hi I'm Peter Burris and welcome to this week's action item once again we're broadcasting from our beautiful the cube Studios in Palo Alto California and the wiki bond team is a little bit smaller this week for variety of reasons I'm being joined remotely by Neil Raiden and Jim Kabila's how you doing guys we're doing great Peter I'd be good thank you alright and it's actually a good team what we're gonna talk about we're gonna be specifically talking about some interesting developments and 14 days or so gdpr is gonna kick in and people who are behind will find themselves potentially subject to significant fines we actually were talking to a chief privacy officer here in the US who told us that had the Equinix breach occurred in Europe after May 25 2008 eeen it would have cost or Equifax the Equifax breach it would have cost Equifax over 160 billion dollars so these are very very real types of money that we're talking about but as we started thinking about some of the implications of gdpr and when it's going to happen and the circumstances of its of its success or failure and what its gonna mean commercially to businesses we also started trying to fold in a second trend and that second trend is the role of bitcoins going to play Bitcoin has a number of different benefits we'll get into some of that in a bit but one of them is that the data is immutable and gdpr has certain expectations regarding a firm's flexibility and how it can manage and handle data and blockchain may not line up with some of those issues as well as a lot of the Braque blockchain advocates might think Jim what are some of the specifics well Peter yeah blockchain is the underlying distributed hyper ledger or trusted database underlying Bitcoin and many other things blockchain yeah you know the one of the core things about blockchain that makes it distinctive is that you can create records and append them to block change you can read from them but can't delete them or update them it's not a crud database it's essentially for you to be able to go in and you know and erase a personally identifiable information record on an EU subject is you EU citizen in a blockchain it's not possible if you stored it there in other words blockchain then at the very start because it's an immutable database would not allow you to comply with the GDP ours were quite that people have been given a right to be forgotten as what what it's called that is a huge issue that might put the big kibosh on implementation of blockchain not just for PII in the EU but really for multinational businesses anybody who does business in Europe and the core you know coordination is like you know we're disregard brexit for now like Germany and France and Italy you got to be conformant completely worldwide essentially with your in your your PII management capabilities in order to pass muster with the regulators in the EU and avoid these massive fines blockchain seems like it would be incompatible with that compliance so where does the blockchain industry go or does it go anywhere or will it shrink well the mania died because of the GDP our slap in the face probably not there is a second issue as well Jim Lise I think there is and that is blockchain is allows for anonymity which means that everybody effectively has a copy of the ledger anywhere in the world so if you've got personally identifiable information coming out of the EU and you're a member or you're a part of that blockchain Network living in California you get a copy of the ledger now you may not be able to read the details and maybe that protects folks who might implement applications in blockchain but it's a combination of both the fact that the ledger is fully distributed and that you can't go in and make adjustments so that people can be forgotten based on EU laws if I got that right that's right and then there's a gray area you can't encrypt any and every record in a blockchain and conceal it from the prying eyes of people in California or in Thailand or wherever in the EU but that doesn't delete it that's not the same as erasing or deleting so there's a gray issue and there's no clarity from the EU regulators on this what if you use secret keys to encrypt individual records PII on a blockchain and then lost the keys or deleted the keys is that effectively would that be the same as he racing the record even though those bits still be there to be unreadable none of this has really been addressed in practice and so it's all a gray area it's a huge risk factor for companies that are considering exploring uses of blockchain for managing identity and you know security and all that other good stuff related to the records of people living in EU member countries so it seems as though we have two things they're gonna have that are that are likely to happen first off it's very clear that a lot of the GDP are related regulations were written in advance of comprehending what blockchain might be and so it doesn't and GDP are typically doesn't dictate implementation styles so it may have to be amended to accommodate some of the blocks a blockchain implementation style but it also suggests that increasingly we're going to hear from a design standpoint the breaking up of data associated with a transaction so that some of the metadata associated with that transaction may end up in the blockchain but some of the actual PII related data that is more sensitive from a GDP or other standpoint might remain outside of the blockchain so the blockchain effectively becomes a distributed secure network for managing metadata in certain types of complex transactions this is is that is that in scope of what we're talking about Jim yeah I bet you've raised and alluded to a big issue for implementers there will be on chain implementations of particular data data applications and off chain implementations off chain off blockchain will probably be all the PII you know in databases relational and so forth that allow you to do deletes and updates and so forth in you know to comply with you know gdpr and so forth and similar mandates elsewhere gdpr is not the only privacy mandate on earth and then there's on chain applications that you'll word the data what data sets will you store in blockchain you mentioned metadata now metadata I'm not sure because metadata quite often is is updated for lots of reasons for lots of operational patience but really fundamentally if we look at what a blockchain is it's a audit log it's an archive potentially of a just industry fashioned historical data that never changes and you don't want it to change ideally I mean I get an audit log you know let's say in the Internet of Things autonomous vehicles crashed and so forth and the data on how they operate should be stored you know either in a black box on the devices on the cars themself and also possibly backed up to a distributed blockchain where there is a transact or there's a there they a trusted persistent resilient record of what went on that would be a perfect idea for using block chains for storing perhaps trusted timestamp maybe encrypted records on things like that because ultimately the regulators and the courts and the lawyers and everybody else will want to come back and subpoena and use those records to and analyze what went on I mean for example that's an idea where something like a block shape and simile might be employed that doesn't necessarily have to involve PII unless of course it's an individual persons car and so there's all those great areas for those kinds of applications so right now it's kind of looking fuzzy for blockchain in lots of applications where identity can be either you know where you can infer easily the infer the identity of individuals from data that may not on the face of it look like it's PII so Neal I want to come back to you because it's this notion of being able to infer one of the things that's been going on in the industry for the past well 60 years is the dream of being able to create a transaction and persist that data but then generate derivative you out of that data through things like analytics data sharing etc blockchain because it is but you know it basically locks that data away from prying eyes it kind of suggests that we want to be careful about utilizing blockchain for applications where the data could have significant or could generate significant derivative use what do you think well we've known for a long long time that if you have anonymized data in the data set that it can merge that data with data from another data set relatively easy to find out who the individuals are right you add you add DNA stuff to that eh our records surveys things from social media you know everything about people and that's dangerous because we used to think that while losing are losing our privacy means that are going to keep giving us recommendations to buy these hands and shoes it's much more sinister than that you can be discriminated against in employment in insurance in your credit rating and all sorts of things so it's it's I think a really burning issue but what does it have to do with blockchain and G GD R that's an important question I think that blockchain is a really emerge short technology right now and like all image search technologies it's either going to evolve very quickly or it's gonna wither and die I'm not going to speculate which one it's going to be but this issue of how you can use it and how you can monetize data and things that are immutable I think they're all unanswered questions for the wider role of applications but to me it seems like you can get away from the immutable part by taking previous information and simply locking it away with encryption or something else and adding new information the problem becomes I think what happens to that data once someone uses it for other purpose than putting it in a ledger and the other question I have about GD d are in blockchain is who's enforcing this one army of people are sifting through all the stated at the side use and violation does it take a breach before they have it or is there something else going on the act of participating in a blockchain equivalent to owning or or having some visibility or something into a system so I am gdpr again hasn't doesn't seem to have answers to that question Jim what were you gonna say yeah the EU and its member nations have not worked out have not worked out those issues in terms of how will you know they monitor enforcement and enforce GDP are in practical terms I mean clearly it's gonna require on the parts of Germany and France and the others and maybe you know out of Brussels there might be some major Directorate for GDP our monitoring and oversight in terms of you know both companies operating in those nations as well as overseas with European Berger's none of that's been worked out by those nations clearly that's like you know it's just like the implementation issues like blockchain are not blockchain it's we're moving it toward the end of the month with you know not only those issues networked out many companies many enterprises both in Europe and elsewhere are not GDP are ready there may be some of them I'm not gonna name names may make a good boast that they are but know nobody really knows what it needs to be ready at this point I just this came to me very clearly when I asked Bernard Marr well-known author and you know influencer and the big data space at UM in Berlin a few weeks ago at at the data works and I said Bernard you know you consult all over with big companies what percentage of your clients and without giving names do you think are really truly GDP are already perm age when he said very few because they're not sure what it means either everybody's groping their way towards some kind of a hopefully risk mitigations threatened risk mitigation strategy for you know addressing this issue well the technology certainly is moving faster than the law and I'd say an argue even faster than the ethics it's going to be very interesting to see how things play out so we're just for anybody that's interested we are actually in the midst right now of doing right now doing some a nice piece of research on blockchain patterns for applications and what we're talking about essentially here is the idea that blockchain will be applicable to certain classes of applications but a whole bunch of other applications it will not be applicable to so it's another example of a technology that initially people go oh wow that's the technology it's going to solve all problems all date is going to move into the cloud Jim you like to point out Hadoop all data and all applications are going to migrate to the doop and clearly it's not going to happen Neil the way I would answer the question is it blockchain reduces the opportunity for multiple parties to enter into opportunism so that you can use a blockchain as a basis for assuring certain classes of behaviors as a group as a community and and and B and had that be relatively audible and understandable so it can reduce the opportunity for opportunism so you know companies like IBM probably you're right that the idea of a supply chain oriented blockchain that's capable of of assuring that all parties when they are working together are not exploiting holes in the contracts that they're actually complying in getting equal value out of whatever that blockchain system is and they're not gaining it while they can go off and use their own data to do other things if they want that's kind of the in chain and out of chain notion so it's going to be very interesting to see what happens over the course of next few years but clearly even in the example that I described the whole question of gdb our compliance doesn't go away all right so let's get to some action items here Nia what's your action item I suppose but when it comes to gdpr and blockchain I just have a huge number of questions about how they're actually going to be able to enforce it and when it comes to a personal information you know back in the Middle Ages when we went to the market to buy a baby pig they put it in a bag and tied it because they wouldn't want the piglet to run away because it'd take too much trouble to find it but when you got at home sometimes they actually didn't give you a pig they gave you a cat and when you opened up bag the cat was out of the bag that's where the phrase comes from so I'm just waiting for the cat to come out of the bag I I think this sounds like a real fad that was built around Bitcoin and we're trying to find some way to use it in some other way but I'm I just don't know what it is I'm not convinced Jim oxidiser my yeah my advice for Dana managers is to start to segment your data sets into those that are forgettable under gdpr and those that are unforgettable but forgettable ones is anything that has publicly identifiable information or that can be easily aggregated into identifying specific attributes and specific people whether they're in Europe or elsewhere is a secondary issue The Unforgettable is a stuff that it has to remain inviolate and persistent and can that be deleted and so forth the stuff all the unforgettables are suited to writing to one or more locked chains but they are not kosher with gdpr and other privacy mandates and focusing on the unforgettable data whatever that might be then conceivably investigate using blockchain for distributed you know you know access and so forth but they're mine the blockchain just one database technology among many in a very hybrid data architecture you got the Whitman way to skin the cat in terms of HDFS versus blockchain versus you know you know no first no sequel variants don't imagine because blockchain is the flavor of mania of the day that you got to go there there's lots and lots of alternatives all right so here's our action item overall this week we discussed on action item the coming confrontation between gdpr which is has been in effect for a while but actually fines will start being levied after May 25th and blockchain GPR has relatively or prescribed relatively script strict rules regarding a firm's control over personally identifiable in from you have to have it stored within the bounds of the EU if it's derives from an EU source and also it has to be forgettable that source if they choose to be forgotten the firm that owns that data or administers and stewards that data has to be able to get rid of it this is in conflict with blockchain which says that the Ledger's associated with a blockchain will be first of all fully distributed and second of all immutable and that provides some very powerful application opportunities but it's not gdpr compliant on the face of it over the course of the next few years no doubt we will see the EU and other bodies try to bring blockchain and block thing related technologies into a regulatory regime that actually is administrable as as well as auditable and enforceable but it's not there yet does that mean that folks in the EU should not be thinking about blockchains we don't know it means it introduces a risk that has to be accommodated but we at least think that the that what has to happen is data managers on a global basis need to start adding to it this concept of forgettable data and unforgettable data to ensure the cake can remain in compliance the final thing will say is that ultimately blockchain is another one of those technologies that has great science-fiction qualities to it but when you actually start thinking about how you're going to deploy it there are very practical realities associated with what it means to build an application on top of a blockchain datastore ultimately our expectation is that blockchain will be an important technology but it's going to take a number of years for knowledge to diffuse about what blockchain actually is suitable for and what it's not suitable for and this question of gdpr and blockchain interactions is going to be a important catalyst to having some of those conversations once again Neil Jim thank you very much for participating in action today my pleasure I'm Peter burger I'm Peter bursts and you've been once again listening to a wiki bond action item until we talk again

>> [Announcer] Live from Berlin, Germany, It's The Cube, covering NetApp Insight 2017, brought to you by NetApp. >> We are wrapping up a day of coverage at NetApp Insight on The Cube. I'm Rebecca Knight, along with My cohost, Peter Burris. So, we've had a lot of great interviews here today. We've heard from NetApp executives, customers, partners about this company's transformation, and about what it's doing now to help other companies have a similar transformation. What have been some of your impressions of where NetApp is right now, and what it's saying? >> I think it starts with the observation that NetApp realized a number of years ago that if it was just going to be a commodity storage company, it was gonna have a hard time, and so NetApp itself went through a digital transformation to try to improve its understanding of how customers really engaged with it, how it could improve its operational profile's financial footprint, and the result of that was a company that, first off, was more competitive, but also that had learned something about digital transformation, and realized the relationship between the products that they were selling, the services that they were providing, the ecosystem they had that they could tap, been working with customers, and said, what is we took this knowledge, applied it to those things, what would we end up with? And so we now have a company that is still talking about products, but very much it's also talking about what businesses could do in day to day differently to effect the type of transformation that NetApp itself has been going through, and it's a compelling story. >> And you're describing this introspection that the company did, as you said, if we can't survive with our old business model, what can we do differently, and now eating it's own dog food, but then telling other companies about its story, and how its made changes. I mean, do you think NetApp is where it should be today? Are you pleased with the progress you've seen? >> Well that's one of the great challenges in the tech industry today, is nobody's quite sure where they should be. >> [Rebecca] There are no benchmarks. >> Because nobody's sure what's going on underneath them. So many years ago, in response to a reporter's questions about IBM, they said, well what do you think? Is IBM going to be successful at moving the aircraft, turning the aircraft carrier? And I said, you don't get it. IBM's problem is not that they're trying to turn the aircraft carrier, it's that they're trying to rotate the ocean, so that they could go straight, and everybody else's position would change, and that's a lot of what's happening in the technology industry today, as the people are turning, the ocean's being rotated, and there are a couple of companies, like AWS, that seem to have their fingerprint, or their finger on some of those changes. I'm not sure NetApp has that kind of a presence in the industry, but what is clear is that the direction that NetApp has taken is generating improved financial results, a lot better customer satisfaction, and it's putting them into position to play in the next round, so to speak, of competition in this industry, and in an industry that's changing this fast, that, all by itself, is a pretty good position to be in. >> Well, you know, and you're talking about the changing industry, and then also the changing employment needs that this company has in terms of getting people in their workforce who really understand, not just that data in an asset, which is what we keep hearing today, too, but really understanding how to capture the data, tease out the right insights from the data, and then deploy a strategy based on those insights that actually will create value to the business, whether that's acquiring new customers, or saving money, or earning new lines of business, too. >> Well, for example, we had a great conversation with Sheila Fitzpatrick about GDPR, this phenomenal conversation. Sheila is in charge of privacy at NetApp, and the decision that she drove was to not just to GDPR, NetApp have to GDPR here in Europe, but to GDPR across the entire company. Now two years ago, I don't know that a NetApp person would have come onto The Cube and talked about GDPR, but that is a problem, that is a challenge that every business is facing, and bringing somebody on that has made some really consequential decisions for a company like NetApp to be able to say, here's how other businesses need to think about GDPR, think about data privacy, is a clear example of NetApp trying to establish itself as a thought leader about data, and not just a thought leader about commodity storage. So I think there's a lot of changes that NetApp's gonna go through. They still are talking about on tap, they still are talking about HCI, they're talking about all the various flash products that they have, so that's still part of their conversation, but increasingly they're positioning those products, not in terms of price performance, but in terms of applications to the business based on the practical realities of data. >> And I also think we've heard a number of executives talk about NetApp having a more consultative relationship with its clients and partners, and really learning from them, how they're doing things, and then sharing the learnings at events like NetApp Insight, here, and just really on the ground more, working in partnership with these companies, too. >> Data is a physical thing, and I think a lot of people forget that. A lot of people just look at data and say, oh it's this ephemeral thing, it's out there, and I don't much have to worry about it, but physics is an issue when you're working with data. Adam Steltzner, Dr. Adam, the gentleman from NASA, he talked about the role that data science is playing in NASA Mars exploration, talked about the need to worry about sparse data, because they have dial up speeds to send data back from a place like Mars. They're working on problems, but when you start thinking in those terms, the physical limitations, the physical realities, the physical constraints of data become very real. GDPR is not a physical constraint, but it's a legal constraint, and it might as well be physics. If a company does something, we heard, for example, that there are companies out there, based on their practices and how they were hacked, would have found themselves facing $160 billion liability. >> [Rebecca] Yeah. >> Now that may not be physics, you know, I can only move so much data back from Mars, but that is a very real legal constraint that would have put those companies out of business if GDPR governance rules had been in place. So what's happening today is companies, or enterprises are looking to work with people who understand the very physical, practical, legal, and intellectual property realities of data, and if NetApp is capable of demonstrating that, and showing how you could turn that into applications, and into infrastructure that works for the business, then that is a great partner for any enterprise. >> Well do you think that other companies get it? I mean, the sense of where we are today? You use this example of GDPR, and how it really could have sent companies out of business if those rules had been in place, and they had been hacked, or suffered some huge data breach. Do you think that NetApp is setting itself up as the thought leader, and in many ways is the thought leader? Are there companies on the same level? >> No, they're not, and certainly there are a lot of tech companies that are moving in that direction, and that they're comparable with NetApp, and working both close with NetApp, and in opposition to NetApp, at least competitively, but the reality is that most enterprises are, how best to put this? Well, what I like to say is William Gibson, the famous author who coined the term cyberspace, for example, once said, the future's here, it's just evenly distributed. So there are pockets of individuals in every company who are very cognizant of these challenges, the physical realities of data, what it means, what role data actually plays, what does it mean to actually call data an asset? What's the implications on the business of looking at data as a asset? That's in place in pockets, but it's not something that's broadly diffused within most businesses, certainly not our client base, not the Wikibon angle client base, is certainly not broadly aware of some of these challenges. A lot of things have to happen over the course of the next few years for executives, and rank and file folks to comprehend the characteristics, or the nature of these changes, start to internalize, start to act in concert with the possibilities of data, as opposed to in opposition to the impacts of data. >> And those are the people who, we had guests on today just talked about the data resisters, because there are those in companies, maybe they're just an individual in a company, but that can have a real impact on the company's strategy of moving forward, deploying its data smartly. >> Yeah, absolutely, and we also had the gentleman from The Economist who made the observation that concerns about artificial intelligence impacts employment might be a little overblown. >> [Rebecca] Right, right. >> So a lot of those data resisters might be sitting there asking the question, what will be the impact of additional data on my job? And it's a reasonable question to ask, because if your business, we also talked about physicians. A radiologist, for example, someone who looks at x-rays has historically not been a patient facing person. They would sit in the back and look at the x-rays, they would write up the results, and they would give them to the clinician, who would actually talk to the patient. I, not too long ago, saw this interesting television ad where radiologists presented themselves as being close to the patient. Why? Because radiology is one of those disciplines in medicine that's likely to be strongly impacted by AI, because AI can find those patterns better than, often, a physician can. Now the clinician may be a little less effected by AI, because the patient is a human being that needs to have their hand held. >> [Rebecca] And their life is on the line. >> Their life is on the line. The healing and treatment is about whether or not the person is able to step up and heal themselves. >> [Rebecca] Right. >> So there's going to be this kind of interesting observation over the next few years. Folks that work with other people will use data to inform. Folks that work with machines, folks that don't work with other people, are likely to find that other machines end up being really, really good at their job. >> [Rebecca] Right. >> Because of the speeds of data, at the compactness of data, human beings just cannot respond to data as fast as a machine, but machines still cannot respond to people as well as people can. >> And they don't have empathy. >> And they don't have empathy, so if I were to make a prediction, I would say that, in the future, if your job is more tied to using machines, yeah, you got a concern, but if your job is tied to working with people, your job is gonna be that much more important, and increasingly, the people that are working with machines are gonna have to find jobs that have them work with other people. >> Right, right. Well it's been a great day. It's fun to work with you. This is our first time together on The Cube. It was a great day. >> Well The Cube is a blast. >> The Cube is a blast. It's a constant party. I'm Rebecca Knight for Peter Burris, this has been NetApp Insight 2017 in Berlin. We will see you next time.