Cykod Blog

Until I published this blog post I didn't actually believe that twitter was going to destroy our country, unfortunately now I do.

If that last sentence doesn't make sense, let me explain by way of anecdote: I remember having a conversation with a former schoolmate a few years ago at a reunion that went something like this...

Me: Are you still into Dave Matthews as much as you used to be?
Him: Dave Matthews, Naw, I never liked them all that much.
Me: What - that's all you talked about senior year - you literally wouldn't shut up about them.
Him: I think you have me confused with someone else.

Now, assuming my increasingly disappointing memory hadn't failed me - I'm pretty sure he was the obnoxious, over the top DMB fan I remember. Of course a decade plus later, I can't be 100% sure it was him - it really might have been someone else.

If only we hadn't gone to high-school in the bad old days before everyone tweeted, facebook'd (or now buzz'd I guess) their every daily minutia and fleeting opinion, I could have nailed that kid to his over-the-top-pyschofan opinions. What would he have done then? We'll since the "deny it" option had flown the coop he would have been left with two choices:

a. Stay consistent with his opinion from years ago in high-school
b. Cop to his former obsession but admit he has moved on.

The obvious choice would be b - he clearly doesn't feel the same way about the band as he used to - but unfortunately we as human beings have a hard time being inconsistent. We find it repulsive. Hobgoblins notwithstanding, our hatred of inconsistency in our actions and beliefs is explained by a well known theory called Cognitive Dissonance. I've seen a friend stick to provably false "facts" they've written about on Facebook simply because they don't want to be seen as inconsistent.

"The person whose beliefs, words and deeds don't match is seen as confused, two-faced, even mentally ill. On the other side, a high degree of consistency is normally associated with personal and intellectual strength." (p.53, Influence, Cialdini, 2001)

If you can recall back to the 2004 election, one of the prime strikes against senator Kerry (ok, besides his wooden demeanor) was that he was a flip-flopper. This fact was contrasted with GW "stay-the-course" Bush. While in the abstract we might prefer our politicians to be able to take new evidence into consideration and change their minds, in reality we prefer them not to change their minds to often (Remember Doonesbury's reader-chosen characterization of Bill Clinton?) 

If I can get you to make a commitment (that is, to take a stand, to go on the record), I will have set the stage for your automatic and ill-considered consistency with that earlier commitment. (p.59, Influence, Cialdini, 2001)

What is microblogging but an easily-posted, bite-sized, on-the-record commitment? For many of us it's no longer enough to have opinions - we now need to scream them to the entire world. This effectively carves those originally transient opinions into stone and makes us less likely to consider evidence contrary to our stated positions on policy, politics, or whatever.

Since micro-blogging is so accessible - people now post just about anything from just about anywhere - it creates a particularly dangerous combination: a medium that encourages us to make a public commitment based on something we often have only experienced shallowly & fleetingly.  It's less important to a politician that your 100 followers know you "Stand with [Candidate]", than the fact that you made the commitment to post that in first place (and are now more susceptible to requests for money and help.)

By taking public positions too early (sometimes years early - e.g. "OMG [Politician Name Here] is the greatest [s]he'll be prez in 2012!!!!!" ) we deny ourselves the chance to take in more evidence before settling on a final position for possibly important decisions,  reducing what should be lively well-reasoned debates into dogmatic fear-mongering flinging of FUD to maintain our committed positions against any opposition.

To get back to the divide and destroy our country thing - clearly I wouldn't title a public blog post that way unless I wholly believed the thesis, so now I'm going to have to spend the rest of 2010 railing on the evils of microblogging. Oh well, should be fun. 

Think before your tweet because you will end up thinking what you tweet.

 

Some thoughts on property and the direction we're moving in the twenty-tens. It's not completely insane that sometime in the not to distant future a parent will hear their progeny ask a question like:

"Dad, what does it mean to buy something?"

and the following conversation might ensue:

Dad: "Well Billy, it's like licensing something, but you can do whatever you want with it"
Child: "But that's crazy, no company would ever let someone do WHATEVER they want with their product"
Dad: "Actually it used to happen all the time, you would buy something, and then you could do what you wanted - use it, disassemble it, loan it, even sell it again"
Child: "But isn't that completely anti-capitalist? It you could sell stuff you didn't need anymore then how would companies make money. Why would be people keep buying new stuff if the old stuff worked just as well?"
Dad: "I don't know it used to just work itself out...You know free market and all that"
Child: "Dad are you a Commie? Do I need to call the thought police?"

Ok, that last piece was a little over the top, but the rest isn't all that far from where we are now.

Anything that's delivered in a digital form is already licensed and not sold. Music, Movies, Video Games, Books.

Physical goods are moving in that direction too, helped by embedded microcontrollers and software. You can't take ownership of a computer without accepting a whole bunch of restrictions on what you can do, but it gets worse. Want to sell ink cartridges for someone elses printer? Get slapped with a DMCA lawsuit for reverse engineering their faux-DRM. Want to sell an unlicensed game on console? Same thing.

Intellectual Property rights are slowly encroching into all walks of life. Want to post a video of yourself dancing like an idiot to a pop song? Good luck.

Pretty soon baseball bats will come shrink-wrapped with End User License Agreements allowing them to sue you if you use their bat in an unauthorized manner.

Combine the licensing phenomen with the credit phenomenon, and suddenly we don't actually own anything. That house you bought? Technically the bank owns it, and you owe them more than it's worth. That car? Actually, you traded in your last car for less than it was worth to upgrade to this years model, so technically you own less than 0% of that too.

Ownership just isn't for the little people anymore. It's so 2009.

This never quite made it out of the backlog back in October, but I thought the implications of a case discussed on Volokh a couple of months ago were pretty staggering. To highlight the article's quote of the ruling (significantly chopped down):

The Fourth Amendment protects our homes from unreasonable searches and seizures, requiring that, absent special circumstances, the government obtain a search warrant based on probable cause before entering. This is strong privacy protection for homes and the items within them in the physical world.

When a person uses the Internet, however, the user’s actions are no longer in his or her physical home; in fact he or she is not truly acting in private space at all. The user is generally accessing the Internet with a network account and computer storage owned by an ISP like Comcast or NetZero. All materials stored online, whether they are e-mails or remotely stored documents, are physically stored on servers owned by an ISP. When we send an e-mail or instant message from the comfort of our own homes to a friend across town the message travels from our computer to computers owned by a third party, the ISP, before being delivered to the intended recipient. Thus, “private” information is actually being held by third-party private companies.

...[snip]...

Thus subscribers are, or should be, aware that their personal information and the contents of their online communications are accessible to the ISP and its employees and can be shared with the government under the appropriate circumstances. Much of the reluctance to apply traditional notions of third party disclosure to the e-mail context seems to stem from a fundamental misunderstanding of the lack of privacy we all have in our e-mails. Some people seem to think that they are as private as letters, phone calls, or journal entries. The blunt fact is, they are not.

This is a pretty significant statement - what it means is that if you transmit over a public line (read: the internet) anything that could be read by a third party, you shouldn't have an expectation of privacy about it. In essence, this is what the tinfoil-hats have been saying all along,  and the only solution is to encrypt-encrypt-encrypt. Why? Because if you encrypt your transmissions and storage then suddenly you do have an expectation of privacy.

If the government wanted to read an encrypted email that was encrypted against your own private key, then following the above logic - even if it was stored on a third party server - they would need to get a warrant and they couldn't just read what they wanted.

Now one of the problems here is that the data would need to be encrypted in a way only accessible to you along each step of it's journey: sending, transmission, reception, storage and retrieval, otherwise since the ISP could have logs of any of those steps, your expectation of privacy would fly back out the window. 

The good news - the securing transmission part is getting easier. While very few people outside of the enterprise use certificates to encode and sign their emails (unless they like wearing the aforementioned metal-headpieces), a good portion of the email being sent is starting to be transported via SSL.  What this means is that if you only leave the ISP the transmission part, and host your own email servers, then your expectation of privacy would hopefully return since you're not relying on a third-party for reception, storage and retrieval.

The bad news - until Google releases a GMail appliance, there's no way to use an ISP for other services and be protected. Now while the 4th amendment only applies to governmental search and seizure, this has further implications for private enterprise moving to SaaS models. If the court has stated that you never should have had any legal expectation of privacy about any of your data in the first place then you need to be very dilligent in reading your terms of service. Could you sue a SaaS provider if they released some valuable statistics about your data to a competitor? Most likely their ToS doesn't explicitly mention all meta-data and derived data, so I don't know, but until it gets decided in court, I wouldn't throw out all those servers and cloudify all your business needs just yet. 

Given the way computers have come to completely dominate our society over the past 30 years it's sometimes surprising when the digital fingerprints of living, breathing humans appear in places that they really shouldn't.

It's easy as a small web shop to imagine that everyone has by now completely integrated all their separate parts into one seamless, magical ESB - after all if we can do it with almost no budget, a larger company that can throw million of dollars at the problem should be able to do it as well. This is obviously an opinion that greatly discounts how difficult corporate inertia is too change - one client of a e-procurement system I worked on is just finally finishing integrating the system into their processes, 3 years after it was finished. But more than just corporate inertia, legacy systems and huge installed user bases make it extremely difficult to smoothly and completely integrate different pieces of a company's computer systems together - for example completely tying a website to a company's the back-end system.

We recently got back from a two-week vacation in Germany, and having been given some excellent advice from my father that international data roaming charges are exorbitant, I signed up for AT&T's "international data-roaming plan" for about $20/month which gets you 20 MB of emergency-email-checking and where-the-heck-are-we-GPS'ing on my phone while we traveled around the country. At least that's what I thought I did - when I got back I and opened my AT&T phone bill it said I owed them a whole lot money. That can't be right I thought, so I logged onto the website and verified that the international data-roaming plan was on the phone and read the fine print (expecting to see something like "except in southern Bavaria") - but no, everything looked hunky-dory.

I called up and talked to what turned out to be a amazingly friendly AT&T customer service representative that issued an apology immediately and said that the data roaming had been added the wrong phone - Martha and I share a family-plan for our business phones. I immediately assumed she had misspoken so I asked:

Me: Oh, so I added the data-roaming to the wrong phone?
AT&T Rep: No sir, we did.
Me: Wait, how is that possible, I did it on the website.
AT&T Rep: I'm not sure, it's billed correctly but someone here added it to the wrong phone.

They immediately issued a credit but the fact that something like this could happen speaks to a larger issue - AT&T most likely hasn't completely integrated the various parts of their wireless operation. I can only engage in wild, over-the-top speculation - but I'd guess that anything you do on their nice, modern website probably gets printed out on an old-school line printer fed with special printer paper, put in a small metal cylinder and then delivered via pneumatic tubes to the 9th floor, the "Account Modification and Liquidation Department" where a overworked, chain-smoking employee in a non-descript gray suit sitting at a small wooden desk manually enters the change request into a completely different system running on an old mainframe via a green phosphorescent terminal interface (In fact, in my head AT&T corporate looks and operates exactly like the office building in the Hudsucker Proxy )

As a small company, not having to deal with legacy systems and huge installed user bases is one of the reasons that we can do a lot more with a lot less. We don't have millions of users demanding certain existing functionality or hundreds of employees entrenched in their ways. We have the ability to be a lot more agile and a lot more competitive by working of a new technology picked specifically for the task rather than dealing with a system built on COBOL because it was the only language available at the time.

For another example let's take my name - I'm pretty sure it's Pascal Rettig - and I'm pretty sure that I usually spell it correctly. What is surprising however, is the amount of mail that shows up at our door addressed to "Pascal Retting." People really like to put in an extra "N" into my last name and there's nothing I can do to stop them.

It's enough of a problem that I always verify the spelling of my last name when I set up some service over the phone, but invariably a good portion of the time the first bill will show up and there it will be: "Pascal Retting."

What this means is that just like the AT&T snafu above - people are taking my information, entering it into a computer (unless their typing is just an IM to a friend), and then at some point along the line it's getting retyped in by someone who makes the inadvertant subconscious addition.

When National Grid acquired energy provider Keyspan in our area, the name on my account suddenly changed from Pascal Rettig to Pascal Retting (I can't be 100% sure that's exactly when it happened but it's there now). What that means to me is that during the acquisition, at some point, someone re-typed in my name, and by inference a couple of million other customers names into a new computer system. That is insane. It speaks to a corporate culture playing serious catchup in the digital age - a liability for them but an opportunity for small businesses not encumbered by the shakles of human error and inefficiency to make their mark. That being said, having a few million to throw at a project probably doesn't hurt.