I am a software engineer that specialized in computer security and privacy. I spent most of my career inventing social good solutions.
Currently, I am the Executive Director of a Seattle-based non-profit, The Data-Driven Institute, that helps cities and communities solve their top public health problems using data and technology.
Today, I am going to talk about including Purpose, Intention & Focus (PIF) in the invention process and why they are important.
Most of us that consider ourselves “inventors” tend the view the process of invention as this six step process.
You observe a phenomenon, see a problem (hopefully not psychological), or dream up a new reality.
…… then you launch
But after launch, can we say that we have created an invention that is positive and impactful?
Can we say “Mission Accomplished”?
Unfortunately, we cannot.
What we can say is that Inventions can be great things.
The light bulb, the car, the internet, the cell phone.
All Immensely useful.
Many of us cannot lives our lives without these inventions.
However, each invention has multiple uses; some good, some not-so-good.
Let’s take Data Mining.
I had the privilege of working with (and for) one of the Fathers of Data Mining.
The original intended purpose of data mining was business optimization and improving the customer experience.
However, the most popular application of data mining today is ……
By show of hands, “How many people here like to be watched and monitored?”
This shows the potential downside of the things we invent.
Today, I am going to tell you the story of the “Break The Glass” problem
and the invention that I co-created to solve it.
Let’s start with basics.
Data and information are normally protected by a computer security system. In healthcare, access to data is a life or death proposition. Healthcare data is also sensitive and also has a lot of associated privacy concerns.
In the emergency rooms, European and American computer science researchers observed that medical professionals bypassed the security system protecting patient data, in order to deliver care, at least 70% of the time.
These healthcare professionals essentially “broke the glass” to get access. The term refers to breaking the glass around the glass enclosure that contains a fire extinguisher.
Two of us, at IBM Research at the time, observed this and knew that something was wrong. patients had no idea what was going on (that their privacy and security was being routinely compromised in the emergency room), and that the computer professionals, and hospital executives, in charge of protecting these systems were powerless and liable.
So, what did we do?
We applied the PIF Framework.
First, who are we solving this problem for? And what do we want them to be able to do?
For patients …
For healthcare staff …
For IT staff …
We were explicit in the end-result that we wanted and in the characteristics we wanted the end-result to exhibit
We aimed to create … that worked for healthcare teams delivery care.
We honed in on the steps we had to take to demonstrate value and improvement.
We first ….
Initially, we formally modeled IT security system and medical workflow.
Then, we introduced and defined the term Policy Coverage in the context of the security and privacy fields.
Policy coverage - the % of overlap between the real and ideal representations of the system.
The real state is uncovered by the audit log of the security system. The ideal state is specified by the rules in the policy that governs access to the security system.
Complete policy coverage is the goal - your real state matches the state you set out in your security policy.
The end result is a Clinical Emergency Environment that is augmented with our invention – PRIMA.
We started this work in 2006. Made the patent freely available for anyone to use in the same year, and started publishing in 2007.
There pilot deployments that show increased policy coverage, lower liability, smarter policy definition, and early detection of attacks on data.
We also inadvertently started a field of research that is focused on using audit logs as a source of what really happens in an environment to improve everything from security to privacy to general operational efficiency.
In the grander scheme of things, this invention and the process of inventing has provided me with an appreciation for creativity, problem-solving, engaging with users, and thoughtful introspection on possibilities.
Most importantly, I have come to realize that the traditional way of viewing invention needs to be augmented.
Because we have not taken the end user into consideration, we are not vetting ideas with them and using their feedback.
We are not being intentional about how our invention will be used and designed to reduce or eliminate unintended consequences.
We are not crafting the path to value and impact.
In the end, if we are not including Purpose, Intention and Focus into our invention cycle, then we may create things that are cool, that are innovative, but that are mostly likely harmful.
So, in the words of my friend, Rob Reid, who is the Founder of a nonprofit called Public Invention “Invent things that help humanity”
Additionally, a big Thank You to everyone that makes this program and institution possible. Lastly. As a boy growing up in Jamaica, I never would have thought that I would be here today; inventing to help my community and the world around me.
Inventing with Purpose, Intention and Focus
July 24, 2018AAAS-Lemelson Invention Ambassador Talk
Purpose, Intention & Focus
Dr Tyrone W A Grandison
✤ Healthcare is data-intensive
✤ Access to data is critical
✤ The data is sensitive
✤ Security system is bypassed at least
70% of the time
✤ Information security and patient privacy
Patients: Protect their data, Enable service delivery.
Healthcare Staff: Provide access, maintain
compliance, work with the way they work.
IT Staff: Enable them to be more effective at their jobs
Create a sound system that would be used to
improve data security and privacy in
Model the current state
Define our goal and success metric
Develop a system that moves towards this goal
IT Security System and Clinical Workflow
the % of overlap between the real and ideal
representations of the security system
PRIMA - PRIvacy Management Architecture
Healthcare Using Policy Refinement (2007)
IP.com Disclosure Number: IPCOM000176157D
Date Included in the Prior Art Database: 2008-Nov-06
Deployment showed policy coverage improvement, liability
decrease, smarter policy, early detection of data attack.
New field of investigation - using audit logs to improve
security, privacy, and X.