Chinese Data, Privacy and Enterprise Value; Distributed Counsel 15

Newsletter

I have an excuse, if you must know. I’m working on a big post (an essay almost) and it’s taking more of my time than I would like.  

Bitcoin Gets a Software Upgrade

Coindesk published a thoroughly interesting article on the Bitcoin codebase, which by the way is really, really big: 200 GB if you include the blockchain itself.**  I had no idea there was so much code behind the original.  The piece also delves into some interesting dynamics on wallet interoperability.

The leaves have yet to rust, so it is too early for year end predictions but let me say this: next year will be about custody.  Custody of coins needs a better solution before institutions can wet their beak.  Right now, the popular wallets don’t talk to each other, and they have proven time and again to be insecure.  This is a big problem if you want a pension plan to take a long position.

The Best Use-Case Checklist I Ever Saw

From time to time, I am asked my advice concerning the proper structure for consortia.  In the course of doing some research (in particular regarding Hashed Health), I came across this.  Here are some of the best points:

  • You need to answer four questions with a “yes”: (1) is there an existing network of counterparties that need to share information; (2) do transactions need to be trusted and is there a lack of trust; (3) is there a need for transparency with respect to certain interactions; and (4) is there an alignment of incentives.  When you think about it, lots of solutions in this space are solving problems that don’t have all four yeses.
  • There is a big opportunity in healthcare relating to accurate provider directories, which are lists of providers that are maintained by payor (insurance) networks.  Keeping directories accurate is a cumbersome cost center. And since doctors (for example) participate in lots of networks, the directory problem checks all the yeses.
  • The holy grail of healthcare use cases remains the Electronic Health Record (“EHR”).  If you go to multiple physicians, you will find yourself answering the same questions repeatedly, redundantly, over and over again, saying the same thing.  Imagine one record, accessed on a permissioned basis, containing all your health information. Only blockchains can do this. America’s healthcare companies have proven that they are terrible at interoperability.

GDPR Makes a Company Punch Itself in the Face

Nielsen has become a target of a shareholder class action over GDPR.  The complaint alleges Nielsen and its CEO and CFO failed to prepare their investors or their company for GDPR, resulting in an enormous and unexpected earnings downturn. Apparently, Nielsen claimed it was prepared for GDPR and its impact, only to suffer a severe earnings miss because, alas, “the General Data Protection Regulation and changes in the consumer data privacy landscape impacted our growth rates in the near-term as clients and partners grapple with the changes and work to ensure compliance.”

Privacy regulations have begun to impact enterprise value.  There is no question this trend will continue, with more sectors in more countries finding themselves changing their business models to meet new expectations, from the regulators and the public. The big open question is the contours of these expectations.

We as individuals are easily bought.  Yet, if asked, we want more privacy, it’s just that we also want free email.  So it is an easy sell for regulators to protect us from ourselves with some strict oversight.  GDPR is strong medicine and a prime example of this. The forthcoming California law is another.  But in the other corner are Google and Facebook and a lot of other heavyweights who like things as they are.  The next few years will be fascinating.

Digital Advertising Tax

My dad once told me that there were three certainties in life: death, taxes, and targeted digital advertising.  It now appears the EU is trying to complete the circle by taxing digital advertising to death. We all know by now that targeted advertising will at the very least be heavily regulated and scrutinized under GDPR.  Now an outright tax on targeted advertising is being proposed, but there appears to be some dissension among the regulators on just how to go about it.

Some want a narrow definition, others want to tax entire lines of business.  Some want to include the sale of user data and others wish to avoid it. The sense one gets is that there is much work to be done in building consensus among taxing authorities before anything like a formal proposal is considered.  But there is no question this industry has had a rough few years.

Shapeshift.io Complies with Existing Law, Resulting in Panic

Shapeshift.io is one of the few remaining exchanges that allows trades to be executed without providing identification information. Shapeshift was known as the “exchange without accounts,” which in effect promised total anonymity to traders. That changes now. The exchange has announced “special benefits member program,” which is mandatory, not special, and not a benefit.  It is, however, definitely a KYC program. As Katherine Wu’s excellent thread on the topic makes clear, this was pretty much inevitable.  Nevertheless, some are surprised and disappointed.  A little naive, I feel.

There’s Data, and Then There is Chinese Data

Increasingly, leaders at large American tech companies are being called to the carpet to answer for perceived missteps–whether they be the loss of data (Experian), the misuse of data (Cambridge Analytica), or Russia (everybody).  These are largely, if not entirely, political shows designed to assure the American people that things will be done when, in actuality, not much will be done. The point, however, is to show that we as a society care about these issues; that there is a “too far.” This reflects Americans’ normative expectation of privacy, which is (or at least should be) derived from our understanding of the proper limits of state power in a free democracy.  

There is no better example than the exclusionary rule.  People often believe that violation of the Fourth Amendment, which prohibits among other things search of a person by the state without probable cause, always resulted in the exclusion of evidence.  Not so. Indeed, not until Mapp v. Ohio was decided in 1961, was there a blanket rule rendering unlawfully-obtained evidence inadmissible.  Prior to that, the accused might get to sue, but the evidence got in (depending on the jurisdiction).  A blanket exclusionary rule is something that we take for granted now but at the time it was a big deal.  It meant that a clearly very very guilty criminal could walk on a “technicality.”  And this has happened, lots of times. This is the cost of caring about privacy.

What happens if you don’t care about privacy?  Well, basically China happens.  Through what may be charitably described as apathy to the issue, the Chinese Communist Party can implement:

Now it is a great simplification (and wrong) to say that the Chinese do not care about privacy.  Indeed, there is increasing evidence of pushback in this area.   But there is no governor on the state or the party. There is no Fourth Amendment; no brave court to let criminals go free in service of a higher principle.  They will take the data they want. Here, we at least pretend that is not the case.

** An earlier version of this post did not contain this qualification.  An astute and technically proficient friend of the blog has informed me that “the tarballed source code is only 7MB. The code seems to be 1 GB including all the libraries, etc.”  So it looks like the actual code is much smaller.

 

Leave a Reply

Your email address will not be published. Required fields are marked *