Podcast: Privacy Please Episode 1: Guest Gabe Gumbs

Listen to the show here:

(intro music by Hall and Oates, licensed through Anchor, precedes the show’s discussion)

Show Summary:

Gabe Gumbs, Chief Innovation Officer at Spirion, joins Cameron Ivey on the inaugural episode of “Privacy Please.”

In this episode the two discuss:

  • Digital tools individuals can use to protect their online privacy
  • Gabe’s role at Spirion and what it means to “protect what matters most”
  • The data privacy danger poised by something so innocent as an ice cream rewards card

Links to the resources mentioned in the show:

HTTPS Everywhere

Privacy Badger

Ghostery

AdBlock Plus

Ublock Origin

Disconnect

CCPA

Transcript:

Cameron Ivey: Ladies and gentleman, welcome to Privacy Please. I’m your host, Cameron Ivey, and with me today is Spirion’s own Chief Innovation Officer, Mr. Gabe Gumbs.

Cameron Ivey: Gabe, thanks for coming on.

Gabe Gumbs: Thank you, thanks for having me. Wait a second. Thanks for … am I a cohost?

Cameron Ivey: Yeah, you are a cohost.

Gabe Gumbs: All right. You had me on anyway?

Cameron Ivey: Yeah. This is our first episode of Privacy Please. Gabe Gumbs is the Chief Innovation Officer for Spirion. This podcast is about the convergence of cybersecurity and privacy, and all the things.

Gabe Gumbs: Indeed.

Cameron Ivey: So Gabe, what’s the one thing you do to protect your own privacy?

Gabe Gumbs: I do a lot of things. Or, several things. I think some of those things, more than others.

Gabe Gumbs: I think the one thing I do that is really not terribly difficult, and lots of other people can do it as well, is protect their browsing habits. The Internet is a place that is, by design, one where we can learn a lot about people that visit our websites.

Cameron Ivey: Yeah.

Gabe Gumbs: That can be a good thing, it certainly can be useful when that information is used to provide value back to the consumer. I certainly can say that there’s been a couple of times, maybe more than a couple of times, where I have had what I knew were targeted ads. I read them and said, ah, actually I am interested in that thing.

Cameron Ivey: Yeah.

Gabe Gumbs: Then, you also get a lot of organizations who it’s, unfortunately, hard to know who to trust with your information. So to that end, I use a secure browser, a secure private browser. Keep it in private browsing mode, Firefox in particular.

Cameron Ivey: Okay.

Gabe Gumbs: A number of privacy protecting plugins. One of them is HTTPS Everywhere, from the folks at EFF.org, Electronic Frontier Foundation, great org.  I swear I’m not on the payroll. What that one does is it enforces the use of a secure connection to any site that you attempt to visit. So if you go to http://google.com, it’ll redirect you automatically to the secure version, https. That’s always a good one.

Gabe Gumbs: I use Privacy Badger, which is another great privacy protecting plug in. That one, it learns what to block, especially, there’s a bunch of invisible trackers out there. I don’t want to get too technical and talk about invisible trackers, and super cookies.

Cameron Ivey: Yeah.

Gabe Gumbs: But, suffice it to say, those things exist.

Gabe Gumbs: Ghostery, it’s another one. It blocks ads, stops trackers, and it definitely … You can an improvement in the speed of which using those sites.

Cameron Ivey: Yeah.

Gabe Gumbs: Ad Block Plus, just an old, tried and true favorite. I know there’re some folks who are not a fan of Ad Block Plus, because I guess they have a little bit of a paid model too, where some organizations can still get some access to some of your data, which is why I layer all of these different tools anyway.

Gabe Gumbs: Ublock Origin is another favorite of mine, so I’m a big fan of that one, also. Then finally, Disconnect.

Cameron Ivey: Disconnect, yeah.

Gabe Gumbs: Disconnect, that’s a big one for me, too.

Gabe Gumbs: Absolutely number one thing I do, I am 100% always in privacy browsing, private browsing. It’s not because I’m necessarily doing anything at all, other than wanting to protect my information.

Cameron Ivey: Sure.

Gabe Gumbs: From folks who otherwise, I don’t know always have my best interest in mind.

Cameron Ivey: Great points. Now, to get a little bit more personal, what exactly do you do at Spirion, being the Chief Innovation Officer?

Gabe Gumbs: So you opened up with talking about that convergence of cybersecurity and privacy, I’ve been in cybersecurity for 20 years, maybe 19.

Cameron Ivey: A long time.

Gabe Gumbs: It’s been a while.

Cameron Ivey: Yeah.

Gabe Gumbs: Been a while.

Cameron Ivey: Enough.

Gabe Gumbs: It’s certainly enough. I’ve had enough!

Cameron Ivey: Had enough.

Gabe Gumbs: I’ve had enough.

Gabe Gumbs: So I spent most of that time as a practitioner, in the cybersecurity side of this. Arguably, privacy was always an element to it, although we didn’t talk about it in that sense. Right?

Cameron Ivey: Yeah.

Gabe Gumbs: We talked about protecting data, and protecting company’s data. The truth is, the data that we were protecting, although a lot of that belonged to those organizations, it was a lot of other people’s data in there.

Cameron Ivey: Sure.

Gabe Gumbs: Like your data. I worked for a pharmaceutical organization for a while, and there’s a lot of PHI data of both employees, as well as non-employees. So here at Spirion, I am responsible for setting the direction of our overall product strategy, our portfolio strategy. What are we going to build, why are we building it, who are we building it for? What problems are we solving with it? Then, defining exactly what that technology is that we’re building.

Gabe Gumbs: I spend a lot of time with other security and privacy professionals, understanding their challenges, and then translating that into our overall product portfolio roadmap. Then, we’ve got a team of awesome engineers, that turn that into product.

Cameron Ivey: Awesome. What does that look like, when it comes to … I would imagine that you do a lot of research, trying to stay ahead of the game?

Gabe Gumbs: Yeah.

Cameron Ivey: Where we can … Or, where Spirion can actually be ahead of the game, when it comes to privacy, and compliance, and data security?

Gabe Gumbs: Yeah. There’s a lot of just general market research.

Cameron Ivey: Sure.

Gabe Gumbs: There’s a lot of just understanding the overall market needs of our consumers, and more importantly their customers.

Cameron Ivey: Yeah.

Gabe Gumbs: That’s where their needs arise. That includes just researching, and staying on top of regulations. Privacy regulations in the last 12 months have absolutely exploded.

Cameron Ivey: Yeah.

Gabe Gumbs: We’ve seen more in the last 12 months than we have in the last 100 years, which is kind of ridiculous, but it’s not untrue.

Cameron Ivey: No.

Gabe Gumbs: It’s certainly quite accurate.

Cameron Ivey: Data is everywhere now.

Gabe Gumbs: Yeah, it is everywhere.

Cameron Ivey: Everywhere.

Gabe Gumbs: Yeah. Yeah, for sure. So a lot of research, a lot of technology research also. Building modern applications is certainly quite different than the applications I used to protect, 10 years ago. There is … Again, I don’t want to get too deep into the technical bits and bytes of it.

Cameron Ivey: Yeah.

Gabe Gumbs: Certainly, maybe we do another session where we dive deep on privacy in a very technical level.

Cameron Ivey: Sure.

Gabe Gumbs: But there certainly is a lot, from my perspective, in my chair as the Chief Innovation Officer, of understanding how to bring the best leading technology to market, to be able to solve those problems. That comes in a number of different forms.

Gabe Gumbs: I stay very close to the developer community, and I’m always at conferences, and I’m always reading online, and always reading books. I’ve got a backlog right now, of some technology books that I’m making my way through. It’s just a lot of informing yourself with everything. I’m lucky enough that for me, a lot of that’s not even work.

Cameron Ivey: Yeah.

Gabe Gumbs: It’s just, I enjoy it, I do it. I’m just an absolute rabid consumer of information.

Cameron Ivey: Yeah. That’s the keys to happiness.

Gabe Gumbs: Rabid consumption of information?

Cameron Ivey: Yeah.

Gabe Gumbs: I don’t know if everyone is going to agree with that.

Cameron Ivey: Yeah.

Gabe Gumbs: Fill my plate with more data, please?

Cameron Ivey: Yeah. Well, let’s transition into that topic, around convergence of cybersecurity and privacy, and explain to me what that means to our listeners? Whether it be just normal people that care about their private data, or companies, colleagues, communities, and why it’s so important to protect that data, nowadays more than ever?

Gabe Gumbs: That convergence equally manifests itself in those three personas that you just described, right? Colleagues, communities, and customers. You are a customer of someone also, right?

Cameron Ivey: Yeah.

Gabe Gumbs: I’m sure you are, I am. You have colleagues, we’re colleagues, et cetera. That convergence kind of looks like the following: there’s data that all of those organizations have, whether they’re your credit card companies, or some rewards program from your grocery shopping, whatever those things are. Again, those organizations that need to protect that information, it’s your information they’re protecting, it’s my information that they are protecting, it’s your mothers’, your wives’, your brothers’, it’s everyone’s information. This isn’t just a “I’m protecting a mega corp’s data, or ACME Inc.’s intellectual property around their new jet propelled roller skates, so you can catch more roadrunners.”

Cameron Ivey: Meep meep.

Gabe Gumbs: Yeah, right. Most organizations today literally run on data, that’s not even just some buzzwords.

Cameron Ivey: It’s what it is.

Gabe Gumbs: They monetize that data. Even just down to the Mom-and-Pop level. You see a lot of companies, coffee shops, they’ve got point of sale systems that are …

Cameron Ivey: They’re all easily hacked into.

Gabe Gumbs: Well, forget that part of it. Yeah, let’s just get to the data side of it, but yeah, there might be some of that too.

Cameron Ivey: Yeah.

Gabe Gumbs: You’re not wrong.

Gabe Gumbs: But just on the data side of it, I don’t want to either pick and or promote any particular company, but you’ve been to a point of sale system recently, at any small company.

Cameron Ivey: Sure.

Gabe Gumbs: Again, I’ll take a coffee shop. A lot of them have these very high tech looking point of sale systems. They can take credit card, you can use Apple Pay, you can do all those things.

Cameron Ivey: Yeah.

Gabe Gumbs: One of the other benefits to those vendors is they provide a lot of analytic data to that coffee shop. They can tell you when your busiest hours are, and when you’re making money. They take all that data, and they can provide you with a lot of analytical information.

Cameron Ivey: Yeah.

Gabe Gumbs: Even all the way down to the Mom-and-Pop level, data is driving their business, to some degree. It is informing them as to how they can better run their businesses, and make more money. It is pervasive, in that sense.

Cameron Ivey: That’s a great point, I didn’t even think about it at that level. The fact that it’s-

Gabe Gumbs: I think, like most things, you exist in the world around you, and you pass by some things all the time, and you just don’t even think about the effect it has on your world. Yeah, every time you swipe that credit card at one of those little white terminals, that company shares that data with other companies that have their product, and they tell them things about buying habits, and best times to buy, and even within a 10 mile radius, there’s more activity going on than others, which can lead to a lot of other great information.

Cameron Ivey: Sure.

Gabe Gumbs: It’s like, you totally want to set up your coffee shop over here.

Cameron Ivey: Yeah.

Gabe Gumbs: Rent that space, not the one two blocks that way, because there’s a lot of people that buy coffee.

Cameron Ivey: Over there.

Gabe Gumbs: Right. Or, it’s saturated, and maybe no one is buying coffee over here, so you should set up … At every level, data is being analyzed and used to profit.

Cameron Ivey: Sure.

Gabe Gumbs: Datanomics is a thing.

Cameron Ivey: Yeah. We can jump on an older topic that everybody knows about, which is the Facebook incident …

Gabe Gumbs: Right, right.

Cameron Ivey: With Cambridge Analytica.

Gabe Gumbs: Yeah, yeah. Monetizing data for all kinds of reasons, yeah.

Cameron Ivey: Sure. Well, is that in the same sense, compared to something like when you get a new Apple phone, or you’re signing up for something like Facebook, there’s always that warning, or privacy, read the terms and conditions.

Gabe Gumbs: Who reads that?

Cameron Ivey: Usually nobody.

Gabe Gumbs: Probably no one other than privacy lawyers.

Cameron Ivey: Yeah.

Gabe Gumbs: Scott Giordano reads that.

Cameron Ivey: Yeah, Scott definitely reads that. Shout out to Scott.

Gabe Gumbs: Shout out to Scott Giordano, yes.

Cameron Ivey: How important is that to actually-

Gabe Gumbs: To read?

Cameron Ivey: Yeah. Well, obviously, it’s been looked over and that’s one of the reasons why people are-

Gabe Gumbs: Let me put it this way. It’s fairly important to read and understand, but most of us won’t.

Cameron Ivey: Sure.

Gabe Gumbs: It’s probably better to think about what the worse implications of giving that person information about you may be, and whether or not what you’re getting in return is worth it.

Cameron Ivey: Yeah.

Gabe Gumbs: Right? Here’s a great example, again, in my life, another privacy measure.

Gabe Gumbs: There’s an ice cream shop in town that I like to visit. I’m not going to lie, I like me a little ice cream sometimes.

Cameron Ivey: Is this from your hometown, or from …

Gabe Gumbs: No, right here, right here in town.

Cameron Ivey: Oh, okay. In St. Pete? All right.

Gabe Gumbs: Yeah. Yeah, right in St. Pete. They used to have just a typical reward program, they had a little card. You buy five ice creams, you punch it in, you get the sixth one free.

Cameron Ivey: Yeah, yeah.

Gabe Gumbs: Or, four and you get five, whatever it was.

Cameron Ivey: Totally worth it.

Gabe Gumbs: Absolutely worth it.

Cameron Ivey: Yeah, yeah. Ice cream is life.

Gabe Gumbs: Well?

Cameron Ivey: To me.

Gabe Gumbs: Yeah, sorbet is life. I mean, I like their ice cream. But I’m a sorbet guy, but that’s not the point, though.

Cameron Ivey: Okay.

Gabe Gumbs: The point is, they switched a few months ago to the same royalty program that their point of sale uses.

Cameron Ivey: Sure, okay.

Gabe Gumbs: Now, this point of sale product has this derivative product that keeps track of all of their loyalty program stuff. I had to download an app.

Gabe Gumbs: Last time I was there it was like, “I don’t do that anymore. Just go in the app store and download this app, and you can use it.” I’m like, I’m not longer going to participate in your loyalty program.

Cameron Ivey: Yeah, that changes the game.

Gabe Gumbs: It does change the game.

Cameron Ivey: Yeah.

Gabe Gumbs: I don’t need or want that one free ice cream for every fifth one, that exchange is not worth it.

Cameron Ivey: Yeah.

Gabe Gumbs: The data you are now collecting on me is not worth a scoop of ice cream, sorry.

Cameron Ivey: Well, let’s dive-

Gabe Gumbs: That’s the way you should think about every time you read or don’t read one of those privacy warnings. Forget the details of it, let’s just assume it’s all bad.

Cameron Ivey: Yeah.

Gabe Gumbs: I know that’s a really nihilistic view, but let’s just assume it is. First born, all worldly goods, whatever. Is the thing you’re getting in return worth it? To some people, it is.

Cameron Ivey: Yeah.

Gabe Gumbs: Yeah.

Cameron Ivey: To some people, they don’t care.

Gabe Gumbs: Some people simply don’t care, others don’t think about it.

Cameron Ivey: On that same topic, what does that mean? That means when you download something like an app, or something that you’re actually putting your personal information into, more than likely there’s a reason why there is an actual, please read this, terms and conditions, accept. More than likely, that’s because they’re sharing your data, they’re selling your data. Is that true?

Gabe Gumbs: At a minimum, they’re protecting themselves, if nothing else.

Cameron Ivey: Exactly.

Gabe Gumbs: They may not be doing any of those things, but at a minimum, they’ll be protecting themselves.

Cameron Ivey: Would you say most companies only care about the company, but not necessarily the employees of the company, or the customers? I know that’s a hard topic to jump into.

Gabe Gumbs: Well, it’s a big, broad one. I’m not going to say most companies. I will say this, for profit organizations, they do have a duty to make a profit.

Cameron Ivey: Sure.

Gabe Gumbs: To generate revenue, that is the thing that they are-

Cameron Ivey: User analytics.

Gabe Gumbs: Yeah. That’s not a bad thing, I don’t begrudge capitalism in that sense.

Cameron Ivey: Yeah.

Gabe Gumbs: Late stage capitalism, even. Right, but most companies? I don’t think it’s most. I think there are a number of them that also don’t think about it. So, they’re thinking about the benefits to them, like this ice cream shop’s a really good example of that. The person who runs it, I would say, is a pretty darn good individual, it’s a good person.

Cameron Ivey: Yeah.

Gabe Gumbs: Totally a good person, I would trust this person.

Cameron Ivey: Good intentions, yeah.

Gabe Gumbs: Absolutely, totally trust this person, nice standing in the community, other people I know trust them, yeah.

Cameron Ivey: Who doesn’t trust someone that sells ice cream?

Gabe Gumbs: Well.

Cameron Ivey: Let’s be honest? Unless it’s in the truck.

Gabe Gumbs: Right.

Cameron Ivey: That’s a different story.

Gabe Gumbs: Not the truck ice cream, duly noted.

Cameron Ivey: Stay away, kids.

Gabe Gumbs: Right. That’s only free ice cream in the truck.

Cameron Ivey: Yeah.

Gabe Gumbs: He runs a business, certainly nothing there nefarious. However, all he’s thinking about is simplifying the process for him and his customers, which I totally get. Plus, it also gets him more information, on maybe how to make things better. I’m sure he could track his most loyal customers now, to what flavors of ice cream they buy. Great, I should make more of those flavors.

Cameron Ivey: Sure.

Gabe Gumbs: Has he given any real thought into how the data he’s now collecting on these customers he cares about, and the implications of that? I don’t know, I’ve never had that conversation with him, maybe I should.

Cameron Ivey: He’d be thrown off.

Gabe Gumbs: He might be. I don’t think it’s every company, by any stretch of the imagination, I think there is a groundswell of a privacy revolution that is occurring, certainly at the customer level, so much so that it is driving things like the CCPA regulation, right? The California Consumer Protection Act?

Cameron Ivey: Mm-hmm (affirmative).

Gabe Gumbs: I think that groundswell is there, so these organizations are now being voluntold to care about it.

Cameron Ivey: Sure.

Gabe Gumbs: I don’t think they all got up, every company got out of bed, and thought to themselves, I will be evil today, versus I will not be evil today. Right? That doesn’t mean that the best intentions don’t sometimes go astray.

Cameron Ivey: That’s a good point.

Cameron Ivey: All right, Gabe, to wrap things up, my question for you is, what are you most excited about for 2020?

Gabe Gumbs: That’s a good question. I’m genuinely excited to continue to both watch and participate in this overall privacy revolution that is occurring. The one, again, that is happening on the ground floor, the one where people, everyday people, not just folks like myself, are participating in protecting their privacy, and having a voice about how their data is used, and actively championing causes like CCPA, and so forth. I’m genuinely excited to see how the rest of this plays out.

Gabe Gumbs: As these regulations go into play, it means that everyday people are going to have the opportunity to question organizations about how their information is being used, shared, protected. Now, everyone is not going to care, still.

Cameron Ivey: Yeah.

Gabe Gumbs: That’s a fact. But I’m excited to watch that door open, and people start walking through it.

Cameron Ivey: Citizen security arrests.

Gabe Gumbs: Oh!

Cameron Ivey: That’s what I’m talking about.

Gabe Gumbs: Citizen …

Cameron Ivey: Patent pending.

Gabe Gumbs: Wow.

Cameron Ivey: There we go.

Gabe Gumbs: Wow. Wow, I like it.

Cameron Ivey: Yeah.

Gabe Gumbs: I like it. Make it a thing.

Cameron Ivey: Yeah, I will.

Gabe Gumbs: Absolutely.

Cameron Ivey: On that note, good stuff. I appreciate your time, and we look forward to future episodes with Privacy Please. Thanks for tuning in, and we’ll see you guys next time.

Gabe Gumbs: Cheers.

 

Related Blog Posts

Blog Post
Privacy Please Podcast with Lourdes Turrecha, Founder and CEO of PIX LLC
Blog Post
Privacy Please Podcast with Chris Leach–CISO advisor at CISCO
Blog Post
Podcast Episode: Coronavirus and Work-from-home Privacy concerns with K Royal – Associate General Counsel
Blog Post
Privacy Please Podcast with Michael Santarcangelo of Security Catalyst
Blog Post
Privacy Please Podcast Episode 5: Guest Nina Wyatt, Senior VP and CISO of Sunflower Bank
Blog Post
Episode 3: Privacy Please Podcast with Guest Scott Giordano covering CCPA and GDPR