• Home
  • about this blog
  • Blog Posts

Parasam

Menu

  • design
  • fashion
  • history
  • philosophy
  • photography
  • post-production
    • Content Protection
    • Quality Control
  • science
  • security
  • technology
    • 2nd screen
    • IoT
  • Uncategorized
  • Enter your email address to follow this blog and receive notifications of new posts by email.

  • Recent Posts

    • Take Control of your Phone
    • DI – Disintermediation, 5 years on…
    • Objective Photography is an Oxymoron (all photos lie…)
    • A Historical Moment: The Sylmar Earthquake of 1971 (Los Angeles, CA)
    • Where Did My Images Go? [the challenge of long-term preservation of digital images]
  • Archives

    • September 2020
    • October 2017
    • August 2016
    • June 2016
    • May 2016
    • November 2015
    • June 2015
    • April 2015
    • March 2015
    • December 2014
    • February 2014
    • September 2012
    • August 2012
    • June 2012
    • May 2012
    • April 2012
    • March 2012
    • February 2012
    • January 2012
  • Categories

    • 2nd screen
    • Content Protection
    • design
    • fashion
    • history
    • IoT
    • philosophy
    • photography
    • post-production
    • Quality Control
    • science
    • security
    • technology
    • Uncategorized
  • Meta

    • Register
    • Log in
    • Entries feed
    • Comments feed
    • WordPress.com

Browsing Category philosophy

Data Security – An Overview for Executive Board members [Part 3: Network Security]

March 18, 2015 · by parasam

Introduction

In Part 2 of this series we reviewed Access Control – the beginning of a good Data Security policy. In this section we’ll move on to Network Security Controls: once a user has access to a device or data, almost all interactions today are with a network of devices, servers, storage, transmission paths, web sites, etc. The design and management of these networks are absolutely critical to the security model. This area is particularly vulnerable to intrusion or inadvertent ‘leakage’ of data, as networks continue to grow and can become very complex. Often parts of the network have been in place for a long time, with no one currently managing them even aware of the initial design parameters or exactly how pieces are interconnected.

There are a number of good business practices that should be reviewed and compared to your firm’s networks – and this is not highly technical, it just requires methodology, common sense, and the willingness to ask the right questions and take action should the answers reveal weakness in network security.

The Data Security Model

Network Security Controls

Once more than one IT device is interconnected, we have a network. The principle of Access Control discussed in the prior section is equally applicable to a laptop or an entire global network of thousands of devices. There are two major differences when we expand our security concept to an interconnected web of computers, storage, etc. The first is that when a user signs on (whether with a simple username or password, or a sophisticated Certificate and Biometric authorization) instead of logging into a single device, such as their laptop, they sign in to a portion of the network. The devices to which they are authorized are contained in an Access Control List (ACL) – which is usually chosen by the network administrator. (This process is vastly simplified here in regards to the complex networks that can exist today in large firms, but the principle is the same). It’s a bit like a passport that allows you into a certain country, but not necessarily other bordering countries. Or one may gain entry into a neighboring country with restrictions, such as are put in place with visas for international travelers.

The second major difference, in terms of network security in relation to logging into a single device, is that within a network there are often many instances of where one device needs to communicate directly to another device, with no human taking place in that process. These are called M2M (Machine to Machine) connections. It’s just as important that any device that wants to connect to another device within your network be authorized to do so. Again, the network administrator is responsible for setting up the ACLs that control this, and in addition many connections are restricted: a given server may only receive data but not send, or only have access to a particular kind of data.

In a large modern network, the M2M communication usually outnumbers the Human to Machine interactions by many orders of magnitude – and this is where security lapses often occur, just due to the sheer number of interconnected devices and the volume of data being exchanged. While it’s important to have in place trained staff, good technical protocols, etc. to manage this access and communication, the real protection comes from adopting, and continually monitoring adherence to, a sound and logical security model at the highest level. If this is not done, then usually a patchwork of varying approaches to network security ends up being implemented, with almost certain vulnerabilities.

The biggest cause of network security lapses results from the usual suspect: Security vs Usability. We all want ‘ease of use’ – and unfortunately no one more than network administrators and others that must traverse vast amounts of networks daily in their work, often needing to quickly log into many different servers to either solve problems or facilitate changes requested by impatient users. There is a rather well-liked login policy that is very popular with regular users and network admins alike: that of Single Sign On (SSO). While this provides great ease of use, and is really the only practical method for users to navigate large and complex networks, its very design is a security flaw waiting to happen. The proponents of SSO will argue that detailed ACLs (Access Control Lists – discussed in Part 2 of this series) can restrict very clearly the boundaries of who can do what, and where. And, they will point out, these ACLs are applicable to machines as well as humans, so in theory a very granular – and secure – network permissions environment can be built and maintained.

As always, the devil is in the details… and the larger a network gets the more details there are… couple that with inevitable human error, software bugs, determined hackers, etc. etc. and sooner or later a breach of data security is inevitable. This is where the importance of a really sound overall security strategy is paramount – one that takes into account that neither humans nor software are created perfectly, and that breaches will happen at some point. The issue is one of containment, awareness, response and remediation. Just as a well-designed building can tolerate a fire without quickly burning to the ground – due to such features as firestops in wall design, fire doors, sprinkler systems, fire retardant furnishings, etc.; so can a well designed network tolerate breaches without allowing unfettered access to the entire network. Unfortunately, many (if not most) corporate networks in existence today have substantial weaknesses in this area. The infamous Sony Pictures ‘hack’ was initiated by a single set of stolen credentials being used to access virtually the entire world-wide network of this company. (It’s a bit more complicated than this, but in essence that’s what happened). Ideally, the compromise of a single set of credentials should not have allowed the extent and depth of that breach.

Just as when a person is travelling from one state to another within even a single country, you must usually stop at the border and a guard has a quick look at your car, may ask if you have any fruit or veg (in case of parasites), etc. – so a basic check of permissions should occur when access is requested from a substantially different domain that the one where the initial logon took place. Even more important -going back to our traveler analogy: if instead of a car the driver is in a large truck usually a more detailed inspection is warranted. A Bill of Lading must be presented, and a partial physical inspection is usually performed. The Data equivalent of this (stateful inspection) will reveal if the data being moved is appropriate to the situation. Using the Sony hack as an example, the fact that hundreds of thousands of e-mails were being moved from within a ‘secure’ portion of the network to servers located outside the USA should have tripped a notification somewhere…

The important issue here to keep remembering is that the detailed technology, software, hardware or other bits that make this all work are not what needs to understood at the executive level: what DOES need to be in place is the governance, policy and willfulness to enforce the policies on a daily basis. People WILL complain – certain of these suggested policies make accessing, moving, deleting data a bit more difficult and bit more time-consuming. However, as we have seen, the tradeoff is worth it. No manager or executive wants to answer the kind of questions after the fact that can result from ignoring sound security practices…

Probably the single most effective policy to implement – and enforce – is the ‘buddy system’ at the network admin level. No single person should have unfettered access to the entire network scope of a firm. And most importantly, this must include any outside contractors. This is an area oft overlooked. The details must be designed for each firm, as there are so many variations, but essentially at least two people must authenticate major moves/deletions/copies of a certain scope of data. A few examples:  if an admin that routinely works in an IT system in California wants access to the firm’s storage servers in India, a local admin within India should be required to additionally authenticate this request. Or if a power user whose normal function is backup and restore of e-mails wants to delete hundreds of entire mailboxes then a second authentication should be required.

While the above examples involved human operators, the same policies are effective with M2M actions. In many cases, sophisticated malware that is implanted in a network by a hacker can carry out machine operations – provided the credentials are provided. Again, if a ‘check & balance’ system is in place, unfettered M2M operations would not be allowed to proceed unhindered. Another policy to consider adopting is that of not excluding any operations by anyone at all from these intrusion detection, audit or other protective systems. Often senior network admins will request that these protective systems be bypassed for operations performed by a select class of users (most often top network admins) – as they often say that these systems get in the way of their work when trying to resolve critical issues quickly. This is a massive weakness – as has been shown many times when these credentials are compromised.

Summary

Although networks range from very simple to extraordinarily complex, the same set of good governance policies, protocols and other ‘rules of the road’ can provide an excellent level of security within the the data portion of a company. This section has reviewed several of these, and discussed some examples of effective policies. The most important aspect of network security is often not the selection of the chosen security measures, but the practice of ensuring that they are in place completely across the entire network. These measures also should be regularly tested and checked.

In the next section, we’ll discuss Application Security:  how to analyze the extent to which many applications expose data to unintended external hosts, etc. Very often applications are quite ‘leaky’ and can easily compromise data security.

Part 4 of this series is located here.

 

 

Data Security – An Overview for Executive Board members [Part 2: Access Control]

March 16, 2015 · by parasam

Introduction

In Part 1 of this topic we discussed the concepts and basic practices of digital security, and covered an overview of Data Security. In the next parts we’ll go on to cover in detail a few of the most useful parts of the Data Security model, and offer some practical solutions for good governance in these areas. The primary segments of Data Security that have significant human factors, or require an effective set of controls and strategy in order for the technical aspect to be successful are: Access Control, Network Security Controls, Application Security, Data Compartmentalization, and Cloud Computing.

Security vs Usability

This is the cornerstone of so many issues with security: the paradox between really effective security and the ease of use of a digital system. It’s not unlike wearing a seatbelt in a car… a slight decrease in ‘ease of use’ results in an astounding increase in physical security. You know this. The statistics are irrefutable. Yet hundreds of thousands of humans are either killed or injured worldwide every year by not taking this slight ‘security’ effort. So.. if you habitually put on your seat belt each time before you put your car in gear.. .then keep reading, for at least you are open to a tradeoff that will seriously enhance the digital security of your firm, whether a Fortune500 company, a small African NGO or a research organization that is counting the loss of primary forests in Papa New Guinea.

The effective design of a good security protocol is not that different than the design principle that led to seatbelts in cars:  On the security side, the restraint system evolved from a simple lap belt to combination shoulder harness/lap belt systems, often with automatic mechanisms that ‘assisted’ the user to wear them. The coupling of airbags as part of the overall passenger restraint system (which being hidden required no effort on the part of the user to make them work) improved even further the effectiveness of the overall security system. On the usability side, the placement of the buckles, the mechanical design of the buckles (to make it easy for everyone from children to the elderly to open and close them), and other design factors worked to increase the ease of usability. In addition philosophical and social pressures added to the ‘human factor’ of seat belt use:  in most areas there are significant public awareness efforts, driver education and governmental regulations (fines for not wearing seat belts), etc. that further promote the use of these effective physical security devices.

If you attempt to put in place a password policy that requires at least 16 characters with ‘complexity’ (i.e. a mix of Caps, Numbers, Punctuation) – and require the password to be changed monthly you can expect a lot of passwords to be written down on sticky notes on the underside of the keyboards… You have designed a system with very good Security but poor Usability. In each of the areas that we will discuss the issue of Security vs Usability will be addressed, as it is paramount to actually having something that works.

The Data Security Model

  Access Control

In its simplest form, access control is like the keys to your office, home or car. A person that is in possession of the correct key can access content or perform operations that are allowable within the confines of the accessible area. If you live in a low crime area, you may have a very small amount of keys: one for your house, one for your car and another for your office. But as we move into larger cities, we start collecting more keys: a deadbolt key (for extra security), probably a perimeter key for the office complex, a key for the postbox if you live in a housing complex, etc. etc. But even relatively complex physical security is very simple compared to online security for a ‘highly connected’ user. It is very easy to have tens if not hundreds of websites, computer/server logins, e-mail logins, etc. that each require a password. Password managers have become almost a required toolset for any security-minded user today, as how else to keep track of that many passwords! (And I assume here that you don’t make the most basic mistake of reusing passwords across multiple websites…)

Back to basics:  the premise behind the “username / password” authentication model is firstly to uniquely identify the user [username] and then to ensure that the access being granted is to the correct person [a secret password that supposedly is known only to the correct user]. There are several significant flaws with this model but due to its simplicity and relative ease of use it is widespread use throughout the world. In most cases, usernames are not protected in any way (other than being checked for uniqueness). Passwords, depending on the implementation, can be somewhat more protected – many systems encrypt the password that is on the server or device to which the user is attempting to gain access, so that someone (on the inside) that gains access to the password list on the server doesn’t get anything useful. Other attempts at making the password function more secure are password rules (such as requiring complexity/difficulty, longer passwords, forcing users to change passwords regularly, etc.) The problem with this is that the more secure (i.e. elaborate) the password rules become, the more likely that the user will compromise security by attempting to simplify the rules, or copying the password so they may refer to it since it’s too complex to remember. The worst of this type of behavior is the yellow sticky note… the best is a well-designed password manager that stores all the passwords in an encrypted database – that itself requires a password for access!

As can be seen this username/password model is a compromise that fails in the face of large numbers of different passwords needed by each user, and the ease at which many passwords can be guessed by a determined intruder. Various social engineering tactics, coupled with powerful computers and smart “password-guessing” algorithms can often correctly figure out passwords very quickly. We’ve all heard (or used!) birthdays, kids/pets names, switching out vowels with numbers, etc. etc. There isn’t a password simplification method that a hacker has not heard of as well…

So what next? Leaving the username identity alone for the moment, if we focus on just the password portion of the problem we can use biometrics. This has long been used by government, military and other institutions that had the money (these methods used to be obscenely expensive to implement) – but now are within the reach of the average user. Every new iPhone has a fingerprint reader, and these devices are common on many PCs now as well. So far the fingerprint is the only fairly reliable biometric security method in common use, although retina scanners and other even more arcane devices are in use or being investigated. These devices are not perfect, and all the systems I have seen allow the use of a password as a backup method: the fingerprint is used more as convenience as opposed to absolute security. The fingerprint readers on smartphones are not of the same quality and accuracy as a FIPS-compliant device: but in fairness most restrict the number of ‘bad fingerprint reads’ to a small number before the alternate password is required, so the chance of a similar (but not exact) fingerprint being used to unlock the device is very low.

(Apple for instance states that there is a 1 in 50,000 chance of two different fingerprints being read as identical. At the academic level it is postulated that no two fingerprints are, or ever have been, exactly the same. Even if we look at currently living humans that is a ratio of roughly 1 in 6 billion… so fingerprint readers are not all that accurate. However, they are practically more than good enough given the statistical probability of two people with remarkably similar fingerprints being in the position to attempt access to a single device).

Don’t give up! This is not to say that fingerprint readers are not an adequate solution – they are an excellent method – just that there are issues and the full situation should be well understood.

The next level of “password sophistication” is the so-called “two factor” authentication. This is becoming more common, and has the possibility of greatly increasing security, without tremendous user effort. Basically this means the user submits two “passwords” instead of one. There are two forms of “two factor authentication”: static-static and static-dynamic. The SS (static-static) method uses two previously known ‘passwords’ (usually one biometric – such as a fingerprint; and one actual ‘password’ – whether an actual complex password or a PIN number). The SD (static-dynamic) method uses one previously known ‘password’, and the second ‘password’ is some code/password/PIN that is dynamically transmitted to the user at the time of login. Usually these are sent to the user via their cellphone, are randomly created at the time of attempted login – and are therefore virtually impossible to crack. The user must have previously registered their cellphone number with the security provider so that they can receive the codes. There are obvious issues with this method: one has to within cellphone reception, must have not left it at home, etc. etc.

There is an other SD method, which uses a ‘token’ (a small device that contains a random number generator that is seeded with an identical ‘seed’ that is paired with a master security server. This essentially means that both the server and the token will generate the same random numbers each time the seed updates (usually once every 30 seconds). The token works without a cellphone (which also means it can work underground or in areas where there is no reception). These various ‘two factor’ authentication methods are extremely secure, as the probability of a bogus user having both factors is statistically almost zero.

Another method for user authentication is a ‘certificate’. Without going into technical details (which BTW can make even a seasoned IT guru’s eyeballs roll back in her head!) a certificate is bit like a digital version of a passport or driver’s license: an object that is virtually impossible to counterfeit that uniquely identifies the owner as the rightful holder of that ‘certificate’. In the physical world, driver’s licenses often have a picture, the user’s signature, and often a thumbprint or certain biometric data (height, hair/eye color, etc.) Examination of the “license” in comparison to the person validates the identity. An online ‘security certificate’ [X.509 or similar] performs the same function. There are different levels of certificates, with the higher levels (Level 3 for instance) requiring a fairly detailed application process to ensure that the user is who s/he says s/he is. Use of the certificate, instead of just a simple username, offers a considerably higher level of security in the authentication process.

A certificate can then be associated with a password (or a two factor authentication process) for any given website or other access area. There are a lot of details around this, and there is overhead in administering certificates in a large company – but they have been proven worldwide to be secure, reliable and useful. Many computers can be fitted with a ‘card reader’ that read physical ‘certificates’ (where the certificate is like a credit card that the user presents to log in).

One can see that something as simple as wanding a card and then pressing a fingerprint reader is very user-friendly, highly secure, and is a long way from simple passwords and usernames. The principle here is not to get stuck on details, but to understand that there are methods for greatly improving both security and usability to make this aspect of Data Security – Access Control – no longer an issue for an organization that wishes to take the effort to implement them. Some of these methods are not enormously complicated or expensive, so even small firms can make use of these methods.

Summary

In this part we have reviewed Access Control – one of the pillars of good Data Security. Several common methods, with their corresponding Security vs Usability aspects have been discussed. Access Control is a vital part of any firm’s security policy, and is the foundation of keeping your data under control. While there are many more details surrounding good Access Control policies (audits, testing of devices, revocation of users that are no longer authorized, etc.) the principals are easy to comprehend. The most important thing is to know that good Access Control is required, and that shortcuts or compromises can have disastrous results in terms of a firm’s bottom line or reputation. The next part will discuss Network Security Controls – the vitally important aspect of Data Security where computers or other data devices are connected together – and how those networks can be secured.

Part 3 of this series is located here.

 

Data Security – An Overview for Executive Board members [Part 1: Introduction & Concepts]

March 16, 2015 · by parasam

Introduction

This post is a synthesis of a number of conversations and discussions concerning security practices for the digital aspect of organizations. These dialogs were initially with board members and executive-level personnel, but the focus of this discussion is equally useful to small business owners or anyone that is a stakeholder in an organization that uses data or other digital tools in their business: which today means just about everyone!

The point of view is high level and deliberately as non-technical as possible: not to assume that many at this level are not extremely technically competent, but rather to encompass as broad an audience as possible – and, as will be seen, that the biggest issues are not actually that technical in the first place, but rather are issues of strategy, principle, process and oft-misunderstood ‘features’ of the digital side of any business. The points that will be discussed are equally applicable to firms that primarily exist ‘online’ (who essentially have no physical presence to the consumers or participants in their organization) and those organizations that exist mainly as ‘bricks and mortar’ companies (who use IT as a ‘back office’ function just to support their physical business).

In addition, these principles are relevant to virtually any organization, not just commercial business: educational institutions, NGO’s, government entities, charities, medical practices, research institutions, ecosystem monitoring agencies and so on. There is almost no organization on earth today that doesn’t use ‘data’ in some form. Within the next ten years, the transformation will be almost complete: there won’t be ANY organizations that won’t be based, at their core, on some form of IT. From databases to communication to information sharing to commercial transactions, almost every aspect of any firm will be entrenched in a digital model.

The Concept of Security

The overall concept of security has two major components: Data Integrity and Data Security. Data Integrity is the aspect of ensuring that data is not corrupted by either internal or external factors, and that the data can be trusted. Data Security is the aspect of ensuring that only authorized users have access to view, transmit, delete or perform other operations on the data. Each is critical – Integrity can likened to disease in the human body: pathogens that break the integrity of certain cells will disrupt and eventually cause injury or death; Security is similar to the protection that skin and other peripheral structures provide – a penetration of these boundaries leads to a compromise of the operation of the body, or in extreme cases major injury or death.

While Data Integrity is mostly enforced with technical means (backup, comparison, hash algorithms, etc.), Data Security is an amalgam of human factors, process controls, strategic concepts, technical measures (comprising everything from encryption, virus protection, intrusion detection, etc.) and the most subtle (but potentially dangerous to a good security model): the very features of a digital ecosystem that make it so useful also can make it highly vulnerable. The rest of this discussion will focus on Data Security, and in particular those factors that are not overtly ‘technical’ – as there are countless articles etc on the technical side of Data Security. [A very important aspect of Data Integrity – BCDR (Business Continuity and Disaster Recovery) will be the topic of an upcoming post – it’s such an important part of any organizations basic “Digital Foundation”.]

The Non-Technical Aspects of Data Security

The very nature of ‘digital data’ is both an absolute boon to organizations in so many ways: communication, design, finance, sales, online business – the list is endless. The fantastic toolsets we now have in terms of high-powered smartphones and tablets coupled with sophisticate software ‘apps’ have put modern business in the hands of almost anyone. This is based on the core of any digital system: the concept of binary values. Every piece of e-mail, data, bank account details or digital photograph is ultimately a series of digital values: either a 1 or a 0. This is the difference between the older analog systems (many shades of gray) and digital (black or white, only 2 values). This core concept of digital systems makes copying, transmission, etc of data very easy and very fast. A particular block of digital data, when copied with no errors, is absolutely indistinguishable from the ‘original’. While in most cases this is what makes the whole digital world work as well as it does, it also creates a built-in security threat. Once a copy is made, if it is appropriated by an unauthorized user it’s as if the original was taken. The many thousands of e-mails that were stolen and then released by the hackers that compromised the Sony Pictures data networks is a classic example of this…

While there are both technical methods and process controls that can mitigate this risk, it’s imperative that business owners / stakeholders understand that the very nature of a digital system has a built-in risk to data ‘leakage’. Only with this knowledge can adequate controls be put in place to prevent data loss or unauthorized use. Another side to digital systems, particularly communication systems (such as e-mail and social media), is how many of the software applications are designed and constructed. Many of these, mostly social media types, have uninhibited data sharing as the ‘normal’ way the software works – with the user having to take extra effort to limit the amount of sharing allowed.

An area that is a particular challenge is the ‘connectedness’ of modern data networks. The new challenge of privacy in the digital ecosystem has prompted (and will continue to) many conversations, from legal to moral/ethical to practical. The “Facebook” paradigm [everything is shared with everybody unless you take efforts to limit such sharing] is really something we haven’t experienced since small towns in past generations where everybody knew everyone’s business…

While social media is fast becoming an important aspect of many firms’ marketing, customer service and PR efforts, they must be designed rather carefully in order to isolate those ‘data sharing’ platforms from the internal business and financial systems of a company. It is surprisingly easy for inadvertent ‘connections’ to be made between what should be private business data and the more public social media facet of a business. Even if a direct connection is not made between say, the internal company e-mail address book and their external Facebook account (a practice that unfortunately I have witnessed on many more than one occasion!), the inappropriate positioning of a firm’s Twitter client on the same sub-network as their e-mail servers is a hacker’s dream: it usually will take a clever hacker only minutes to ‘hop the fence’ and gain access to the e-mail server if they were able to compromise the Twitter account.

Many of the most important issues surrounding good Data Security are not technical, but rather principles and practices of good security. Since ultimately human beings are often a significant actor in the chain of entities that handle data, these humans need guidance and effective protocols just like the computers need well-designed software that protects the underlying data. Access controls (from basic passwords to sophisticated biometric parameters such as fingerprints or retina scans); network security controls (for instance requiring at least two network administrators to collectively authorize large data transfers or deletions – which would have prevented most of the Sony Pictures data theft/destruction); compartmentalization of data (the practice of controlling both storage and access to different parts of a firms’ digital assets in separate digital repositories); and the newcomer on the block: cloud computing (essentially just remote data centers that host storage, applications or even entire IT platforms for companies) – all of these are areas that have very human philosophies and governance issues that are just implemented with technology.

Summary

In Part 1 of this post we have discussed the concepts and basic practices of digital security, and covered an overview of Data Security. The next part will discuss in further detail a few of the most useful parts of the Data Security model, and offer some practical solutions for good governance in these areas.

Part 2 of this series is located here.

The Hack

December 21, 2014 · by parasam

 

It’s a sign of our current connectedness (and the lack of ability or desire for most of us to live under a digital rock – without an hourly fix of Facebook, Twitter, CNN, blogs, etc – we don’t feel we exist) that the title of this post needs no further explanation.

The Sony “hack” must be analyzed apart from the hyperbole of the media, politics and business ‘experts’ to put the various aspects in some form of objectivity – and more importantly to learn the lessons that come with this experience.

I have watched and read endless accounts and reports on the event, from lay commentators, IT professionals, Hollywood business, foreign policy pundits, etc. – yet have not seen a concise analysis of the deeper meaning of this event relative to our current digital ecosystems.

Michael Lynton (CEO, Sony Pictures) stated on CNN’s Fareed Zakaria show today that “the malware inserted into the Sony network was so advanced and sophisticated that 90% of any companies would have been breached in the same manner as Sony Pictures.” Of course he had to take that position – while his interview was public there was a strong messaging to investors in both Sony and the various productions that it hosts.

As reported by Wired, Slate, InfoWorld and others the hack was almost certainly initiated by the introduction of malware into the Sony network – and not particularly clever code at that. For the rogue code to execute correctly, and to have the permissions to access, transmit and then delete massive amounts of data required the credentials of a senior network administrator – which supposedly were stolen by the hackers. The exact means by which this theft took place have not been revealed publicly. Reports on the amount of data stolen vary, but range from a few to as much as a hundred terabytes. That is a massive amount of data. To move this amount of data requires a very high bandwidth pipe – at least a 1Gbps, if not higher. These sized pipes are very expensive, and normally are managed rather strictly to prioritize bandwidth. Depending on the amount of bandwidth allocated for the theft of data, the ‘dump’ must have lasted days, if not weeks.

All this means that a number of rather standard security protocols were either not in place, or not adhered to at Sony Pictures. The issue here is not Sony – I have no bone to pick with them, and in fact they have been a client of mine numerous times in the past while with different firms, and I continue to have connections with people there. This is obviously a traumatic and challenging time for everyone there. It’s the larger implications that bear analysis.

This event can be viewed through a few different lenses: political, technical, philosophical and commercial.

Political – Initially let’s examine the implications of this type of breach, data theft and data destruction without regard to the instigator. In terms of results the “who did it” is not important. Imagine instead of this event (which caused embarrassment, business disruption and economic loss only) an event in which the Light Rail switching system in Los Angeles was targeted. Multiple and simultaneous train wrecks are a highly likely result, with massive human and infrastructure damage certain. In spite of the changes that were supposed to follow on from the horrific crash some years ago in the Valley there, the installation of “collision avoidance systems” on each locomotive still has not taken place. Good intentions in politics often take decades to see fruition…

One can easily look at other bits of infrastructure (electrical grids, petroleum pipelines, air traffic control systems [look at London last week], telecommunications, internet routing and peering – the list goes on and on – of critical infrastructure that is inadequately protected.

Senator John McCain said today that of all the meetings in his political life, none took longer and accomplished less than cybersecurity subjects. This issue is just not taken seriously. Many major hacks have occurred in the past – this one is getting serious attention from the media due to the target being a media company, and that many high profile Hollywood people have had a lot to say – and that further fuels the news machine.

Now whether North Korea instigated or performed this on its own – both possible and according to the FBI is now fact – the issue of a nation-state attacking other national interests is most serious, and demands a response from the US government. But regardless of the perpetrator – whether an individual criminal, a group, etc. – a much higher priority must be placed on the security of both public and private entities in our connected world.

Technical – The reporting and discussion on the methodology of this breach in particular, and ‘hacks’ in general, has ranged from the patently absurd to relatively accurate. In this case (and some other notable breaches in the last few years, such as Target), the introduction of malware into an otherwise protected (at least to some degree) system allowed access and control from an undesirable external party. While the implanting of the malware may have been a relatively simple part of the overall breach, the design of the entire process, codewriting and testing, steering and control of the malware from the external servers, as well as the data collection and retransmission clearly involved a team of knowledgeable technicians and some considerable resources. This was not a hack done by a teenager with a laptop.

On the other hand, the Sony breach was not all that sophisticated. The data made public so far indicates that the basic malware was Trojan Destover, combined with a commercially available codeset EldoS RawDisk which was used for the wiping (destruction) of the Sony data. Both of these programs (and their similes Shamoon and Jokra) have been detected in other breaches (Saudi Aramco, Aug 2012; South Korea, Mar 2013). See this link for further details. Each major breach of this sort tends to have individual code characteristics, along with required access credentials with the final malware deliverable package often compiled shortly before the attack. The evidence disclosed in the Sony breach indicates that stolen senior network admin credentials were part of the package, which allowed the full and unfettered access to the network.

It is highly likely that the network was repeatedly probed some time in advance of the actual breach, both as a test of the stolen credentials (to see how wide the access was, and to inspect for any tripwires that may have been set if the credentials had become suspect).

The real lessons to take away from the Sony event have much more to do with the structure of the Sony network, their security model, security standards and practices, and data movement monitoring. To be clear, this is not picking out Sony as a particularly bad example: unfortunately this firm’s security practices are rather the norm today: very, very few commercial networks are adequately protected or designed – even financial companies who one would assume have better than average security.

Without having to look at internal details, one only has to observe the reported breaches of large retail firms, banks and trading entities, government agencies, credit card clearing houses… the list goes on and on. Add to this that not all breaches are reported, and even less are publicly disclosed – the estimates range from 20-30% of network security breaches are reported. The reasons vary from loss of shareholder or customer trust, appearance of competitive weakness, not knowing what actually deserves reporting and how to classify the attempt or breach, etc. etc. In many cases data on “cyberattacks” is reported anonymously or is gathered statistically by firms that handle security monitoring on an outsource basis. At least these aggregate numbers give a scope to the problem – and it is huge. For example, IBM’s report shows for one year (April 2012 – April 2013)  there were 73,400 attacks on a single large organization during this time period. This resulted in about 100 actual ‘security incidents’ during the year for that one company. A PWC report shows that an estimated 42 million data security incidents will have occurred during 2014 worldwide.

If this amount of physical robberies were occurring to firms the response, and general awareness, would be far higher. There is something insidious about digital crime that doesn’t attract the level of notice that physical events do. The economic loss worldwide is estimated in the hundreds of billions of dollars – with most of these proceeds ending up in organized crime, rogue nation-states and terrorist groups. Given the relative sophistication of ISIS in terms of social media, video production and other high-tech endeavours, it is highly likely that a portion of their funding comes from cybercrime.

The scope of the Sony attack, with the commensurate data loss, is part of what has made this so newsworthy. This is also the aspect of this breach that could have mitigated rather easily – and underscores the design / security practices faults that plague so many firms today. The following points list some of the weaknesses that contributed to the scale of this breach:

  • A single static set of credentials allowed nearly unlimited access to the entire network.
  • A lack of effective audit controls that would have brought attention to potential use of these credentials by unauthorized users.
  • A lack of multiple-factor authentication that would have made hard-coding of the credentials into the malware ineffective.
  • Insufficient data move monitoring: the level of data that was transmitted out of the Sony network was massive, and had to impact normal working bandwidth. It appears that large amounts of data are allowed to move unmanaged in and out of the network – again an effective data move audit / management process would have triggered an alert.
  • Massive data deletion should have required at least two distinct sets of credentials to initiate.
  • A lack of internal firewalls or ‘firestops’ that could have limited the scope of access, damage, theft and destruction.
  • A lack of understanding at the highest management levels of the vulnerability of the firm to this type of breach, with commensurate board expertise and oversight. In short, a lack of governance in this critical area. This is perhaps one of the most important, and least recognized, aspects of genuine corporate security.

Philosophical – With the huge paradigm shift that the digital universe has brought to the human race we must collectively asses and understand the impacts of security, privacy and ownership of that ephemeral yet tangible entity called ‘data’. With an enormous transformation under way where millions of people (the so-called ‘knowledge workers’) produce, consume, trade and enjoy nothing but data. There is not an industry that is untouched by this new methodology: even very ‘mechanistic’ enterprises such as farming, steelmills, shipping and train transportation are deeply intertwined with IT now. Sectors such as telecoms, entertainment, finance, design, publishing, photography and so on are virtually impossible to implement without complete dependence on digital infrastructures. Medicine,  aeronautics, energy generation and prospecting – the lists go on and on.

The overall concept of security has two major components: Data Integrity (ensuring that the data is not corrupted by either internal or external factors, and that the data can be trusted; and Data Security (ensuring that only authorized users have access to view, transmit, delete or perform other operations on the data). Each are critical – Integrity can likened to disease in the human body: pathogens that break the integrity of certain cells will disrupt and eventually cause injury or death; Security is similar to the protection that skin and other peripheral structures provide – a penetration of these boundaries leads to a compromise of the operation of the body, or in extreme cases major injury or death.

An area that is a particular challenge is the ‘connectedness’ of modern data networks. The new challenge of privacy in the digital ecosystem has prompted (and will continue to) many conversations, from legal to moral/ethical to practical. The “Facebook” paradigm [everything is shared with everybody unless you take efforts to limit such sharing] is really something we haven’t experienced since small towns in past generations where everybody knew everyone’s business…

Just as we have always had a criminal element in societies – those that will take, destroy, manipulate and otherwise seek self-aggrandizement at the expense of others – we now have the same manifestations in the digital ecosystem. Only digi-crime is vastly more efficient, less detectable, often more lucrative, and very difficult to police. The legal system is woefully outdated and outclassed by modern digital pirates – there is almost no international cooperation, very poor understanding by most police departments or judges, etc. etc. The sad truth is that 99% of cyber-criminals will get away with their crimes for as long as they want to. A number of very basic things must change in our collective societies in order to achieve the level of crime reduction that we see in modern cultures in the physical realm.

A particular challenge is mostly educational/ethical: that everything on the internet is “free” and is there for the taking without regard to the intellectual property owner’s claim. Attempting to police this after the fact is doomed to failure (at least 80% of the time) – not until users are educated to the disruption and effects of their theft of intellectual property. This attitude has almost destroyed the music industry world-wide, and the losses to the film and television industry amount to billions of dollars annually.

Commercial – The economic losses due to data breaches, theft, destruction, etc are massive, and the perception of the level of this loss is staggeringly low – even among commercial stakeholders whom are directly affected. Firms that spend massive amounts of time, money and design effort to physically protect their enterprises apply the flimsiest of real effective data security efforts. Some of this is due to lack of knowledge, some to lack of understanding of the core principals that comprise a real and effective set of procedures for data protection, and a certain amount of laziness: strong security always takes some effort and time during each session with the data.

It is unfortunate, but the level of pain, publicity and potential legal liability of major breaches such as Sony are seemingly necessary to raise the attention that everyone is vulnerable. It is imperative that all commercial entities, from a vegetable seller at a farmer’s market that uses SnapScan all the way to global enterprises such as BP Oil, J.P. Morgan, or General Motors take cyber crime as a continual, ongoing, and very real challenge – and deal with it at the board level with same importance given to other critical areas of governance: finance, trade secrets, commercial strategy, etc.

Many firms will say, “But we already spend a ridiculous amount on IT, including security!” I am sure that Sony is saying this even today… but it’s not always the amount of the spend, it’s how it’s done. A great deal of cash can be wasted on pretty blinking lights and cool software that in the end is just not effective. Most of the changes required today are in methodology, practice, and actually adhering to already adopted ‘best practices’. I personally have yet to see any business, large or small, that follows the stated security practices set up in that particular firm to the letter.

– Ed Elliott

Past articles on privacy and security may be found at these links:

Comments on SOPA and PIPA

CONTENT PROTECTION – Methods and Practices for protecting audiovisual content

Anonymity, Privacy and Security in the Connected World

Whose Data Is It Anyway?

Privacy, Security and the Virtual World…

Who owns the rain?  A discussion on accountability of what’s in the cloud…

The Perception of Privacy

Privacy: a delusion? a right? an ideal?

Privacy in our connected world… (almost an oxymoron)

NSA (No Secrets Anymore), yet another Snowden treatise, practical realities…

It’s still Snowing… (the thread on Snowden, NSA and lack of privacy continues…)

 

It’s still Snowing… (the thread on Snowden, NSA and lack of privacy continues…)

February 10, 2014 · by parasam

Just a short follow-up here: two more articles that relate to my observations on the unending revelations of data collection, surveillance, etc. by our friendly No Secrets Anymore agency…

The first article (here) relates how NSA whistleblower Edward Snowden used a common “webcrawler” software to comb through the NSA databases and download thousands of pages of classified information. The first thing I thought when reading this was “WTF! – How was this even possible inside what should be one of the most secure networks on the planet??” Turns out that even super-secret networks have rollout delays in deploying critical network monitoring software… (Snowden ran the webcrawler from a Hawaii field office instead of NSA central in Fort Meade, MD…)

The other article (here) is an odd clarification on how much metadata the NSA has been gathering on domestic phone calls – now we are told about 20% of all landline calls made, not the close to 100% that was earlier believed. In addition, we are told that not much bulk collection of cellphone calls is currently occurring, due to a restriction on collection of location information (which is normally embedded in the cellphone call record metadata). This raises an interesting question: since I doubt that many would-be terrorists install a landline (with the requisite time and details for commissioning) in order to make clandestine calls – what is the use of any landline collection (in bulk terms)? Isn’t this just a large waste of taxpayer time and funds that really will have no useful purpose?

What one may take away from these observations is that policy often gets in the way of efficient application of a process – in some cases allowing security leaks, and in other cases seriously diluting the desired effect of a surveillance plan. Many of the same issues that confront commercial entities also plague our (and others) governmental agencies…

 

NSA (No Secrets Anymore), yet another Snowden treatise, practical realities…

February 6, 2014 · by parasam

I really did intend to write about a different topic today… but this article in the New York Time (here) prompted this brief comment. Of course it was inevitable that a book (the first of several) would pop out of the publishing machine to review the NSA/Snowden privacy debacle – and presumably make some coin for the author… Disclosure: I have not yet read the book, but my comments are more around the general issue – not this particular retelling of this Orwellian story…

Again, without regard to the position of Snowden (or those like him) – traitor or whistleblower – the underlying issue is vitally important. The difficult balance between a nation/state’s “need to know” about supposedly private communications of their citizens – in order to ‘protect’ them against perceived threats; and the vital human ‘freedom’ of individual privacy – the lack of unauthorized and unknown surveillance by government or other commercial entities – is a subject that we collectively must not ignore. It is all of our responsibility to be informed: lack of knowledge is not an excuse for the day when your personal details are splattered all over a billboard…

As I have written before: while one may not be able to prevent the dispersal of some of your personal information, the knowledge that using the ‘internet’ is not free, and will inevitably result in the sharing of some of your information and data, is I believe a vitally important fact. Just as knowing that the speed limit on a US highway – in absence of a posted sign – is 55-65MPH (depending on the state in which you are speeding…) will prevent surprise if you are pulled over for driving faster – you shouldn’t be surprised if your browsing history shows up in future targeted advertising – or if you perform lots of web searches for plastic explosives, instructional papers for using cellphones to activate  blasting caps, etc. – you may someday get a visit from some suits…

However – and this closing observation will hopefully reduce some of the paranoia and anxiety of online activity: re-read the last line of the quoted article “…the book also manages to leave readers with an acute understanding of the serious issues involved: the N.S.A.’s surveillance activities and voluminous collection of data, and the consequences that this sifting of bigger and bigger haystacks for tiny needles has had on the public and its right to privacy.”  The critical bit is something that the NSA (and the GCHQ) is dealing with right now: the vast amount of data being gathered is making ‘sifting’ really, really difficult. Finding your 100-word e-mail in literally trillions and trillions of mails, pictures, files, etc. etc. is becoming wretchedly difficult – even the massively powerful supercomputers of the NSA are choking on this task. Hidden in plain sight…

Privacy in our connected world… (almost an oxymoron)

February 4, 2014 · by parasam

Yesterday I wrote on the “ideal” of privacy in our modern world – this morning I read some further information related to this topic (acknowledgement to Robert Cringely as the jumping-off point for this post). If one wants to invest the time, money or both – there are ways to keep your data safe. Really, really safe. The first is the digital equivalent of a Swiss bank account – and yes, it’s also offered by the Swiss – deep inside a mountain bunker – away from the prying eyes of NSA, MI6 and other inquisitive types. Article is here. The other method is a new encryption method that basically offers ‘red herrings’ to would-be password hackers: let them think they have cracked your password, but feed them fake data instead of your real stuff – described here.

Now either of these ‘methods’ requires the user to take proactive steps, and spend time/money. The unfortunate, but real, truth of today’s digital environment is that you – and only you – must take responsibility for the security and integrity of your data. The more security you desire, the more effort you must expend. No one will do it for you (for free) – and those that offer… well, you get the idea. A long time ago one could live in a village and not lock your front door… not any more.

However, before spiraling down a depressive slope of digital angst – there are some facets to consider:  even though it is highly likely (as in actually positively for certain…) that far more of your private life is exposed and stored in the BigData bunkers of Walmart, Amazon, ClearChannel, Facebook or some government… so are the details of a billion other users… There is anonymity in the sheer volume of data. The important thing to remember is that if you really become a ‘person of interest’ – to some intelligence agency, a particularly zealous advertiser, etc. – almost nothing can stop the accumulation of information about you and your activities. However, most people don’t fit this profile. You’re just a drop of water in a very large digital ocean. Relax and float on the waves…

Understanding helps: nothing is free. Ever. So if come to know that the ‘price’ you pay for the ‘free’ Google search engine that solves your trivia questions, settles arguments amongst your children, or allows you to complete your next research project in a fraction of the time that would otherwise be necessary is the ‘donation’ of some information about what you search for, when, how often, etc. – then maybe you can see this as fair payment. After all, the data centers that power the Google search ‘engine’ are ginormous, hugely expensive to build and massively expensive to run – they tend to be located close to power generating sources as the amount of electricity consumed is so large. Ultimately someone has to pay the power bill…

Privacy: a delusion? a right? an ideal?

February 3, 2014 · by parasam

With all of the ‘exploits’ of the NSA and their brethren agencies concerning the “intelligence data” gathering process in the news recently, I wanted to expand on a post I wrote some time ago (here) on the “Perception of Privacy” – although that post was more narrowly focused on privacy as it relates to photography. Without regard to the legality or morality of Edward Snowden’s activities [or similar activities that have shed light on what our collective governments have been doing in terms of ‘snooping’] (I’ll reserve that for a future post) – I want to address the notion of ‘privacy’ in our changing world.

Privacy ultimately implies a separation of thought, speech, activity or other action from the larger world around one. If one reviews your Greek history, the Cynics (one of the three Schools that came from Socrates, Plato, Aristotle) were perhaps the best example of way of life in which there was no privacy. They practiced living with complete “shameless behavior” and did everything in public – not to shock, but to rather exercise indifference to the societal norms and rise above them. However, most cultures have evolved into a balance of public and private activity – although with a substantial variation on what is acceptable “public behavior.”

The issue at hand today with our beliefs around privacy of communications (whether voice or data) is around our “expectation of privacy.” If we post a public comment on Facebook or the New York Times web site, we have no reasonable expectation of privacy and therefore are not worried if this communication is shared or observed by others. However, if we send an e-mail to single recipient, or converse on the telephone with a family member, we have a reasonable expectation of privacy – and would be upset if this communication was shared with others (such as government agencies, etc.) – when there is no pre-existing reason for such a violation of privacy.

The big difference – and the root of much of the dialog currently regarding online privacy – is that various companies (mostly ad based or other big data firms), or nation-state governmental agencies have taken the position that extracting and storing virtually all possible data from communications within their reach is ethical, potentially useful, and profitable. From a governance pov the position is that if we have all this data on hand, then we can review it if we come to believe that person X has potentially violated some standard of behavior and is therefore deserving of surveillance. The commercial position (Big Data) is that the more we know about everyone, the better we can target commercial opportunities – or perhaps protect certain company’s profits [health/life insurance firms, corporate employment, financial institutions will all argue in favor of knowing everything possible about their potential customers].

There are a few problems with this philosophy: one of which is just practical and economic – the vast amount of storage capacity that unfocused data gathering requires. Eventually someone has to pay for all those hard disks… with one of the latest methodologies that has been revealed (harvesting of data from ‘leaky apps’ on mobile devices) generating terabytes of data per hour just from this type of activity – the scope of this data storage dilemma is becoming quite large. When you fill out one of those annoying forms when you sign up to WhatsApp (for example), are you aware that your e-mail address, cellphone number, and potentially your entire contact list is shared and propagated to a huge slew of firms outside of WhatsApp? Including Washington, D.C.? Everything from Angry Birds to top newspaper and television firms that use apps for mobile connectivity have been shown to basically have no safeguards whatsoever in terms of subscriber data privacy.

This is a new and relatively unknown issue for courts, philosophers, commercial firms, governments and their subject citizens to wrestle with. It will take some time for a collective rationale to emerge – and whatever balance between real privacy (almost impossible to have in a highly connected society) and public forum is achieved will vary widely from culture to culture. I’ll continue to observe and post on this topic, but comments are welcome.

Branding: my comments on possession of ‘mind share’

September 20, 2012 · by parasam

[Note:  I will be using names, logos, service marks, trade marks, etc. of various companies as ‘fair-use’ examples in this essay. The individual marks are owned and copyrighted by their respective owners, and should be respected as such. No association is implied or intended between myself and any of the aforementioned companies.]

Overview

I’m writing this article as a commentary on how I see the issue of “branding” has become so pervasive in our lives, affecting the design and manufacture of most things that we buy, and more importantly, how I see “branding” vie for a share of our minds, how we think and perceive reality around us, and how we make decisions. I believe that this trend has overstepped logic, rational thought, common sense and even good business sense. I will present a brief history, some examples of current practice, and summarize with some observations.

Brand {definition}

According to Webster, a brand is:

  • a mark made by burning with a hot iron to attest manufacture or quality or to designate ownership
  • a printed mark made for similar purposes
  • a mark put on criminals with a hot iron
  • a mark of disgrace
  • a class of goods identified by name as the product of a single firm or manufacturer
  • an arbitrarily adopted name that is given by a manufacturer or merchant to an article or service to distinguish it as produced or sold by that manufacturer or merchant and that may be used and protected as a trademark
  • one having a well-known and usually highly regarded or marketable name

The American Marketing Association Dictionary defines brand as:

  • a “Name, term, design, symbol, or any other feature that identifies one seller’s good or service as distinct from those of other sellers.”

History

The word “brand” is derived from the Old Norse brandr meaning “to burn.” It refers to the practice of producers burning their mark (or brand) onto their products.

The oldest known generic brand in the world is Chyawanprash, च्यवनप्राश – which describes a jam-like mixture of approximately 45 herbs, spices and other ingredients. It has been in continuous use in India and other areas since the Vedic period, about 10,000 years ago. Indian historical evidence shows that this formulation was originally prepared, according to Ayurvedic tradition, by the ‘Royal Vaids’, named ‘Ashwini Kumar brothers’, the twins, who were medical advisers to Devas for Chyawan Rishi at his ashram near Narnaul, Haryana, India – which is where the name Chyawanprash derives. The first historically documented formula for Chywanprash was found in the Ayurvedic treatise Chakara Samhita. The current annual market for this product is about $80million US.

Other early ‘branding’ examples include the use of watermarks on paper by the Italians in the 1200s, the use of distinctive signatures by artists during the Renaissance (1500s), and the branding of cattle and criminals with hot iron tools (1800s). There is other evidence of ‘marking’ or ‘branding’ such as potter’s marks on porcelain and pottery in China, India, Greece and Italy as long ago as 1300 BCE; some early reporting of livestock branding dating back to 2000 BCE [no physical evidence survives today to assert this]; and some archeologists believe that the Babylonians used advertisements as long ago as 3000 BCE. So, for common discussion, the concept of branding has been around for the last 5,000 – 10,000 years – hardly an invention of Madison Avenue.

In terms of slightly more modern expressions of branding, the idea of permanence has long been associated with the concept of a brand – the use of a hot iron to burn a brand into the hide of cattle or the skin of a criminal was considered technologically advanced at that time. For instance, in England during the late Renaissance and right up the beginning of the Industrial Revolution (1600s – 1800s) criminals were frequently branded with a letter on the cheek [for men] or on the breast [for women]. V was used for being convicted of the ‘crime’ of being a vagabond or a gypsy, F for “fravmaker” [brawler or troublemaker], S for a runaway slave. M for malefactor, etc. France used iconographic brands such as the fleur-de-lis on the shoulder. In the American Colonies the branding of suspected/convicted adulterers with the letter A was common practice. The Puritans of that time were not known for their objectivity or legal accuracy, so the brand unfortunately ruined the lives of many based on conjecture and supposition. (And we’ll leave the issue of witches and early Massachusetts alone for now…)  The novel “The Scarlet Letter” is based in part on this most unfortunate part of early American history.

The ‘branding’ of humans with permanent marks also uses the technology of the tattoo, as opposed to burning. While this practice was also used by many governments to mark ‘criminals’ – perhaps the most notorious of which was the ‘prisoner serial number’ at Auschwitz – by far the larger use of tattoos has been by the individuals themselves, either as an expression of body art or alignment with a group/gang. I will address this form of branding further later in this article.

Although we often associate the branding of cattle with the “wild west” of America during the 1800s, this practice predates US cowboys by at least 3,500 years. Nevertheless, it is one area where this ‘hot iron’ method is still practiced today. The cattle still don’t seem to like it much. With the advent of modern technology, this may finally be changing, as various methods of alternative marking are being tested. Embedded chips, long-range RFID tags and other devices that can be read from a vehicle or airplane are much more useful for automatic counting and tracking of livestock than chasing down an otherwise uninterested cow to look at the burn mark on its hind quarter. In theory, using buried detector cables, Wi-Max and other combinations of modern technology, virtual fences may be a possibility, with real-time maps showing each rancher where their livestock is at any time, and allowing easy sorting and retrieval for breeding, medical treatment or harvesting.

As we moved into the 1800s, most parts of the modernizing world started to make rapid use of marking or branding. Silver and gold smiths, book publishers, manufactured goods – the list gets long very quickly. In the UK for example, Bass & Co [brewery] claims their red triangle brand as the world’s first trademark. Lyle’s Golden Syrup, with their green-and-gold packaging – unchanged since 1885 – claims status as Britain’s oldest brand. All of this was done for various reasons.

To the proponents of branding (marketing oriented people, and obviously many consumers), the reasons commonly listed are:  to ensure honesty, provide quality assurance, identify source or ownership, hold producers responsible, and differentiate one product over another.

Current Practice and Effects of Branding

The current use of ‘brands’ is primarily commercial in nature: to increase or maintain sales and market share of a product or a service. The practice and concepts associated with branding are typically overseen by the marketing department of companies that own or manage such brands. From the point of view of brand owners/users, the following elements are often associated with the practice:

  • A brand is the personality that identifies a product, service or company.
  • The brand experience is the experiential aspect of the points of contact with a brand; the perception of a brand’s action or function.
  • The brand image is the psychological aspect of the brand within the mind of the user/consumer. This is a symbolic construct composed of thoughts, information and expectations of the branded product/service.
  • A brand is one of the core elements in an advertising campaign, as it is often the identifier used to relate a particular product, model, individual service, etc. with the larger commonality of the company.
  • The art and business of creating and maintaining a brand is known as brand management.
  • Focusing of the entirety of a business or organization is called brand orientation.
  • A brand which is widely known in the marketplace has achieved brand recognition. Examples are Coca-Cola, Pepsi, Mercedes, Luis Vuitton, etc.
  • A brand franchise is an achievement of successful branding such that a large positive sentiment is generally held towards the brand and the associated product/service. For example, a Ferrari is known as a “hip, cool, fast, desirable car” – whether or not an individual can afford either the car, mechanics or insurance.
  • Brand awareness is the impression that is instilled into a customer or user of a brand, such that they will recognize and link the brand to the underlying company or set of products/services. It involves both brand recognition and brand recall. Brand awareness is considered critical by marketers as consumers won’t consider your brand if they are unaware of it in the first place. Typically, brand awareness is promoted by repeated indoctrination of the consumer with a combination of brand name, logo, jingles, taglines, etc. to reinforce the awareness of the brand and associate it with a particular product or class of products.
  • The “Holy Grail” of brand awareness for a firm is called Top-of-Mind Awareness. This is when a consumer is asked without any external prompting which brand they associate with a particular product, an example might be “Kleenex” if asked about a brand association for facial tissues.
  • Aided Awareness occurs when a prompt such as a list of brands is shown to a consumer, and they express recognition or awareness of your brand once this memory aid has been provided.
  • Strategic Awareness is the combination of Top-of-Mind Awareness coupled with the belief by the consumer that this brand is superior to other brands in the marketplace for similar products or services.
  • The elements that typically comprise a ‘brand experience’ often include some or all of the following:
    • Name – identifying word or words of the product, service, company.
    • Logo – visual glyph or symbol that is associated with the brand.
    • Graphics – associated graphical elements that often supplement the name or logo to create a unique visual reminder that helps to visually associate the brand with the underlying product/service.
    • Tagline – a short phrase often used in advertising, and repeated on product packaging, that is used primarily for memory association of the brand.
    • Shapes – certain product shapes are often associated (and patented/trademarked/etc) with particular products. Examples might be Coca-Cola bottle, the iPod and the Hershey’s Chocolate Bar.
    • Colors – certain colors or color schemes can be associated (and protected if you have good enough lawyers and patent attorneys) with products. Examples are the red-soled shoes of Christian Louboutin, the distinctive pink color of Owens-Corning fiberglass insulation.
    • Sounds – similar to a jingle or a catchphrase, a short melodic tune can be trademarked to a particular brand: the NBC tv network’s ‘chimes’ when the animated logo is displayed; the “5 beeps” of the Close Encounters of the Third Kind’s alien spaceship; etc.
    • Scents – an example is the unique fragrance of Chanel No. 5 perfume: the top notes of aldehydes, bergamot, lemon, neroli and ylang-ylang; the heart of jasmine, rose, lily of the valley and iris; the base of vetiver, sandalwood, vanilla, amber and patchouli.
    • Taste – as noted in the introductory history to branding in this article, Chayawanprash is an Indian paste of typically 45 spices; another example is Kentucky Fried Chicken (not as healthy as Chayawanprash..) with its “11 Herbs & Spices”.
    • Movements – even the directional movement of a car door can be trademarked – as Lamborghini has done with its upward-swinging doors.
  • A Global Brand is one that represents a similar product or service no matter where it is sold. We see this more commonly now that both the internet and global consumption of products and services has proliferated. Some examples are:  Nike, Adidas, Mastercard, Facebook, Google, Apple, Coca-Cola, Pepsi, Mercedes, VISA, Gap, Sony, etc.
    • The practice of global branding is somewhat new, and brings both advantages and challenges. Obviously this is only attractive to those that market in a global way, but that does not mean that only huge multi-national corporations should think in terms of global branding. If one offers a service over the internet, you are immediately exposed (potentially) to a global market. Even this blog is currently being read by 20,000 people in over 100 countries (Thank you all my readers by the way! Your interest and comments are what sustains my writing…)
    • Some advantages of global branding are:
      • Economy of scale (lower marketing, production and distribution costs)
      • Worldwide consistency of brand images
      • Increased exposure to media (international press as well as domestic)
      • Attractiveness to international travellers, both business and pleasure – as people show a preference for buying what they know as opposed to unknowns.
      • Potential of leveraging current domestic market share into international markets, even if your product is relatively new or unknown in those global markets.
    • Some of the challenges are:
      • All wording (company slogan, name, product names, description of services, etc.) must be thoroughly reviewed and translated for each global market segment. This must be revisited frequently, as language, custom and mores change quickly today. A seemingly innocuous tagline from two years ago could have an entirely different association in a region where recent political instability may have changed the landscape of expression.
      • The infamous product name of the Chevy Nova – when it was exported to Mexico without a thorough vetting of the model name meaning – should be remembered: “No Va” means “Doesn’t Go” in Spanish – probably not the best name for a car…
        • the Audi “E-Tron”… étron means “excrement” in French
        • Hulu [tv network] translates to “butt” in Indonesian
        • SyFy [tv network] means “syphilitics” in Polish
        • Gerber [baby food] translated to French means “vomit”
        • WaterPik [electric toothbrush] means [roughly] “morning wood” in Danish… (I’m trying to be somewhat PC here…)
        • Mensa [group of supposedly really smart people] translates to “stupid woman” {Spanish slang}
      • Different cultures communicate differently, so marketing material, focus and visual tone may have to differ from area to area
      • Different locales place varying levels of importance on products and services, so a differentiating factor in the USA may not be appreciated in Nigeria.
      • Regulatory issues, local legislation (most important with medicines, foodstuffs and products that carry liability issues [cars, boats, planes, structural elements, etc.]) must be considered carefully. All of these issues tend to counteract savings that may otherwise result from scale.
      • Consumption patterns can vary widely for both products and services.
  • A Brand Name is arguably the most important feature or aspect of an overall brand. Often this is first element of a brand that is trademarked, servicemarked, etc. Brand names come in a wide variety of styles, some of the common ones are:
    • Acronym Adaptation:  IBM, UPS, NBC, CBS, etc.
    • Descriptions:  Whole Foods, Best Buy, New Balance, etc.
    • Alliterations and rhymes:  Bed, Bath & Beyond, Coca-Cola, Spic and Span, Krispy Kreme (alliterations) [actually Krispy Kreme is also an oxymoron, Spic and Span is also reduplication]; Reese’s Pieces, YouTube, Lean Cuisine, Mellow Yellow (rhymes)
    • Evocative imagery:  Amazon, Crest, BlueSky, RedBull
    • Neologisms: (made up words)   Kodak, Wii, Accenture, Brangelina, webinar, Frisbee, Xerox, etc.
    • Foreign words:  Volvo (at least here the marketers got it right, it’s Spanish for “I roll”), Samsung (Korean for “Three Stars”), Häagen-Dazs (sounds Scandinavian but the ice cream was invented by Polish Jews in the Bronx…) [BTW it’s now owned by Pillsbury]
    • Combination:  Walkman
    • Tautology:  Crown Royal
    • Theronym:  Mustang  [a theronym is a name derived from an animal name, not Charlize Theron…]
    • Mimetics:  Google  [mimetics is the practice of mimicry, in this case to stare ‘google-eyed’ at something to better understand it]
    • Eponym:  Trump Tower
    • Synecdoche:  Staples
    • Metonomy:  Starbucks
    • Allusion:  London Fog
    • Haplology:  Land O’Lakes
    • Clipping:  Fed Ex
    • Morphological borrowing:  Nikon  [morphology of language gives us that the Japanese word Naikan, which is pronounced Nikon… – and the meaning of Naikan is a spiritual state of gratitude, even for small things – such as when you push a shutter button you get a great picture…]
    • Omission:  RAZR
    • Founder’s Names:  Porsche, Ferrari, Hewlett-Packard
    • Geography:  Cisco, Fuji Film
    • Personification:  Nike, Betty Crocker [no such woman, William Crocker was an advertising executive at Washburn/Crosby who thought this up, using the first name Betty because it ‘was a cheery, All-American name’.]
  • The concept of a brandnomer is highly desired, where Top-of-Mind association leads people to refer to a general class of products by a brand name. Examples are Band-Aid for an adhesive bandage, Kleenex as facial tissue, SkilSaw for a rotary hand-held electric saw, etc.
  • The concept of brand identity, particularly visual brand identity, has become paramount in the ecosystem of marketing, branding and intellectual property ownership. Many corporations now issue very detailed manuals on the correct usage of their visual brands, down to precise measurements of placement on written or screen material, etc. The courts are continually littered with ongoing process of various firms either suing each other over alleged violations of branding, or attempting to establish ownership over some aspect of a visual identity for a new or existing brand.
  • One of the original reasons put forth by early businesses (and this belief is carried into current times) is that a brand implies a certain trust or perception of quality by the consumer. This is getting to the core of what will be discussed further in this post, but advertisers, marketers and even top-level executives of the firms that own major brands view this as vitally important to their bottom line and ongoing customer allegiance. This concept of brand trust is part of what is often called “goodwill” when valuing a firm at a time of sale or stock appraisal. Some companies have been valued far higher than their actual assets or current sales warrant, based strictly on a collective belief in the value of the “goodwill” of that firm, which often include brand value, brand trust and brand identity.
  • The role that brands play in commerce, and cultures at large, have changed considerably since the late 1800s when branding of products started exploding as a practice. Initially, as discussed above, brands were used to help differentiate one similar product from another, with the hope of persuading the consumer that, A) there was in fact a difference at all [which was/is often just not true], and B) that once trust was established for a brand (based on one product) that same firm could trade on that trust and extend whatever consumer belief there was in the original product to a new and different type of product – which may or may not be of similar quality or value. For example {and please note, this is not an accusation or assumption of lack of value, it’s merely an example} that fact that Michelin became known for high quality motorcar tires was no guarantee that in a totally unrelated field (restaurant guides) they would provide an equal value. (Turns out they were correct, and have an excellent reputation for this:  a Michelin “star” is a highly sought-after mark of prestige for a restaurant anywhere in the world).
  • Brands today have become synonymous with the promise of a certain performance, reliability, quality, “cool-ness”, etc., not only for the advertised product, but the company (or organization, country, etc.) behind the product or service. Brands have inexorably become intertwined with politics, economics and social issues. The use of icons, visual identities and short taglines – all the elements of a successful branding campaign – has allowed  ‘branding’ to communicate complex feelings quickly. Brands have often become a shorthand for entire soliloquies on a particular subject. For instance, the term “McMansion” as used by the real-estate industry (originally in Los Angeles) is based on the generic type of food, often in “Super Sizes” that is typical of the McDonald’s chain to refer to a generic, over-sized house that is usually stuffed onto a lot that is proportionally too small for a home of that size. This somewhat pejorative derivation of a well-known brand in one sector has now been translated to completely different sector, and is often used in social commentary.
  • Modern branding is now a complex exercise that combines virtually all the senses, psychology, linguistics, cultural analysis, BigData, focus group testing, etc. We now have new buzz-words even in the esoteric world of branding (which as you have seen already in this article delves into the arcane sciences of words, glyphs, meaning and more than one ever thought possible). Such concepts as attitude branding [where the brand no longer represents a single product or service, but the entire ‘feeling’ behind the type of person that would consume such a product or service], and iconic branding [where the goal is for the consumer of such brands to self-identify with the brand to the point of using a brand to express personal identity and the preferred mode of self-expression] are now pervasive. For example, many consumers of Apple products (computers/phones) or Harley-Davidson (motorcycles) are often unreasonably attached to those brands, and view themselves as a particular type of person just because they use those products.

    • The consumer/user behavior of iconic brands is interesting, and worthy of a bit of additional analysis. One of the reasons is that people who use / identify with / consume iconic brands are the most loyal and exhibit two other tendencies that make this group exceptionally valuable to the brand owner:  1) very low ‘churn’ factor [they don’t switch brands, even in the face of objective criticism, without tremendous reason]; and 2) they actively proselytize the product/service without any inducement from the brand owner.
    • (Did you ever try to get a die-hard Mac user to switch back to a PC? Have you approached a guy in leathers on a Harley and suggested that he would be happier on a Suzuki??)
    • Several of the factors that help make a brand ‘iconic’ are:
      • It’s actually got to be a good product/service – the general reputation must uphold this iconic status. It should have a reputation of high quality, with a bit of an esteem factor.
      • There is a story/myth associated with the product/service. Again, like actual quality, the story has to be believable (I didn’t say real…) and cohesive with the product/service. For example, the stories/myths/perceptions of Steve Jobs filled this requirement for Apple.
      • The brand that wishes to be iconic must provide a solution for pent-up desires (doesn’t actually have to provide these, just appear that it can). Most people are less than totally fulfilled in some area of their lives. If a brand can offer a product or service that helps a person feel like they are overcoming one of those frustrations, they will be incredibly supportive and loyal. (Don’t you just feel more cool when you are typing on a Mac Air as opposed to a desktop PC???)
      • The iconic brand must be continually managed to keep its position in the constant change that inevitably surrounds all modern products/services. (Hmmm… didn’t we just get an iPhone5…)
  • The last area of brand analysis we will touch on here is brand extension and brand dilution. I have lumped them together, since the inappropriate use of the first inevitably results in the second… Once a brand has been established in one area/product, it is often the desire of the brand owner, in search of more… to attempt the success of the brand in other areas. The hope/assumption is that if Hugo Boss makes well-liked men’s clothes that this same cachet can be extended to fragrance, sunglasses, etc. I use this as an example (not picking on dear Hugo, just making an example of the fashion industry where it seems that every designer now can’t just make clothes but must equip us from shoes to hats and everything in between…) as here, more often than most, we see attempts at brand extension actually result in brand dilution. None of the current clothing designers actually make sunglasses. Not one. They are all made in China (or if not the bits are and then assembled in a more ‘respected’ country for purpose of labelling). And from an optical standpoint, they are about as differentiated from one another as one pineapple is from another.This is not to say at all that brand extension doesn’t work – just that the brand owner should actually treat a new venture as just that, and almost resist ‘carrying over’ the hard-won success of a current brand to a new segment. There are certainly many success stories (the example of Michelin that I used earlier is one that comes to mind, another [oddly enough another tire maker] is the iconic calendar of Pirelli which features some of the most prestigious fashion models and photographers vying each year to model/shoot for this event).

Observations on the Psychology of Branding

There is an interesting novel written by William Gibson, “Pattern Recognition”, [which I highly recommend, not only for the actual subject and story, but Gibson is a master storyteller, and just the act of digesting words so well laid down on the page is worth one’s time], which I bring to your attention not for the main story (go read it for that answer) but for part of the subtext: the protagonist of the story, Cayce Pollard, is “brand-phobic”. What’s fascinating is the level to which she attempts to be ‘un-branded’ – and just how obscenely difficult that is in modern times.

Here’s a challenge. Just spend a few minutes looking around right now in your immediate surroundings, and see if anything, anything at all, doesn’t have a brand mark on it somewhere. Usually in such a place that it cannot be easily removed/covered, etc. I’ll play guinea pig for a minute right now:  my keyboard is Kensington, as is the trackball. The graphics tablet is Wacom, computer is Dell, monitor is Eizo – all of which have logos and names baked in to the surface. No chance of ‘brand X’ here… If we move on to clothes, car, backpack, luggage, etc. etc. – well you get the picture. We live today in a completely branded environment. It is truly impossible to hide from branding. Part of the reason for this is that ‘brand marks’ have now been extended not just to names and logos, but actual colors, shapes, and even “look and feel” of software. In fact, the motivating factors that propelled me to write this treatise were the recent decisions of patent courts to award Louboutin the sole right (okay, really no pun intended, it just came out of my fingers that way – I write these blogs ‘live’ – i.e. directly online, very little editing – just a quick spell/grammar check and push the button – that’s what a blog is for me) to use the color red on the bottom of his shoes. The only exception granted to Yves St. Laurent (the challenger) was if the shoe is all red. So YSL gets to keep red soles on their red shoes, otherwise – if you see those flashy red contrasting soles on 6″ heels, you know it’s a set of pricy Loubs… The other two recent decisions that factored into my motivation were Lululemon (fashion again, against Calvin Klein – for yoga pants design) and Apple (the infamous case with Samsung which stung Samsung to the iTune of $1.5B).

All three of these cases had a couple of rather new features to the ‘win’:  the ‘brand mark’ was intrinsic to the actual design – this is a watershed statement by the courts, with many ramifications; and the ‘wins’ all went to the defenders (i.e. the designers that first came up with the designs). What this can be construed to mean is that new challengers to a market segment now have even a harder time ahead when desiring to upseat an established rival:  your design better not be anything close at all to what’s out there, or you will be spending time and considerable cash in court instead of on a marketing campaign.

But all this is just the surface, and not really the most important aspect of our current ‘branded’ reality. The more insidious aspect of this is how these companies fight, and win, our actual ‘mindshare’. We have now become so embedded with the constant barrage of branding that we have sublimated it – exactly where the brand owners want it! The last thing any brand owner wants is for a consumer to start thinking. Because then we might actually ask ourselves: is a Chevy truck really better than a Ford? Does it do more? At the end of the day, does any basic truck allow me to put a few hundred pounds of stuff in the back from the local hardware store and bring it home? How many of those tricked out gas monsters jacked up on 8 shocks and balloon tires (for the difficult to navigate off-road experience of Sunset Blvd.) that can – according to the tv ads – actually pull a jet airplane away from the gate really carry more than beer and groceries and an occasional box of bits from the DIY store? The most useful aspect of these high ground clearance Prius-eaters I have seen are the contortions – and resultant fashion shows – that result from the girlfriends trying to get in and out of a vehicle that is 4 ft off the ground…

But that’s all somewhat obvious surface commentary. The important, somewhat darker bits, are the subliminal messaging and actual thought patterns that become embedded in our brains. We no longer just put on a pair of jeans. It’s Levis or Sevens or TrueReligion or Calvins or… When you meet a well-dressed woman at a party, and ask her what she’s wearing, the automatic answer is “Oh, I’m in Vera/Burberry/Donna/Michael/whomever tonight.” I guess she assumes we already know she’s wearing a dress… We no longer think objectively – we don’t put on jeans or a shirt of a pair of shoes, we put on our Diesels with a Michael Kors and a pair of Cole Haan’s. We write with a Mont Blanc or an iPad or a Galaxy. We drive a Merc or a Beemer or a Lambo. (or to be egalitarian, Mini, Leaf, Prius). We eat not just a tomatoe, but a local, certified organic, Kenter Farms pineapple Heirloom. We spend time, money, status and nervous energy selecting the ‘best’ wine at a restaurant – when the vast bulk of us can’t tell the difference between a sauvignon blanc and a chardonnay in a blind taste test. Here is something that has been tested many, many times:  take five mid-range lager beers. Pour into identical glasses, let sit for one minute (some say the initial head can be a ‘tell’), then give to a group of die-hard beer drinkers who have strong opinions on Bud/Miller/Amstel/etc. Uh-huh… how many get that one right… (now this is from a dedicated personal set of testing with some of the brightest engineers and scientists that currently work in broadcast and post-production engineering and standards bodies – I mean these people are objective, right???). How about an average of 10%. That’s less than the statistical probability of chance! What our minds tell us is far more potent that reality. In fact, (and this is a discussion for another day) our minds actually make our reality in each moment.

None of the above should be construed to mean that I am against all branding, or that I don’t want companies to be successful in their marketing and sales efforts. What I am asking is for some semblance of objectivity to return to what I see as an imbalanced system. We are so focused on the ‘brand’ that we have lost sight of the product or service. Do we actually examine the stitching on a Kate Spade bag to see if it’s even? Do we compare the fit of the doors to the surrounding body on a Mercedes vs a BMW vs and Audi? Can we tell if organically raised asparagus by monks in Mendocino tastes better than what’s at Safeway? I’m not saying one or the other – but do we look? Do we see? Do we taste? Do we discern and formulate our own opinions?

Imagine this scenario:  a woman goes into the shop to buy jeans. There are no brand names. The pocket designs, attractive as they may be, are unknown to her in terms of an identifiable brand. How will she choose? She would actually have to look at quality of construction, try them on, feel the denim, see if the legs work with her calves, her thighs, her shoes. All of this can be done, but the biggest issue – that can’t be solved with examination, fit or feel: what will her friends think? How will she know if she is wearing ‘cool’ or ‘yesterday’? What if it didn’t matter…

We are so brand-focused today that we let the brands think for us:  we assume that if it’s a BMW that it’s a good car. We assume that if we pay $50 for a bottle of wine it must be good (don’t get me started: the absolute worst offenders on the planet, in terms of branding, brand extension, etc. are the wine farms and distributors. I love wine and respect the incredible effort and experience it takes to make good wine – but the marketing and distribution of this substance makes Barnum & Baily look like saints…) We have collectively abdicated our reasoning, observations, and critical thinking to the marketing departments of those who make products and services. We need to reclaim some of our own decision-making power.

So far, most of this article has focused on commercial products and services. However, the most important aspect of branding, in my opinion, is when these same techniques are applied to other areas – ones that have the capability to impact far more than our choice of a computer, phone or car: things like politics, religion, intelligence, health, sexual proclivity and so on. I would now like the reader to go back to the section above on iconic branding – but this time re-read this with the point of view of a particular religion as an ‘iconic brand’. Do any of the points raised ring a bell?

  • An iconic brand user won’t switch brands, even when faced with objective evidence that should spawn reconsideration.
  • An iconic brand user will often proselytize the brand, even without inducement of the brand owner.
  • At some point, the iconic brand had to offer ‘good’ and have some esteem amongst a population.
  • There must be a story or myth associated with an iconic brand, and it must be believable to at least some degree.
  • The iconic brand must offer the hope of fulfillment of currently unsatisfied desires, which use/consumption of the brand will provide.
  • The iconic brand must be continually managed to keep it alive as change occurs.

Interesting… and very, very, very profitable for the brand owners. Again, I am using this for analysis and asking ultimately for each human to take command of his or her own thoughts – to be internally responsible for choices of belief – not be a puppet in the hands of any particular religion, software, car, culture, shoes or lingerie. I am not taking any particular religion to task (I do personally not see much use for organized religion, which in my view has very little to do with spirituality, but that is just my own position and I am not arguing that here), but am pointing out that the vast cadre of ‘brand managers’ aka priests, rabbis, pastors, cardinals, sangomas, shamans, etc. do their jobs well, promoting and adapting the ‘iconic brand’ so that it continues to be seen as ‘necessary’ (for ‘saving your soul’, being better than the other tribe, being more likely to get more [fill in the blank] in the next life/heaven/etc. – very convenient that delayed gratification must wait until you are dead where it’s a bit harder to come back to customer service with a complaint about false advertising…)

None of this would be so much of an issue if it merely affected an individual – after all supposedly free choice is what makes us human, right…? But blind belief and adherence to some ‘iconic brands’ can be dangerous. When we are talking Manolos vs Louboutins, the worst that can happen is a catty comment from Joan – when rabid blind belief in certain deities lays waste to millions of lives, that is rather another thing entirely. Now, just to be accurate here:  many, many of the atrocities carried out in the past and present have completely incorrectly used the mantle of religion or other affiliation to attempt to justify just plain criminal or abhorrent sociopathic behavior. It would actually be very good ‘brand management’ if the current brand owners would police this aspect much more rigidly, and disallow the perverted use of supposedly benign deities by those that only aim to disrupt civilization with mayhem and murder.

Brand Trust for the Big Issues

As discussed earlier, one of the major underlying reasons for branding is to establish a sense of trust in the consumer/user of the brand. At the commercial level, firms like Apple, Hermes, Volkswagen, etc. all desire that the consumer will trust their products as being of quality, and that they can expect a continued level of similar form and function from the product in the future. This brand loyalty is incredibly important to the brand owner.

Now, carry this over to branded entities such as political parties, religions, nation-states, cults, social organizations, etc. – and we see that the same issues apply. Whether one expresses brand allegiance to the Democrats or Republicans, Labor or Conservative, ANC or DA – all of these groups wish to instill trust in their brand. They use most of the same advertising techniques that firms such as Ford, Calvin Klein, General Foods or Apple does to inspire loyalty, establish and preserve identity, etc. They all have unique brand names, logos, catchphrases, etc. Some logos of political elements have become so identified with a particular movement that they are ‘super-iconic’ – such as the swastika. That logo is now so identified with the Nazi movement and philosophy of a certain group that it can never again be separated from that meaning. This is the true power of branding – a single graphic element can say so very much. The ‘tagging’ of a synagogue wall with a spray-painted swastika says volumes…

Just as has been posited for brands of cars, clothing or computers, the giving of trust to a brand should be examined, tested and questioned on an ongoing basis. There is nothing at all wrong or illogical about deciding that one prefers Calvin Klein jeans to Diesel: but once trust is given the tendency is to submit to inertia and go back to the same well. We often will stay with a current brand long past the time when perhaps a new analysis should have been performed and another decision taken. Inertia, brand trust (and existing contracts) have kept Blackberry alive far longer than an objective analysis of their performance would have mandated. Often times many people will just drift away from a high level of trust with a brand, but not ‘re-trust’ a competitive brand:  we may find many ‘lapsed’ Catholics – but rather few that switch to either agnosticism or Islam. We are nearing election time here in the US, and a concomitant amount of rabid brand awareness has taken over our airwaves, newspapers and conversations. Wait a couple of years, and the amount of brand allegiance will be much lower, as once again the actuality of political promise fades in the face of reality, coercion, corruption and apathy.

Social organizations that promote one viewpoint or another (whether for/against reproductive rights, gay/lesbian, global warming/cooling, etc/etc) also use the same techniques to gather and keep followers. If one reviews the above list on brand naming techniques (acronyms are big here: PETA, NOW, LGBT, etc), global branding, and so on it can be seen that most social groups have learned quickly from their commercial counterparts. With a little insight, we can see that branding and marketing has become absolutely pervasive in our cultures. And this is world-wide, cuts across all socio-economic groups and affects virtually all groups of people:  children are marketed to with as much fervor as yuppies in search of the next new car.

Personal Branding

We have discussed the issue of branding as it applies to groups, whether these be companies that manufacture goods, provide services, offer a belief structure, purport to provide a better method of government, etc. – but one of the remaining issues is how we brand ourselves. This has two distinctive connotations: actual physical branding (typically with tattoos or piercings/embedded jewelry), and psychological branding. Here I am not discussing alignment with external brands – what we have reviewed above, but something different.

In terms of personal physical branding, while it is true that a number of people will tattoo themselves to state alignment with an external group (gangs, religion, etc.) that is not the focus of this point. This is an individual choice (assuming that the person was afforded choice, as mentioned earlier in this article that has not always been the case) and one must live with that choice. A tattoo does make brand-switching somewhat more of an issue than changing which shoes you wear…  Tattoos are often an expression of rebellion, individual control, etc – they are not ‘mainstream’ – at least in western cultures – and have a high degree of individualism. Many are beautiful and are works of art in their own right. The issue here is not about the practice of tattooing or piercing, but rather the identification or ‘self-branding’ aspect of that choice. These are relatively permanent decisions, and therefore represent the expression of an internal psychological branding that is not transitory. (Well, as always there are exceptions:  the actions of an inebriated sailor on leave  when he inks his current girlfriend’s name on his shoulder may be reviewed later as a less than stellar decision…)

In one way or another, tattoos express a brand alignment that is strong. However, in this case, there is a strength to this choice that all of us could take away and use as a model for other brand decisions. The person that chooses to ink a motif, logo, design, etc. has a strong alignment with whatever that represents to him or her. And (as said, we are not discussing brand marks here that express alignment with well-known external brands) these ‘brands’ are individual. They represent what this person feels, and feels strongly enough to share (with either the world or someone close to them, depending on location of the tattoo…) potentially for the rest of their lives. Not many of us are courageous enough, feel strongly enough about anything, or are committed enough to make that kind of decision.

Now, let’s move on to what I will refer to as ‘the invisible tattoo’ – personal psychological branding that is as permanent, courageous and committed as external ink. This is the rarest form of branding. It is sustained only by strong personal will, continuous and committed choice, and at some level a degree of self-observation / self-honesty. Again, I am not discussing alignment here with any external brand – this is not being a Democrat, wearing Vera Wang or riding a Harley. This topic is referring to the brand of one – yourself. Some questions may make this point a bit more clear:

  • Are your views on (fill in the blank) consistent and strong enough to constitute a brand?
  • Is your personal brand cohesive enough to evoke a feeling, a visual description, etc. in others that interact or see you?
  • Does this personal brand inspire loyalty and respect in others? In other words, put the aspects of branding I originally stated at the beginning of this article to yourself as a gauge, and see what answers you find. Brand image / experience / orientation / recognition, etc.

A final observation:  people who have a strong personal ‘brand’ tend to be strong, powerful people. Writers, scientists, actors, political leaders, etc. do not arrive at those places by accident. The world is too brutal, the pressures too great, for accidental positioning to last more than a minute. No matter whether you like, agree with or support any of their actions or positions, people such as Regan, Newman, Angelina, Einstein, Coelho etc. have/had strong personal brands. You know/knew where they stood, what they felt, what they believed in.

People that have strong personal brands are interestingly enough the least subject to blind allegiance to external brands. They believe in themselves enough to take their own decisions, and whether due to arrogance or internal strength of character, will seldom ‘jump on a bandwagon’ without due consideration. This leads to the end purpose for writing this article: for each reader to take a moment to reconsider his or her own brand, to regain considered choice and not be a lemming to the tide of advertisements and pressure of campaigns for your attention, money and time. There is absolutely nothing wrong with choosing to wear Proenza Schouler instead of Brian Atwood – but if done each time as a personal decision based on considered parameters instead of an habitual following it’s a different decision.

In terms of fashion/cars/electronics, it would be nice to see visual corporate branding take a lesser position in terms of design: often now the logo/name/etc has overtaken the actual design of the product. If we all had a stronger personal brand we would possibly not feel as great a need to align/belong to some set of external brands. I for one do not like to wear what are effectively billboards for clothing or accessory manufacturers, and choose to not do so. Yes, it limits some choices, but I find there are more than enough alternatives to satisfy my need for putting on shirts, pants and shoes in the morning.

We as individual people have enormous power if we take it:  if certain branded items stop selling the vendors will very quickly adapt, believe me. If understated became “in” – the market would respond. Ultimately the choice is yours. Take back some power, some individuality, some level of informed choice – whether that be concerning a handbag, belief, social group or car. You’ll be better off for it, and will accrue individuality.

Why do musicians have lousy music systems?

August 18, 2012 · by parasam

[NOTE: this article is a repost of an e-mail thread started by a good friend of mine. It raised an interesting question, and I found the answers and comments fascinating and wanted to share with you. The original thread has been slightly edited for continuity and presentation here].

To begin, the original post that started this discussion:

Why do musicians have lousy hi-fis?

It’s one of life’s little mysteries, but most musicians have the crappiest stereo systems.

  by Steve Guttenberg

August 11, 2012 7:36 AM PDT

I know it doesn’t make sense, but it’s true: most musicians don’t have good hi-fis.

To be fair, most musicians don’t have hi-fis at all, because like most people musicians listen in their cars, on computers, or with cheap headphones. Musicians don’t have turntables, CD players, stereo amplifiers, and speakers. Granted, most musicians aren’t rich, so they’re more likely to invest whatever available cash they have in buying instruments. That’s understandable, but since they so rarely hear music over a decent system they’re pretty clueless about the sound of their recordings.

(Credit: Steve Guttenberg/CNET)

Musicians who are also audiophiles are rare, though I’ve met quite a few. Trumpet player Jon Faddis was definitely into it, and I found he had a great set of ears when he came to my apartment years ago to listen to his favorite Dizzy Gillespie recordings. Most musicians I’ve met at recording sessions focus on the sound of their own instrument, and how it stands out in the mix. They don’t seem all that interested in the sound of the group.

I remember a bass player at a jazz recording session who grew impatient with the time the engineer was taking to get the best possible sound from his 200-year-old-acoustic bass. After ten minutes the bassist asked the engineer to plug into a pickup on his instrument, so he wouldn’t take up any more time setting up the microphone. The engineer wasn’t thrilled with the idea, because he would then just have the generic sound of a pickup rather than the gorgeous sound of the instrument. I was amazed: the man probably paid $100,000 for his bass, and he didn’t care if its true sound was recorded or not. His performance was what mattered.

From what I’ve seen, musicians listen differently from everyone else. They focus on how well the music is being played, the structure of the music, and the production. The quality of the sound? Not so much!

Some musicians have home studios, but very few of today’s home (or professional) studios sound good in the audiophile sense. Studios use big pro monitor speakers designed to be hyperanalytical, so you hear all of even the most subtle details in the sound. That’s the top requirement, but listening for pleasure is not the same as monitoring. That’s not just my opinion — very, very few audiophiles use studio monitors at home. It’s not their large size or four-figure price tags that stop them, as most high-end audiophile speakers are bigger and more expensive. No, studio monitor sound has little appeal for the cognoscenti because pro speakers don’t sound good.

I have seen the big Bowers & Wilkins, Energy, ProAc, and Wilson audiophile speakers used by mastering engineers, so it does work the other way around. Audiophile speakers can be used as monitors, but I can’t name one pro monitor that has found widespread acceptance in the audiophile world.

Like I said, musicians rarely listen over any sort of decent hi-fi, and that might be part of the reason they make so few great-sounding records. They don’t know what they’re missing.

——–

Now, in order, the original comment and replies:  [due to the authors of these e-mails being located in USA, Sweden, UK, etc. not all of the timestamps line up, but the messages are in order]

From: Tom McMahon
Sent: Saturday, August 11, 2012 6:09 PM
To: Mikael Reichel; ‘Per Sjofors’; John Watkinson
Subject: Why do musicians have lousy hi-fis?

I agree to some of this, have same observations.

But I don’t agree with the use broad use of “most musicians” as it may be interpreted that it is the majority. Neither of us can know this. Neil Young evidently cares a lot.

However, the statement “pro speakers do not sound good” is a subjective statement.  It´s like saying distilled water (i.e 100% H20) doesn’t taste good. Possibly, many think so but distilled water is the purest form of water and by definition anything less pure is not pure water. Whether you like it or not.

The water is the messenger and shooting it for delivering the truth is not productive.

If Audiophiles don’t like to hear the truth is sort deflates them.

A friend, singer/songwriter with fifteen CD´s behind her in the rock/blues genre, on a rare occasion when I got her to listen to her own stuff over a pair of Earo speakers, commented on the detail and realism. I then suggested that her forthcoming CD should be mastered over these speakers, she replied “ I don’t dare”.

Best/Mike

——-

From: John Watkinson
Sent: Sun 8/12/2012 6:46 AM
To: Mikael Reichel; Per Sjofors; Tom McMahon; Ed Elliott
Subject: Why do musicians have lousy hi-fis?

Hello All,

If a pro loudspeaker reproduces the input waveform and an audiophool [ed.note: letting this possible mis-spelling stand, in case it’s intended…] speaker also does, then why do they sound different?

We know the reasons, which are that practically no loudspeakers are accurate enough.  We have specialist speakers that fail in different ways.

The reason musicians are perceived to have lousy hi-fis may be that practically everyone does. The resultant imprinting means that my crap speaker is correct and your crap speaker is wrong, whereas in fact they are all crap.

Our author doesn’t seem to know any of this, so he is just wasting our time.

Furthermore I know plenty of musicians with good ears and good hi-fi.

Best,

John

——-

From: Mikael Reichel
Sent: Sun 8/12/2012 12:58 PM
To: John Watkinson; Per Sjofors; Tom McMahon; Ed Elliott
Subject: Why do musicians have lousy hi-fis?

Andrew is a really nice guy.

He has a talent in selecting demo material for his demos and his TAD speakers sound quite good. But they are passive and also use bass-reflex. This more or less puts the attainable quality level against a brick wall. Add the soft dome tweeter and I am a bit surprised at Mr. Jones choices, dome tweeters are fundamentally flawed designs.

One logical result of making “new” drivers is to skip ferrite magnets because they become a size and weight thief and also limits mechanical freedom for the design engineer. You almost automatically get higher sensitivity by using neodymium. But this is also a myth, as little is made to increase the fundamental mismatch of the driver to the air itself. I would guess Andrew has had the good sense to go with neodymium magnets.

To deliver affordable speakers is a matter of having a strong brand to begin with that allows for volumes so that you can have clients buy without listening first. This then allows for direct delivery thus avoiding importing and retail links in the chain to be removed. Typically out of the MSRP, only 25% reaches the manufacturer. Remove the manufacturing cost and you realize it’s  a numbers game.

This is exactly what is going on in the “audio” business today. The classical sales structures are being torn down. A very large number or speaker manufacturers are going to disappear because they don’t have the brand and volumes to sell over the web. To survive new ways of reaching the clients have to be invented. A true paradigm shift.

TAD has been the motor to provide this brand recognition and consumers are marketed to believe that they can get almost $80 performance from a less than $1 speaker, which is naïve.

If the speakers can be made active with DSP, they can be made to sound unbelievably good.  This is the real snapshot of the future.

/Mike

—-

From: John Watkinson
Sent: Sun 8/12/2012 11:13 PM
To: Mikael Reichel; Per Sjofors; Tom McMahon; Ed Elliott
Subject: Why do musicians have lousy hi-fis?

Hello All,

Mike is right. The combination of dome tweeter, bass reflex and passive crossover is a recipe for failure. But our journalist friend doesn’t know. I wonder what he does know?

Best,

John

——

From: Ed Elliott
Sent: Mon 8/13/2012 7:02 AM
To: Mikael Reichel; Per Sjofors; Tom McMahon; John Watkinson
Subject: Why do musicians have lousy hi-fis?

Hi Mike,

Well, this must be answered at several levels. Firstly the author has erred in two major, but unfortunately not at all uncommon ways:  the linguistic construction of “most <fill_in_the_blank>” is inaccurate and unscientific at the best of times, and all too often a device for aligning some margin of factuality to a desired hypothesis; the other issue is the very basis of the premise raised is left undefined in the article – what is “a good hi-fi system”?

Forgoing for the moment the gaps in logic and ontological reasoning that may be applied to the world of aural perception, the author does raise a most interesting question – one that if had been pursued in a different manner would have made for a far more interesting article. Forgetting for the moment issues (that are a total red herring today – the affordability of quality components has never been more accessible) of cost or availability – WHY don’t ‘most’ musicians apparently care to have ‘better’ sound systems? There is no argument that many musicians DO have excellent systems, at all levels of affordability; and appreciate the aural experience provided. However – and I personally have spent many decades closely connected to both the professional audio industry, musicians in general, and the larger post-production community – I do agree that based purely on anecdotal observation, many talented musicians do in fact not attach a large importance to the expense or quality of their ‘retail playback equipment.’ The same of course is not valid for their instruments or any equipment they deem necessary to express their music.

The answer I believe is most interesting:  I believe that good musicians simply don’t need a high quality audio system in order to hear music. The same synaptic wiring and neural fabric connectedness – the stuff that really is the “application layer” in the brain – means that this group of people actually ‘hears’ differently. Hearing, just like seeing, is almost 90% a neurological activity. Beyond the very basic mechanical issues of sound capture, focus, filtering and conversion from pressure waves to chemico-electical impulses (provided by the ears, ear canal, eardrum, cochlea) all the rest of ‘hearing’ is provided by  the ‘brain software.’

To cut to the chase:  this group of people already has a highly refined ‘sample set’ of musical notes, harmonies, melodies, rhythms, etc. in their brains, and needs very little external stimulation in order to ‘fire off’ those internalized ‘letters and words’ of musical sound. Just as an inexperienced reader may ‘read’ individual words – and a highly competent and experienced reader basically digests entire sentences as a single optic-with-meaning element, so a lay person may actually need a ‘better’ sound system in order to ‘hear’ the same things that a trained musician would hear.

That is not to say that musicians don’t hear – and appreciate – external acoustic reality:  just try playing a bit out of tune, lag a few microseconds on a lead guitar riff, or not express the same voice as others in the brass sections and you will get a quick lesson in just how acute their hearing is. It’s just tuned to different things. Once a composed song is underway, the merest hint of a well-known chord progression ‘fires off’ that experience in the musician’s brain software – so they ‘hear’ it was it was intended – the harmonic distortion, the lack of coherent imaging, the flappy bass – all those ‘noise elements’ are filtered out by their brains – they already know what it’s supposed to sound like.

If you realize that someone like Anne-Sophie Mutter has most likely played over 100,000 hours of violin already in her life, and look at what this has done to her brain in terms of listening (forgoing for the moment the musculo-skeletal reprogramming that has turned her body into as much of a musical instrument as the Stradivarius) – you can see that there is not a single passage of classical stringed or piano music that is not already etched into her neural fabric at almost an atomic level.

With this level of ‘programming’ it just doesn’t take a lot of external stimulation in order for the brain to start ‘playing the music.’ Going at this issue from a different but orthogonal point of view:  a study of how hearing impaired people ‘hear’ music is also revealing – as well as the other side of that equation: those that have damaged or uncommon neural software for hearing. People in this realm include autistics (who often have an extreme sensitivity to sound); stroke victims; head trauma victims, etc. A study here shows that the ‘brain software’ is far more of an issue in terms of quality of hearing than the mechanics or objective scientific ‘quality’ (perhaps an oxymoron) of the acoustic pressure waves provided to the human ear.

Evelyn Glennie – profoundly deaf – is a master percussionist (we just saw her play at the Opening Ceremonies) – and has adapted ‘hearing’ to an astounding level of physical sense in vibrations – including her feet (she mostly plays barefoot for this reason). I would strongly encourage the reading of three short and highly informative letters she published on hearing, disabilities and professional music. Evelyn does not need, nor can she appreciate, DACs with only .0001%THD and time-domain accuracies of sub-milliseconds – but there is no question whatsoever that this woman hears music!

This may have been a bit of a round-about answer to the issues of why ‘most musicians’ may have what the author perceives to be ‘sub-optimal’ hi-fi systems – but I believe it more fully answers the larger question of aural perception. I for instance completely appreciate (to the limits of my ability as a listener – which are professional but not ‘golden ears’) the accuracy, imaging and clarity of high end sound systems (most of which are way beyond my budget for personal consumption); but the lack of such does not get in the way of my personal enjoyment of many musicians’ work – even if played back from my iPod. Maybe I have trained my own brain software just a little bit…

In closing, I would like to take an analogy from the still photographer’s world:  this group of amateurs and professional alike put an almost unbelievable level of importance on their kit – with various bits of hardware (and now software) taking either the blame or the glory for the quality (or lack thereof) of their images. My personal observation is that the eye/brain behind the viewfinder is responsible for about 93% of both the successes and failures of a given image to match the desired state. I think a very similar situation exists today in both ‘audiophile’ as well as ‘professional audio’ – it would be a welcome change to discuss facts, not fancy.

Warmest regards,

Ed

——-

From: John Watkinson
Sent: Mon 8/13/2012 12:50 AM
To: Mikael Reichel; Per Sjofors; Tom McMahon; Ed Elliott
Subject: Why do musicians have lousy hi-fis?

Hello All,

I think Ed has hit the nail on he head. It is generally true that people hear what they ought to hear and see what they ought to see, not what is actually there. It is not restricted to musicians, but they have refined it for music.

The consequences are that transistor radios and portable cassette recorders, which sound like strangled cats, were popular, as iPods with their MP3 distortion are today. But in photography, the Brownie and the Instamatic were popular, yet the realism or quality of the snaps was in the viewer’s mind. Most people are content to watch television sets that are grossly misadjusted and they don’t see spelling mistakes.

I would go a little further than Ed’s erudite analysis and say that most people not only see and hear what they ought to, but they also think what they ought to, even if it defies logic. People in groups reach consensus, even if it is wrong, because the person who is right suffers peer pressure to conform else risk being ejected from the group. This is where urban myths that have no basis in physics come from. The result is that most decisions are emotive and science or physics will be ignored. Why else do 40 percent of Americans believe in Creation? I look forward to having problems with groups because it confirms that my ability to use logic is undiminished. Was it Wittgenstein who said what most people think doesn’t amount to much?

Marketing, that modern cancer, leaps into this human failing, by playing on emotions to sell things. It follows that cars do not need advanced technology if they can be sold by draping them with scantily-clad women. Modern cars are still primitive because the technical requirements are distorted downwards by emotion. In contrast  Ed’s accurate observation that photographers obsess about their kit, as do audiophiles illustrates that technical requirements can also be distorted upwards by emotion.

Marketing also preys on people to convince them that success depends on having all the right accessories and clothing for the endeavour. Look at all the stuff that sportsmen wear.

Whilst it would be nice for hi-fi magazines to discuss facts instead of fancy, I don’t see it happening as it gets in the way of the marketing.

Best,

John

——

From: Ed Elliott
Sent: Monday, August 13, 2012 8:11 PM
To: Mikael Reichel; Per Sjofors; Tom McMahon; John Watkinson
Subject: Why do musicians have lousy hi-fis?

Hi John, Mike, et al

Love your further comments, but I’m afraid that “marketing, that modern cancer” is a bit older that we would all like to think.. one example that comes to mind is about 400-odd years old now – and actually represents one of the most powerful and enduring ‘brands’ ever to be promoted in Western culture: Shakespeare. Never mind that allusions to and adaptations of his plays have permeated our culture for hundreds of years – even ‘in the time’ Shakespeare created, bonded with and nurtured his customer base. Now this was admittedly marketing in a more pure sense (you actually got something for your money) – but nonetheless repeat business was just as much of an issue then as now. Understanding his audience, knowing that both tragedy and comedy was required to build the dramatic tension that would bring crowds back for more; recognizing the capabilities and understanding of his audience so that they were stimulated but not puzzled, entertained but not insulted – there was a mastery of marketing there beyond just the tights, skulls and iambic pentameter.

Unfortunately I do agree that with time, marketing hype has diverged substantially from the underlying product to the point that often they don’t share the same solar system… And what’s worse is that now in many cases the marketing department actually runs product development in many large corporations… and I love your comments on ‘stuff sportsmen wear’ – to copy my earlier analogy on photography, if I was to pack up all the things that the latest photo consumer magazine and camera shop said I needed to have to take a picture I would need a band of Sherpas…

Now there is a bit of light ahead potentially:  the almost certain demise of most printed magazines (along with newspapers, etc.) is creating a tumultuous landscape that won’t stabilize right away. This means that what entities do remain and survive to publish information no longer have to conform to selling X amount of pages of ads to keep the magazine alive (and hence pander to marketing, etc.) There are two very interesting facts about digital publishing that to date have mostly been ignored (and IMHO are the root cause of digital mags being so poorly constructed and read – those that want to think that they can convert all their print reader to e-zine subscriptions need to check out multi-year retention stats – they are abysmal.)

#1 is people read digital material in a very different way than paper. (The details must wait for another thread – too much now). Bottom line is that real information (aka CONTENT) is what keeps readership. Splash and video might get some hits, but the fickle-factor is astronomical in online reading – if you don’t give your reader useful facts or real entertainment they won’t stay.

#2 is that, if done correctly, digital publishing can be very effective, beautiful, evocative and compelling at a very low cost. There simply isn’t the need for massive ad dollars any more. So the type of information that you all are sharing here can be distributed much more widely than ever before. I do believe there is a window of opportunity for getting real info out in front of a large audience, to start chipping away at this Himalayan pile of stink that defines so much of (fill in the blank: audio, tv, cars, vitamins, anti-aging creams, etc.)

Ok, off to answer some e-mails for that dwindling supply of really importance:  paying clients!

Many thanks

Ed

——–

From: John Watkinson
Sent: Tue 8/14/2012 12:57 AM
To: Mikael Reichel; Per Sjofors; Tom McMahon; Ed Elliott
Subject: Why do musicians have lousy hi-fis?

Dear Ed,

This is starting to be interesting. I take your point about Shakespeare being marketed, but if we want to go back even further, we have to look at religion as the oldest use of marketing. It’s actually remarkable that the religions managed to prosper to the point of being degenerate when they had no tangible product at all. Invent a problem, namely evil, and then sell a solution, namely a god. It’s a protection racket. Give us money so we can build cathedrals and you go to heaven. It makes oxygen free speaker cables seem fairly innocuous. At least the hi-fi industry doesn’t threaten you with torture. If you  read anything about the evolution of self-replicating viruses, suddenly you see why the Pope is opposed to contraception.

I read an interesting book about Chartres cathedral, in which it was pointed out that the engineering skills and the underlying science needed to make the place stand up (it’s more air than stone) had stemmed from a curiosity about the laws of nature that would ultimately lead to the conclusion that there was no Creation and no evidence for a god, that the earth goes round the sun and that virgin birth is due to people living in poverty sharing bathwater.

If you look at the achievements of hi-fi and religion in comparison to the achievements of science and engineering, the results are glaring. The first two have made no progress in decades, because they are based on marketing and have nothing to offer. Prayer didn’t defeat Hitler, but radar, supercharging and decryption may have played a small part.

Your comments about printed magazines and newspapers are pertinent. These are marketing tools and as a result the copy is seldom of any great merit, as Steve Gutenberg continues to demonstrate in his own way. Actually the same is true for television. People think the screensaver was a computer invention. Actually it’s not, it’s what television broadcasts between commercial breaks.

So yes, you are right that digital/internet publishing is in the process of pulling the rug on traditional media. Television is over. I don’t have one and I don’t miss the dumbed-down crap and the waste of time. Himalayan pile of stink is a wonderful and evocative term!

Actually services like eBay are changing the world as well. I hardly ever buy anything new if I can get one someone doesn’t want on eBay. It’s good for the vendor, for me and the environment.

In a sense the present slump/recession has been good in some ways. Certainly it has eroded peoples’ faith in politicians and bankers and the shortage of ready cash has led many to question consumerism.

Once you stop being a consumer, reverse the spiral and decide to tread lightly on the earth, the need to earn lots of money goes away. My carbon neutral house has zero energy bills and my  policy of buying old things and repairing them means I have all the gadgets I need, but without the cost. The time liberated by not needing to earn lots of money allows me to make things I can’t buy, like decent loudspeakers. It means I never buy pre-prepared food because I’m not short of time. Instead I can buy decent ingredients and know what I’m eating.

One of the experiences I treasure due to reversing the spiral was turning up at a gas station in Luxembourg. There must have a been a couple of million dollars worth of pretentious cars filling up. BMW, Lexus, Mercedes, the lot. And they all turned to stare at my old Jaguar when I turned up. It was something they couldn’t have because they were too busy running on the treadmill to run a car that needs some fixing.

Best,

John

——

From: Ed Elliott
Sent: Wed 8/15/2012 1:01 PM
To: Mikael Reichel; Per Sjofors; Tom McMahon; John Watkinson
Subject: Why do musicians have lousy hi-fis?

Hi John,

Yes, I’m finding this part of my inbox so much more interesting than the chatterings of well-intentioned (but boring) missives; and of course the ubiquitous efforts of (who else!) the current transformation of tele-marketers into spam producers… I never knew that so many of my body parts needed either extending, flattening, bulking up, slimming down, etc. etc!

Ahh! Religion… yes, got that one right the first time. I actually find that there’s a more nefarious aspect to organized religion: to act as a proxy for nation-states that couldn’t get away with the murder, land grabs, misogyny, physical torture and mutilation if these practices were “state sponsored” as opposed to “expressions of religious freedom.”  Always makes me think of that Bob Dylan song, “With God on Our Side…”

On to marketing in television.. and tv in general… I actually turned mine on the other day (well, since I don’t have a ‘real’ tv – but I do have the cable box as I use that for high speed internet – I turned on the little tuner in my laptop so I could watch Olympics in HD (the bandwidth of the NBC streaming left something to be desired) – and as usual found the production quality and techniques used in the adverts mostly exceed the filler… The message, well that went the way of all adverts: straight back out my head into the ether… What I want to know – this is a better trick than almost anything – how did the advertisers ever get convinced that watching this drivel actually effects what people buy?? Or I am just an odd-bod that is not swayed by hype, mesmerizing disinformation [if I buy those sunglasses I’ll get Giselle to come home with me…], or downright charlatantry.

And yeah for fixing things and older cars… I bought my last car in 1991 and have found no reason [or desire] to replace it. And since (thank g-d) it was “pre-computer” it is still ‘fixable’ with things like screwdrivers and spanners… I think another issue in general is that our cultures have lost the understanding of ‘preventative maintenance’ – a lot of what ends up in the rubbish bin is due to lack of care while it was alive..

Which brings me back to a final point:  I do like quality, high tech equipment, when it does something useful and fulfills a purpose. But I see a disappointing tendency with one of the prime vendors in this sector:  Apple. I am currently (in my blog) writing about the use of iPhones as a practical camera system for HD cinemaphotography – with all of the issues and compromises well understood! Turns out that two of the fundamental design decisions by Apple are at the core of limiting the broader adoption of this platform (I describe how to work around this, but it’s challenging):  the lack of a removable battery and removable storage.

While there are obvious advantages to those decisions, in terms of reliability and industrial design, it can’t be ignored that the lack of both of those features certainly mitigate towards a user ‘upgrading’ at regular intervals (since they can’t swap out a battery or add more storage). And now they have migrated this ‘sealed design’ to the laptops… the new Mac Air is for all practical purposes unrepairable (again, no removable battery, the screen is glued into the aluminium case, and all sub-assemblies are wave-soldered to the main board). The construction of even the Mac Pro is moving in that direction.

So my trusty Dell laptop, with all of its warts, is still appreciated for its many little screws and flaps… when a bit breaks, I can take it apart and actually change out just a Bluetooth receiver, or upgrade memory, or even swap the cpu. Makes me feel a little less redundant in this throw-away world.

I’ll leave you with this:

Jay Leno driving down Olive Ave. last Sunday in his recently restored 1909 Doble & White steam car. At 103 years old, this car would qualify for all current California “low emissions” and “fuel efficiency” standards…

(snapped from my iPhone)

Here is the link to Jay’s videos on the restoration process.

Enjoy!

Ed

Page 2 of 3 « Previous 1 2 3 Next »
  • Blog at WordPress.com.
  • Connect with us:
  • Twitter
  • Vimeo
  • YouTube
  • RSS
  • Follow Following
    • Parasam
    • Join 95 other followers
    • Already have a WordPress.com account? Log in now.
    • Parasam
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar
 

Loading Comments...