Follow Blog via Email

Enter your email address to follow this blog and receive notifications of new posts by email.

Email Address:
Recent Posts
Archives
Categories
- 2nd screen
- Content Protection
- design
- fashion
- history
- IoT
- philosophy
- photography
- post-production
- Quality Control
- science
- security
- technology
- Uncategorized
Meta

Browsing Tags cloud

Shadow IT, Big Brother & The Holding Company, Thousand-Armed Management…

April 9, 2015 · by parasam

This article was inspired by reading a challenge of many organizations, along with their IT departments: that of “Shadow IT”. This is essentially the use of software by employees that is not formally ‘approved’ or managed by the IT Department. Often this is done quite innocently, as an expedient method to accomplish a task at hand when the perceived correct software tool for the job is unavailable, hard to use or otherwise presents friction to the user.

A classic example, and in fact the instigating action for the article I read (here) is DropBox. This ubiquitous cloud storage service is so ‘friction-free’ to set up and use that many users opt for this app as a quick means to store documents for easy retrieval as they move from place to place and device to device during the course of their day/week at work. The issues of security, backup, data integrity and so on usually never occur to them.

The Hidden Dangers

The use of ad-hoc solutions to a user’s need to do something (whether it’s to store, edit, send, etc.) are often not immediately apparent. Some of the issues that come up are: lack of security for company documents; lack of version control when docs are stored multiple times in various places; potential compromise of security to company networks (often times users will use the same login info for DropBox as for their corporate login – DB is not that difficult to hack, once a set of credentials is discovered that works for one site a hacker will then try other sites…); general diffusion of IT management policies and practices.

The unfortunate dialectic that often follows from the discovery of this practice is one of opposing sides: IT sees the user as the ‘bad guy’ and tries to enforce a totalitarian solution; the user feels discriminated against and gets frustrated that the tools they perceive they need are not provided.. all this leads to a continual ‘cat and mouse’ game where users feel even a greater ‘reason’ to utilize stealth IT solutions / IT management feels they have no choice except to police users and invoke more and more draconian rules to prevent users from acting in any way that is not ‘approved’.

Everyone Needs Awareness

A more cooperative solution can be found if both ‘sides’ (IT management and Users) get enlightened about the issues from both points of view. IT needs to accept that many of the toolsets often provided are ungainly, cumbersome, or otherwise hard to use – or don’t adequately address the needs of users; while users need to understand the security and management risks that Shadow IT solutions pose.

One of the biggest philosophical challenges is that most firms place IT somewhere near the top of the pyramid, with edicts on what to use and how to behave coming from a ‘top-down’ philosophy. A far more effective approach is to place IT at the ‘bottom of the stack’ – with IT truly being in a supportive role, literally acting as a foundation and glue for the actions of users. If the needs of the users are taken as real (within reason) and a concerted effort is taken to address those in a creative manner a much higher degree of conformance will follow.

Education of users is also paramount – many times existing software solutions are available within a corporate toolset but either are unknown to a user, or the easiest way to accomplish a task is not shown to the user. This paradigm (enlightened users acting with a common goal in cooperation with IT management) is actually a great model for other aspects of work life as well…

Big Brother & The Holding Company

Achieving the correct balance between user ‘freedom’ and the perceived need for IT management to monitor and control absolutely everything that is ‘data’ is a bigger challenge than even apparent at first. I’ve entitled this section to included “The Holding Company” for a more specific reason that just an alliteration… most organizations, whether your local Seven-Eleven or the NSA not only like to observe (and record) all the goings-on of their employees (or in the case of the NSA basically every human and/or machine they can find…) but to hold on to this data, well, pretty much forever.

This ‘holding’ in and of itself raises some interesting philosophical questions… for instance, is it legal/ethical for a firm to continue to keep records pertaining to an employee that is no longer working for the firm? And if so, for how long? Under what conditions, or what subjects would some data be deemed necessary to keep longer than other data?

And BTW if anyone still believes that old e-mails just aren’t that big a deal, please ask Amy Pascal (Sony Pictures exec…) if she wishes some of her past e-mails had never become public (thanks to the Hack of Armageddon). Perhaps one ‘better way’ to handle this balance (privacy vs perceived necessity) is somewhat like a pre-nup: hammer out the details before the marriage… In the case of employee/employer, if data policies were more clearly laid out, with reason and rationale, the chance of better IT behavior – and less chance of disgruntled employees later – would likely be ensured.

From a user’s or employee’s perspective, here’s a (potentially embarrassing) scenario: during the course of normal business the user expresses frustration with a vendor to another employee of the current firm; a few years later said user leaves and goes to work for the vendor, having long forgotten about the momentary frustration and perhaps in hindsight a less than wonderful expression of the same. The original firm (probably some manager that had to explain why a good employee had left) reviews e-mails still on file, find this ‘gem’ and anonymously forwards it to the vendor… now the employer of the user… ouch!

If it could be proven, probably a black eye (or worse) for the original employer, but these things can be almost impossible to nail down to the degree of certainty required in our legal system, and the damage has already been done.

On the other hand, an audit trail of content moves by an employee of a major motion picture company that has experienced piracy could potentially help plug a leak that was costing the firm huge financial losses and also lead to the appropriate actions being taken against the perpetrator.

The real issue here is good policy and governance, and then applying these polices uniformly across the board.

Thousand-Armed Management

The 1000-Armed Buddha (Avalokiteśvara) is traditionally understood as a deity of Benevolent Compassion – but with the power of all-seeing, all-hearing and all-reaching attributes. That is exactly what is required today for sound and secure IT management across our new hyper-connected reality. With the concept of perimeters and ‘walled gardens’ lost by the wayside, along with hardware firewalls, antiquated OS’s and other roadkill brought on by interconnected clouds, multiple mobile devices all ‘attached’ to the same user, etc. – an entirely new paradigm is required for administration.

Closing the circle of discussion to our introduction, in this new world the attractiveness and utility of so-called ‘Shadow IT’ is even more pervasive – and harder to monitor and control – than previously. In the old world order where desktops were all controlled on a corporate LAN it was easier to monitor/block access to entities such as DropBox and other cloud apps that users found often fit their needs better than the tools provided by the local IT toolsets. It’s much more difficult to do this when a user is on an airplane logged in to the ‘net via GoGo at 10,000 meters in the air, using cloud apps located in 12 different countries simultaneously.

The Buddha Avalokiteśvara is also known for promoting teaching as one of the greatest ‘positive actions’ that one can take – (I’ll save a post on how our current culture values teachers vs stockbrokers for another time…). The most powerful tool any IT manager can utilize is education and sharing of knowledge in an effective manner. Informed users will generally make better decisions – and at the least will have a better understanding of IT policies and procedures.

Future posts on this general topic will delve a bit further into some of the discrete methods that can be utilized to effect this ‘1000-armed management’ – here it’s enough to introduce the concepts and the need for a radically new way of providing the balance of security and usability required today.

UltraViolet – A Report on the “Academy of UltraViolet” Seminar

May 18, 2012 · by parasam

I attended the full day seminar on the new UltraViolet technology earlier this week. UltraViolet is the recently launched “Digital Entertainment Cloud” service that allows a user to essentially ‘pay once, watch many’ across a wide range of devices, with the content being sourced from a protected cloud environment – physical media is no longer required.

While this report on the seminar is primarily intended for those on my team and in my firm that could not make the date, I will include a brief introduction to level-set my audience.

The UltraViolet Premise

The purpose is to offer a Digital Collection of consumer content (you can think of this as a “DVD for the Internet”), allowing the user to enjoy a universal viewing experience not limited by where you bought the content, the format of the content (or even whether physical or virtual), the type of device (as long as it supports a UV Player) or where the user is located [fine print: UV does allow local laws to be enforced via a geographies module, so not all features or content may be available in all territories].

I strongly recommend a visit to the UV FAQ site here – which is kept current on roughly a monthly basis. Even knowledgable members of this audience will find useful bits there: history, features, technical details, what-ifs to cover business cases [will my UV file still work even if the vendor that sold it to me goes out of business?} {the answer is yes BTW}, and many other useful bits.

For those that want a more detailed set of technical information, including the publicly available CFF (Common File Format) download specification, UV ecosystem and Role information, licensing info, etc. please visit the UV Business site here

The UV Academy Seminar

Firstly, a thanks to both the organizers and presenters: this seminar did not have a lot of lead time, and took place in a nice venue with breakfast and lunch provided – which helped the audience (mostly industry professionals) to digest a rather enormous helping of information in a short time. Many of the presentations were aided with excellent graphics or video which greatly enhanced the understanding of a complex subject. The full list of presenters and sponsors is here.

We began with an update on current status, noting that basically the UV rollout is still in early stages – currently “Phase 1” where UV content is only available online in streaming formats. Essentially, legacy streaming providers that have signed up to be part of the UV ecosystem (known as LASPs – Locker Access Streaming Provider) [come on, you must expect any new geeky infrastructure to have at least 376 new acronyms… 🙂 ] – will be able to stream content that the user has added to his/her “UV Cloud”. The availability, quality, etc of the stream will be the same as you currently get from that same provider.

Phase 2, the ability to download and store locally a UV file (in CFF – Common File Format) will roll out later this summer. One of the challenges in marketing is to communicate to users that UV is a phased rollout – what you get today will become greatly enhanced in the future.

A panel discussion followed this intro, the topic being “Preparing and Planning an UltraViolet Title Launch”. This was a good look ‘under the hood’ into just how many steps are required to effect a commercial release of a film or TV episode onto the UV platform. Although there are a LOT of moving parts (and often the legal and licensing issues are greater than the technical bits!) the system has been designed to simplify as much as possible. QA and Testing is a large part of the process, and it was stressed that prior planning well in advance of release was critical to success. (Hmmm, never heard that before…)

We then heard a short dissertation on DRM (Digital Rights Management) – as it exists within the UV ecosystem. This is a potentially brain-numbing topic, expertly and lightly presented by Jim Taylor, CTO of the DECE (the consortium that brought you UV). I am personally very familiar with this type of technology, and it’s always a pleasure to see a complex subject rendered into byte sized chunks that don’t overwhelm our brains. [Although having this early in the day when we still had significant amounts of coffee in the bloodstream probably helped…] The real issue here is that UV must accommodate multiple DRM schemes in order to interoperate on a truly wide array of consumer devices, from phones all the way up to web-connected Blu-ray players feeding 65″ flatscreens. Jim gave us an understanding of DRM domains, and how authentication tokens are used to allow a single license that a user has for a movie to populate multiple DRM schemas and thereby allow the user access as required. Currently 2 of the 5 anticipated DRM schemes are enabled, with testing going on for the others. [The current crop of 5 DRM technologies include: Widevine, Marlin, OMA, Playready, FlashAccess]

Jason Kramer of Vital Findings (a consumer research company) gave us a great insight into the ‘mind of a real UV consumer’ with some humorous and interesting videos. We learned to never underestimate the storage capacity of a pink backpack (approximately 500GB – as in 100 DVDs); that young children like to skate on DVDs on the living room carpet (a good reason for UV, so when they wear out the DVDs mom can still download the content without buying it again…) – now come on, be honest, find me a software use case QA person that would have thought THAT one up… and on and on. It showed us that it’s really important to do this kind of research. You have NO IDEA how many ways your users will find to play with your new toy…

A panel discussion then helped us all understand the real power of metadata in the overall UV ecosystem. We are all getting a better understanding of how metadata interoperates with our content, our habits, our advertising, etc. – but seldom has a single environment been designed from the ground up to make such end-to-end use of extensive metadata of all types. Metadata in the UV universe facilitates three interdependent functions: helping the user find and enjoy content through recommendation and search functions; managing the distribution of the content and reporting back to DMRs (Digital Media Retailers) and Content Providers; and the all-important Big Data information vacuum cleaner: here’s an opportunity for actual customer libraries of content choices to be mined. To be precise, there are a huge amount of business rules in place about what kind of ‘little data’ is shared by whom to whom and for what purpose – and this is still a very fluid area… but in general, this UV ecosystem offers the potential of a win-win Big Data scenario. The user – based on actual content in their library – can help drive recommendations with a precision lacking in other data models; while content providers and others in the supply chain can learn about the user to the extent that is either appropriate or ‘opted in’. One area that will need refinement is what plagues other ‘content providers’ that offer recommendations (Amazon, Netflix, etc.) – different family members that share an account (a feature of UltraViolet) confuse recommendation engines badly… One can imagine easily the difficulty of sorting ‘dad’ vs ‘mom’ vs ‘6yr old kid’ when all the movies in a single account holder’s library are commingled… This is an area ripe for refinement.

The next panel delved into the current perceptions of “cloud content provisioning” in general as well as UltraViolet in particular. PWC’s Consumer Sentiment Workshops’ findings were discussed by representatives from participating studios (Fox/Warner/Universal). As might be expected, consumers have equated cloud storage of content with the two words that strike terror into the hearts of any studio executive: Free & Forever… So, just like in Washington, where any savvy politician will tell you that there is ‘no free lunch – only alternatively funded lunch’ – the UV supporters have to educate and subtlety re-phrase consumer’s expectations. So ‘Free & Forever’ needs to be recast to ‘No Additional Cost & 35 Dog Years’… There are actually numerous issues here: streaming is a bit different from download, no one has really tested such a widespread multi-format cloud provisioning system that has an extended design lifetime, etc. etc. Not to mention that many of the byzantine contracts already in place for content distribution never imagined a platform such as UltraViolet, so it will take time to sort out all the ramifications of what looks simple on the surface.

The User Experience (UX for those cognizetti who love acronyms) received a detailed discussion from a wide-ranging panel headed by Chuck Parker, one of our new masters of the Second Screen. This is a difficult and complex topic – even the UI (User Interface) is simpler – the UI is the actual ‘face’ of the application or interface: the buttons, graphics, etc. connected via a set of instructions to the underlying application; the UX is the emotion that the user feels and walks away with WHILE and AFTER the experience of using the UI. It’s harder to measure, and harder yet to refine. It’s a discipline that involves a creative, artistic and sometime almost mystic mix of hardware, software and ergonometric design. Color, shape, context, texture, all play a part. And UV has, in one sense, an even harder task in creating a unified and ‘branded’ experience: at least companies like Apple (whose UX have attracted a cult following that most religions wish they had) have control over both hardware and software. UltraViolet, by the very nature of ‘riding on top’ of existing hardware (and even software) has only the thinnest of UI’s that they can call their own. Out of this UV still needs to craft a ubiquitous UX that will ‘brand’ itself and instill a level of consumer confidence (Ok, I know where I am – this is the cool player that let’s me get to all my movies no matter where/what/how/when) with the environment. Not a trivial task…

The day finished with a panel on the current marketing efforts of UltraViolet. Most of the studios were represented on the panel, with many clearly articulated plans brought forth. The large challenge of simultaneously bringing in large numbers of new users, yet communicating that UV is still very much a work in progress – and will be for several years yet – was exposed. The good news is that each marketing executive was enthusiastic about their plans to do two things: collaborate together to ensure a unified message no matter which studio or content provider was marketing on behalf of UV (this is a bigger deal than many think: silos were invented by movie studios, didn’t you know that?? – and it’s never easy for multi-billion dollar companies to collaborate in this highly regulated era – but in this case, since the marketing of UV can in no way be construed to be ‘price-collaborative’ it’s a greener field; and all the participants agreed that a continued effort to bring as much content into the UV system as soon as practical was in everyone’s best interest. The current method of signing up users (typically by first purchasing a physical media, such as Blu-ray – which in turn gives a coupon that is redeemed for UV access to that same title) may well flip: in a few years, or even less, users may purchase online, and then receive a coupon to redeem at a local store for a ‘hard copy’ of the same movie on a disk should they desire that.

In summary, a lot of information was delivered in a relatively short time, and our general attention was held well. UV has a lot of promise. It certainly has its challenges, most notably the lack of Disney and Apple at the table so far, but both those companies have had substantial changes internally since the original decision was taken to not join the UV consortium. Time will tell. The current technology appears to be supportive of the endeavor, the upcoming CFF download format will notably enhance the offering, and the number of titles (a weakness in the beginning) is growing weekly.

Watch this space: I write frequently on changes and new technologies in the entertainment sector, and will undoubtedly have more to say on UltraViolet in the future.

Who owns the rain? A discussion on accountability of what’s in the cloud…

March 30, 2012 · by parasam

As the ‘cloud’ overshadows more and more of our daily lives, it is imperative that we collectively engage in some serious discussion regarding the water vapor that is stored there…

Like so much of the ‘real world’, the virtual world is also being cast into dialectical aspects: in particular the storage capability of the cloud. Much ado has been made recently of cyberlocker sites, such as MegaUpload, who allegedly allowed and even promoted the storage and sharing of copyrighted material. On the one side we have the so-called ‘black hat’ sites: Pirate Bay, MegaUpload, 4Shared, Rapidshare, etc. – and on the other side, the perceived ‘white hat’ sites: BoxNet, DropBox, iCloud, Facebook, YouTube, AmazonEC, etc. As with most anything, these are highly arbitrary, and impossible to prove, labels. That has not stopped the popular press from weighing in, and oft times enforcing, a prejudicial outlook on a given ‘cloud’.

I am making no defense of, or even an analysis of, the particular business practices of any given cloud storage site or entity. I am however pointing out that a lot of finger-pointing is going on that really lacks logic of any kind. I simply detest bad science. Or illogical assumption that is unsupported by fact. I won’t even start on the issues surrounding global warming – that must wait for a separate post… (Yes, we’re getting hotter. Right now. It’s happened in the past though. Yes, I agree that we humans are doing things that seriously don’t help this situation. But the worst thing we can do is to falsely overstate or make claims that are unsupported by fact. That only gives the ostrich-heads fuel to oppose any changes in behavior that would be beneficial.]

Ok, back to clouds and rain. Yes, stealing content (movies, music, etc.) and storing it in the cloud for the sole purpose of giving it away (thereby depriving the content owner of their rightful income), or even worse, selling it and keeping all the profit, is illegal and morally wrong. Period. But at this time we are killing the messenger… When hurricane Katrina devastated New Orleans, I heard a lot of blame going around, but I can’t recall a single instance of anyone screaming at the clouds – even though that’s precisely where all the water came from (well, to be completely accurate the wind that pushed the storm surge caused a lot of the flooding as well). So why is it that we are so up in arms today about the storage facilities for all the ‘rain’ that is inside our digital clouds?

How do we really measure and judge that Apple’s iCloud, for example, is a ‘good guy’ and 4Shared is a ‘bad guy’? Reputation? There are no large scale factual measurements of the real files stored in either site. There are a lot of assumptions that certain sites, such as PirateBay, MegaUpload (now defunct), and others cater to those individuals who steal content and upload it for either real profit or ‘denial-of-income’ attacks on the rightful content owners. However, if it was possible, I would bet that a really large amount of technically illegally obtained or shared content is sitting right now in iCloud, BoxNet, DropBox and many other sites that have the ‘white hat’ shine on them today…

The truth is that, barring any real hardcore file analysis measurement, it is impossible to say what is where. In fact, many of the so-called ‘white hat’ sites are actually more opaque than the so-called ‘pirate sites’ – in that the pirate sites often allow public scouring and downloading after paying an access fee – while DropBox and other similar sites basically host private cyberlockers. Now while technically the terms of service (and they vary here, I am not quoting from any one particular site) don’t allow wholesale sharing of your password, so in theory an account holder of a BoxNet account can’t put up 10,000 music files and then post the password openly on the internet for anyone to download – there are rather simple technical workarounds for that. To avoid a public spanking I won’t divulge the details, but as long as a user was willing to support even a single computer that ‘reflected’ the private account through an anonymous connection… well you get the picture. Any reasonably clever 14-year-old can pull this off…

The real philosophical trouble here is that the current heavy-handed legislation that is being used to shut down sites such as MegaUpload are based on ‘bad science’. These kinds of laws can open a very big door through which truckloads of ‘unintended consequences’ can drive through… Even a short term shutdown of a site can financially ruin that business, whether or not the action is later supported in court and rescinded. How would you feel if YouTube was seized and closed by the Justice Department? The difference between YouTube and MegaUpload is only one of perceived scale of ‘obnoxious behavior’… copyrighted material is illegally posted on YouTube every minute – the difference is that YouTube makes a serious and honest effort to take down such content when found or notified. But still just a feeling or perception of behavior should not be sufficient to warrant drastic actions such as a complete site shutdown without a significant and factual backing – which is not the case with MegaUpload. Remember, this is at this time an allegation and a set of indictments – that have not been proven in court.

I am offering no defense for this particular business, and they may very well be guilty as charged – the issue I bring to the table for discussion is the general premise that ‘cyberlockers are bad things.’ That is just patently false. We need to refine our legal efforts to address the ‘real’ criminal aspect and actions, and find a way to prove that factually so that when indictments are brought forward they are done so based on logic and evidence. It’s a very tricky slope, and one that will take much thought. At the core of this whole issue is the need to somehow inspect content, either on it’s way up to the cloud, or inside the cloud. And that can clearly make Pandora look like the owner of a very tiny box in comparison… Who gets to look? How is content assessed to be ‘legal’? What happens if this data is used for alternate means (the huge current issue of data accumulation by websites for targeted advertising which is unapproved by users)? For instance, the so-called ‘registration’ required by the Egyptian state police of all internet users in that country is in and of itself not necessarily an evil thing… the use of that data by internal security forces to disappear, harm and even kill people based on that knowlege – and the subsequent monitoring of data transmitted by those users – is unquestionably repugnant.

Unchecked, the current form of legislative overkill and heavy-handed action could put a serious dent in the functionality of the cloud infrastructure. This is already obvious if you dig around and see the amount of legal hours being billed to Facebook, Google, Amazon, Apple and others that host large cyberlocker sites. They are worried – and rightfully so. Our US government is not alone in this type of behavior, similar actions are either on the books or are contemplated in many countries. As noted, some cultures are already far more ‘policed’ today than the USA. Asian countries in general – whose base cultures are more consensus oriented than Western European and American cultures – already allow their governments a great latitude in monitoring and inspection of their respective private citizens’ web behavior.

I don’t want to see modern technology used to easily deny rightful income to artists and entertainment companies. I do want to ensure that anyone that uploads or stores content of their own (and this included purchased copyrighted material that falls under fair use policy for limited personal sharing, backup and viewing on alternative devices) is not subject to penalty. What if I create or purchase art that others may find offensive? The First Ammendment easily affords protection to speech and printed material – the laws are much less tested in regards to clouds…

In general, I hope to promote thought, discussion and eventually a dialog that will improve our collective understanding and actions towards how these new wonderful technical entities in our lives are matched to our laws, morals and cultural norms. It is an adjustment – the rate of technical innovation has vastly outstripped the pace of development of our legal and cultural systems. But let’s have some open and honest conversation about these issues before we end up living with badly designed rules that are unwittingly harmful to many innocents.

A Tale of Two Booksellers…

March 7, 2012 · by parasam

This is a short story of a recent personal experience – but I believe it carries some important observations for business, customer service and the new paradigm of consumption from the cloud.

Once upon a time there were ‘real’ books, rather heavy tomes made of flattened tree bits, embossed with ink derived from carbon and oil. In those distant past times many small booksellers stocked and sold these volumes, often with great knowledge, enthusiasm and insight into their customers’ needs and desires – for both knowledge and entertainment. But… the little pesky electron came along… and after some developement eventually inhabited bits of silicon and glass, and before you could recite “Little Red Riding Hood” we had IBMs, Apples, Microsofts and other new life forms…

Eventually almost all real things became translucent blobs of bits that originated in the Cloud of Everything, and with the correct credit gods these bits of life would rain down the pipes and wires and pour into your pads and pods and phones to stimulate the eyes in almost the same way as the books of old would do. Funny how certain nostalgic actions are required to make the process of reading enjoyable – many many hours of psychological testing finally showed the wizards of C++ that a complicated animation was required – the page turn – for a user to move from one screen of text to the next. A simple snap actually took one out of the reading experience.

All of this took, unfortunately, a toll on the small independent booksellers – another form of disintermediation – and with the drive of the consumer to save a penny no matter what, and the awful silence of empty stores – and tills – the coalescence of book-clouds eventually focused on a border, a noble barn and a river. The challenge of making a buck in the cloud is quite awesome – talk about emporer’s new clothes: most of the top twenty ‘places to go in the cloud’ are STILL losing money – lots and lots and lots of money. When GM lost this much, the planet quaked and the almighty Congress had to dip in our coffers… when the cloudsellers lose this much, Wall Street just prints more stock and it sells as fast as it’s available…

Perception is EVERYTHING!

Back to our tale… eventually the Borders of one fine business came crashing down, leaving only the ‘little’ guy

and the big guy…

Now back when there were three… I preferred to shop at Borders – (guess I rented from Avis as well…) – I liked their bookshops better – and even during the ‘transformative years’ – when I still liked to browse a real bookshop, even if I then bought the book online since I preferred to read on my tablet I found their treatment of the customer better.

I had initially tried out the Big River, but was turned off by two things: I still preferred to browse in a real space where I could wander and see things that I was not searching for – no one, and I mean no one, has figured out how to do this in the cloud. And that’s a really big deal. But we’ll save that story for another day… My other issue with the amazing Amazon was an overly busy interface. For someone that started out selling books – which if done correctly can be graphic masterpieces – their web site is just plain offensive. It reminds me of shopping at the clearance sale at Ross or Filene’s Basement – overcrowded, disorganized and chaotic.

So I ended up at the Noble Barne – and I liked their reader app for the iPad a bit better than the Kindle one anyway. After all, I was there to buy and read books, nothing else. I liked the focus of BN on being (mostly) a bookseller, even in the cumulo-nimbus white puffy arena. The Big River now was selling everything from washing machines to recording studios… books had become almost a sideline. I, more or less, endured this for about a year. I remember reading in the news shortly after Borders sunk into the tarpit of bankruptcy and legal fees that Barnes & Noble CEO was worrying that Amazon could ‘spend them into the ground’ in terms of technology and infrastructure – but his hope and plan was to stay tightly focused on their book-reading customers – and offer them a superior experience – along with good enough technical prowess to compete with the monster. BN made noise about the huge investment they were making in technology, etc. to continue to pile more angels into their cloud, and make the experience as close to the bookshops of olden days as possible.

Well… just like waking up from the last page of a good Grimm’s Fairy Tale… little cracks in the plaster got wider… I first started having trouble with the BN site last year – it would often become unresponsive. E-mails to the guardian angels were ignored or took days to hear back – maybe, just like hailstones, my mail went up and down and up and down and… ?? Then – and to be fair this was an external wrench in the works – Apple kicked everyone out of their ‘in-app’ purchase nest… after all, if you are the most capitalized company on earth, then obviously you need even higher profits – no matter if your users are hit with more cumbersome purchasing process. So now we all had to go out to Safari or whatever to purchase our e-books, then return to the reader app to read them.

Now this did give both the Nook and Kindle hardware a bit of a leg up – since this issue only arose on the iDevice… but, with about an 80% market share it was a complete non-starter for BN to suggest to me that I should go buy a Nook for reading – they basically were saying “Apple doesn’t matter” – that’s a bit like looking at a tsunami coming in and sticking your head in the sand saying “it’s only a wave…”

From late fall last year into winter (ok, northern hemisphere – and I should know better as I make my home in one of the southernmost bits of land on the planet – but I work in the North so tend to write from that point of view) this experience only got worse and worse. Basically it has been impossible to buy a book on BN.com on any Apple iOS device for months now. I have to go to a PC/Mac and make the purchase, then I can download and read on the pad. The e-mails to angels, then the archangels, then to Gabriel himself – all basically went nowhere. The replies were scripted, with no attention to the facts presented. The ‘solutions’ (buy a Nook), etc. were insulting.

I still wanted to give the little guy another chance before falling in the River with most everyone else… so I actually tried an abnormal procedure – to call a person (at least I had hoped to find a carbon life form, and not Siri’s sister) that could maybe shed some light on what had now become a travesty of an experience. I won’t bore you with details, but once upon a time I could sign into my account on BN.com and then make my purchases with a single click. Yes, I did get a nice little dialog that said “Are you sure?” – that’s cool, one more click and I’m done. But now… even though I am signed in, EVERY time that I make a purchase, I get redirected to another page where I have to sign in again, then redirected to a 3rd page where I have to accept the purchase, then… I get back to the original page and see the purchase is confirmed. Only that experience, as clumsy as it is, only works on a computer, not a mobile device. The whole process just hangs on anything but a laptop/desktop.

So… I eventually talk to a human or two… after a number of really horrible phone-menu-from-hell trips – and I’m sorry here, I am not being (too) politically incorrect, but please Mr. Noble – I’m not stupid. When someone who is completely obvious as having English as his 3rd or 4th language introduces himself as “John” and proceeds to attempt to speak with a cadence and lexicon that is totally unauthentic – it’s insulting to his native culture and my intelligence. Reading every response off a computer screen sounds just like what it is – and therefore the customer is never really heard. I don’t mind that you want to save costs and source your helpdesk in Mumbai or Delhi, but speaking on the phone IS a skill – hire and train staff to be good at it – but natural. If we are all going to be living in the cloud together, let’s at least celebrate our diversity but work towards a common understanding.

Sadly, the fork in the road was reached – I ran out of my last patience pill, and have thrown down David and gone to Goliath… with the same restrictions from Apple (no in-app purchasing) I was able to go from the Kindle reader to Safari on iPad, purchase my book, and return to find it already loading, with a total of 4 taps. No extra sign in. Just about as simple a process as could be, given Apple’s current policy.

I still don’t like the look of the website. I’m getting used to the little differences in the Kindle app reader – but my blood pressure is down from the cloud and I can now spend my time reading instead of fighting poorly implemented technology, ignorant and uncaring staff, and a general feeling of inferiority in not being able to make something work that’s supposedly simple.

I hope that this is seen as not just another flame on the internet – but rather an example of how ‘that which matters’ is your customer. Always. Forever and ever and ever. Nothing else matters. In spite of the miracles of technology, only real carbon-based organisms eventually consume your products. Even though the largest portion of communication on the web today is M2M (Machine to Machine) – all of this is only to facilitate some human’s consumption of either a product or a service somewhere. So please Mr./Mrs. Merchant… take care of the ONLY resource that matters: your people. That means your customers (first) and your employees. Train them. Support them. Critique them. CARE enough to CARE. Your future really absolutely does depend on it. I just voted with my wallet. If enough others make the same decision, another Border will fall…

Anonymity, Privacy and Security in the Connected World

February 3, 2012 · by parasam

Anonymity: the state of lacking individual characteristics, distinction or recognizability.

Privacy: the quality or state of being apart from observation, freedom from unauthorized intrusion.

Security: defending the state of a person or property against harm or theft.

The dichotomy of privacy versus social participation is at the root of many discussions recently concerning the internet, with technology often shouldering the blame for perceived faults on both sides. This issue has actually been with us for many thousands of years – it is well documented in ancient Greece (with the Stoics daring to live ‘in public’ – sharing their most private issues and actions: probably the long forerunner of Facebook…); continuing up until our current time with the social media phenomenon.

This is a pervasive and important issue that sets apart cultures, practices and personality. At the macro-cultural level we have societies such as North Korea on one side – a largely secretive country where there is little transparency; and on the other side perhaps Sweden or the Netherlands – where a more homogeneous, stable and socialistic culture is rather open.

We have all experienced the dualistic nature of the small village where ‘everyone knows everybody’s business’ as compared to the ‘big city’ where the general feeling of anonymity pervades. There are pros and cons to both sides: the village can feel smothering, yet there is often a level of support and community that is lacking in the ‘city’. A large urban center has a degree of privacy and freedom for individual expression – yet can feel cold and uncaring.

We enjoy the benefits of our recent social connectedness – Facebook, Twitter, etc. – yet at the same time fear the invasiveness of highly targeted advertising, online stalking, threats to our younger children on the web, etc. There is really nothing new about this social dilemma on the internet – it’s just a new territory for the same old conundrum. We collectively have to work out the ground rules for this new era.

Just as we have moved on from open caves and tents to houses with locked doors behind gated communities, we have moved our ‘valuables’ into encrypted files on our computers and depend on secure and reliable mechanisms for internet banking and shopping.

The challenge for all of us that seek to adapt to this ‘new world order’ is multi-faceted. We need to understand what our implicit expectations of anonymity, privacy and security are. We also need to know what we can explicitly do to actually align our reality to these expectations, should we care to do so.

Firstly, we should realize that a profound and fundamental paradigm shift has occurred with the wide-spread adoption of the internet as our ‘collective information cloud.’ Since the birth of the internet approximately 40 years ago, we have seen a gradual expansion of the connectedness and capability of this vehicle for information exchange. It is an exponential growth, both in physical reality and philosophical impact.

Arthur C. Clarke’s observation that “Any sufficiently advanced technology is indistinguishable from magic” has never been more true… going back thousands of years in philosophy and metaphysics we see the term “akashic records” [Sanskrit word] used to describe “the compendium of all human knowledge.” Other terminology such as “master library”, “universal supercomputer”, “the Book of Knowledge”, and so on have been used by various groups to describe this assumed interconnected fabric of the sum of human knowledge and experience.

If one was to take an iPad connected to the ‘cloud’ and time travel back even a few hundred years, this would be magic indeed. In fact, you would likely be burned as a witch… people have always resisted change, and fear what they don’t understand – weather forecasting and using a voice recognition program (Siri??) to ask and receive answers from the ‘cloud’ would have seriously freaked most observers…

Since we humans do seem to handle gradual adaption, albeit with some resistance and grumbling, we have allowed the ‘internet’ to insidiously invade our daily lives until most of us only realize how dependent we are on this when it goes away. Separation of a teenage girl from her iPhone is a near-death experience… and when Blackberry had a network outage, the business costs were in the millions of dollars.

As ubiquitous computing and persistent connectivity become the norm the world over, this interdependence on the cloud will grow even more. And this is true everywhere, not just in USA and Western Europe. Yes, it’s true that bandwidth, computational horsepower, etc. are far lower in Africa, Latin America, etc. – but – the use of connectivity, cellphones and other small computational devices has exploded everywhere. The per-capita use of cellphones is higher in Africa than in the United States…

Rose Shuman, an enterprising young woman in Santa Monica, formed Question Box, a non-profit company that uses a simple closed-circuit box with a button, mike and speaker to link rural farmers and others in Africa and India to a central office in larger towns that actually have internet access, thereby extending the ‘cloud’ to even the poorest communities with no direct online connectivity. Many other such ‘low-tech’ extensions of the cloud are popping up every day, serving to more fully interconnect a large portion of humanity.

Now that this has occurred we are faced with the same issues in the cloud that we have here on the ground: how to manage our expectations of privacy, etc.

Two of the most basic exchanges within any society are requests for information and payment for goods or services. In the ‘good old day’ information requests were either performed by reading the newspaper or asking directions at the petrol station; payments were handled by the exchange of cash.

Both of these transactions had the following qualities: a high level of anonymity, a large degree of privacy, and good security (as long as you didn’t lose your wallet).

Nowadays, every request for information on Google is sold to online advertisers who continually build a detailed dossier on your digital life – reducing your anonymity substantially; you give up a substantial amount of privacy by participation in social sites such as FaceBook; and it’s easier than ever to ‘follow the money’ with credit-card or PayPal transactions being reported to central clearing houses.

With massive ‘data mining’ techniques – such as orthogonal comparison, rule induction and neural networks – certain data warehouse firms are able to extract and match facets of data from highly disparate sources and assemble an uncannily accurate composite of any single person’s habits, likes and travels. Coupled with facial recognition algorithms, gps/WiFi tracking, the re-use of locational information submitted by users and so on, if one has the desire and access, it is possible to track a single person on a continual basis, and understand their likes for food and services, their political affiliation, their sexual, religious and other group preferences, their income, tax status, ownership of homes and vehicles, etc. etc.

The more that a person participates in social applications, and the more that they share on these apps, the less privacy they have. One of the side effects of the cloud is that it never forgets… in ‘real life’ we tend to forget most of what is told to us on a daily basis, it’s a clever information reduction technique that the human brain uses to avoid overload. It’s just not important to remember that Martha told us in passing last week that she stopped at the dry cleaner… but that fact is forever burnt into the cloud’s memory, since we paid for the transaction with our credit card, and while waiting for the shirts to be brought up from the back we were on our phone Googling something – and Google never forgets where you were or what you asked for when you asked…

These ‘digital bread crumbs’ all are assembled on a continual basis to build various profiles of you, with the hope that someone will pay for them. And they do.

So… what can a person do? And perhaps more importantly, what does a person want to do – in regards to managing their anonymity, privacy and security?

While one can take a ‘bunker mentality’ approach to reducing one’s exposure to such losses of privacy this takes considerable time, focus and energy. Obviously if one chooses to not use the internet then substantial reductions in potential loss of privacy from online techniques occur. Using cash for every transaction can avoid tracking by credit card use. Not partaking in online shopping increases your security, etc.

However, even this brute-force approach does not completely remove the threats to your privacy and security: you still have to get cash from somewhere, either an ATM or the bank – so at least those transactions are still logged. Facial recognition software and omniscient surveillance will note your presence even if you don’t use FourSquare or a cellphone with GPS.

And most of us would find this form of existence terribly inconvenient. What is reasonable then to expect from our participation in the modern world which includes the cloud? How much anonymity is rightfully ours? What level of security and privacy should be afforded every citizen without that person having to take extraordinary precautions?

The answers of course are in process. This discussion is part of that – hopefully it will motivate discussion and action that will spur onwards the process of reaching a socially acceptable equilibrium of function and personal protection. The law of unintended consequences is very, very powerful in the cloud. Ask any woman who has been stalked and perhaps injured by an ex-husband that tracked her via cellphone or some of the other techniques discussed above…

An interesting side note: at virtually every ‘battered woman’s center’ in the US now the very first thing they do is take her cellphone away and physically remove the battery. It’s the only way to turn it off totally. Sad but true.

There is not going to a single, simple solution for all of this. The ‘data collection genie’ is so far out of the bottle that it will be impossible on a practical basis to rewind this, and in many cases one would not want to. Nothing is for free, only alternatively funded. So in order to get the usefulness many of us find by using a search engine, a location-based query response for goods or services, etc. – the “cost” of that service is often borne by targeted advertising. In many cases the user is ok with that.

Perhaps the best solution set will be increased transparency on the use of the data collected. In theory, the fact that the government of Egypt maintains massive datasets on internet users and members of particular social applications is not a problem… but the use that the military police makes of that data can be rather harmful to some of their citizens…

We in the US have already seen efforts made in this direction, with privacy policies being either voluntarily adhered to, or mandated, in many sectors. Just as physical laws of behavior have been socially built and accepted for the common good, so does this need to occur in the cloud.

Rules for parking of cars make sense, with fines for parking in areas that obstruct traffic. Breaking into a bank and stealing money will incur punishment – which is almost universal anywhere in the world with a relative alignment of the degree of the penalty. Today, even blatant internet crime is highly variable in terms of punishment or penalty. With less than 20% of the 196 countries in the world having any unified set of laws for enforcement of criminal activity on the internet, this is a challenging situation.

Today, the truth is that to ensure any reliable degree of anonymity, privacy and security of one’s self in the cloud you must take proactive steps at an individual level. This requires time, awareness, knowledge and energy. Hopefully this situation will improve, with certain levels of implicit expectations coming to the norm.