IBM's 'triathlon man' makes data smarter

Not exactly the man of steel, but Jeff Jonas wants businesses to buff up on entity analytics so they can avoid data "amnesia" and make better decisions.
Written by Eileen Yu, Senior Contributing Editor

newsmaker In 2005, Singapore was the first country he'd ever visited outside the United States, apart from Canada and Mexico. Today, Jeff Jonas' passport is filled with so many stamps from the countries he has since visited, that he's had to add in new pages.

Jonas was the founder of Systems Research & Development (SRD), once staffed by all of 18 people. And while it was doing well, it certainly wasn't a multinational corporation. But the company grew to become 60 employee-strong, and was eventually acquired by IT giant IBM in 2005.

Jonas' biography reads like a soap opera: high school dropout at 19, once lived out of his car, declared a bankrupt after his first software business bombed, and was temporarily paralyzed from the neck down after a car accident.

Today, Jonas is not only walking tall, he has taken part in seven Ironman triathlons, though he's modest enough to admit a 14-year-old as well as a 70-year-old triathlon participant cruised past him during a race.

He's also quick to acknowledge that SRD would have remained a "really small" company based in Las Vegas, if he hadn't hired "a real CEO", John Slitz, and "demoted" himself to chief scientist.

Under Slitz's guidance, Jonas recalled how SRD grew rapidly and in January 2005, became part of IBM's Entity Analytics Group, a unit which was established based on the technologies he invented and developed at SRD.

Entity analytics software provides real-time business intelligence capabilities, by correlating relevant information even as the data changes. These tools have been used by casinos and government agencies in the United States to combat fraud and insider crime.

ZDNet Asia settles down for an interview with Jonas, who is currently an IBM Distinguished Engineer and chief scientist of entity analytics solutions. He describes his job as one of an evangelist, championing the technologies he invented and that are now part of IBM's technology pool, and discusses why organizations need entity analytics to cure "amnesia" and make better decisions.

Jonas also explains why there are some things even he would never want to invent.

Q: What do you do as an IBM Distinguished Engineer and chief scientist?
Jonas: There are some 300 Distinguished Engineers in IBM, and I acquired the title after my company was bought in January 2005. You're given the title because you've become a recognized expertise in the field you're in and my expertise is in data streaming identity.

My job is to invent next-generation technology, work on privacy protection, and evangelize what IBM bought when they bought my company, and inventions along with it.

Do your inventions center around a particular theme?
I think they center around helping organizations be more intelligent. Organizations have amnesia. They forget what they know. For example, we found a retailer that had many thousands of employees. And as it turned out, two out of every thousand employees were people who had already been arrested for stealing from the retailer. So we had a department who knows the company already had these people arrested in the past, but the same people are rehired over in another department in the company. That's amnesia. Your organization already learned this, but you forgot it when you rehired them. That's bad.

If you have enterprise amnesia, you make poor decisions. You hire the wrong people, you don't treat your customers right and you miss the obvious.

Every system in an organization has a database, and databases have perceptions. You need to bring these business perceptions and knowledge together so the organization can be smarter.

Sounds similar to business intelligence and datawarehousing tools.
Well, not exactly. What makes entity analytics different is that we're trying to notice things exactly as they happen. There's a lot of work out there about collecting information over time, and then you analyze it at the end of the month to see what it means. A lot of systems that are built today expect the user to ask the question. But you can't expect the user to ask a smart question, or the right question, every day.

What we're doing is this: with all these perceptions in your databases, and as fast as the data is changing, the system will notice if a new data changed something, and whether it needs to tell somebody that it changed.

For example, a casino discovers that one of their customers has been stealing money and that customer has been arrested. And, it's very obvious that the customer knew a lot about the inter-workings of the casino and that one of the casino's employees was involved in the crime. But the casino doesn't know which employee helped the customer

from the inside. Six months later, an employee changes his home phone number, which happens to be the same as the customer who was involved in the fraud case.

Today, I don't think there's a business in the world that can notice the correlation. You have to wait until somebody asks the right question. But, no one would think of asking that question since the fraud case has been resolved and closed.

With entity analytics, the moment that data changes in the human resource record, the system notices in real-time that it's the same number as the fraud case and alerts someone about it. It watches data as it changes.

When it comes to handling identity, no matter how much we try to put in the necessary security tools, identity theft still happens. Do you think something is still missing?
Every time you make a copy of your data, and send it to somebody, you're increasing the risk that it can be stolen. If I have one copy of my customer file, and I protect it, it's going to be hard to steal. If I make four copies of it and send it around, it's going to be four times as hard to protect. That's where "="" class="c-regularLink" rel="noopener nofollow">my work in anonymization comes in.

After the date has been gathered, you need to ask yourself how you need to protect the data and people's privacy. And to help make governments smarter, you have to help them protect themselves in ways that don't infringe on people's freedom.

With anonymization, before I send confidential data to someone, I take it and shred it. So, what leaves my organization is not 'human readable'. It's irreversible, like a one-way encryption, you can't decrypt it on the other end. How does that improve privacy? If someone steals the data, they don't see the data...they just see a mish-mash of gibberish. And the data can still be processed and analyzed while it's encrypted, or anonymized.

And you're still working to improve the technology?
Yes, we're constantly working to make it safer from people who are trying to attack it. So there are cryptography tricks to better protect the data even when it's been anonymized.

And we're constantly looking to analyze data faster and more accurately.

We're also looking at new markets we're going after to bring this technology, including healthcare research whilst protecting the user's data.

But there'll always be someone who'll come up with a stronger tool to break your encryption technology, so how do you deal with that?
Yeah, I used to make claims that we're perfect but I'm not that foolish anymore. Now, I say it's safer than clear text, or text that's not encrypted. It's better than not doing anything. And then you can implement it in different ways that makes it harder and harder to break.

You've been described as a serial inventor, what else are you looking to invent?
I did think of a device that you can use to save people from the side of a building. (Jonas draws a picture of a helicopter which has a retractable arm, attached with a net that people can jump into when they're trapped along the sides of a tall building.) I called it the high-vertical rescue device. I even tried to patent that, but as it turns out, somebody else had patented it before me! But they never built it so people are still dying.

I have hundreds of inventions that span all kinds of things. Most of them are not mechanical... They're technology related and information related. I'm eager to apply some of my inventions for healthcare and genetic research.

Is there a problem in the world now that you wished you had an invention to could resolve it?
A lot of things many people, including myself, have been inventing are ways for countries to protect themselves...in terms of national security, airline safety and so on. But I think that if the world doesn't figure out how to lower ill-will, technology isn't going to protect us. The thing that worries me is, while IBM and others like myself work on innovation and homeland safety and security and privacy, if ill-will between societies continue to grow, the water will flow out over the dam.

So I think somebody needs to figure out how to reduce ill-will. Somebody has to think about this world-peace thing.

If you look at the last 20 to 30 years, is there a piece of technology that you wished hadn't been invented?
I've been blogging about responsible innovation. One of my personal rules is not to invent something you wouldn't want used against you or your family. And I've had a few ideas that might help someone, but when I thought about the invention and I realized I wouldn't want someone to use that invention against me, I stopped myself.

I think it's important for technologists to talk to the privacy people, and to think about privacy and civil liberties.

How would you advise the Singapore government to use technology to build its integrated resorts, which include casinos, responsibly?
I think Las Vegas has been a good laboratory that way. Some 38 million people a year come to Las Vegas, and very few of them are bad. And Las Vegas has been figuring out how to let 38 million people come and enjoy themselves in a non-invasive way. There's a slogan we use here: 'What happens in Vegas, stays in Vegas.' And yet, the city still has to find a few bad people. So they've deployed systems, processes and training that do a pretty good job.

And it's quite likely the systems that get created for Singapore...they're not likely to create brand new systems here that have never been tried. So you're likely to inherit systems here that have already been proven for the gaming industry. And the gaming industry is very sensitive to people's privacy. So I wouldn't be overly concerned about the upcoming IRs here.

Editorial standards