"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Anonos NIST Comment Letter – De–Identification Of Personally Identifiable Information
1.
anonos.com
1
Submitted
via
overnight
delivery
/
email
to
draft-‐nistir-‐deidentify@nist.gov
May
15,
2015
National
Institute
of
Standards
and
Technology
(NIST)
Attn:
Computer
Security
Division,
Information
Technology
Laboratory
100
Bureau
Drive
(Mail
Stop
8930)
Gaithersburg,
MD
20899-‐8930
Re:
Draft
NISTIR
8053
De-‐Identification
of
Personally
Identifiable
Information
We
appreciate
the
opportunity
to
submit
comments
to
the
National
Institute
of
Standards
and
Technology
(NIST)
in
the
context
of
the
draft
publication
entitled
Draft
NISTIR
8053
De-‐Identification
of
Personally
Identifiable
Information
(NIST
Draft
Report).
This
letter
is
separated
into
the
following
three
sections:
I. Proposal
to
Include
Dynamic
Data
Obscurity
in
NIST
Draft
Report;
II. History
of
the
term
Dynamic
Data
Obscurity;
and
III. The
Anonos
Just-‐In-‐Time-‐Identity
(JITI)
Approach
to
Dynamic
Data
Obscurity.
I.
Proposal
to
Include
Dynamic
Data
Obscurity
in
NIST
Draft
Report
We
propose
that
the
NIST
Draft
Report
include
Dynamic
Data
Obscurity
–
temporally
dynamic
data
obscuring
technology
that
actively
limits
the
risk
of
re-‐identification.
As
noted
in
the
NIST
Draft
Report,
static
de-‐identification
techniques
suffer
from
numerous
shortcomings;
however,
dynamic
obscuring
technology
helps
maintain
data
privacy
and
security
while
reducing
risks
involved
in
collecting,
storing,
processing,
and
analyzing
data.
Dynamic
Data
Obscurity
turns
data
into
business
intelligence
(BI)1
by
transforming
static
access
controls
into
technologically
enforced
dynamic
permissions
applied
per-‐element
instead
of
across
entire
records
or
applications.
This
maximizes
the
utility
of
underlying
data
by
allowing
intelligent,
adaptable,
and
compliant
permissions
while
fundamentally
enforcing
core
protections
for
personally
identifiable
and
sensitive
information.
1
Business
intelligence
(BI)
is
an
umbrella
term
that
includes
the
applications,
infrastructure
and
tools,
and
best
practices
that
enable
access
to
and
analysis
of
information
to
improve
and
optimize
decisions
and
performance.
See
http://www.gartner.com/it-‐glossary/business-‐intelligence-‐bi
2.
anonos.com
2
Technologically
enforced
Dynamic
Data
Obscurity
rules
can
account
for
access,
use,
display,
time,
and
location
restrictions,
across
any
industry
or
regulatory
standard,
thereby
helping
to
overcome
shortcomings
of
static
de-‐identification
such
as
the
following:
a) Re-‐Identification.
With
static
de-‐identification,
as
long
as
any
utility
remains
in
the
data,
there
exists
the
possibility
that
some
information
might
result
in
re-‐identification
of
original
identities.2
b) Lost
Data
Value.
Generally,
privacy
protection
improves
as
more
aggressive
static
de-‐
identification
techniques
are
employed,
but
less
utility
remains
in
the
resulting
data
set3
due
to
the
fact
that
static
de-‐identification
techniques
remove
identifying
information
from
data.4
c) Security
Breach
Exposure.
The
scope
and
frequency
of
data
security
breaches
have
changed
the
privacy
paradigm.
Some
view
theft
of
personal
data
by
cybercriminals
as
the
number
one
threat
to
privacy.5
However,
static
de-‐identification
techniques
are
not
designed
to
improve
data
security.
d) International
Acceptance.
Compliance
with
privacy
laws
in
one
jurisdiction
by
relying
on
click-‐
through
terms
and
conditions
and/or
static
de-‐identification
may
provide
insufficient
grounds
to
legally
use
data
in
other
jurisdictions.
For
example,
General
Data
Protection
Regulations,
currently
under
negotiation
between
the
European
Parliament
and
the
Council
of
the
EU,
are
expected
to
allow
EU
citizens
to
seek
redress
with
their
national
regulators
over
a
company’s
handling
of
their
data,
rather
than
being
subject
to
laws
in
the
country
where
the
company
has
its
headquarters.6
Existing
technology
does
not
effectively
address
shortcomings
of
static
de-‐identification
nor
does
it
adequately
reconcile
conflicts
between
protecting
personal
data
and
enabling
commerce.
Because
of
this,
companies
can
be
placed
in
the
uncomfortable
position
of
choosing
between
delivering
products
and
services
to
consumers
or
complying
with
data
privacy
laws
in:
a) Jurisdictions
that
require
unambiguous
consent
to
use
personal
data
like
in
the
EU;
b) Industries
subject
to
specific
regulatory
restrictions
on
data
use
like
healthcare,
education
and
finance
in
the
United
States;
and
c) Other
data
use
scenarios
subject
to
uncertain
future.
2
NIST
Draft
Report
at
line
151.
3
NIST
Draft
Report
at
line
150.
4
NIST
Draft
Report
at
line
76.
5
Robinson,
Teri.
“Privacy
Matters.”
SC
Magazine.
May
1,
2015.
http://www.scmagazine.com/privacy-‐
matters/article/409041/
6
Meyer,
David.
“Belgium
Targets
Facebook
Tracking.”
Politico.
May
15,
2015.
http://www.politico.eu/article/belgium-‐
targets-‐facebook-‐tracking/
3.
anonos.com
3
Dynamic
Data
Obscurity
is
a
new
technological
approach
to
protecting
personal
data,
while
at
the
same
time
bridging
the
gap
between
commerce
and
regulations.
Instead
of
yet
another
application
layer
on
top
of
legacy
data
sources,
Dynamic
Data
Obscurity
can
limit
the
ability
to
infer,
single
out,
or
link
to
personally
identifiable
or
sensitive
information.
Current
approaches
to
protecting
data
are
binary
in
nature
–
data
is
either
valuable
or
private
–
for
example:
• Encrypted
data
is
either
protected
but
unusable
or
usable
but
unprotected
when
decrypted;
and
• With
digital
information,
data
is
generally
not
de-‐identified
but
available
to
customize
offerings
for
the
benefit
of
consumers,
or
is
de-‐identified
but
unavailable
to
fully
benefit
consumers,
companies,
and
society
at
large.
In
a
report
submitted
to
President
Obama
in
May
2014
entitled
Big
Data
and
Privacy:
A
Technological
Perspective,7
a
working
group
of
the
President's
Council
of
Advisors
on
Science
and
Technology
(PCAST)
noted:
The
beneficial
uses
of
near-‐ubiquitous
data
collection
are
large,
and
they
fuel
an
increasingly
important
set
of
economic
activities.
Taken
together,
these
considerations
suggest
that
a
policy
focus
on
limiting
data
collection
will
not
be
a
broadly
applicable
or
scalable
strategy
–
nor
one
likely
to
achieve
the
right
balance
between
beneficial
results
and
unintended
negative
consequences
(such
as
inhibiting
economic
growth).
More
broadly,
PCAST
believes
that
it
is
the
use
of
data
(including
born-‐
digital
or
born-‐analog
data
and
the
products
of
data
fusion
and
analysis)
that
is
the
locus
where
consequences
are
produced.
This
locus
is
the
technically
most
feasible
place
to
protect
privacy.
Technologies
are
emerging,
both
in
the
research
community
and
in
the
commercial
world,
7
https://www.whitehouse.gov/sites/default/files/microsites/ostp/PCAST/pcast_big_data_and_privacy_-‐_may_2014.pdf
4.
anonos.com
4
to
describe
privacy
policies,
to
record
the
origins
(provenance)
of
data,
their
access,
and
their
further
use
by
programs,
including
analytics,
and
to
determine
whether
those
uses
conform
to
privacy
policies.
Some
approaches
are
already
in
practical
use.
Dynamic
Data
Obscurity
can
help
provide
flexible
technology-‐enforced
controls
necessary
to
support
economic
growth
requiring
sophisticated
handling
of
various
data
privacy
requirements.
For
example,
the
ability
to
deliver
on
the
many
promises
of
“health
big
data”
is
predicated
on
the
ability
to
support
differing
privacy
requirements
depending
on
the
source
of
health-‐related
data:
• Consumer
health
data
collected
using
personal
health
record
tools,
mobile
health
applications,
and
social
networking
sites
are
subject
to
privacy
policies
/
terms
and
conditions
of
applicable
websites,
devices
and
applications;
• Protected
health
information
(PHI)
is
subject
to
privacy
and
security
requirements
under
the
Health
Insurance
Portability
and
Accountability
Act
(HIPAA);
and
• Health
data
from
federally
funded
research
is
subject
to
separate
privacy
requirements
of
The
Federal
Policy
for
the
Protection
of
Human
Subjects
or
“Common
Rule.”
Each
of
the
above
categories
of
privacy
and
security
requirements
can
be
supported
via
Dynamic
Data
Obscurity
despite
differences
in
requirements
–
therefore
opening
up
new
opportunities
for
economic
growth
and
advances
in
research
and
healthcare.
Dynamic
Data
Obscurity
could
even
be
helpful
in
resolving
the
future
of
Europe's
Safe
Harbor
Agreement
with
the
U.S.
as
well
as
data
protection
practices
of
global,
internet-‐based
companies
operating
in
Europe
like
Apple,
Google,
Yahoo,
Skype
and
Microsoft
by
facilitating
sharing
of
personal
data
only
under
authorized
conditions
in
compliance
with
both
"lead"
and
"concerned"
Data
Protection
Authorities
thereby
accommodating
differing
requirements
in
multiple
EU
jurisdictions.
II.
History
of
the
term
Dynamic
Data
Obscurity
One
of
the
earliest
mentions
of
the
power
of
obscuring
data
was
in
a
2013
California
Law
Review
article
entitled
The
Case
for
Online
Obscurity8
by
Woodrow
Hartzog
and
Frederic
Stutzman,
in
which
they
stated:
On
the
Internet,
obscure
information
has
a
minimal
risk
of
being
discovered
or
understood
by
unintended
recipients.
Empirical
research
demonstrates
that
Internet
users
rely
on
obscurity
perhaps
more
than
anything
else
to
protect
their
privacy.
Yet,
online
obscurity
has
been
8
http://www.californialawreview.org/wp-‐content/uploads/2014/10/01-‐HartzogStutzman.pdf
5.
anonos.com
5
largely
ignored
by
courts
and
lawmakers.
In
this
Article,
we
argue
that
obscurity
is
a
critical
component
of
online
privacy,
but
it
has
not
been
embraced
by
courts
and
lawmakers
because
it
has
never
been
adequately
defined
or
conceptualized.
The
term
Dynamic
Data
Obscurity
was
coined
in
an
October
15,
2014
blog
by
Martin
Abrams,
the
Executive
Director
of
the
Information
Accountability
Foundation,
which
stated:
The
fact
is
that
we
data
protection
professionals
cannot
accept
the
status
quo.
We
need
to
be
able
to
demonstrate
our
trustworthiness,
and
effective
tools
are
part
of
that.
The
Information
Accountability
Foundation’s
mission
is
research
and
education
on
policy
solutions
that
facilitate
innovation
while
protecting
individuals
from
inappropriate
processing.
As
we
have
worked
through
big
data
ethics,
it
has
reinforced
our
view
that
outside
of
the
box
technology
solutions
must
be
available.
Data
needs
to
be
visible
when
it
is
being
used
within
bounds,
and
obscured
when
it
is
not.
Technology
does
not
replace
policy
enforcement;
it
makes
the
enforcement
possible
and
actionable.
A
number
of
us
have
been
thinking
about
the
dilemma
for
the
past
six
months
and
looking
for
solutions.
We
believe
the
solutions
are
part
of
a
field
we
have
begun
to
call
“Dynamic
Data
Obscurity.”
Dynamic
data
obscurity
involves
obscuring
data
down
to
the
element
level
when
that
level
of
security
is
necessary
and
making
sure
that
rules
which
control
when
elements
can
be
seen
are
real
and
enforced.
Dynamic
data
obscurity
is
also
about
making
the
technology
controls
harder
to
break
but
still
allowing
for
appropriate
uses.
It
requires
both
new
technologies
combined
with
effective
internal
monitoring
and
enforcement.9
The
next
public
use
of
the
term
Dynamic
Data
Obscurity
took
place
in
an
October
20,
2014
International
Association
of
Privacy
Professionals
(IAPP)
Privacy
Perspectives
article10
written
by
Gary
LaFever,
Co-‐Founder
and
Chief
Executive
Officer
of
Anonos
-‐
a
pioneer
in
developing
practical
applications
of
Dynamic
Data
Obscurity
technology,
in
which
he
stated:
We’re
not
discounting
the
value
of
anonymization;
it
powered
the
growth
of
the
Internet.
But
today,
technology,
markets,
applications
and
threats
have
evolved
while
the
protocols
to
keep
personally
identifiable
data
9
http://informationaccountability.org/taking-‐accountability-‐controls-‐to-‐the-‐next-‐level-‐dynamic-‐data-‐obscurity/
10
https://privacyassociation.org/news/a/what-‐anonymization-‐and-‐the-‐tsa-‐have-‐in-‐common/
6.
anonos.com
6
anonymous
have
not.
If
we
are
to
mine
the
vast
potential
of
data
analytics
to
create
high-‐value
products
and
services
that
improve
and
even
save
lives
while
meeting
the
privacy
expectations
of
the
public
and
regulators,
we
need
new
tools
and
thinking.
Dynamic
data
obscurity
improves
upon
static
anonymity
by
moving
beyond
protecting
data
at
the
data
record
level
to
enable
data
protection
at
the
data
element
level.
Dynamic
data
obscurity
empowers
privacy
officers
to
improve
the
“optics”
of
data
protection
for
data
subjects,
regulators
and
the
news
media
while
deploying
next-‐generation
technology
solutions
that
deliver
more
effective
data
privacy
controls
while
maximizing
data
value.
Vibrant
and
growing
areas
of
economic
activity—the
“trust
economy,”
life
sciences
research,
personalized
medicine/education,
the
Internet
of
Things,
personalization
of
goods
and
services—are
based
on
individuals
trusting
that
their
data
is
private,
protected
and
used
only
for
authorized
purposes
that
bring
them
maximum
value.
This
trust
cannot
be
maintained
using
static
anonymity.
We
must
embrace
new
approaches
like
dynamic
data
obscurity
to
both
maintain
and
earn
trust
and
more
effectively
serve
businesses,
researchers,
healthcare
providers
and
anyone
who
relies
on
the
integrity
of
data.
The
Information
Accountability
Foundation
held
a
framing
discussion
in
January
2015
in
Washington
DC
at
which
invited
government,
education
and
business
leaders
discussed
that:
Early
analytics,
dating
from
the
1980s,
were
dependent
on
anonymization
and
de-‐identification
to
ensure
compliance
and
individual
protection.
For
example,
information
used
for
credit
marketing
needed
to
be
de-‐
identified
to
comply
with
the
Federal
Fair
Credit
Reporting
Act.
Technology
provided
the
tools
to
de-‐identify,
and
the
assurance
came
from
the
requirements
of
the
FCRA.
Effective
de-‐identification
and
anonymization
tools
have
always
rested
on
this
marriage
of
policy
and
technology.
Today’s
analytics,
driven
by
observation,
makes
the
mandate
for
the
“belt
and
suspenders”
of
policy
and
technology
even
more
compelling.
The
technologies
are
challenged
internally
by
organizations’
need
for
knowledge
and
externally
by
very
smart
cyber
criminals.
Even
with
the
belt
of
policy,
the
suspenders
of
technology
need
upgrading
to
match
today’s
challenges.
If
we
do
not
meet
that
challenge,
we
could
see
real
7.
anonos.com
7
resistance
to
the
information
age’s
dual
mandates
for
innovation
and
fairness.
The
policy
community
needs
to
explore
Dynamic
Data
Obscurity
(DDO)
to
see
if
it
will
enhance
data
security
and
privacy
to
facilitate
increased
data
value
and
protection
compared
to
legacy
approaches.11
The
term
Dynamic
Data
Obscurity
has
since
been
used
at
international
conferences,12
in
comment
letters
submitted
to
international
data
privacy
regulators,13
and
in
White
Papers14
on
the
subject
of
Dynamic
Data
Obscurity.
III.
The
Anonos15
Just-‐In-‐Time-‐Identity
(JITI)
Approach
to
Dynamic
Data
Obscurity
Anonos has been working on Just-‐In-‐Time-‐Identity
(JITI)
technology
–
the
Anonos
approach
to
implementing
Dynamic Data Obscurity
–
since
2012.
Anonos
is
currently
engaged
in
a
Proof
of
Concept
with
an
international
Data
Protection
Authority
together
with
multinational
companies
to
show
that
Anonos
Just-‐In-‐Time-‐Identity
(JITI)
technologies,
layered
on
top
of
an
underlying
information
platform,
can
deliver
three
interlinked
benefits:
a) Role-‐based
technical
and
organizational
measures
to
enforce
policies
for
use
of
personal
data;
b) Functional
separation
between
low-‐
and
high-‐risk
data
uses
for
re-‐identification;
and
c) Secure
storage
of
underlying
data.
All
three
benefits
increase
the
utility
of
the
information
platform
while
at
the
same
time
increasing
the
privacy
and
security
controls
available
to
protect
personal
data.
Anonos
Just-‐In-‐Time-‐Identity
(JITI)
is
an
architecturally
enforced
private-‐by-‐default
technology
that
retains
utility
under
authorized
conditions,
and
supports
all
queries
and
actions
with
centralized
audit
logging.
Policies
and
rules
can
be
customized
to
limit
or
eliminate
re-‐identification
via
inference,
singling
out,
or
linking
of
personal
data.
11
http://informationaccountability.org/iaf-‐will-‐convene-‐ddo-‐discussion-‐in-‐2015/
12
http://informationaccountability.org/video-‐of-‐panel-‐on-‐dynamic-‐data-‐obscurity/
13
http://www.anonos.com/anonos-‐enabling-‐bigdata/
14
http://www.anonos.com/anonos-‐dynamic-‐data-‐obscurity/
15
Anonos,
Just-‐In-‐Time-‐Identity,
JITI,
Dynamic
De-‐Identifier,
DDID,
and
other
marks
are
trademarks
of
Anonos
Inc.
protected
under
U.S.
and
international
trademark
laws
and
treaties.
Anonos
Just-‐In-‐Time-‐Identity
technology
is
protected
under
U.S.
and
international
copyright
and
patent
laws
and
treaties.
Other
marks
that
appear
in
this
letter
and
not
owned
by
Anonos
are
the
property
of
their
respective
owners.
Anonos
makes
no
claim
of
relationship
to,
or
affiliation
with,
owners
of
marks
not
owned
by
us
Anonos.
8.
anonos.com
8
• Anonos
data
stores
are
obscured
by
default,
and
reveal
original
or
perturbed
data
values
only
in
accordance
with
technically
enforced
rules
in
response
to
authorized
queries.
Improper
use
of
data
is
architecturally
prevented.
• There
is
little
incentive
to
steal
Anonos-‐enabled
data
stores
since
data
is
obscured
at
all
times.
Without
access
to
Just-‐In-‐Time-‐Identify
(JITI)
dynamic
de-‐identification
(DDID)
keys
the
data
is
minimally
valuable.
• In
the
event
of
an
Anonos-‐enabled
data
store
breach,
data
is
unreadable
and
unusable
to
unauthorized
parties.
• Anonos
data
stores
can
be
created
from
scratch
or
derived
from
existing
data
stores
on
standard
platforms.
• Anonos
data
store
controls
can
reflect
regulatory
standards
that
will
indicate
to
companies
what
flow-‐through
protections
are
required
in
order
for
them
to
remain
compliant
when
crafting
internal
rules
and
policies.
Complying
with
regulations
using
current
approaches
to
de-‐identification,
data
privacy
and
security
can
be
complicated
and
expensive.
Anonos
anonymizing
capabilities
retain
full
data
value
and
utility
with
support
for
various
use
cases
–
all
while
minimizing
risk
of
data
misuse,
abuse
or
compromise
–
Anonos
refers
to
this
as
“anõnosizing”
data.
• Anonos
data
store
level
architectural
controls
facilitate
both
internal
audits
and
external
regulator
reviews.
• Anonos
enables
sharing
of
portable
data
stores
with
multiple
parties
having
differing
authorization
privileges
by
providing
unique
JITI
DDID
key
combinations
to
each
party,
any
of
which
may
be
revoked
manually
or
via
an
automatic
trigger
at
any
time.
• Anonos
facilitates
compliance
with
data
privacy
laws,
rules
and
regulations
by
companies
of
all
sizes
without
requiring
them
to
have
large
in-‐house
data
privacy
/
security
teams.
10.
anonos.com
10
Potential
Applications
of
Anonos
Just-‐In-‐Time-‐Identity
(JITI)
Dynamic
Data
Obscurity
Technology
Example
#1:
Internal
Data
Misuse
Walt
Disney
offers
visitors
to
its
parks
“MagicBands”
–
wrist-‐worn
authentication
devices,
providing
access
to
hotels,
rides,
transportation,
as
well
as
an
ability
to
pay
for
food,
beverages,
and
souvenirs
via
a
linked
payment
card.
Within
a
single
park,
there
might
be
hundreds
of
different
uses
for
a
MagicBand,
each
of
which
might
have
distinct
access
rules.
For
example,
a
ride
might
need
to
know
the
height
of
the
patron;
a
bar
might
only
allow
children
in
during
lunch;
and
payments
of
certain
types
might
require
both
the
child’s
and
parent’s
MagicBand.
Finally,
a
lost
child
with
a
MagicBand
can
be
easily
reunited
with
trusted
family.
The
danger
in
this
system
comes
from
trusted
insiders,
because
customers
demand
full
utility
while
the
park
has
a
duty
to
manage
the
risk
of
exposing
too
much
personal
information
to
employees.
From
a
staff
management
perspective,
the
incentive
is
to
have
fewer
roles
with
greater
access
and
authority,
but
that
enables
employees
with
the
right
access
to
aggregate
the
required
data
from
different
MagicBand
uses
and
track
the
movement
of
guests,
know
when
they’re
not
in
their
hotel
rooms,
or
even
manipulate
parameters
to
create
dangerous
authorizations
for
small
children
to
go
on
adult-‐sized
rides.
Anonos-‐enabled
data
stores
for
each
of
these
use
cases
would
eliminate
such
risks,
because
employee
roles
would
be
defined
on
a
per-‐use-‐case
context
basis,
and
casual
browsing
of
the
wider
family
records
would
be
prevented.
Example
#2:
Re-‐identification
The
January
2015
Science
journal
includes
a
3
month
study
of
credit
card
records
for
1.1
million
people
that
shows
four
spatiotemporal
points
are
enough
to
uniquely
re-‐identify
90%
of
credit
card
customers.
Anonos
de-‐identifiers
(DDIDs)
de-‐identify
credit
card
customers
for
each
transaction
–
providing
a
Just-‐In-‐
Time-‐Identity
(JITI)
for
each
transaction.
As
a
result,
customers
cannot
be
re-‐identified
by
means
of
correlating
static
anonymous
identifiers.
The
Anonos
approach
makes
limiting
the
ability
to
single
out,
link
or
infer
a
data
subject
a
policy
choice
instead
of
a
statistical
risk.
See
http://www.anonos.com/unicity
for
interactive
version
of
this
example
11.
anonos.com
11
Example
#3:
Data
Breach
Firms
like
health
insurer
Anthem
suffer
when
their
facilities
are
breached
(as
do
their
millions
of
subscribers
/
customers
whose
identities
are
“hacked”)
and
data
is
kept
in
unencrypted
form
to
enable
use
of
the
data.
As
a
result,
attackers
can
gain
unauthorized
access
to
personal
data
in
“cleartext”
form
–
i.e.,
unencrypted
information
that
is
“in
the
clear”
and
understandable.
In
contrast
to
standard
encryption,
which
is
generally
fully
“on”
or
"off,"
or
traditional
data
masking
techniques
which
do
not
protect
data
at
the
data
store
level,
Anonos
Just-‐In-‐Time-‐Identity
(JITI)
can
protect
against
data
loss
from
external
breaches
without
losing
use
of
data
for
authorized
purposes
within
the
company.
With
JITI,
an
attacker
may
gain
access
to
data
but
would
not
gain
access
to
JITI
keys
(kept
securely
in
separate
virtual
or
physical
locations)
necessary
to
reveal
personal
information.
_______________
Anonos
appreciates
the
opportunity
to
submit
this
letter
to
the
National
Institute
of
Standards
and
Technology.
Respectfully
Submitted,
M.
Gary
LaFever
Ted
Myerson
Co-‐Founder
Co-‐Founder