Amanda Cavaleri is a results-driven entrepreneur and startup business development executive. She has 10 years experience at the intersection of shifting demographics and emerging technology, ranging from global concern to hyperlocal concerns along the Rocky Mountains.

Bringing Privacy Mainstream: Building Demand Within Shifting Local and Global Demographics
Amanda Cavaleri
https://www.youtube.com/watch?v=mg9In-WDnFc

Abstract

Technological advancements have gifted Generation Z with tools to shape their futures while at the same time gifting longevity to their grandparents. By 2030, there will be 1 billion humans over the age of 65. This demographic has a dramatic upside in protecting their privacy, including preventing financial fraud, harassing robocalls, and leaking detrimental health data, but where do we begin? Technology that speaks directly to the needs of this cohort will build strong lobbying coalitions and an even stronger consumer base. Protecting and enhancing privacy for the Baby Boomers has the potential to build the foundational user-base for privacy-centric solutions as they largely can afford to support it and value the implications.

Transcription

And we just hatched a little plan to get Jerry back-up here to the last of my last five minutes because I think the law is pretty to understand. So if you could let me know when that is so we can get him up here and have some of my five minutes that’s super important. A little bit more than mainstream got to focus on the law first.

So I’m Amanda Cavaleri I actually grew up in Colorado so welcome. Who is visiting? Oh nice, awesome, so thanks for coming if you want food recommendations or hikes or anything, let me know. I’ll give you one tip but you can’t share, I don’t how the internet it’s going to see out but is my favorite restaurant for lunch is called Domo is this Japanese restaurant, D-O-M-O. And they have like the-- diner is great as well but lunch is really where it’s at. So thank you so much for having me. I definitely feel a little underqualified or very underqualified in this room but I will do my best to try to share some of my experiences and kind of hopes for what this space can do in regards to privacy as well. And how we may be able to connect to the mainstream a little bit more.

So my background actually got into this space - and I don’t have slides, and if you all have questions just like throw them at me so this is more as a conversation. So it would be a little bit rowdy if you’re up for it. So I actually was in healthcare tech for a long time and was seeing the HIPPAA regulations to me don’t really protect people’s privacy there’s so many security vulnerabilities and issues that it’s just, it’s phenomenal what we’re doing with people’s personal healthcare data. And to me from an ethical side especially working with 50 plus populations, you have a lot of multiple chronic conditions as well as you get older. And it does prohibit people from getting help when their data information is out there. So I think anonymity and privacy with healthcare is especially important for people to get the care that they need and to ask for help for things.

So that’s how I got into distributed ledger.

[inaudible]

Yeah, we can look at a couple of extremes. So let’s go with older or even middle age, you’re having memory issues, maybe you have early-onset Alzheimer’s but you’re embarrassed about it because it could hurt your career. All sort of things. So why would you get help? I mean, I think it’s a lot of people. An accident happens or yeah addiction all sorts of different things will stop people from being open about their health.

So that’s how I got here.

And so I had the opportunity to do some work with Carnegie Mellon University we were working on some machine learning, applications, and robotics applications. Around how to enable people to live in their homes longer if that’s where they want to live. And that’s where the healthcare or the privacy factor came in quite a bit. People were thinking about it but didn’t really know to solve it. So last year I had the opportunity to work with, basically, the godfather of the space David Chaum, C-H-A-U-M. So he’s the CEO of DigiCash and then Mix-Nets, he’s the man. So I got to learn from him. And we got to travel around the world with his start-up and so I got to see some global trends and coming at this from a totally non-blockchain background. Got to look at things in a global perspective. So again, if we’re looking at aging by 2030, 1 billion people in the world will be over the age of 65. So that’s a pretty decent chunk and I think it’s a part of the population a lot of us maybe think about as last as being adopters of tech but they very much value their privacy. So when we’re creating this technologies and putting information into computers. So he’s like, “Well, where is this data going what’s happening with this”. They are the only population that consistently asks, what’s happening with my data.

So I think it’s very much an overlooked demographic that would be very, very, very great advocates for some of the work that we’re doing. So that’s a little bit on one part of the population to consider that maybe isn’t. In front of minds, the other issues with that group is there is a lot of financial fraud. So having more data out there and having access to their information - reports vary but it could be 3 billion to I think 35 or 36 billion per year in financial fraud with older population. So that’s a huge chunk of money and a pretty big burden on society because they live on a fixed income and then go to Medicaid and then so we’re paying -- in the end, we’re paying a lot more by not protecting these vulnerable populations. I think that’s another way to think about the importance of privacy that maybe we don’t think about every day until it happens into a family member.

Is there anyone who is into healthcare tech at all in here? Yeah, we’ve got like two. Okay, so we won’t talk about that. But it is interesting and I think is a great use case for all of us to consider.

So while working with David and then outside of that as well before, there are some really interesting projects that I think could be good examples that are very local, very hyper-local and then some that are global. And one that I found really interesting, has anyone ever heard about Sardex? In Sardinia off of Italy? So they’ve been around since 2009-2010 I think they got their first customer. But it’s basically, an electronic system of mutual credit and they’re really interesting because they did pretty well when the rest of the economy in Italy was tanking. Sardinia did a little bit better so as far as looking at like bigger economic use cases they’re really interesting group to look at as we build out products for this space.

As far privacy goes, they’re not super private but I think if you’re looking hyper-local that’s a really interesting place to look. And then in the US - Jerry and I talked a little bit about Wyoming and we need to check out on how the federal laws work with everything - but if you’re working on a very local project Wyoming has a lot of new regulations and it might be worth with digging into if you do want to stay the US or base something in the US. So I just think they just passed thirteen bills [inaudible] - Jerry cover that if he has any extra time in his laws.

So that’s another amazing place to think about like basing a business as well. The first LLC ever was actually formed in Jackson Hall. So I think a lot of times we think Delaware based companies for LLC’s, but really Wyoming is pretty interesting in that regards. As far as those things go-- so those are two very local projects that I think have places that are worth looking into while you all are traveling as well. And then as far as mainstream adoption goes for the younger generation so gen Z universities are really a great place to plug yourselves into. Does anyone here do anything with universities or students? A few of us. That might be like an action we can each actually take is to get more involve with universities or coding schools, that’s, that’s huge.

And then one other question I have too is, how many of us have met with an actual legislator in the last year? So a few of us, yeah, kind of. I think that’s another thing as well, there is a lot of fear in the space, fear of change, fear of new things, and if they can put, you know have a decent conversation with people about this and we can come from a more educational approach and just share some of the publications from Coin Center or other aspects who think that’s huge as far as advocacy and mainstream adoption goes because at the end of the day law is extremely important. Which is why I’ll be giving Jerry a few minutes because I think that’s something we definitely need to really grasp and be part of. Otherwise, we’ll get swept and left behind.

So if privacy is something that we all really do value I think it’s looking at these ways that we personally can take steps to get more involved or somehow support behind the scenes. I think that’s huge, so. Does anyone have any question about that? If not I think Jerry’s time is here.

As a baby boomer with grey hair, I have to comment on your talking with a previous talk. And my comment is I see my generation as actually won the last privacy-protecting generation because we were brought up with bearer instruments. So my question is how do you see overall bearer instruments and how you can reach [inaudible] all the people, what is the selling point that you’d see for someone from my generation?

Yeah, so it’s interesting because if we’re talking about boomers specifically - so I just specialize in generational marketing as well - but boomers also, it doesn’t matter if they’re liberal and they were hippies in the 60s or if they served in Vietnam. I think you are absolutely right that privacy is something that a lot of folks in that generation are very passion about. So they very well may be the last holdout. I would say the greatest generations was especially into privacy so World War 2 era. So I mean, I guess it’s tying what is important to that age group, so probably I’m not trying a playoff of a stereotype, but healthcare is something that is important in privacy. And healthcare I think is a stance that can be taken very easily as far as looking at lobbyists and legislators, healthcare is a big deal right now in DC as well as locally. So if you can find the advocacy groups around that and try to work with those groups to teach them about privacy. I mean AARP is probably just as powerful or more than the NRA in DC and I actually had a fellowship with them years ago. So going in and talking to your local AARP office and so that they can then speak to the representatives about privacy on your behalf, I think that’s huge. So it’s finding those influencers and speaking to them about what is important to you. So if it’s healthcare whatever it might be I think that’s probably just a very low hanging fruit and then again talking about something like the financial fraud, privacy can help with so much of that as well. And those are two hot issues for that specific organization so that might be a good thing to tap into. Did that answer? A little. I know not the bearer instruments exactly but I think is...

[inaudible]

mm-hmm. The greatest generation, yeah, yeah. So I mean it’s like, I don’t know, I convinced my grandmother to get on Facebook five years ago and have regretted it ever since because she was right. So she’s off but it’s that our younger generations are sometimes more into what is convenient. So building products that are convenient - like right now I can’t expect my grandmother to be the custodian of her own wallet or her own digital assets. So we have to create these technology so that it’s absolutely seamless in their day to day lives as well. So most of it is, a lot of it is going to be user experience. So maybe it’s bringing more user experience folks in here and more product people in here to help us build actually usable, like fun, friendly products is, is really important too. So it’s a day to day, a day to day thing.

Thank you. So I’m not sure if this falls within your domain of expertise but to what degree do you think the contributions that blockchain-related technology can have to like medical records and medical transactions? To what degree do you think those contribiniutions are going to be related to a decentralized system or a system that is more like a consortium that is sort of entered into by a bunch of private companies that agree to share their data in specific protocols or formats? Does it need to be decentralized should it be decentralized?

I think it should for security breach reasons. So if the data is all stored on the same servers that obviously makes it more vulnerable. So I like that factor but it doesn’t mean that there can’t be a consortium where there’s a small contract and you’re a patient and you agree to share this part of this healthcare record in exchange for a discount in your premium. I think there’s an economic way to make it-- it work for the users and for companies but right now what we’re seeing like with, as that at South by Southwest of a couple of months back and talking into a lot of data scientists. And even a lot of data scientists are coming to those come-to-jesus realizations that what they’re doing with data, one it’s secondary and tertiary market, that data is not even useful because yeah, they have a mailing list of 10 million people but no one’s answering back. But some for some reason these corporations still pay for them sell and send things out on their mailing list. So I think if there’s buy-in from the users or the patients for healthcare specifically and they understand, that what the value-- if they receive value and sharing that information and it’s up to them and that makes sense for them on a fixed income, that’s up to them. But right now is not up to people, I mean you look at what’s going on with data and healthcare and you see - right now it’s still the hot topic. So we’re kind of obsessing about privacy in social media, we’re not thinking about in healthcare yet in the mainstream.

[inaudible]

What are your thoughts on releasing data as part of an emergency process from an ER standpoint? If I’m in control of my data and I’m unconscious to make that digital signature or whatever it needs to be and I can’t release it to the hospital, just kind of general thoughts in that area I guess.

Yeah. I’d say, you look at other things as well you have, look at your driver license, organ donor or not. I think it has to be kind of built into how we’re identified with the government. So at what level are we ok with our information. And maybe some people if they go the ER they don’t want anything released and that’s up to them. That’s what I believe but that’s my personal belief.

[inaudible]

So maybe the driver’s license can or your-- however we’re identified can have some sort of smart contract on it that says, “if this then that, if this then that”. So it’s like putting a living will almost having a living will with you at all times. I think that’s huge choices. So important. And then you look at - I spent some time in Puerto Rico because it is an aging population after the hurricanes hit and they didn’t even know how many people died. So I think we do really need to figure that out, we’re too advance to not have that unlocked down.

Hello, yeah, once you release data to some company. How do you stop them from using it somewhere else or sending it to someone else?

That has to be -- I mean that’s up to the company. I think in you knowing what you’re signing up for and if they breach that agreement how can you pursue legal action. I think that’s-- they will see more like class-action lawsuits out of data privacy breaches and maybe that will help some of these companies start to not do things like that. And then with GDPR becoming stronger out of Europe and more attention being placed on privacy and data, theoretically that should get better. But I think unfortunately it’s probably going to be consumers being very mindful and keeping track of everything. So it’s a lot of noise, it’s very overwhelming. So that’s why if we can make our products very usable and build privacy in on a subconscious level I think that’s really what we need to do is make it as passive as possible.

So while I love the beautiful wallets and everything - I think maybe most of us in this room are capable of using that type of technology - I know my grandparents can’t and they’re the ones that are probably the most vulnerable with privacy as well.

Okay, Jerry is time for your law lecture, thank you I appreciate it.

[applause]

Look I think maybe the better thing to do would be to take any questions you all might have. What I’ll say is this, is that, what our approach has been this. When we’ve been talking to policymakers say members of Congress or staffers usually the privacy question comes up and they’ll say something like, “But isn’t this stuff anonymous, isn’t something that criminals can use to hide what they’re doing?”. And we’ve always been able to say to that for the last five, six, seven years is, “Not actually it’s not anonymous at all. The blockchain is completely transparent, all transactions are public and law enforcements actually can see what’s happening. And here our friends at Chainalysis and they can show you how they do this. And here’s our friend Katie Haun and she shows can show you how she’s prosecuted people with evidence from the blockchain. And they’re, “Okay”. So they’re satisfied with that and that’s a very good story that we’ve been able to tell.

But over the last year-18 months, we now, when we tell the story somebody says, “But what about Monero? Or what about Zcash?” and we’re like, “that’s a good question”. And we can talk about that and so what we’ve been developing here - we’ve always known that we would get to the day when we would have to explicitly address that. And that’s what we’re doing here with our series of papers. So our approach is go-one-two-punch. One is making the moral case for cash, we say, “Hey, this stuff is no different than cash, cash that you and I have Mr. Congressman in our pockets right now. That’s completely anonymous but there’s something wrong with that, in fact, it underpins an open society that you officer, director care about. Which is why you do what you do.” So we, we make that moral case. And then the second thing that we do which is what the second paper that Peter Van Valkenburg wrote for us. What it does is, is that it says, “And by the way, here are the constitutional limits to what regulation aimed at electronic cash are.” And so what I’ll say is this, is that the way we approach it we think that electronic cash should be treated no differently than cash. And so what does that mean? It means that you’re free to hold it and use it. And if it’s yours, you can do whatever you want with it as long as you’re doing within the law. You can’t obviously do something against the law but not because you’re using cash but because the thing that you’re doing is against the law.

We’ve got something called the Bank Secrecy Act. The Bank Secrecy Act is the law that requires intermediaries to do KYC, to know their customers, to register with FinCEN - Financial Crimes Enforcement Network at Treasury to file suspicious activity reports etc., etc. And that law really has something to do with cash or individuals ability to use with cash. That’s not regulated. It does require that intermediaries report, there’s something called cash transaction reports, so if you go to your bank and you want to withdraw $20,000 in cash. You can do that, is your money. You can just go in there and ask for it and they will give you $20,000 in cash but they are obligated to report to FinCEN that you’ve withdrawn that money. As long as there is that parity we think that you can apply - that is so you know to your extent that regulators, policymakers are looking for a regime to deal with electronic cash. We’re saying, “Just treat it no differently than cash”, but once you’ve got the cash you know there’s no reporting there’s no surveillance there.

So in the question, you might be asking yourself is, “Wait a minute, you’ve got the Banck Secrecy Act a Bank Secrecy Act basically is a warrantless mass surveillance scheme, where intermediaries, all the banks in the country are deputized to report on their customers. How is that constitutional?” And the answer is, there’s something called the Third-Party Doctrine. That was developed by the Supreme Court. And basically, it says this, it says, “When you as an individual voluntarily give information, that otherwise would be private, you give information voluntarily to a third-party, your bank let’s say. And your bank has - and that third-party, the bank has a legitimate business purpose for having it then you no longer have an expectation of privacy. And so Fourth Amendment protection against warrantless search don’t exist.

What we would say is two things - and I’ve got 38 seconds and I swear I’ll take questions later out if anybody, any of you want to ask me - what we say is this, when you use electronic cash systems without intermediaries, when you’re using it peer-to-peer, number one you’re not volunteering any information about yourselves and the validators who are validating transactions don’t have any legitimate business purpose for knowing any of your personal data. So for example, if you write a check and you give it to your bank or the person, you’re payees gives it to the bank to cash it, the check necessarily - the bank has to know your name so they can know who to withdraw it from and they have to know the name of the person that you’re paying so they can deposit it in their account. And they have to know the amount, so you know how much and you’re giving that data voluntarily.

In an electronic cash systems, especially privacy-preserving electronic cash systems, you’re not giving up any voluntarily data and the system does not have any legitimate purpose for requiring that data. So what we say is, is that any requirements that would basically impose BSA type of regulations on the network itself or on developers is unconstitutional under the Fourth Amendment. And the way you would typically go about requiring that is that you would go to developers and say, “You’ve got to write this in. You’ve got to write in this backdoor”, it’s actually. And what we would say there is, that, that is compelled speech, which would be a violation of the First Amendment.

So I’ll stop there and ask me any questions later.

[applause]