Debbie Reynolds “The Data Diva” talks to Tansie Iwafuchi, Export Compliance Manager, Global Trade, Splunk, a subject matter expert in Global Trade Compliance, Export Control Regulations, and Encryption. We discuss what are “Export Controls” and why they are important, data flow and export controls, technologies that can use specific information may be subject, the fluid nature of export control restrictions, problems of surveillance with technology exports, The US and China Tiktok issue with export controls, Data Privacy and parallels with some data localization requirements, understanding limitations or data, and technology exports, advice for smaller tech companies related to export controls, concerns about privacy and export controls, intrusive IoT, and her hopes for Data Privacy in the future.
Debbie Reynolds “The Data Diva” talks to Tansie Iwafuchi, Export Compliance Manager, Global Trade, Splunk, a subject matter expert in Global Trade Compliance, Export Control Regulations, and Encryption. We discuss what are “Export Controls” and why they are important, data flow and export controls, technologies that can use specific information may be subject, the fluid nature of export control restrictions, problems of surveillance with technology exports, The US and China Tiktok issue with export controls, Data Privacy and parallels with some data localization requirements, understanding limitations or data, and technology exports, advice for smaller tech companies related to export controls, concerns about privacy and export controls, intrusive IoT, and her hopes for Data Privacy in the future.
47:50
SUMMARY KEYWORDS
export controls, people, company, data, export, product, technology, happening, control, security, itar, commerce department, work, regulations, purpose, government, military, forestry service, service, business
SPEAKERS
Tansie Iwafuchi, Debbie Reynolds
Debbie Reynolds 00:00
Personal views and opinions expressed by our podcast guests are their own and are not legal advice or official statements by their organizations. Hello, my name is Debbie Reynolds; they call me "The Data Diva". This is "The Data Diva" Talks Privacy Podcast, where we discuss Data Privacy issues with industry leaders around the world, with information that businesses need to know now. I have a special guest on the show. I was totally geeking out. She is an expert in export controls. Tansie Iwafuchi, she is the expert, Compliance Manager for global trade for Splunk. Welcome.
Tansie Iwasfuchi 00:44
Thank you so much for having me.
Debbie Reynolds 00:45
I was super happy to see your profile on LinkedIn, and I have very few people that I can geek out about with export controls. So I thought this would be a fun conversation. Also, many people don't know what export controls are at all. So I would love for you to try to give a little intro of yourself and your interest in export controls and then explain a bit to people who don't know what those are and what export controls are.
Tansie Iwasfuchi 01:22
Well, again, thank you for having me; I am speaking for myself. I'm not representing Splunk or any other company I've ever worked for. And this is not legal or financial advice and should not be relied upon to make legal decisions. I'm not an attorney. So to answer your question about how I got interested in this, I was a candidate for the Foreign Service exam. After finishing my master's degree at San Francisco State University, I wanted to become an international trade specialist and work in a foreign embassy. And I did some internships. And I found that I really liked working with business; there were a lot of regulatory rules that some high-tech businesses at the time didn't understand. So they were trying to export to new markets, and you're being encouraged to do so by the Department of Commerce. But those exports were not necessarily looking at enforcement of US export control regulations. Some of the companies just didn't understand that perhaps there were locations that they couldn't ship to like shoot like Cuba or Syria, for example. So just to kind of fill you in, I think you would also ask, like, maybe I can do a little reset, what are the export controls, just in general. So export controls are in place to kind of protect the United States’ national security and what they call foreign policy and economic interest. And what they're trying to do is put controls on equipment, software technology that could be used for a military purpose. So a lot of times in the past, when I did my first internships, that was an actual physical shipment of goods. So we had like those CD masters; I don't know if you remember those were back in the day, you know, they were gold masters, or they had some exciting name. I was shipping those physically shipping items. This was before, you know, we had email, but they weren't there. They weren't sending the masters via email back then. And then actual routers or networking equipment, things like that, that they were physically shipping. And some of those items required an export license to be sent to the countries that the company was sending them to. And they were unaware of those requirements. So I just fell in love with export controls, helping one of our local small companies in Sonoma County to kind of navigate how they could legally export those particular items.
Debbie Reynolds 04:19
Yeah, that's fascinating. So I think a lot of times when people think about export controls, you're thinking about a physical thing that you're shipping from one place to the other. And so now, because of technology and data, the way that data flows, export controls can impact data flows. So it can impact the types of technologies that are being moved around algorithms. Encryption can be part of export control, and those are things that I advise clients on a lot. So I think there are a lot of parallels between export controls and private See? So for me, I see them both have kind of data flow issues. So how can the data flow from one place to the next without breaking laws?
Tansie Iwafuchi 05:10
Right. And there is a perception by some that if you're providing this cloud service, via staff structure, like, just make up a company named ABC web services, that isn't going to be subject to those export controls. And it's, that's not true. You are still offering technology under the Staff model as a service, which means you're exporting a service. And that's either hosted from within the United States, like on a server that's maintained by ABC company, where access abroad that can be done. So that person is picking up an item in the United States and maybe transferring that service, that cloud service, or it's actually on a foreign server. So you're still providing use or access to software and technologies on the cloud as a service. And I think that that is an adjustment we've all had to make, right? Well, I'm not physically shipping this. So it's not an export, or they're only using the software; they don't get it. And I read an advisory that came out from the Bureau of Industry and Security that says that that is not an export; however, that service is an export. And so that's kind of where I think from a technology standpoint, we're in very interesting times.
Debbie Reynolds 06:35
Yeah, I agree with that. My initiation into export controls was many, many years ago, decades ago, actually dealing with satellites. And ITAR, basically. So basically, there are things that have very strict control. So controls about who can be near these, this data or devices, who is in rooms with this information, these data devices, scribblings pieces of paper, they have information about that all that is part can be part of export controls, and then, you know, just scary advanced technology. So we know a lot of the things that consumers end up enjoying in terms of technology; a lot of those things get developed first by the military, like GPS, for example. So GPS has been around for decades, and its use has matured through military use. And eventually, it got to the consumer, a great consumer market. So that's kind of one, one example where there are technologies that may be the military or, you know, as part of national security that was being used, that there were things that you could not export, in some ways.
Tansie Iwafuchi 08:04
Yeah, absolutely. And there's still items that are subject, it's so like when you have a service that provides access to government providers, right, or, or agencies, so I'm going to pick a benign when like the Forestry Service say, they may still have information. For all I know, that is ITAR controlled in the forestry service, that data can't have strict requirements for how it is stored, who has access to it. And now that we're coming into this era, where people are putting things on the cloud, you have providers that say, Hey, I've got a US only data storage area, no one except for cleared companies are allowed to put products on this particular or I should say, organizations, if we're talking about the government, on this particular server, there's going to be limited access for US persons only. So it's all kind of built around offering an ITAR compliant cloud service. The question becomes for someone like a commercial company that may be providing services to those parties. We know that they are not supposed to be putting classified information onto those servers. It's part of their agreement with the ABC web service company. But we don't really know what data they're putting on there. We can't know. And so it becomes a problem of how do you treat that unclassified data? Do you treat it as classified because you don't know what it is? And you stick with very strict access controls where who can see it? Or do you try some sort of a situation where you say I am not going To be responsible for that data, and I am going to maybe not serve that market because I can't guarantee that all of my support providers are US citizens? Or if they expose me in a way that I am not comfortable with. And every company kind of has to make that decision. And it's tough, right? Because you, of course, want to provide services to the US Forestry Service. It's, you know, it could be quite lucrative, but there are so many rules that need to be followed, not just from the export control standpoint, but you know, other security rules that it can be challenging.
Debbie Reynolds 10:46
Yeah. And just for people who don't know, ITARS, the international traffic in arms, regulations, ITAR, that's the acronym. And I actually did a video last year on IPR. Anyone wants to look at it. That's pretty cool, actually. So I think one of the things that fascinate me about export controls is that it can change from day to day basis because some of this is based on kind of foreign policy, and politics like there's geopolitical things happening that like so let's say a data transfer today was fine. And tomorrow may not talk a little bit about kind of that aspect of export controls.
Tansie Iwafuchi 11:39
So yes. And to kind of reset it to what you were saying, what are those basic controls? And so I like to put it in the who, what, where, so, US government, regulatory agencies basically restrict the transfer of offerings to specific places like embargo or sanction countries. Currently today, those are Crimea, Cuba, Iran, North Korea, and Syria. And to kind of address your changing question there, Sudan was on the list, or it has been on the list on and off the last decade; they are off at the moment. But there have been significant military concerns. In Sudan recently, I would not be surprised if they ended up back at it again before the end of next year, just as an example. And then the who the what, we also are required to screen our end users who are prohibited and uses. So some products, many of them, are not supposed to be used for chemical, nuclear or biological weapons proliferation; they're not supposed to go to terrorists. They're not supposed to go to people who are violating human rights. There are specific governments, military, and companies that are not supposed to receive certain products. And there are lists of those that companies are required to check before they sell those products. And this is all designed to protect national security and US interests. And then there are kinds of; I don't know how you put it, companies that are kind of coming up on the horizon that we are learning about that are being put on the list for kind of different offenses than we're used to seeing. So, one thing that I'm seeing in FinTech that's fascinating to me that I don't know a lot about. So I'm kind of learning about it. On April 21 of this year, there was an interim rule that has placed new controls on cybersecurity items for national security and anti terrorism purposes. So these are items that they're saying could be used for surveillance, espionage, or tracking things on networks or devices that are on those networks. And so the regulations are kind of targeted at computers and telecommunications network products like routers, switches, bridges, things that might be part of a larger communication network. And so the regulations are trying to target those human surveillance, via IP networks for law enforcement purposes, that are being used inappropriately to follow journalists or keep track of certain people that some governments may have labeled as dissidents or terrorists. It actually delivers some of these systems intrusion software like malware that kind of will go through people's phones and look at their contacts may even record their conversations. So that is kind of emerging right at cybersecurity and export controls, you've got a little bit of a crossover coming, I think you always have. But this particular one is interesting to me because, you know, you've got, you've got situations where in 2019, 2018, you're hearing about Huawei potentially putting things on their network to kind of spy on people in China, and only to find out that there are other spyware companies that are also tracking people through various malicious kind of intrusive software products, and seeing them end up on lists that say, you can't do business with this party anymore, because we found out that their phones are attacking networks—and basically, intruding into their cyber areas. So for me, that's just been really fascinating. Just seeing these new laws come up and hearing about all of these companies that, I had no idea we're putting together this type of spyware.
Debbie Reynolds 16:11
Well, surveillance is a huge issue, mostly because, well, first of all, some of us in our regular day-to-day life, we almost invite surveillance in so we have these smart speakers smart anything, can internet-connected devices that collect information or data. And then you have all these technologies that are building in kind of surveillance, heavy or light capabilities in it. And then a lot of that goes to how that data was being collected, how it's being transmitted, and who's going to use it and for what purpose. So I think that for export controls, this is a really interesting time for you. Because these technologies are evolving so fast, they change really fast. I would love to talk about a story that was in the news that a lot of people know about, right? And it has an export control angle. So I love for you to talk about this. So this was that TikTok debacle thing that happened in the US with China. So I'll tell the story at a high level. And then I want you to chime in on what exactly happened. So to me, this is fascinating. So this is the first time I had ever seen a situation where export controls were kind of in the news in this way, so basically, during the Trump administration, because of whatever issue he had with TikTok, you want it to well, first of all, TikTok is a ByteDance company, ByteDance is the parent company that makes this very popular video app that people, kids use an app called TikTok, okay, so TikTok is owned by a Chinese company, right. But then they have people all over the world using this app. So TikTok and parallel. So they do have some cyber issues, and people were concerned about kind of where their data people were going. But then also, the Trump administration wanted to force the US part of TikTok to sell itself to another US company. And this and there were a lot of bidders who came into play once to kind of do this deal. And then, China put an export control on the algorithm from TikTok. So that sort of, you know, really the value. Obviously, people want TikTok because it had like all these people, and you know, all these users and stuff like that. But really, the crown jewel of TikTok is this algorithm that people really want it. So China really put the kibosh down on that. And so, that deal didn't go through, you know, even though it was a lot of hubbub about it, but tell me a little bit about this. So I think that's a good example of what can happen. You know, you have a research paper; find out what's happening. Well, export controls on some of this data.
Tansie Iwafuchi 19:22
Well, from a perspective of a company just trying to do business, right? You have an executive order in May 2019. That basically says we're not allowed to do business with this company anymore. We have to immediately cease providing them with updates to our software. We have to turn off any contracts that we have with them. And then you and the reason that was stated is that TikTok was collecting the user's personal information, including their uses, their IP address, their mobile carrier, their device identifier, even their keystroke patterns, and location data as a condition of using the app Which, I don't know about you, but I found it funny that they were using that as the reason that the company would be placed on the list because I think law enforcement has been trying to pressure various companies like Facebook or Apple to do that exact thing. Right? In the interest of law enforcement. So it's kind of interesting that the Trump administration decided that this particular company was detrimental to our foreign national security. And I think that the main stated reason was that they were going to be locating and punishing people that the Chinese government deemed to be unacceptable. So, for example, there were protests in Hong Kong, and people were putting up some videos of the protests that were occurring on TikTok, and the Chinese government was using that to find and then locate those persons that had posted that particular content. And, you know, either prosecute them, or those people disappeared for a certain amount of time, and we weren't sure what happened to them. And there were confirmations that ByteDance had state agencies buying stakes in our company. And there's also various laws and initiatives that compel Chinese firms and entities to cooperate with those Chinese security and intelligence services. So I think there's a concern there; I just was, I think we were all surprised that that that particular company had been singled out. So there were a lot of legal battles about whether or not that company should be forced to sell itself to US investors. And at the end, TikTok, ByteDance, actually, was reinstated by the court; they were allowed to move forward to provide their services in the United States. So what's odd is that the export control people, what's odd, is that the sanctions were implemented and enforced by the Commerce Department and not by Treasury. However, that's who initially came out with the regulation. But the sanctions themselves were based on Treasury. So there's a lot of investigations going on with SYSUS for investments in what's allowed that are in theirs. IEPS sanctions, National Emergency Power sanctions coming out of Treasury, but their additional kind of Smackdown came through the Commerce Department. So there's some overlap, but really, the direct investment we all thought would come out of Treasury. So it was a very odd time just to figure out, well, who was holding this regulation? And what exactly do we need to do to be compliant with it? Back in September of 2020, a federal judge blocked the Commerce Department from requiring people like Apple or Google to remove the app from their stores. And the same judge also prevented the Commerce Department from barring data hosting for TikTok within the US. And they allowed content delivery services to resume. And in June 2020, they revoked all of the executive orders with respect to TikTok and replaced them. So the new mandates are kind of more of a broader review of that. It doesn't specifically name TikTok. And we don't really know what that's going to mean for them. Right now, they're still investigations continuing with that type is the Committee on Foreign Investment in the United States, just trying to figure out the national security implications of foreign investments in US companies. And that's going to be separate from these executive orders. And we don't know if they're going to end up again, back on some sort of list. And then there's also some catch-all lists that we kind of have to think about too. So there is something in the Export Administration Regulations that says if you know or have reason to know, but somebody will you be using this product, to violate export control laws, like for military or government purposes, for example, called Part 744. Then you have an obligation to ask for more information about it. And there have been some changes to the regulations under government and military end-users specifically for China that say that if you know that a product or a company is using a product to further military end uses, then you have an obligation to perhaps get a license, an export license, or to explain how your particular product won't be used as a dual US military item. And so there's still a lot of complications kind of going around that because, you know, is TikTok, part of the Chinese military-industrial complex. You know, are they using that data in some way that could be used to produce more surveillance on either American or Chinese citizens for military purposes? If that's a possibility, do companies that serve that particular organization need to think about getting export licenses or some sort of advisory opinion on whether or not their particular product might require an export license? So that's kind of a, it's still really an open issue? It's not in the headlines anymore, but I think a lot of companies are following you.
Debbie Reynolds 26:18
Fascinating. Yeah, I love this. So let's talk about privacy. So to me, there are just a lot of parallels here in privacy, because a lot of when you're dealing with data, typically is data, sometimes it's data of individuals, and like you're saying about things with surveillance and identifying people, you know, that is related to having personally identifiable information about individuals and sort of how that data is being used. So, to me, the parallel is definitely data flow. So I help companies sell products in different locations. So if they say, okay, they, you know, I want to sell my product in Sweden, you know, but the way my product is made, I can't really address the privacy issues that I have when I'm doing this in Sweden. So I do that. And then also, you know, I literally have people come up to me and say, you know, we have this really cool technology, we're, you know, identity, create identity systems, and we want to do it for Pakistan. And I'm like, wait a minute, you
need to really think about this expert control thing like you can't, you know, I think technology makes us think, the technology, especially with the cloud, makes us as a consumer feel like things are easy because that's what it's supposed to be even supposed to make it easy for the consumer. But on the backend, the business-to-business stuff is very tricky. Because you still need to know where the state is, you need to know where it's going. Especially you have technology that you're exporting. That's something, you know, that definitely raises a red flag with anyone if they're concerned about selling your product in different countries.
Tansie Iwafuchi 28:12
Yeah, and I mean, you know, a lot of the export controls, for example, on encryption. And low-level stuff, like just authenticating a user or using a digital signature, often is not controlled by the US export government. But there are things that people do in the name of privacy, like integrity checking, absent access, maybe software libraries, or utilities, or operating systems to kind of add additional security or key management, public keys, secure communication channels, copy protection, digital rights management, things that are maybe more controlled inputs by the US government that are just people trying to comply either with security requirements, like maybe they've got sensitive data, they're transferring, like medical kinds of drugs. That's actually not a great example because we do have a carve-out for that in export controls, but maybe other security information that is very private. And to do those things, you do have to identify your end-user, right. And in some countries, of course, there are policies about how much data you can gather and track, and I know that a lot there are a lot of legal teams working on nothing but figuring out how do we get consent? How do we ask for the consent that we need to track this person to let them know that we're using anti-virus protection or that we're, perhaps, you know, doing something in the background to ensure that there's a transport layer of security that's occurring and that they are okay with their information being gathered for the purpose of providing security, secure connections, or security to that to access certain types of data? And I don't know that there's a one size fits all answer. So probably a business like yours is fantastic because you know that there, you're going to have different requirements. Someone in the UK is going to have a different requirement than someone in Pakistan, just for example, and those are always changing, right. So with the UK leaving the European Union right now, just, for example, we are trying to figure out the export licensing and transfer requirements for the EU versus the UK, and how we're going to register our products or make certain changes so that we meet both requirements, I can imagine you're quite busy. On the privacy side, they're figuring out what requirements will need to be met.
Debbie Reynolds 31:11
Oh, yeah. You know, you have to know what you don't know. So I know, you know, when someone tells me, I want to export encryption to Pakistan, and I'm like, yeah, we need to look deeply into this.
Tansie Iwafuchi 31:28
Well, and then you have to tell them, like, hey, some controls, encrypted data can't be sent to store in or live in D Five countries, which are, you know, like, Russia, China, Venezuela, Myanmar. You know, there's certain restricted data that the government has or that can't be placed in certain places. And so, how do you deal with that? If a company says, well, I have, you know, a major data center in Russia, that's where I store a lot of my data, and you're like, well, that might not be the best place for that data storage center? Look, let's look at it.
Debbie Reynolds 32:08
Yeah. You mentioned something I think is really interesting. And I'm glad you brought it up. And it has to do with the cloud and the fact that companies now, you know, I feel like people who understood or were doing a lot of this export controls tend to be bigger companies that have that kind of the money and have the staff and the wherewithal to sort of do all this kind of research and lay room. And then you have these smaller companies, they have these cool ideas, and they want to spread their, you know, good customers around the world. And they don't really have that knowledge, like, Do you have any thoughts about what you will say to maybe a smaller, let's say, for example, like a smaller cloud company that's doing some cool technology or whatever. And they're trying to sell something overseas, like maybe like a point that they need to really think about? Stop and think about it?
Tansie Iwafuchi 33:02
Yeah, so I'd say it's how you're distributing it, right? So a small, even a smaller company, if they're doing their own distribution, they have to do more homework, right? They have to figure out how they're going to deliver the product to the user, and how they're going to check the registration data and do maybe IP screening to make sure that they're not delivering that product to either an embargoed country or someone who's on a denied restricted parties list. And then you've got to figure out where's that software? Or where's that use of the software being consumed? How do I build them? How do I collect on them? There's a lot of other things that are required when you're first starting on a cloud basis to sell a product. So a lot of those smaller companies do use larger companies like an Azure, or an AWS, or, you know, one of the other distribution providers of cloud products. Those larger companies like Azure, for example, they do have overlays that those smaller companies can use so that they don't necessarily have to build out those large scale kinds of compliance items, the
y have registration, where they're doing some denied party screening, they may have real-time IP blocking or areas that you can select, which countries are going to be able to sell your particular cloud product. There may be like qualification forms you can use or pop-ups to make sure that that product or like if you have source code you're delivering or whatever on a cloud basis. It only goes to certain companies or certain countries. There are tools, I guess is what I'm getting at, that are available with those larger vendors that you can have access to, but you have to know how to use the tools, and generally you have to ask, And that's the part that I think is difficult. Because if you don't know that you have this compliance responsibility, you may not ask, like, hey, can I block people from? I don't know Iran from receiving this product because I know that I can't send this product to Iran. And they'll tell you, yes, we do have modules that are free for you to use on our service, on our distribution service. But it's not something necessarily that if you don't know to ask, they're not going to bring that up; it's not necessarily a requirement of putting your product on their cloud. Now, a lot of these companies are US-based. So they are subject to the exact same export restrictions. So they may be running these tests kind of for their own purposes. But that doesn't protect your smaller company; they need to have their program in place as well. So I think, yeah, definitely using these bigger services and asking questions about, you know, hey, do you have trade compliance tools that I can use or data privacy tools that I can use that would help me? And then also, there are consultants such as yourself and other people that have knowledge and experience that they can bring to the table where you can do things on a smaller scale, you can have someone maybe in your order management group, I see a lot of that, or your legal team to, to set up some systems or some programs that are doing some of this in an automated way. And I think that's a big help.
Debbie Reynolds 36:36
Absolutely. Tell me about it, I want your thoughts about something right now that's happening or something that's on the horizon that's concerning you about technology, as it relates to kind of either export control or privacy; there may be a parallel there?
Tansie Iwafuchi 36:54
Yeah, I mean, for me, recently, I was pretty shocked too when I found out that Israel's NSO Group, which is like a hacker for hire company, I think they were calling them in the media, we're kind of using the phones, that people have the tools for their jobs, to kind of conduct this sort of transnational, I guess they were calling it repression. Basically, something that you have in your home, like, you know, your Apple iPhone, or whatever you're, you're going about your day doing your work. And you've got somebody using spyware to hack into your business to follow you to maybe use the camera to, you know, do some spying, and it is terrifying. It's like something out of a Terminator movie. I'm hoping that there are going to be more companies that are going to be maybe launching products that will be helping people to be secure from these hackers. Making sure that people aren't being tracked, making sure that people aren't having facial recognition being used to stop them from going into a mall in China, just because they happen to be a religion that is not popular in that country. Those types of things to me are, I want to see those products, I want to see products that are putting privacy back in people's hands. And I've worked, I worked at a cybersecurity company for many years. And one of the discussions that I really loved having with some of the engineers was how they don't have Alexa at their house. They don't have electronic locks; they don't have smart refrigerators. And they said, you know, in an IoT kind of space and Internet of Things space, these refrigerators, for example, a lot of them don't have a robust security system in place. So your refrigerator could literally be tracking your movements within your home, listening to your conversations. I thought that is really a space and area where I can see a lot of growth happening. You know, protecting you from your own devices.
Debbie Reynolds 39:37
Yeah, absolutely. And then right, so, I don't know some people. I mean, these are real things. These are not imaginary fairy tales things like they are now. So yes, what's going to happen in the future is that your refrigerator is going to talk to your thermostat, and they're going to be talking about you.
Tansie Iwafuchi 39:59
Why are you making it so cold in here? That part can be terrifying too. Because, you know, when you have, I've got a smart meter at my house for my electricity. And there's a smart meter probably for the water. So, you know, let's say, the government feels I'm using too much electricity or too much water; they could literally control my access to either of those things with a click of a mouse. And you know, in some instances, that's good, like, let's say a water main breaks, we're able to maybe turn off and things now that will help us to not waste water. But you know, what if I need to brush my teeth, and I haven't had water in six months? I mean, there are things that are it, it? That's a dystopian view of it. But you know, you kind of wonder about those things when you see some of these things in the news because who would have ever thought that somebody smartphone would literally be able to perform facial recognition on other people without that user even knowing that that malware has been installed on their home? Right? It's, it's terrifying.
Debbie Reynolds 41:14
It is, it really is. And actually, the thing that you mentioned, this actually happened in Texas. So when Texas was having, like, the heatwave, or something over the summer, with people who sign up for those smart meters, they didn't realize they sign up to have the company control their cooling, you know, and they didn't know it. So like their people, they were like, they woke up and their thermostat. You know, they're they have turned the air conditioning off or something. And people are like really no sweltering hot heat and stuff like that. And it was horrible. Because you don't know, you don't know someone's sick; you don't know the condition or you know, what's happening in someone's house or whatever and what they what their needs are, right. So to be able to have someone like you said, with a click of a mouse, be able to change that, you know, on a mass scale. That's problematic.
Tansie Iwafuchi 42:07
I mean, what if you've got someone on oxygen and they've turned off the electricity? Right? That person needs the oxygen to live? It's, it is terrifying.
Debbie Reynolds 42:18
It is definitely. So what would be your wish, if it was the world according to Tansie what would be your wish for, you know, privacy, whether it be technology, human regulation, anything?
Tansie Iwafuchi 42:36
Oh, such a good question. My wish is that it would be used more responsibly in order to improve people's lives, the technologies that we're using, rather than weaponized against innocent people who are simply going about their lives and trying to do the best they can to help their communities. I guess that's to me when I hear that companies are using these to maybe suppress free speech. You know, in a perfect world, it would be that we're using these technologies to amplify the kind of speech that improves our lives in our communities and gets people to work together to solve our common community problems, rather than to single out certain people and say, well, I don't like your opinion. So clearly, you're a person who should be in prison. That is, that is a bad way. The other way, we'd be more, you know, hey, our community can fix these problems that we have, we can work together to help the homeless in our community, we can, you know, we've noticed there's a lack of bathrooms because we've done this data, you know, a collection, and we feel that the community can afford to build X number of community bathrooms or showers to help people that are in need. Those are the kinds of things I really love to see data and that collection used for, in a way that kind of advances our humanity.
Debbie Reynolds 44:21
Oh, I love it. That's great. I agree. I agree with that wholeheartedly. So I love technology, but I don't love everything with technology. So I think because so much of what we're doing is about the human. So these services are supposed to be for humans. So if you're doing something to harm someone, you should be concerned about that. And I don't think, you know, shouldn't need regulation to tell you to do that either.
Tansie Iwafuchi 44:50
Absolutely. And I mean, the regulations are supposed to be about building safer communities. At least that's the way I see it. I don't want any company that I'm working for to be transferring products to someone that is going to do something with it that is going to hurt other people. And that's why, you know, I've heard oh, those export control laws are so dry. Well, they may be, but they have a purpose. And that purpose, as I see it, is to make sure that now humans and communities are safe from people that may be using technology to build, say, a weapon of mass destruction, I don
't want those people to have access to products that help them to do that, I would like our products to inform them of where they are, perhaps, and we take that risk out of our community. You know, people deserve to feel safe in their homes. And so, I don't want to be a person that's contributing to people not feeling safe. So I really take export compliance as a sort of a personal mission. And that mission is to kind of improve our relationships with other countries and to protect us to protect the world from maybe people that don't have the best interests of other humans in mind.
Debbie Reynolds 46:17
Oh, yeah. That's amazing. Wow, I'm so excited to be able to share this episode with people. I think they'll be fascinated as I was, with you, and the things that you're doing, and, you know, keep up the good work. I love it. And I want to hear more people talk about this because I think, you know, we weren't, you know, in the past, the way, we imagined technology was very provincial, right. So the server was down the hall information, the person I'm working with down the street or next door now, so much is global. And data is moving everywhere. So we all need to really be thinking about how data moves and how that impacts us. Excellent. Well, thank you so much for being on the show. I'm happy that we connected and happy to think about ways we can collaborate.
Tansie Iwafuchi 47:07
Thank you so much for inviting me. It was fun.
Debbie Reynolds 47:10
Yeah, definitely.