Upcoming Discussion of Disruptive Innovation

This week I will be presenting my newest paper, Mortgaging the Meme: Lessons for Financing Disruptive Innovation, which is available for free download from my SSRN page. (SSRN is the Social Science Research Network – a very useful database of scholarly articles from a number of disciplines.)

The presentation is being previewed at the University of Dayton Law School and presented at the International Business Law Conference in London. I thought I’d share my abstract and hope you take the time to review the paper. I look forward to any comments you might have.

Disruptive innovation can be described as the introduction of a new conceptual idea or meme into an existing system that causes the system to be fundamentally altered. Assembly lines, air conditioning, digital film, and personal computers represent such innovations, all of which led to fundamental paradigm shifts.

The convergence of globalization, a networked economy, and digital technologies have made disruptive innovation a threat in almost every industry. Changes to publishing, music, and television distribution – along with the rise of social media – highlight this transformation, but they are not alone; manufacturing, retail, payment systems, transportation and other industries are struggling with volatile upheaval caused by such change.

Disruptive innovation, however, follows predictable patterns. Investors can anticipate these shifts if their financial transactions are properly structured and effectively documented. The model requires a holistic intellectual property approach which looks beyond just patents. It must explicitly incorporate the underlying meme, and it must account for the inflection points in the transformation pattern. Utilizing this model, inventors, private equity investment structures and established firms can maximize value and promote innovation.

This article provides an overview of disruptive innovation from examples of the past decade, identify the underlying patterns of change common to disruptive innovation, highlight strategies to mitigate disruption for existing industry, and address the intellectual property securitization aspects to structure effective deals for both the investors and innovators.

Get the article at http://ssrn.com/abstract=1929530.


Proposed Revisions to COPPA add Photos and other Protections, Comments Sought

On September 15, 2011 the FTC issued proposed revisions to the Children’s Online Privacy Protection Rule (“COPPA”), which establishes the requirements to protect the personal data of children younger than 13 on web sites. The rules specify that parents must consent to the collection of a child’s personal information.

The FTC provides the following summary:

The primary goal of COPPA and the Rule is to place parents in control over what information is collected from their young children online. The Rule was designed to protect children under age 13 while accounting for the dynamic nature of the Internet. The Rule applies to operators of commercial websites and online services directed to children under 13 that collect, use, or disclose personal information from children, and operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13.
Operators covered by the Rule must:

  1. Post a clear and comprehensive privacy policy on their website describing their information practices for children’s personal information;
  2. Provide direct notice to parents and obtain verifiable parental consent, with limited exceptions, before collecting personal information from children;
  3. Give parents the choice of consenting to the operator’s collection and internal use of a child’s information, but prohibiting the operator from disclosing that information to third parties;
  4. Provide parents access to their child’s personal information to review and/or have the information deleted;
  5. Give parents the opportunity to prevent further use or online collection of a child’s personal information;
  6. Maintain the confidentiality, security, and integrity of information they collect from children.

In addition, the Rule prohibits operators from conditioning a child’s participation in an online activity on the child’s providing more information than is reasonably necessary to participate in that activity.

Even a brief review of the COPPA FAQ shows how varied the use of personal information is for websites. Responding to emails falls within an exception to COPPA – but only if the email is not kept by the website, for example.

At the same time, a Sept. 13, 2011 EU report finds that while “Member States and industry are increasingly making efforts to implement EU Recommendations dating from 1998 and 2006 … the measures taken have been insufficient overall.” Facebook, in particular, has come under criticism for its lack of protection for minors 13 or older and for its limited efforts to exclude minors 13 or under. Facebook has no mechanism to comply with COPPA and instead officially does not offer its services to the Tween and pre-teen set, requiring those minors merely to submit a different year of birth to utilize the site.

The proposal retain the under 13 cut-off for COPPA but expand the personal information covered to include audio files, photographs and video that contain images or sound of the minor as well as geolocation information. Some privacy advocates wanted the rules to include zipcode information, gender and date of birth data, but the proposals did not extend that far.

Filling the gap between COPPA and a system that looks away when the child provides the wrong date of birth may be the most important next step.

The FTC is seeking comments on the proposed revisions, which are due on or before November 28, 2011.

Rethinking Terrorism in the Informatics Age

Terrorism cannot be far from American’s minds this week as we commemorate the September 11th attacks, memorialize the heroes who gave their life, and mourn both the lives of those lost and the end of the peace dividend we had hoped to enjoy following the end of the Soviet Union and the wave of democracy that swept through Eastern Europe.

In cyberspace, analysts vacillate between Cold War concerns from China and Russia (and their satellite nations) involving state-sponsored, non-border attacks on the U.S. and the West and terrorist attacks from non-state actors and self-proclaimed freedom fighters.

At the Reuters Aerospace and Defense Summit, defense industry analysts discussed these attacks, many of which “appeared to be state-sponsored and came from multiple countries.” The speakers did not identify any particular government. As reported by Reuters, “every defense company is constantly under attack. If anybody tells you they’re not, it just means they don’t know,” said Northrop Grumman Chief Executive Wes Bush. “It is a threat that is broad-based. It’s not just from one source … and it’s just unceasing.”

In March 2011, a foreign intelligence service stole 24,000 computer files in March from a defense contractor developing systems for the U.S. military. The breach was acknowledged in July. “This was significant,” Deputy Defense Secretary William Lynn told reporters.

Lynn said the attackers swiped “data related to systems that are being developed for the Department of Defense. … It was done, we think, by a foreign intelligence service. In other words a nation state was behind it,” he added. Lynn declined to identify the likely suspected nation involved in the theft.

Earlier in the year, credible evidence pointed to China for attacks on Google and dozens of military defense contractors. Again, the DoD has not officially named the country or countries involved in the attack, but because Chinese dissidents were specifically targeted as well as other evidence, China’s involvement has been widely reported.

Perhaps one of the most damaging of these attacks was to RSA, the security division of EMC. In an comprehensive expose in Vanity Fair, the RSA attacks are explained.  “RSA is the security division of the high-tech company EMC. Its products protect computer networks at the White House, the Central Intelligence Agency, the National Security Agency, the Pentagon, the Department of Homeland Security, most top defense contractors, and a majority of Fortune 500 corporations.”

The RSA and defense-contractor hacks are among the latest battles in a decade-long spy war. Hackers from many countries have been exfiltrating—that is, stealing—intellectual property from American corporations and the U.S. government on a massive scale, and Chinese hackers are among the main culprits. Because virtual attacks can be routed through computer servers anywhere in the world, it is almost impossible to attribute any hack with total certainty.

The DoD is responding. “The new Social Media in Strategic Communication (SMISC) program was submitted under the Defense Advanced Research Projects Agency (DARPA), an arm of the Department of Defense. The goal is to “develop a new science of social networks built on an emerging technology base” to help the agency keep abreast with communication technologies, namely Twitter. This is just one counter-insurgency activity being pursued.

The world is a very different place than it was a decade ago. We are only beginning to understand how much we have lost.


Special thanks to Vince Polley this (and so many other topics). Follow him at KnowConnect PLLC (supplemented by related Tweets: http://twitter.com/vpolley #mirln).

A New Resource Center to Help Respond to Identity Theft

Identity theft continues to be a significant economic drain and extremely frustrating personal experience. 46 States have data breach notification laws to assist individuals whose data may have been compromised and credit card companies are regularly battling this challenge.

On Sept. 7, 2001,  the Consumer Federation of America unveiled a new website, www.IDTheftInfo.org, which features CFA’s Best Practices for Identity Theft Services  and other resources for consumers and businesses.

“IDTheftInfo.org is an easy-to-use gateway for information about identity theft from Consumer Federation of America and other reputable sources,” said Susan Grant, CFA’s Director of Consumer Protection. Visitors to the site can take quizzes to test their ID theft savvy, learn how to protect themselves, and find information about what to do if they become ID theft victims. Advice for businesses about data security is also provided. The “Latest News” section of the website will keep people informed about identity theft-related issues and developments.

Still, it is important to keep identity theft concerns in context, particularly since other commercial preditors prey on consumer fears to promote unnecessary and expensive remedies. According to a  FTC Consumer Sentinel Network February 2010 report identity theft breaks down as follows:

Credit card fraud (17%) was the most common form of reported identity theft, followed by government documents/benefits fraud (16%), phone or utilities fraud (15%), and employment fraud (13%).  Other significant categories of identity theft reported by victims were bank fraud (10%) and loan fraud (4%).

The Consumer Federation of America has itself warned the public of these concerns. In its own report, it cautions “the claims that some identity theft services make are exaggerated or misleading, and it’s not always easy to tell from their Web sites and advertising exactly how these services work, how much they cost, or what protection or assistance they really offer.” Still, the additional resource can only help simply the process of getting help if identity theft occurs.

Of course, the first line of defense is good planning. Keep a good record of each credit card along with the PIN number, log-in and passwords in a safe, off-line location. Quickly contact the issuer of any credit card that has been compromised and if you use common log-ins, consider having all your other cards reissued before any intrusion spreads. By doing the same with banks and credit reporting agencies if the fraud is severe, you can reduce the impact and help stop the thefts.

New School Year Requires Privacy Refresher

As we wave goodbye to the school bus or drop off our college-aged mini-adults on campus, we parents immediately start to wonder what is happening with our students. In the past few years, a host of data issues have parents and school officials struggling to navigate the information superhighway.

The law begins with the Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99). This federal law protects the privacy of student education records. It has reach to almost every educational institution since the law applies to all schools that receive funds under any applicable program of the U.S. Department of Education.

FERPA was made infamous when confusion regarding the law slowed the intervention for medical treatment of a Virginia Tech student who later went on a shooting rampage. As Inside Higher Ed explained at the time, a presidential report stated that ““it was almost universally observed that these fears and misunderstandings likely limit the transfer of information in more significant ways than is required by law.” Since the regulations provide schools the ability to disclose information “to protect the health or safety of the student or other individuals” schools had the ability to disclose information. It took the Virginia Tech attack to make administrations realize the that they need to use the exceptions to the law more fully. Since then, schools have developed emergency responses.

FERPA also provides an excellent model for data privacy. ED.gov provides a useful summary:

FERPA gives parents certain rights with respect to their children’s education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level. Students to whom the rights have transferred are “eligible students.”

Parents or eligible students have the right to inspect and review the student’s education records maintained by the school. Schools are not required to provide copies of records unless, for reasons such as great distance, it is impossible for parents or eligible students to review the records. Schools may charge a fee for copies.

An additional note to those parents who have children under 18-years-old attending college part-time. Some universities continue to be blind to the age specifications of the law and treat the high school students as adults. Parents need to file a FERPA consent form signed by the student in some cases. They should also alert the university to the problem because it may suggest other FERPA misunderstandings.

A trend that has grown in recent years is the ability for students to violate each other’s privacy. Sometimes labeled cyberbullying, students often learn private information about each other, and less often (but still too frequently) they publicize this information to embarrass, harass or tease their classmates.  Last year, a secreted computer video camera in a dorm room led to the outing of a gay Rutger’s student and live streaming of his sexual encounters resulted in his suicide a few days later. Tyler Clementi’s death gave witness to the pain such invasions of privacy can cause, but less extreme acts and less extreme reactions occur far too frequently.

An even more bizarre invasion of privacy occurred a Pennsylvania school spied on students using software delivered to the homes. Allegedly to control misconduct by students, the school secretly installed remote webcam software to monitor student’s activity in their homes. This is one of those incidents that many of us would have dismissed as inconceivable hypothetical concerns – until a governmental body was actually arrogant and thoughtless enough to misuse the technology. Lesson learned.

Students, parents and schools all need to remember the purpose of privacy is to protect people. When it is used to ignore students at risk, the purpose of privacy has been distorted. When it is used to spy on people – whether fellow students or the school’s students – then it is a violation of a person’s individual dignity.

Privacy is a human right and essential to human dignity, self-worth, and a functioning society. While it may have no economic value, it has a profound value to society. FERPA and other laws protect these rights, but they can only manage broad uses and mis-use.

As we go back to school, we need to make the values of privacy one of the lessons to be taught and followed this academic year.