Interviews by Stephen Ibaraki, FCIPS, I.S.P., MVP, DF/NPA, CNP
Gordon Ross: Internet Filtering Pioneer, Biometrics / Security / Telecommunications / Ethics / Privacy Expert, Founder of Net Nanny; President of Virtual Perceptions Systems Inc.
This week, Stephen Ibaraki, I.S.P. has an exclusive interview with Gordon Ross, an internationally renowned, award winning, Internet Filtering pioneer; a biometrics / security / telecommunications / ethics / privacy expert; founder of Net Nanny; and President of Virtual Perceptions Systems Inc.
Gordon Ross’s career spans 30 years as an award-winning Internet filtering pioneer; Biometric technology, Computer security, and Telecommunications engineer; and as an internationally sought-after speaker.
In 1994, Mr. Ross created, developed and designed the first filtering software for the Internet and led the development of Internet and Biometric security products. He established a solid market and brand leadership, beginning with the industry's first filtering product in January 1995 - Net Nanny.
Mr. Ross is an expert on issues concerning the Internet, privacy, security, telecommunications and child safety. He has testified before the US Congressionally appointed COPA Commission on filtering technologies, assisting the Commission in drafting their report about ways to protect children from sexually explicit material. His expertise has lead him to speak before various international organizations and was invited by the White House to meet with the President and Vice-President of the US to discuss technological solutions to protect ourselves in today’s digital world.
He has spoken before the Organization for Economic Cooperation and Development's forum in Paris, France, on Internet content and self-regulation. He was also invited by the Bertelsmann Foundation's to speak on “Child Safety and the Internet", including International Ratings and Filtering, in Germany. Mr. Ross has also spoken before the Freedom Forum's annual Technology Conference for Journalism Educators and participated in a panel of technology experts at Harvard University's symposium, "The Internet and Society."
He was the recipient of the first ever The Christian Computing Award for a software product, in recognition for his long-standing contribution to further public understanding of the important issues surrounding safety and securing data in the online world.
For his exhaustive efforts to ensure that the Internet is a safe, open medium, Mr. Ross received the first Internet Humanitarian of the Year Award in February 1999, from CyberAngels in New York, an online Internet safety organization (a division of the Guardian Angels). In the same year, Mr. Ross was awarded the Ethics in Action Award, in Vancouver, Canada, for individual ongoing corporate responsibility.
Prior to Net Nanny Software International Inc., Mr. Ross developed expertise in information flow, securing telecommunication systems, routing, access control and network management while working as a traffic engineer and manager at TELUS (formerly BC Tel.), the largest Verizon operating company in Canada. He has consulted with various organizations, has written course material for the University of Washington, and is currently President of Virtual Perception Systems Inc, www.virtualperception.net , a Vancouver software company developing solutions to protect against ID Theft, Fraud, and to safe-guard our digital assets.
Mr. Ross is a graduate from California State Polytechnic University, holds a Bachelor of Science Degree in Electronics Engineering, and is a registered Professional Engineer. He is a former member of the Board of Directors of "The Society For The Policing Of Cyberspace" and often speaks at their Annual Conferences and Quarterly Meetings in regards to Biometrics, Ethics, Privacy and Data protection, and other Security related issues. Gordon is a Veteran of the US Army, where he was trained as a communications specialist. He attended AT&T's Network Management School in New Jersey and has taken numerous management courses from Verizon (formerly GTE). Mr. Ross is also an Alumnus of the Banff School of Advanced Management.
The latest blog on the interview can be found the week of September 15, 2006 in the Canadian IT Managers (CIM) forum where you can provide your comments in an interactive dialogue.
Opening Comment: Gordon, you bring a lifetime of notable achievements and considerable contributions to our discussion. We thank you for doing this interview with us and sharing your deep insights with our audience.
A: Thank you Stephen. I have been very fortunate to be surrounded by creative and progressive people most of my life. I have always enjoyed the challenges the technological world presents to us. I truly believe technology can drastically improve our quality of life; however, we must control it and not let it control us.
Q1: Can you share your involvement with the Canadian Information Processing Society (CIPS), and why you stay active with CIPS?
A: I first attended a CIPS meeting in Vancouver back in 1990 where I presented a biometric solution for securing access to computer systems. It was at the invitation of other members I knew who were residents of the local chapter. After my presentation I signed up with the group and have attended their meetings as often as I could. I stay active with the group because it is an excellent resource for sharing information and networking with others involved within the security area. They also offer great social events after their meetings.
Q2: Speaking as a noted security expert, what are the business risks associated with ID theft, fraud, and the exposure of digital assets? How can these risks be mitigated?
A: There are many business risks associated with ID theft. Businesses have to be aware of the various legislative issues regarding their responsibility in protecting our information. With the appropriate stolen ID, one is able to access information that is strictly private and confidential. A stolen ID is able to be used in a number of various inappropriate or unauthorized ways.
From a business standpoint, the business can be held responsible for losses that occur by accepting ID that is actually fraudulent, but unfortunately to the business, it checks out to be real. Most merchants are held liable for the fraudulent transactions. Insurance costs can increase for the small business to a point where they may not be able to afford certain coverage. Credit ratings can be destroyed. Intellectual Property and trade secrets can be stolen (these are just a few examples.
Well-defined policies and procedures have to be in place. Any personal data that a business maintains on a client should be encrypted. There have been a number of highly publicized incidents where systems have been breached. In one case the company was fined millions of dollars for not having properly secured their data, let alone the millions it cost for notifying its customers. It is very important for businesses to also educate their employees on these security risks.
Q3: How do you see these areas evolving in the future?
A: I believe in the future we will always have these security issues; however, technology is being developed to minimize the risk. Biometrics and other multi-factor authentication systems will be used. More control has to be put into the individual’s hands. We have come to a point where the overall bureaucratic system cannot look after the individual’s needs in this area. Technology has to be made simple, yet effective, for the average individual to use, and more importantly, accept.
Q4: What are the challenges to business concerning privacy? Where do you see this heading?
A: The main challenge is protecting the individual personal information they collect on customers, and the company’s intellectual property. It is also important to make sure that only “authorized” personnel have access to sensitive information.
There are two principles I have always tried to adhere to in business. One is the KISS principle which most of us understand. The other is one I coined when running a software security company. It is called the KYMS principle (pronounced “kims”). Keep Your Mouth Shut. This is probably the hardest one to learn, as we all like to talk. In business all of your corporate and personal information should be treated as private unless it has been authorized for public dissemination. Well-written policies and procedures should address many of the challenges a business may have in these areas. Businesses should review these policies on a regular basis to ensure they are still valid and that they are enforced.
Q5: You are an expert in Biometric security. What is the current state of this topic and what are the challenges, opportunities, and solutions for businesses in the future?
A: This is a very interesting field and I have now been involved in it for over 18 years. It is still not there for the average consumer. After the events of 9/11 there was a huge push for this technology, but a lot of it then was not really ready for “prime time”. By that I mean most of it could be used in an area whose environment is tightly controlled, but not in an open public area. Open public areas such as ATM’s, public parks, or core city areas are currently not the appropriate environments for this technology.
Unfortunately in the 2001 to 2003 time frames there were a few systems and incidents that hurt the real players in the industry. This has made the acceptance of biometrics by the mainstream very slow. A city in Florida ran a facial recognition system for a considerable amount of time and failed to identify a single person they were looking for. These types of systems are not inexpensive. They require very good cameras and lighting. Personally, I think combining biometrics that really work will be the ultimate solution. There has been a lot of research and development in this area and this will continue. Ultimately, in the future, there will be one form or another of this type of technology used by the mainstream.
Around 2003, I presented to the local CIPS chapter in Vancouver about the issues regarding various biometric systems - especially fingerprint systems and how Professor Dr. Tsutomu Matsumoto of Yokohama University showed how 10 various fingerprinting systems could be spoofed 80% of the time. As late as January 2006, students at Washington and Jefferson College conducted tests on spoofing fingerprints and they created some interesting video. A write up of this can be found at: http://www.washjeff.edu/users/ahollandminkley/Biometric/index.html
Biometric solutions use good technologies but many of them have to be used in a controlled environment to reach their published FAR (False Acceptance Ratio) and FRR (False Rejection Ratio) figures. I am a strong proponent of this technology, when properly used.
Q6: Can you expand the previous discussion to include Internet Filtering?
A: In 2000, I was told by many in the financial/investment community that the market for filtering products was dead. In today’s digital world, Internet Filtering has become more prevalent and necessary. Today its requirements are greater than they have ever been and it will continue to grow as more and more users come on board. You will see this technology being implemented into the cell phones and other portable communication devices. The vast amount of information we are being hit with is overwhelming. We need smarter and faster filtering engines and algorithms to filter out the stuff we do not want. Spam is just one of the problems. I only want to see the specific information that I want and not all the other data that may surround this information. The Net Nanny functionality was copied by many, but a lot of filters still treat their databases as proprietary. I have always been of the mindset that it is my machine and my data - just supply me with technology that allows me “total” control over it.
Q7: You are a pioneer in Internet child safety. How would you characterize the gaps in this area?
A: I believe far more should be spent on educating parents and children, let alone law enforcement. In the schools they should offer a mandatory class on Internet safety and practices. This medium, the Internet, is truly a wonderful thing for society as a whole. One of the major gaps is people believe that the wire coming into their home is different than the street that runs by their home. The wire offers far more dangers than the street. Another issue is we are seeing cases where the Internet (cyber world) becomes the world for kids versus the real world outside. The largest gap, I believe, is the lack of education and awareness that parents have in regards to what the Internet is and what it provides. It is truly a great medium for education, communication and information.
Q8: What are the steps required to address these gaps? Who should take responsibility and what processes are necessary?
A: One of the main steps is Education. Another is good parenting skills. The responsibility really lies upon the owners of the PC. In many cases, this is the parent. Even if the child owns the PC, it should be kept in an open space and not behind locked or closed doors. Parents have to be involved with their children and take on the responsibility of raising their children in this digital world. They have to explain that the dangers that exist in cyber space are the same as those that exist in their everyday world on the street. An example of this is: “Don’t talk to strangers”. Everyone on the Internet should be treated as a stranger unless you “personally” know them.
If the parent is not knowledgeable in these areas there are a lot of avenues for help. Local schools and some law enforcement personnel are available for educating parents on these subjects. A couple of good WEB Sites which are leaders in their fields are: http://www.wiredkids.org/ and http://www.getnetwise.org/
Q9: Have you worked with Laura Chappell? If so, then describe this association.
A: I know of Laura and her work but I have not personally worked with her. On the Internet safety side she offers a lot of course material for online safety and is another resource for people to look at. I have worked with others in this field such as Parry Aftab, (a cyberspace and privacy lawyer) and Sgt. Leanne Shirey of the Seattle Police Dept. She has over 25 years in Law enforcement and presents a course on The Internet and Your Child. Parry has been a strong proponent of safety on the Internet especially when it comes to children. I have also worked with other Law enforcement officials and agencies in these areas in the past. There are many organizations throughout the world today working in this field.
Q10: Your expertise has led you to work with Congress, Sen. John McCain, and to meet with the President and Vice-President. Do you have a compelling story or two to share from these meetings?
A: These meetings were very interesting. It was amazing to see the interest and concern that were shared by these individuals. Testifying before Senator McCain was very interesting because he understood the issues, was very well-informed and asked very direct and knowledgeable questions. He put a few people in their place and I believe some people were not prepared as well as they should have been. Being a veteran myself actually helped me. I was fortunate to have enough time to get all of my points across, because others were cut short.
Prior to presenting to the President and Vice President I selected a chair (that I thought was really comfortable), while speaking with another one of the attendees. Just prior to the President and Vice President arriving she chuckled and informed me I was sitting in the President’s Chair. I chuckled and told her that I would move because I didn’t want to cause an international incident, as I was the only foreigner at the table. We had a good laugh and I moved to a seat directly across from the Vice President.
Presenting to the President and Vice President resulted in opening up further discussions with various security officials around the table. I was very fortunate to have approximately 20 minutes to do a Q&A with these officials along with the President and Vice President. All the others had approximately 5 minutes each. In the end, everyone had a far better understanding of what could and could not be done technologically, and what was “smoke and mirrors or vaporware” and what was not.
Q11: You have spoken before the Organization for Economic Cooperation and Development (OECD). What are your views on Internet content, International Ratings, and self-regulation?
A: At the OECD I expressed concern over censorship and the lack of understanding of the Internet by many of our leaders. I was for a completely open internet. If you tried to rate it, those that you were really concerned about would just move around or disregard the ratings. I am a strong proponent of self-regulation and putting the responsibility on the individual.
I also expressed the concern of the large expenditure of taxpayer's dollars on trying to legislate the internet. It was amazing how so few realized that a law passed in Canada, the US, or other countries was only applicable to their own citizens. The Internet on the other hand has no country boundaries and laws cannot be legislated and enacted on a global stance unless every nation agreed on enforcing the same laws. Due to sociological and legal definition differences in the global arena I felt this was a no-win situation.
I pointed out that the global resolutions signed by some 120+ nations to stop child exploitation have not been fully enforced as some of the signing countries still allow and profit from this type of activity. Ratings, on the other hand, would just help WEB Browsers, and some sites would just mis-rate themselves or because of their sociological beliefs, just not be rated. It is a well-meaning but flawed solution.
Q12: You are a strong and passionate advocate for ongoing corporate responsibility and a recipient of an array of awards due to your work. How would you critique those who do not take a more active role? What are the benefits to participation and making a contribution?
A: I think it is a shame to not take an active role in this area. As leaders, if we do not set the example, how can you expect those who follow to be held accountable? Somewhere over the past 30 years or so we seem to have lost the acceptance of responsibility.
The benefits of making a contribution or contributing are many. One of the most important, for me, is the personal gratification of seeing your successes helping others. We are only here once and for a short time, so why not enjoy what we have and share our knowledge. We are very fortunate to live in a society that allows us the freedom to do these things. I once said to someone, we are born to die so let’s make everything count in the meantime. We are “guaranteed” to not get out of this adventure alive, so let’s enjoy it.
Q13: With your long history of considerable successes, what leadership lessons can you share that would be of value to business and IT decision makers?
A: I have been very fortunate and I have also experienced very painful situations. The lessons I have learned are many. However, I believe first and foremost you must truly believe in what you are doing and be happy with that. Surround yourself with good people and work with them to instill teamwork. As a decision maker you must accept full responsibility for your decisions. You must allow those who work with you to be able to have their input heard. At the same time you must also hold them responsible for their decisions.
Do not use the old management style of “my way or the highway”. I have always treated those who work with me as individuals who are all part of the same team. They have the right to express their opinions, ideas, or concerns. You must also be able to allow and take criticism. It takes a strong cohesive team to win in the business world; an individual cannot do it alone. A good team will always look after and identify the weaknesses within the team. An open door policy is also very important. Treat all your employees as you yourself would like to be treated - and more importantly, respect them. A smile and please and thank-you go a long way. Do a lot of MBWA (Management By Walking Around) and talk to your employees, and more importantly, listen to what they have to say.
Q14: As a mentor, what career tips would you provide to business and technology professionals?
A: I would say join the technological revolution. Don’t stagnate or sit idle. Get involved or else you will be left behind. The technology industry offers a diverse area for careers. You can choose self-employment or organizational employment. The opportunities now and in the future are only limited by one’s own imagination.
In choosing a career in this industry, first believe in yourself. For all those times you are told you can’t do this, you are stupid, or you don’t know what you are talking about, look past that. Focus on your dreams, your goals and you will achieve them. Throw the word “can’t” away. It only means there is an issue or an excuse. The only thing that prevents success is you; not your boss or any other individual. Anything can be achieved as long as you have the belief and focus. A wise man, (my father), once told me that only three things are needed for a successful venture: a product, people, and money. If you have two out of the three you can always find the third, but you have to have two out of the three.
Another thing is to listen. Keep your eyes and ears open. Stay in touch and in tune with the technological community you are involved in. Read and absorb as much as you can. Attend trade shows and conferences, and walk the floor and talk to people. Continually educate yourself and push the boundaries.
Q15: What should businesses know about future trends in the Internet environment? What are the implications and business opportunities? Why should businesses care?
A: First they should understand that the Internet is not going to go away. It is the future of global and local business. It allows companies to conduct business 24 hours a day, 365 day a year (366 in a leap year). One of the biggest opportunities is the distribution of software products, Intellectual Property, and any form of digital media. Another trend is providing security tools for the users of the Internet that allow them to maintain and track their own data and information.
The Internet will replace the existing telephone lines that we currently have in our homes. All communications will be done over this medium and other wireless networks in the future. If businesses do not care about this, they may not be in business for long. The Internet offers one of, if not the cheapest, forms of communications. The Net will allow businesses to cut back on some of their overhead in office and real estate space while at the same time increase their productivity. There are no time zones on the internet. Business can be conducted at all hours of the day.
Q16: Can you provide an overview of the main challenges facing businesses and your recommendations to resolve them?
A: One of the main challenges for businesses will be the securing of their information and Intellectual property. The ever advancing technology field changes rapidly as new hardware and software are continually being developed.
The hardest thing will be budgetary planning for technological change. When do you throw out the old and bring in the new? As soon as you buy any technology today, it is outdated. So look carefully at the ROI (Return On Investment) before acquiring any technology. Do proper due diligence. Don’t just go by the sales and marketing brochures. Look at it as, is this a “nice to have” or is it really necessary for the operations of the business.
One of the fastest growing expenses for an organization is their electricity costs. Be cognizant of the power consumption requirements for your technological systems. For future purchases make energy conservation a requirement for purchase.
Q17: In your current role, what are your biggest roadblocks?
A: Challenge one: Raising investment capital to expand from a research and development environment into a market driven environment
Solution: Develop a strong business plan. Ensure your intellectual property is properly protected. Network with others who have gone through this situation. Continually knock on doors of the investment community and look for strategic partners.
Challenge two: Turning a research and development company into a market driven company while, at the same time, maintaining ongoing development of the technology.
Solution: Educate existing staff on the importance of sales and marketing and getting customer feedback. Acquire the resources needed to grow and develop the company into a marketing and sales driven organization.
Challenge three: Getting past the “early adopter” stage and becoming recognized as a mainstream technology.
Solution: Develop strong marketing and public relations programs. Attend various trade shows and do the appropriate press tours.
Q18: What are the five biggest issues facing organizations today and what are your recommendations for meeting these challenges?
Issue 1: The global expansion of business and the cost of entering this field.
Recommendation: Make sure you have a WEB site. Get involved and look at the global opportunity of your business. There is a market for everything today.
Issue 2: Security and Privacy of Data.
Recommendation: Make sure proper policies are established in your organization. More importantly make sure these are fully understood and enforced. Keep up on the various legislative issues in this area.
Issue 3: Rising costs of energy and travel.
Recommendation: Conserve energy by implementing energy efficient programs within your organization. Use the Internet for Video Conference and communication versus traveling to various parts of the world. Technology is available today that allows us to sit in our offices or homes, and conduct face-to-face meetings over the internet around the world, at any time.
Issue 4: Keeping and maintaining your employees.
Recommendation: Listen to your employees. Interview and evaluate the employees and ask why they are leaving your company. Many times it is not the money, but the opportunity to be appreciated. A poor working environment or poor manager can cost the organization. Sometimes very small changes within the managing and treatment of employees can drastically improve the productivity of the organization. Make sure background checks are done on all key employees and those who are in charge of security and your Intellectual Property.
Issue 5: Maintaining Shareholder value.
Recommendation: First and foremost be truthful in reporting. Make sure your organization’s Intellectual Property and data are as secure as it can be with the best and more importantly, cost effective solutions. Do not promise things that cannot or will not be delivered. Monitor expenses closely. Keep the shareholders and the investment community fully informed.
Q19: Provide your predictions of future trends and their implications/opportunities?
Trend 1: Ongoing development of portable communication devices
Implication/opportunities: Devices are becoming smaller and more compact. These will ultimately replace home computers and notebooks as the storage capabilities increase and the processing power increases. We will ultimately have one device for all our communication and computing needs that will be smaller than all the peripherals that will be required to hook up to it.
Trend 2: Education
Implication/opportunities: More and more University degrees will be offered over the Internet. Students will be able to select the best professors from a global data base. Many of today’s brick and mortar institutions will become virtual and the student will no longer need to travel to the campus.
Trend 3: Automobile
Implication/opportunities: Today's automobiles will become more computerized. With the trials of the electric car in California during the last half of the 1990’s it was shown to be very acceptable to the consumer. Unfortunately they were pulled from the market. However they will be back. Pollution free (or near pollution free) vehicles will become the mainstay. With the global environment of the Internet, you will not be able to keep creativity down.
Trend 4: Telecommuting
Implication/opportunities: While many businesses may still perceive this to be an unviable answer, it will become the mainstay. More and more opportunities are arriving for this and the cost savings and productivity improvements are beginning to show up.
Trend 5: Digital Overload and Leisure Time
Implication/opportunities: With the advent of being wired, more and more leisure time is escaping us. We think we have more time, but actually face-to-face conversation is showing signs of disappearing. We are now using email and Instant Messaging between our wireless networks at work and in the home. Opportunities exist in the near future for non-geek resources to train the geek resources on how to relax and take time away from the digital world and communicate face to face.
Q20: Which are your top recommended resources?
Q21: Provide commentary on three topics of your choosing.
Topic 1: Technology
Embrace technology. Don’t be afraid of it. Learn to control it, do not let it control you. It can truly improve your quality of life if you learn how to do this. If you let it control you, you will lose out on many things.
Topic 2: Education
Never stop learning. Obtain at a minimum what they used to call the 3 R’s. Reading, Riting (Writing) and ‘Rithmatic (arithmetic – today’s Math). Don’t lose focus of your dream. Soak up all the education you can - if that means going to a College, University or Trade school - do it. Don’t stop dreaming and do not lose sight of your goals.
Topic 3: Vacation
Always take time to get away from your day-to-day environment. Take time to smell the roses. If you don’t, the only time you may be smelling them is from the wrong end. I didn’t take a vacation for eight years, but once I took one I discovered all the other great things I was missing. That one simple two week vacation opened up a world of opportunities that I had not seen before - so remember to take it.
Q22: Gordon, how can we further connect with you and your ideas?
A: I may be contacted at ‘gordonrossA@yahoo.com’ or via telephone (604) 728-5012. I am available for conversation, speeches, presentations, and consulting. Conversation and some presentations are free.
Closing Comment: Gordon, we thank you for sharing your time, wisdom, and accumulated deep insights with us.
A: I thank you for your time Stephen and hopefully I have provided a little food for thought. Remember, what happened yesterday is gone, learn from it. Today is now, take time and enjoy it. Tomorrow is another day in this exciting trip. Plan for it.