CON" with Jutta Williams (Reddit)
#28
Last Tuesday at 1:00 PM

This week, I welcome Jutta Williams, Head of Privacy & Assurance at Reddit, Co-founder of Humane Intelligence and BiasBounty.ai, Privacy & Responsible AI Evangelist, and Startup Board Advisor. With a long history of accomplishments in privacy engineering, Jutta has a unique perspective on the growing field.

In our conversation, we discuss her transition from security engineering to privacy engineering; how privacy cultures differ across social media companies where she's worked: Google, Facebook, Twitter, and now Reddit; the overlap of the privacy engineering & responsible AI; how her non-profit, Humane Intelligence, supports AI model owners; her experience launching the largest...


S2E27: "Automated Privacy Decisions: Usability vs. Lawfulness" with Simone Fischer-Hübner & Victor Morel
#27
09/12/2023

Today, I welcome Victor Morrel, PhD and Simone Fischer-Hübner, PhD to discuss their recent paper, "Automating Privacy Decisions – where to draw the line?" and their proposed classification scheme. We dive into the complexity of automating privacy decisions and emphasize the importance of maintaining both compliance and usability (e.g., via user control and informed consent). Simone is a Professor of Computer Science at Karlstad University with over 30 years of privacy & security research experience. Victor is a post-doc researcher at Chalmers University's Security & Privacy Lab, focusing on privacy, data protection, and technology ethics.

Together, they share their pri...


S2E26: "Building Ethical Machines" with Reid Blackman, PhD (Virtue Consultants)
#26
09/05/2023

This week, I welcome philosopher, author, & AI ethics expert, Reid Blackman, Ph.D., to discuss Ethical AI. Reid authored the book, "Ethical Machines," and is the CEO & Founder of Virtue Consultants, a digital ethical risk consultancy. His extensive background in philosophy & ethics, coupled with his engagement with orgs like AWS, U.S. Bank, the FBI, & NASA, offers a unique perspective on the challenges & misconceptions surrounding AI ethics.

In our conversation, we discuss 'passive privacy' & 'active privacy' and the need for individuals to exercise control over their data. Reid explains how the quest to train data for ML...


S2E25: "Anonymization & Deletion at Scale" with Engin Bozdag (Uber) & Stefano Bennati (HERE)
#25
08/29/2023

This week, we're chatting with Engin Bozdag, Senior Staff Privacy Architect at Uber, and Stefano Bennati, Privacy Engineer at HERE Technologies. Today, we explore their recent IWPE'23 talk, "Can Location Data Truly be Anonymized: a risk-based approach to location data anonymization" and discuss the technical & business challenges to obtain anonymization. We also discuss the role of Privacy Engineers, how to choose a career path, and the importance of embedding privacy into product development & DevPrivOps; collaborating with cross-functional teams; & staying up-to-date with emerging trends.


Topics Covered:

Common roadblocks privacy engineers face with anonymization techniques...


S2E24: Cloud-Native Privacy Engineering via DevPrivOps with Elias Grünewald (TU Berlin)
#24
08/22/2023

This week’s guest is Elias Grünewald, Privacy Engineering Research Associate at Technical University, Berlin, where he focuses on cloud-native privacy engineering, transparency, accountability, distributed systems, & privacy regulation. 

In this conversation, we discuss the challenge of designing privacy into modern cloud architectures; how shifting left into DevPrivOps can embed privacy within agile development methods; how to blend privacy engineering & cloud engineering; the Hawk DevOps Framework; and what the Shared Responsibilities Model for cloud lacks. 

Topics Covered:

Elias's courses at TU Berlin: "Programming Practical Privacy: Web-based Application Engineering & Data Management" & "Advan...


S2E23: "Navigating the Privacy Engineering Job Market" with George Ratcliffe (Stott & May)
#23
08/15/2023

This week, my guest is George Ratcliffe, Head of the Privacy GRC & Cryptography Executive Search Practice at recruitment firm, Stott & May.

In this conversation, we discuss the current market climate & hiring trends for technical privacy roles; the need for higher technical capabilities across the industry;  pay ranges within different technical privacy roles; and George’s tips and tools for applicants interested in, entering, and/or transitioning into the privacy industry. 

Topics Covered:

Whether the hiring trends are picking back up for technical privacy rolesThe three 'Privacy Engineering' roles that companies seek to hire...


S2E22: Why You Need an 'Outside-In' Approach to Privacy Risk Monitoring with Sanjay Saini (Privaini)
#22
08/01/2023

Get ready for an eye-opening conversation with Sanjay Saini, the founder and CEO of Privaini, a groundbreaking privacy tech company. Sanjay's journey is not only impressive due to his role in creating high-performance teams that have built entirely new product categories, but also for the invaluable lessons he learned from his grandfather about the pillars of successful companies - trust and human connections. In our discussion, Sanjay shares how Privaini is raising the privacy bar by constructing the world's largest repository of company privacy policies and practices. It's a fascinating dive into the future of privacy risk management.
<...


S2E21: Containing Big Tech, Federal Privacy Law, & Investing in Privacy Tech with Tom Kemp (Kemp Au Ventures)
#21
07/11/2023

This week’s guest is Tom Kemp: author; entrepreneur; former Co-Founder & CEO of Centrify (now called Delinia), a leading cybersecurity cloud provider; and a Silicon Valley-based Seed Investor and Policy Advisor. Tom led campaign marketing efforts in 2020 to pass California Proposition 24, the California Privacy Rights Act, (CPRA), and is currently co-authoring the California Delete Act bill.

In this conversation, we discuss chapters within Tom’s new book, Containing Big Tech: How to Protect Our CIVIL RIGHTS, ECONOMY, and DEMOCRACY; how big tech is using AI to feed into the attention economy; what should go into a U.S. fe...


S2E20: Location Privacy, Data Brokers & Privacy Datasets with Jeff Jockisch
#20
07/05/2023

This week’s guest is Jeff Jockisch, Partner at Avantis Privacy and co-host of the weekly LinkedIn Live event, Your Bytes = Your Rights, a town hall-style discussion around ownership, digital rights, and privacy. Jeff is currently a data privacy researcher at PrivacyPlan, where he focuses specifically on privacy data sets. 

In this conversation, we delve into current risks to location privacy; how precise location data really is; how humans can have more control over their data; and what organizations can do to protect humans’ data privacy. 

For access to a dataset of data resources and privac...


S2E19: Privacy Threat Modeling - Mitigating Privacy Threats in Software with Kim Wuyts (KU Leuven)
#19
06/27/2023

This week's guest is Kim Wuyts, Senior Postdoctoral Researcher at the DistriNet Research Group at the Department of Computer Science at KU Leuven. Kim is one of the leading minds behind the development and extension of LINDDUN, a privacy threat modeling framework that mitigates privacy threats in software systems.

In this conversation, we discuss threat modeling based on the Threat Modeling Manifesto Kim co-authored; the benefits to using the LINDDUN privacy threat model framework; and how to bridge the gap between privacy-enhancing technologies (PETs) in academia and the commercial world.    

Topics Covered:

The...


S2E18: Making Digital Contact Cards Private, Shareable & Updatable with Brad Dominy (Neucards)
#18
05/16/2023

I am delighted to welcome my next guest, Brad Dominy. Brad is a MacOS and iOS developer and Founder & Inventor of Neucards, a privacy-preserving app that enables secure shareable and updatable digital contacts. In this conversation, we delve into why personally managing our digital contacts has been so difficult and Brad's novel approach to securely manage our contacts, architected with privacy by design and default.

Contacts have always been the “junk drawer” of digital data, where people have information that they want to keep up-to-date, but are rarely able to based on current technology. The vCard standard is o...


S2E17 - Noise in the Machine: How to Assess, Design & Deploy 'Differential Privacy' with Damien Desfontaines (Tumult Labs)
#17
05/09/2023

In this week’s episode, I speak with Damien Desfontaines, also known by the pseudonym “Ted”, who is the Staff Scientist at Tumult Labs, a startup leading the way on differential privacy. In Damien’s career, he has led an Anonymization Consulting Team at Google and specializes in making it easy to safely anonymize data. Damien earned his PhD and wrote his thesis at ETH Zurich, as well as his Master's Degree in Mathematical Logic and Theoretical Computer Science.

Tumult Labs’ platform makes differential privacy useful by making it easy to create innovative privacy and enabling data products t...


S2E16: Words with Impact; Communication Tips for Privacy Technologists with Melanie Ensign (Discernible)
#16
05/02/2023

I'm delighted to welcome guest, Melanie Ensign, Founder and CEO of Discernible, where she helps organizations adopt effective communication strategies to improve risk-related outcomes. She's managed security & privacy communications for some of the world's most notable brands, including Facebook, Uber & AT&T.

Melanie counsels executives and technical teams to cut through internal politics, dysfunctional inertia & meaningless metrics. For the past 10 years, she's also led the press department & communication strategy for DEF CON. Also, Melanie is an accomplished scuba diver and brings lessons learned preventing, preparing for & navigating unexpected high-risk underwater incidents to her work in security & privacy...


S2E15: 'Watching the Watchers: Transparency & Control Research' with Umar Iqbal, PhD (University of Washington)
#15
04/18/2023

This week's guest is Umar Iqbal, PhD, a Postdoctoral Scholar at the Paul G. Allen School of Computer Science & Engineering at the University of Washington, working in the Security and Privacy Research Lab. Umar focuses his research on two themes: 1) bringing transparency into data collection and usage practices, and 2) enabling individuals to have control over their own data by identifying & restricting privacy-invasive data collection & usage practices of online services


His long-term research vision is to create an environment where users can reap the benefits of technology without losing their privacy by enabling preemptive privacy protections and...


S2E14: Addressing Privacy with Static Analysis Techniques Like ‘Taint-Tracking’ & ‘Data Flow Analysis’ with Suchakra Sharma (Privado.ai)
#14
04/11/2023

This week, we welcome Suchakra Sharma, Chief Scientist at Privado.ai, where he builds code analysis tools for data privacy & security. Previously, he earned his PhD in Computer Engineering from Polytechnique Montreal, where he worked on eBPF Technology and hardware-assisted tracing techniques for OS Analysis. In this conversation, we delve into Suchakra’s background in shifting left for security and how he applies traditional, tested static analysis techniques — such as 'taint tracking' and 'data flow analysis' — for use on large code bases at scale to help fix privacy leaks right at the source.

---------
Thank you to...


S2E13: Diving Deep into Fully Homomorphic Encryption (FHE) with Kurt R. Rohloff (Duality Technologies)
#13
04/04/2023

I am delighted to welcome this week’s guest, Kurt Rohloff. Kurt is the CTO and Co-Founder of Duality Technologies, a privacy tech company that enables organizations to leverage data across their ecosystem and generate joint insights for better business while preserving privacy. Kurt was also Co-Founder of the OpenFHE Homomorphic Encryption Software Library that enables practical and usable privacy and collaborative data analytics.

He's successfully led teams that are developing, transitioning, and applying first-in-the-world technology capabilities for both the Department of Defense as well as for commercial use. Kurt specializes in generating, developing, and co...


S2E12: 'Building Powerful ML Models with Privacy & Ethics' with Katharine Jarmul (ThoughtWorks)
#12
03/28/2023

This week, I'm joined by Katharine Jarmul, Principal Data Scientist at Thoughtworks & author of the the forthcoming book, "Practical Data Privacy: Enhancing Privacy and Security in Data." Katharine began asking questions similar to those of today's ethical machine learning community as a university student working on her undergrad thesis during the war in Iraq. She focused that research on natural language processing and investigated the statistical differences between embedded & non-embedded reporters. In our conversation, we discuss ethical & secure machine learning approaches, threat modeling against adversarial attacks, the importance of distributed data setups, and what Katharine wants data scientists to...


S2E11: Lessons Learned as a Privacy Engineering Manager with Menotti Minutillo (ex-Twitter & Uber)
#11
03/21/2023

This week, we gain insights into the profession of privacy engineering with guest Menotti Minutillo, a Sr. Privacy Engineering Manager with 15+ years of experience leading critical programs and product delivery at companies like Uber, Thrive Global & Twitter. He started his career in 2007 on Wall Street as a DevOps & Infrastructure Engineer; and now, Menotti is a sought-after technical privacy expert and Privacy Tech Advisor. In this conversation, we discuss privacy engineering approaches that have work, the skillsets required for privacy engineering, and the current climate for landing privacy engineering roles.

Menotti sees privacy engineering as the practice of...


S2E10: Leveraging Synthetic Data and Privacy Guarantees with Lipika Ramaswamy (Gretel.ai)
#10
03/14/2023

This week, we welcome Lipika Ramaswamy, Senior Applied Scientist at Gretel AI, a privacy tech company that makes it simple to generate anonymized and safe synthetic data via APIs. Previously, Lipika worked as a Data Scientist at LeapYear Technologies, and was the Machine Learning Researcher at Harvard University's Privacy Tools Project.


Lipika’s interest in both machine learning and privacy comes from her love of math and things that can be defined with equations. Her interest was piqued in grad school and accidentally walked into a classroom holding a lecture on Applying Differential Privacy fo...


S2E9: Personalized Noise, Decaying Photos, & Digital Forgetting with Apu Kapadia (Indiana University Bloomington)
#9
03/07/2023

In this episode, I'm delighted to welcome Apu Kapadia, Professor of Computer Science and Informatics at the School of Informatics and Computing, Indiana University. His research is focused on the privacy implications of ubiquitous cameras and online photo sharing. More recently, he has examined the cybersecurity and privacy challenges posed by AI-based smart voice assistants that can listen and converse with us.


Prof. Kapadia has been excited by anonymized networks since childhood. He has memories of watching movies where a telephone call was being routed around the world so that it became impossible to trace. What...


S2E8: Leveraging Federated Learning for Input Privacy with Victor Platt
#8
02/28/2023

Victor Platt is a Senior AI Security and Privacy Strategist who previously served as Head of Security and Privacy for privacy tech company, Integrate.ai. Victor was formerly a founding member of the Risk AI Team with Omnia AI, Deloitt’s artificial intelligence practice in Canada. He joins today to discuss privacy enhancing technologies (PETs) that are shaping industries around the world, with a focus on federated learning.

---------
Thank you to our sponsor, Privado, the developer-friendly privacy platform
---------


Victor views PETs as functional requirements an...


S2E7: Bring Your Own Data, ChatGPT & Personal AIs with Markus Lampinen (Prifina)
#7
02/21/2023

In this conversation with Markus Lampinen, Co-founder and CEO at Prifina, a personal data platform, we discuss meaty topics like: Prifina’s approach to building privacy-respected apps for consumer wearable sensors; LLMs (Large Language Models) like Chat GPT; and why we should consider training our own personal AIs.

Markus shares his entrepreneurial journey in the privacy world and how he is “the biggest data nerd you’ll find.” It started with tracking his own data, like his eating habits, activity, sleep, and stress, an then he built his company around that interest. His curiosity about what you can glea...


S2E6: 'Privacy Left Trust' with Gary LaFever (Anonos)
#6
02/14/2023

Today, I welcome Gary LaFever, co-CEO & GC at Anonos; WEF Global Innovator; and a solutions-oriented futurist with a computer science and legal background. Gary has over 35 years of technical, legal and policy experience that enables him to approach issues from multiple perspectives. I last saw Gary when we shared the stage at a RegTech conference in London six years ago, and it was a pleasure to speak with him again to discuss how the Schrems II decision coupled with the increasing prevalence of data breaches and ransomware attacks have shifted privacy left from optional to mandatory, necessitating a "privacy...


S2E5 - What's New in Privacy-by-Design with R. Jason Cronk (IOPD)
#5
02/07/2023

R. Jason Cronk is the Founder of the Institute of Operational Privacy Design (IOPD) and CEO of Enterprivacy Consulting Group, as well as the author of Strategic Privacy by Design. I recently caught up with Jason at the annual Privacy Law Salon event and had a conversation about the socio-technical challenges of privacy, different privacy-by-design frameworks that he’s worked on, and his thoughts on some hot topics in the web privacy space.

---------
Thank you to our sponsor, Privado, the developer-friendly privacy platform
---------

We start of...


S2E4: Training the Next Wave of Privacy Engineers with Nishant Bhajaria (Uber)
#4
01/31/2023

Nishant Bhajaria is the Director of Privacy Engineering, Architecture, & Analytics at Uber and Author of "Data Privacy: A Runbook for Engineers.” He’s also an Advisor to Data Protocol, Privado & Piiano. In our conversation, we discuss privacy engineering trends, educational materials that Nishant has developed, and his advice to privacy technologists, engineers, and hiring managers. 

---------
Thank you to our sponsor, Privado, the developer-friendly privacy platform
---------


Nishant is a great example of a cross-functional, influential agent who has adapted to the ever-growing privacy discipline. He descr...


S2E3: Fixing Consent & Transparency on the Web with Mark Lizar (Digital Transparency Lab)
#3
01/24/2023

To kick off Data Privacy Week 2023, I’m joined by Mark Lizar, CEO of the Digital Transparency Lab and Founder of 0PN: Open Privacy Network. 

Mark is also the Vice Chair of the IEEE Cybersecurity for Next-Generation Connectivity Systems' Human Control & Flow Sub-Committee and Editor & Lead Author of the ANCR Notice Record Specification and Framework at the Kantara Initiative. 

In our conversation, we unpack the current standards and specifications for transparency and data control in the digital space. Mark shares some of the innovative solutions he and his colleagues are working on to brid...


S2E2: "Software Libraries, SBOMs & Wicked Privacy, Oh My!" with Michelle Dennedy (PrivacyCode)
#2
01/10/2023

Michelle Dennedy is Co-Founder & CEO of PrivacyCode, Inc., Partner at Privatus Consulting, and the Co-Author of The Privacy Engineer's Manifesto. In our lively conversation, we discuss the digital cost of information, the privacy problems that her company solves for, and how the Privatus Wicked Privacy™ framework differs from other approaches.

---------
Thank you to our sponsor,
Privado, the developer-friendly privacy platform
---------


As Michelle puts it, we’re living in an ‘innovation palooza’ right now. But, there’s still progress to be made. Michelle highlights how we can cha...


S2E1: Driving Privacy Left: Vehicular Privacy with Andrea Amico (Privacy4Cars)
#1
01/03/2023

Of the almost 300 million cars that are in circulation in the U.S., the vast majority collect consumer’s personal information. Every time you connect your phone via USB or Bluetooth, your car is designed to download data and store it locally. The automotive industry is grossly behind when it comes to data privacy and safety, but that’s where Privacy4Cars comes in. 

Privacy4Cars is the first (and only) privacy tech company focused on identifying the challenges posed by vehicle data. They create solutions to better protect consumers and businesses by offering improved privacy, safety, secur...


S1E9: Funding Web3 Privacy & Recent Web3 Trust Fails with Jim Nasr
#9
12/20/2022

This week, I continue my conversation with Jim Nasr, CEO of Acoer about privacy and using distributed ledger technology (DLT). We discuss his work leading The HBAR Foundation's Privacy Market Development Fund and the trends he sees across grant applicants. We also chat about the collapse of FTX and the ripple effect it’s had on the crypto space. 

---------
Thank you to our sponsor, Privado, the developer-friendly privacy platform
---------


Jim tells us about the types of innovations The HBAR Foundation seeks to fun...


S1E8: Leveraging Distributed Ledgers for Privacy Assurance with Jim Nasr
#8
12/13/2022

Today, I am joined by Jim Nasr, CEO of Acoer. I had the pleasure of collaborating with Jim on several projects during my 6-month stint as Privacy Strategist for Hedera. Jim joins me today to discuss the use of distributed ledger tech (DLT) to provide computational trust for real-time applications. Jim and I speak about the development of secure, privacy-preserving, and traceable technologies, which can gain adoption via open protocols and usable interfaces.

---------
Thank you to our sponsor, Privado, the developer-friendly privacy platform
---------

...