Skip to content

Chas Kissick, MPP candidate

"It’s not often that I walk away from a talk with a completely new perspective, but data privacy and cyber security expert David Medine’s visit on Tuesday, February 25th made me do just that."

David Medine visited Duke to share his insights from three perspectives: as a privacy expert working on protecting financial data in developing countries, as the ex-Chairman of the Privacy and Civil Liberties Oversight Board, and as a thought leader in potential U.S. regulation of cybersecurity and data protection. I was fortunate enough to be able to attend all three of his talks and to learn from his expertise on a diverse range of subjects.

Over lunch in Rubenstein Hall, Medine told students about his work at Consultative Group to Assist the Poor (CGAP), a think tank working to fight poverty through financial services in developing countries, mainly in Africa. Medine considers himself fortunate to have a blank slate on which he is working to protect the financial data that is being produced by services like mobile finance and micro-lending.

Medine advocates for data security on three dimensions.

The first is to improve informed consent, including a "legitimate purposes test" to require companies to use data only for the purpose announced to users when collecting it.

The second is to create regional cybersecurity resource centers so poor countries can pool resources to develop cybersecurity expertise that would otherwise be unaffordable.

The third dimension is in researching people’s willingness to pay for privacy protection, and to use that research to advocate for better policy.

Medine has found that 60 percent of people are willing to pay more interest on microloans in exchange for privacy protection, defying conventional wisdom on the value we give privacy in the West. CGAP can use this information to show companies that providing privacy can have economic benefits and to give policymakers proof to point to that they are serving their constituency when developing privacy regulations.

Later in the day, Medine was a guest lecturer in one of my favorite classes, PubPol 590/Law 716: Cyber Security, Privacy and Government Surveillance, taught jointly by Professors David Hoffman and Chris Schroeder. Medine shared his experience as the founding Chairman of the Privacy and Civil Liberties Oversight Board (PCLOB), nominated by the Obama administration and confirmed by the Senate.

Medine told the class an incredible story: his first week began on a Monday with no staff, but was transformed by that Thursday when Edward Snowden made his famous leaks and fled the country.

Students around a table
Data privacy expert David Medine (left at the head of the table) speaks with students over lunch.

Right away, Medine led the board through a systematic analysis of the programs that were revealed in that leak, Section 215 of the Patriot Act and Section 702 of FISA.

He had to build legitimacy with the President, the intelligence agencies, and the international community.

Medine shared the five lessons that PCLOB learned in its early years: the importance of independence, transparency, efficacy, and morality in government programs, along with the bureaucratic hurdles that the PCLOB had to overcome.

I previously had strong views on Edward Snowden, but Medine showed me how little I knew about the inner workings of the programs that Snowden leaked. He also shared a wise view of how Snowden could have better worked to disclose these programs’ existence more responsibly.

In the evening, Medine impressed my fellow students and me with yet a third area of expertise. Medine is still advocating for privacy in the US government through the submission of amicus briefs and testimony before Congress.

In particular, Medine walked us through the evolution of his views on the best way to regulate data privacy. Medine started his career in consumer protection at the Federal Trade Commission (FTC), where he was able to work within a mandate for older technologies to spearhead early federal action protecting Internet privacy.

But today, he believes that data protection deserves attention beyond the scope of the FTC’s mandate. He calls for updated legislation for modern technology and the creation of a new agency to protect Americans’ civil liberties online.

David Medine’s visit was a valuable example of how Duke’s ability to attract first-class speakers makes our education here so valuable. Hearing the frank, straightforward opinions of a professional working at the highest levels helped me further develop my own views on the issues he spoke about within just a few short hours — even on topics that I have been thinking about for years.

Chas Kissick is a first year MPP/MBA student.