Follow Blog via Email

Enter your email address to follow this blog and receive notifications of new posts by email.

Email Address:
Recent Posts
Archives
Categories
- 2nd screen
- Content Protection
- design
- fashion
- history
- IoT
- philosophy
- photography
- post-production
- Quality Control
- science
- security
- technology
- Uncategorized
Meta

Browsing Tags internet

A Digital Disruptor: An Interview with Michael Fertik

June 27, 2016 · by parasam

During the recent Consumer Goods Forum global summit here in Cape Town, I had the opportunity to briefly chat with Michael about some of the issues confronting the digital disruption of this industry sector. [The original transcript has been edited for clarity and space.]

Michael Fertik founded Reputation.com with the belief that people and businesses have the right to control and protect their online reputation and privacy. A futurist, Michael is credited with pioneering the field of online reputation management (ORM) and lauded as the world’s leading cyberthinker in digital privacy and reputation. Michael was most recently named Entrepreneur of the Year by TechAmerica, an annual award given by the technology industry trade group to an individual they feel embodies the entrepreneurial spirit that made the U.S. technology sector a global leader.

He is a member of the World Economic Forum Agenda Council on the Future of the Internet, a recipient of the World Economic Forum Technology Pioneer 2011 Award and through his leadership, the Forum named Reputation.com a Global Growth Company in 2012.

Fertik is an industry commentator with guest columns in Harvard Business Review, Reuters, Inc.com and Newsweek. Named a LinkedIn Influencer, he regularly blogs on current events as well as developments in entrepreneurship and technology. Fertik frequently appears on national and international television and radio, including the BBC, Good Morning America, Today Show, Dr. Phil, CBS Early Show, CNN, Fox, Bloomberg, and MSNBC. He is the co-author of two books, Wild West 2.0 (2010), and New York Times best seller, The Reputation Economy (2015).

Fertik founded his first Internet company while at Harvard College. He received his JD from Harvard Law School.

Ed: As we move into a hyper-connected world, where consumers are tracked almost constantly, and now passively through our interactions with an IoT-enabled universe: how do we consumers maintain some level of control and privacy over the data we provide to vendors and other data banks?

Michael: Yes, passive sharing is actually the lion’s share of data gathering today, and will continue in the future. I think the question of privacy can be broadly broken down into two areas. One is privacy against the government and the other is privacy against ‘the other guy’.

One might call this “Big Brother” (governments) and “Little Brother” (commercial or private interests). The question of invasion of privacy by Big Brother is valid, useful and something we should care about in many parts of the world. While I, as an American, don’t worry overly about the US government’s surveillance actions (I believethat the US is out to get ‘Jihadi John’ not you or me); I do believe that many other governments’ interest in their citizens is not as benign.

I think if you are in much of the world, worrying about the panopticon of visibility from one side of the one-way mirror to the other side where most of us sit is something to think and care about. We are under surveillance by Big Brother (governments) all the time. The surveillance tools are so good, and digital technology makes it possible to have so much of our data easily surveilled by governments that I think that battle is already lost.

What is done with that data, and how it is used is important: I believe that this access and usage should be regulated by the rule of law, and that only activities that could prove to be extremely adverse to our personal and national interests should be actively monitored and pursued.

When it comes to “Little Brother” I worry a lot. I don’t want my private life, my frailties, my strengths, my interests.. surveilled by guys I don’t know. The basic ‘bargain’ of the internet is a Faustian one: they will give you something free to use and in exchange will collect your data without your knowledge or permission for a purpose you can never know. Actually, they will collect your data without your permission and sell it to someone else for a purpose that you can never know!

I think that encryption technologies that help prevent and mitigate those activities are good and I support that. I believe that companies that promise not to do that and actually mean it, that provide real transparency, are welcome and should be supported.

I think this problem is solvable. It’s a problem that begins with technology but is also solvable by technology. I think this issue is more quickly and efficiently solvable by technology than through regulation – which is always behind the curve and slow to react. In the USA privacy is regarded as a benefit, not an absolute right; while in most of Europe it’s a constitutionally guaranteed right, on the same level as dignity. We have elements of privacy in American constitutional law that are recognized, but also massive exceptions – leading to a patchwork of protection in the USA as far as privacy goes. Remember, the constitutional protections for privacy in the USA are directed to the government, not very much towards privacy from other commercial interests or private interests. In this regard I think we have much to learn from other countries.

Interestingly, I think you can rely on incompetence as a relatively effective deterrence against public sector ‘snooping’ to some degree – as so much government is behind the curve technically. The combination of regulation, bureaucracy, lack of cohesion and general technical lack of applied knowledge all serve to slow the capability of governments to effectively mass surveile their populations.

However, in the commercial sector, the opposite is true. The speed, accuracy, reach and skill of private corporations, groups and individuals is awesome. For the last ten years this (individual privacy and awareness/ownership of one’s data) has been my main professional interest… and I am constantly surprised by how people can get screwed in new ways on the internet.

Ed: Just as in branding, where many consumers actually pay a lot for clothing, that in addition to being a T-shirt, advertise prominently the brand name of the manufacturer, with no recompense for the consumer; is there any way for digital consumers to ‘own’ and have some degree of control over the use of the data they provide just through their interactions? Or are consumers forever to be relegated to the short end of the stick and give up their data for free?

Michael: I have mapped out, as well as others, how the consumer can become the ‘verb’ of the sentence instead of what they currently are, the ‘object’ of the sentence. The biggest lie of the internet is that “You” matter… You are the object of the sentence, the butt of the joke. You (or the digital representation of you) is what we (the internet owners/puppeteers) buy and sell. There is nothing about the internet that needs to be this way. This is not a technical or practical requirement of this ecosystem. If we could today ask the grandfathers of the internet how this came to be, they would likely say that one of areas in which they didn’t succeed was to add an authentication layer on top of the operational layer of the internet. And what I mean here is not what some may assume: providing access control credentials in order to use the network.

Ed: Isn’t attribution another way of saying this? That the data provided (whether a comment or purchasing / browsing data) is attributable to a certain individual?

Michael: Perhaps “provenance” is closer to what I mean. As an example, let’s say you buy some coffee online. The fact that you bought coffee; that you’re interested in coffee; the fact that you spend money, with a certain credit card, at a certain date and time; etc. are all things that you, the consumer, should have control over – in terms of knowing which 3^rd parties may make use of this data and for what purpose. The consumer should be able to ‘barter’ this valuable information for some type of benefit – and I don’t think that means getting ‘better targeted ads!’ That explanation is a pernicious lie that is put forward by those that have only their own financial gain at heart.

What I am for is “a knowing exchange” between both parties, with at least some form of compensation for both parties in the deal. That is a libertarian principle, of which I am a staunch supporter. Perhaps users can accumulate something like ‘frequent flyer miles’ whereby the accumulated data of their online habits can be exchanged for some product or service of value to the user – as a balance against the certain value of the data that is provided to the data mining firms.

Ed: Wouldn’t this “knowing exchange” also provide more accuracy in the provided data? As opposed to passively or surreptitiously collected data?

Michael: Absolutely. With a knowing and willing provider, not only is the data collection process more transparent, but if an anomaly is detected (such as a significant change in consumer behavior), this can be questioned and corrected if the data was in error. A lot of noise is produced in the current one-sided data collection model and much time and expense is required to normalize the information.

Ed: I’d like to move to a different subject and gain your perspective as one who is intimately connected to this current process of digital disruption. The confluence of AI, robotics, automation, IoT, VR, AR and other technologies that are literally exploding into practical usage have a tendency, as did other disruptive technologies before them, to supplant human workers with non-human processes. Here in Africa (and today we are speaking from Cape Town, South Africa) we have massive unemployment – varying between 25% – 50% of working age young people in particular. How do you see this disruption affecting this problem, and can new jobs, new forms of work be created by this sea change?

Michael: The short answer is No. I think this is a one-way ratchet. I’m not saying that in a hundred years’ time that may change, but in the next 20-50 years, I don’t see it. Many, many current jobs will be replaced by machines, and that will be a fact we must deal with. I think there will be jobs for people that are educated. This makes education much, much more important in the future than it’s even been to date – which is huge enough. I’m not saying that only Ph.D.’s will have work, but to work at all in this disrupted society will require a reasonable level of technical skill.

We are headed towards an irrecoverable loss of unskilled labor jobs. Full stop. For example, we have over a million professional drivers in the USA – virtually all of these jobs are headed for extinction as autonomous vehicles, including taxis and trucks, start replacing human drivers in the next decade. These jobs will never come back.

I do think you have a saving set of graces in the developing world, that may slow down this effect in the short term: the cost of human labor is so low that in many places this will be cheaper than technology for some time; the fact that corruption is often a bigger impediment to job growth than technology; and trade restrictions and unfair practices are also such a huge limiting factor. But none of this will stem the inevitable tide of permanent disruption of the current jobs market.

And this doesn’t just affect the poor and unskilled workers in developing economies: many white collar jobs are at high risk in the USA and Western Europe: financial analysts, basic lawyers, medical technicians, stock traders, etc.

I’m very bullish on the future in general, but we must be prepared to accommodate these interstitial times, and the very real effects that will result. The good news is that, for the developing world in particular, a person that has even rudimentary computer skills or other machine-interface skills will find work for some time to come – as this truly transformative disruption of so many job markets will not happen overnight.

Who owns the rain? A discussion on accountability of what’s in the cloud…

March 30, 2012 · by parasam

As the ‘cloud’ overshadows more and more of our daily lives, it is imperative that we collectively engage in some serious discussion regarding the water vapor that is stored there…

Like so much of the ‘real world’, the virtual world is also being cast into dialectical aspects: in particular the storage capability of the cloud. Much ado has been made recently of cyberlocker sites, such as MegaUpload, who allegedly allowed and even promoted the storage and sharing of copyrighted material. On the one side we have the so-called ‘black hat’ sites: Pirate Bay, MegaUpload, 4Shared, Rapidshare, etc. – and on the other side, the perceived ‘white hat’ sites: BoxNet, DropBox, iCloud, Facebook, YouTube, AmazonEC, etc. As with most anything, these are highly arbitrary, and impossible to prove, labels. That has not stopped the popular press from weighing in, and oft times enforcing, a prejudicial outlook on a given ‘cloud’.

I am making no defense of, or even an analysis of, the particular business practices of any given cloud storage site or entity. I am however pointing out that a lot of finger-pointing is going on that really lacks logic of any kind. I simply detest bad science. Or illogical assumption that is unsupported by fact. I won’t even start on the issues surrounding global warming – that must wait for a separate post… (Yes, we’re getting hotter. Right now. It’s happened in the past though. Yes, I agree that we humans are doing things that seriously don’t help this situation. But the worst thing we can do is to falsely overstate or make claims that are unsupported by fact. That only gives the ostrich-heads fuel to oppose any changes in behavior that would be beneficial.]

Ok, back to clouds and rain. Yes, stealing content (movies, music, etc.) and storing it in the cloud for the sole purpose of giving it away (thereby depriving the content owner of their rightful income), or even worse, selling it and keeping all the profit, is illegal and morally wrong. Period. But at this time we are killing the messenger… When hurricane Katrina devastated New Orleans, I heard a lot of blame going around, but I can’t recall a single instance of anyone screaming at the clouds – even though that’s precisely where all the water came from (well, to be completely accurate the wind that pushed the storm surge caused a lot of the flooding as well). So why is it that we are so up in arms today about the storage facilities for all the ‘rain’ that is inside our digital clouds?

How do we really measure and judge that Apple’s iCloud, for example, is a ‘good guy’ and 4Shared is a ‘bad guy’? Reputation? There are no large scale factual measurements of the real files stored in either site. There are a lot of assumptions that certain sites, such as PirateBay, MegaUpload (now defunct), and others cater to those individuals who steal content and upload it for either real profit or ‘denial-of-income’ attacks on the rightful content owners. However, if it was possible, I would bet that a really large amount of technically illegally obtained or shared content is sitting right now in iCloud, BoxNet, DropBox and many other sites that have the ‘white hat’ shine on them today…

The truth is that, barring any real hardcore file analysis measurement, it is impossible to say what is where. In fact, many of the so-called ‘white hat’ sites are actually more opaque than the so-called ‘pirate sites’ – in that the pirate sites often allow public scouring and downloading after paying an access fee – while DropBox and other similar sites basically host private cyberlockers. Now while technically the terms of service (and they vary here, I am not quoting from any one particular site) don’t allow wholesale sharing of your password, so in theory an account holder of a BoxNet account can’t put up 10,000 music files and then post the password openly on the internet for anyone to download – there are rather simple technical workarounds for that. To avoid a public spanking I won’t divulge the details, but as long as a user was willing to support even a single computer that ‘reflected’ the private account through an anonymous connection… well you get the picture. Any reasonably clever 14-year-old can pull this off…

The real philosophical trouble here is that the current heavy-handed legislation that is being used to shut down sites such as MegaUpload are based on ‘bad science’. These kinds of laws can open a very big door through which truckloads of ‘unintended consequences’ can drive through… Even a short term shutdown of a site can financially ruin that business, whether or not the action is later supported in court and rescinded. How would you feel if YouTube was seized and closed by the Justice Department? The difference between YouTube and MegaUpload is only one of perceived scale of ‘obnoxious behavior’… copyrighted material is illegally posted on YouTube every minute – the difference is that YouTube makes a serious and honest effort to take down such content when found or notified. But still just a feeling or perception of behavior should not be sufficient to warrant drastic actions such as a complete site shutdown without a significant and factual backing – which is not the case with MegaUpload. Remember, this is at this time an allegation and a set of indictments – that have not been proven in court.

I am offering no defense for this particular business, and they may very well be guilty as charged – the issue I bring to the table for discussion is the general premise that ‘cyberlockers are bad things.’ That is just patently false. We need to refine our legal efforts to address the ‘real’ criminal aspect and actions, and find a way to prove that factually so that when indictments are brought forward they are done so based on logic and evidence. It’s a very tricky slope, and one that will take much thought. At the core of this whole issue is the need to somehow inspect content, either on it’s way up to the cloud, or inside the cloud. And that can clearly make Pandora look like the owner of a very tiny box in comparison… Who gets to look? How is content assessed to be ‘legal’? What happens if this data is used for alternate means (the huge current issue of data accumulation by websites for targeted advertising which is unapproved by users)? For instance, the so-called ‘registration’ required by the Egyptian state police of all internet users in that country is in and of itself not necessarily an evil thing… the use of that data by internal security forces to disappear, harm and even kill people based on that knowlege – and the subsequent monitoring of data transmitted by those users – is unquestionably repugnant.

Unchecked, the current form of legislative overkill and heavy-handed action could put a serious dent in the functionality of the cloud infrastructure. This is already obvious if you dig around and see the amount of legal hours being billed to Facebook, Google, Amazon, Apple and others that host large cyberlocker sites. They are worried – and rightfully so. Our US government is not alone in this type of behavior, similar actions are either on the books or are contemplated in many countries. As noted, some cultures are already far more ‘policed’ today than the USA. Asian countries in general – whose base cultures are more consensus oriented than Western European and American cultures – already allow their governments a great latitude in monitoring and inspection of their respective private citizens’ web behavior.

I don’t want to see modern technology used to easily deny rightful income to artists and entertainment companies. I do want to ensure that anyone that uploads or stores content of their own (and this included purchased copyrighted material that falls under fair use policy for limited personal sharing, backup and viewing on alternative devices) is not subject to penalty. What if I create or purchase art that others may find offensive? The First Ammendment easily affords protection to speech and printed material – the laws are much less tested in regards to clouds…

In general, I hope to promote thought, discussion and eventually a dialog that will improve our collective understanding and actions towards how these new wonderful technical entities in our lives are matched to our laws, morals and cultural norms. It is an adjustment – the rate of technical innovation has vastly outstripped the pace of development of our legal and cultural systems. But let’s have some open and honest conversation about these issues before we end up living with badly designed rules that are unwittingly harmful to many innocents.

Privacy, Security and the Virtual World…

March 27, 2012 · by parasam

I’ve written on this before, and will again I am sure. It’s an important issue that interests and concerns me, and I assume many of my readers as well. The issue of privacy and security is fundamental, and much of human history and our legal system has been concerned with these issues. “A man’s house is his castle and fortress, et domus sua cuique tutissimum refugium” was written in 1628 by Sir Edward Coke in his legal treatise The Institutes of the Laws of England – (the Latin at end of the sentence translates to and each man’s home is his safest refuge). This principle has been used by countless societies since then to allow defense of what is considered ‘private property’ – whether this be real or virtual.

The recent rate of technological innovation has vastly outstripped the pace of our legal systems as well as even our social, cultural and philosophical consensus. We are now forced to grapple with realities that were only months or a few years back not even conceptualized. And the challenges keep on coming. Here are some recent examples of really good ideas that can have some really bad consequences…

♦ We have all heard much about ‘locational privacy’ – the result of our personal location being revealed through GPS, cellphone tower triangulation, WiFi hotspot location, etc. etc. While incredibly useful and convenient (just ask Siri “where can I get a pizza?”, and with no further information she gives you 3 choices within a few hundred meters…) – this technology can also provide unwitting information for stalkers, abusive partners, criminals, or just plain overzealous advertisers to invade our sense of personal privacy.

Another example: recently mall owners were thwarted in their attempts to track shoppers without notification using their mobile devices. PathIntelligence was hired by Promenade Temecula in southern California and Short Pump Town Center in Redmond, VA to test their FootPath Technology system – without knowledge or consent of shoppers. Basically, the system uses the TMSI signal (Temporary Mobile Subscriber Identifier) – which is emitted continuously anytime a cellphone is powered on [it’s part of the basic cellphone technology – allowing a user’s phone to be identified by a nearby tower, so that when the user wants to place a call a link can be established and authenticated]. There is no way for a user to know they are being monitored in this fashion, and the only way to not be detected is to turn your phone off – not a realisitic answer – particularly if you don’t know you’re being monitored in the first place! The full article is here.

The upside of this technology is [supposedly] anonymous foot traffic info so retailers in malls can see where patrons go when they leave Macy’s for example – which fast food place do they go to next? This of course can be consumed by targeted ad campaigns.The downside: using ‘orthogonal data mining’ techniques (whereby separate databases are ‘mined’ for information based on specific search parameters that yield collective data that is much more informative than any one particular database may yield), it would be entirely possible, for example, to derive the following information: – a so-called ‘anonymous’ shopper buys perfume at Macy’s, using their Macy’s charge card. Since the fine print on your charge agreement with Macy’s is different (and, like most department and other chain stores – allows much more use of your personal data) than your generic VISA or MasterCard, your purchase is now linked to your past history of Macy’s shopping. Now, while the FootPath system only tracks ‘anonymous’ cellphones, it doesn’t take rocket science to start following digital breadcrumbs.. Shopper “Jane Doe” buys perfume at 10:18AM in Macy’s; an anonymous shopper leave Macy’s at 10:21AM and goes to Steve Madden (women’s shoes, for you clueless guys) and buys a pair of sandals, again on a charge card… you get the picture… At best, your patterns, lifestyle, etc. are merged into what is often being called a ‘creepybase’ – a database so personally identifying as to have a significant ‘creep factor’ – and worth a lot to advertisers who desire the most detailed profiles possible. At worst, your ‘profile’ is sold off to criminals who (and this real BTW!) build ‘target profiles’ of people that buy at certain stores (i.e. have a certain level of income), and how long they take to do that… so they won’t be home when their homes are robbed…

♦ Again, another example of how basic locational services (GPS, often augmented with WiFi hotspot triangulation) is being extended. Google was awarded a patent recently for a new technology to determine not just where you are but what you are doing: based on ambient sounds, temperature and any other data that can be measured, either directly or indirectly, by your smartphone or other data device. An actual example provided by Google in the patenet application: “You’re attending a baseball game and call Google’s 411 service for information about a nearby restaurant. The cheers of the crowd and the sounds of the announcer are picked up by your phone. Google’s system analyzes the background noise, takes into account your location, determines that you’re at a ballgame and delivers related ads or links to your phone with sports scores and news.”But did the user know that their call to information was being monitored in that fashion, and used for targeted advertising? And remember, the web never, never, never forgets. Anything. Ever. Regardless of what anyone or any company tells you. And oh by the way the next time you call in sick when the surf’s up… better not be at the beach with a wave crashing in the background… (soundproof padded rooms for certain phone calls will soon be necessary…)

♦ There are new technologies that aim to ‘read’ moods and emotions of speakers. By using advanced voice recognition software that is sensitive to not only the actual words, but the contextual semantics of speech and word patterns, tonal variances in speech sounds, breathing cadence, etc. the algorithms can, on the good side, be used to identify sales pitches that are disguised; scam artists that seek to prey on the eldly, etc. But, since this game is a contstant cat-and-mouse, within a week expect the ‘bad guy’ to be self-monitoring his own speech patterns with such a tool – and using it to analyze his mark’s speech to see if the person on the other end of the phone is suspicious, distressed – or calm and accepting.

♦ Face recognition has received a lot of press recently – it’s getting a LOT better, and is now within the reach of a casual consumer, not just police departments. Researchers at Carnegie Mellon University recently identified about a third of all randomly selected, previously unknown (to the researchers) subjects, just using facial recognition technology recently acquired by Google. With a little social engineering, that figure went up to over 70%. And that’s not all: The professor running the research showed: “As a demonstration of his latest project, Prof. Acquisti also built a mobile-phone app that takes pictures of people and overlays on the picture a prediction of the subject’s name and Social Security number. He said he won’t release the app, but that he wanted to showcase the power of the data that can be generated from a single photo.” This particular research typically got the first five numbers of the SSN correct on the first attempt, all 9 numbers after only 4 attempts.Now, a new startup (Faced.me) has an app that will shortly release that allows VERY fast facial recognition (under 1 second) – and then can automatically link to that person’s Facebook, Twitter, LinkedIn accounts. Now this can be cool – a useful tool for salepeople, tradeshows, conventions, etc. — but the potential ‘creep factor’ is obvious… troll a shopping mall for teenage girls (who are notoriously lax with online security, and tend to post their life story, and pictures, on just about every social site) and snap pix, get IDs, log into FB page, – well you get the picture…

♦ Augmented Reality (AR) has been around for some time, but only recently has it moved from motion picture screens as ‘magic’, and heads-up displays of fighter aircraft (where terrain-following radar is used to call up actual photos from a flight path to better identify obstacles and targets when flying at extremely low altitude (and yes, fighter aircraft DO fly under bridges!). You can now download an app for your iPhone or iPad (Autonomy’s Aurasma) that performs automatic AR on images that are in it’s library. For instance, you point your iPhone camera (while in the Aurasma app) at a still photo of a sporting event, within seconds a live video overlays the still of the game highlights… it’s an advertisers mecca: point this app at billboards, storefronts, print ads in magazines – and a targeted video that is tuned to the user (using of course all the other bits we have discussed above) starts playing.However… now the ‘cloud’ knows exactly what you are looking at, what you like while you are there, etc. etc. And, BTW, do you know that ALL of the iPhone (and iPad) hardware is available to any app developer – just because you are using the rear-facing camera to run the AR app, for example, does not mean the little front-facing camera (that sees you!) cannot be turned on and used at the same time… and of course with facial recognition – and the fact that you are so close to the camera – sophisticated facial feature analysis algorithms can read your emotional state, track where your eyes are focused on the image (and since the image is being fed to you by the app, the app creator knows exactly what part of the image is catching your eye)… [big note: I am NOT saying that this particular app – Aursama – does this, nor do I even suspect that it does – just pointing out what is perfectly legal, feasible and possible today].

The above are just a few examples of how recent technological advancements have put real pressure on our sense of privacy and security. I am not advocating a return to kerosene lanterns and horses – I personally derive much benefit from these new features. I like the fact that I can just raise my phone and ask Siri “Is it going to rain today?” – no matter where I am – and with no other information provided directly by me – I get my answer in a few seconds. But we collectively must address these new ‘freedoms’ and figure out how to protect our ‘castles’ – even if they are made of virtual bits and not bricks.

I don’t yet have a plethora of answers for these challenges, nor am I sure I even have all the questions… but here are a few points for consideration:

The definition of privacy has a lot to do with the concept of boundaries. The walls of your house are a boundary: police need a warrant to enter without invitation, defense against criminal entry is usually legal, etc. Even in public, the inside of your car is a boundary, again, any broach of this boundary without invitation is considered a breach of privacy. And that was recently extended by US Supreme Court to mean that police can’t stick a GPS tracking device on the outside of a car without a warrant…As a society, we must respect boundaries, both social, physical and moral. Without such respect, chaos ensues. Some boundaries are already accepted as ‘virtual’ – but well respected in both moral and legal realms. Even in a public place, if you go to kiss a girl and she says “No!” – you are most definitely crossing a boundary if you don’t respect that – and you will likely have significant consequences if you don’t…

What then are the virtual ‘boundaries’ of data about our behavior? Who owns that data that is collected about our purchasing habits, travel preferences, musical likes, etc.? How do we collectively establish a normative acceptable protocol for targeted advertising that won’t creep out consumers (remember the Target scandal over pregnancy products pitches?) and yet at the same time prove effective so that company ad spends are seen to be worthwhile? Remember, that there is no such thing as free. Ever. Only alternatively funded. Every ‘free’ Google search you get to make is paid for by those pesky little ads at top and side of page. The internet that we know and love costs a LOT to run. Forbes estimates $200 billion per year. And that’s just operating expenses, not capital investment. While it’s really impossible to say, several sages that know much more than me about this have estimated a world-wide investment of $2 trillion is currently invested in the entire internet infrastructure. Now that’s enough cash to even get China’s attention… And most of us access this for a very small cost (just our data costs from internet provider) and pay nothing further for all the sites we visit (with small percentage of paying customers: porn and news are the two largest ‘paywalls’ on the ‘net). So we must all thank the advertisers. They pay for most of the rest.

Assuming that at some point we come to a collective agreement on ‘what is ok and what is not’ in terms of virtual behavior (and this is not simple – the internet by it’s very nature has no effective ‘nation-state’ boundaries) then how do we police this? Today, with only very small exceptions (and even then mostly unenforceable) in the World Court, all legal redress is localized. Witness the tremendous difficulty that movie studios have with enforcing even egregious piracy actions from off-shore server farms. The combined forces of NSA, CIA, FBI, etc. etc. are frequently brought to bear on international money laundering, etc. – with many more failures than they will ever admit. If these boys, with their almost inexhaustable store of high-tech toys, can’t easily wrestle the beast of recalcitrant bits to the ground, what chance will the virtual equivalent of ‘small claims court’ have for the average citizen? These are real questions that must be resolved.

Anonymity, Privacy and Security in the Connected World

February 3, 2012 · by parasam

Anonymity: the state of lacking individual characteristics, distinction or recognizability.

Privacy: the quality or state of being apart from observation, freedom from unauthorized intrusion.

Security: defending the state of a person or property against harm or theft.

The dichotomy of privacy versus social participation is at the root of many discussions recently concerning the internet, with technology often shouldering the blame for perceived faults on both sides. This issue has actually been with us for many thousands of years – it is well documented in ancient Greece (with the Stoics daring to live ‘in public’ – sharing their most private issues and actions: probably the long forerunner of Facebook…); continuing up until our current time with the social media phenomenon.

This is a pervasive and important issue that sets apart cultures, practices and personality. At the macro-cultural level we have societies such as North Korea on one side – a largely secretive country where there is little transparency; and on the other side perhaps Sweden or the Netherlands – where a more homogeneous, stable and socialistic culture is rather open.

We have all experienced the dualistic nature of the small village where ‘everyone knows everybody’s business’ as compared to the ‘big city’ where the general feeling of anonymity pervades. There are pros and cons to both sides: the village can feel smothering, yet there is often a level of support and community that is lacking in the ‘city’. A large urban center has a degree of privacy and freedom for individual expression – yet can feel cold and uncaring.

We enjoy the benefits of our recent social connectedness – Facebook, Twitter, etc. – yet at the same time fear the invasiveness of highly targeted advertising, online stalking, threats to our younger children on the web, etc. There is really nothing new about this social dilemma on the internet – it’s just a new territory for the same old conundrum. We collectively have to work out the ground rules for this new era.

Just as we have moved on from open caves and tents to houses with locked doors behind gated communities, we have moved our ‘valuables’ into encrypted files on our computers and depend on secure and reliable mechanisms for internet banking and shopping.

The challenge for all of us that seek to adapt to this ‘new world order’ is multi-faceted. We need to understand what our implicit expectations of anonymity, privacy and security are. We also need to know what we can explicitly do to actually align our reality to these expectations, should we care to do so.

Firstly, we should realize that a profound and fundamental paradigm shift has occurred with the wide-spread adoption of the internet as our ‘collective information cloud.’ Since the birth of the internet approximately 40 years ago, we have seen a gradual expansion of the connectedness and capability of this vehicle for information exchange. It is an exponential growth, both in physical reality and philosophical impact.

Arthur C. Clarke’s observation that “Any sufficiently advanced technology is indistinguishable from magic” has never been more true… going back thousands of years in philosophy and metaphysics we see the term “akashic records” [Sanskrit word] used to describe “the compendium of all human knowledge.” Other terminology such as “master library”, “universal supercomputer”, “the Book of Knowledge”, and so on have been used by various groups to describe this assumed interconnected fabric of the sum of human knowledge and experience.

If one was to take an iPad connected to the ‘cloud’ and time travel back even a few hundred years, this would be magic indeed. In fact, you would likely be burned as a witch… people have always resisted change, and fear what they don’t understand – weather forecasting and using a voice recognition program (Siri??) to ask and receive answers from the ‘cloud’ would have seriously freaked most observers…

Since we humans do seem to handle gradual adaption, albeit with some resistance and grumbling, we have allowed the ‘internet’ to insidiously invade our daily lives until most of us only realize how dependent we are on this when it goes away. Separation of a teenage girl from her iPhone is a near-death experience… and when Blackberry had a network outage, the business costs were in the millions of dollars.

As ubiquitous computing and persistent connectivity become the norm the world over, this interdependence on the cloud will grow even more. And this is true everywhere, not just in USA and Western Europe. Yes, it’s true that bandwidth, computational horsepower, etc. are far lower in Africa, Latin America, etc. – but – the use of connectivity, cellphones and other small computational devices has exploded everywhere. The per-capita use of cellphones is higher in Africa than in the United States…

Rose Shuman, an enterprising young woman in Santa Monica, formed Question Box, a non-profit company that uses a simple closed-circuit box with a button, mike and speaker to link rural farmers and others in Africa and India to a central office in larger towns that actually have internet access, thereby extending the ‘cloud’ to even the poorest communities with no direct online connectivity. Many other such ‘low-tech’ extensions of the cloud are popping up every day, serving to more fully interconnect a large portion of humanity.

Now that this has occurred we are faced with the same issues in the cloud that we have here on the ground: how to manage our expectations of privacy, etc.

Two of the most basic exchanges within any society are requests for information and payment for goods or services. In the ‘good old day’ information requests were either performed by reading the newspaper or asking directions at the petrol station; payments were handled by the exchange of cash.

Both of these transactions had the following qualities: a high level of anonymity, a large degree of privacy, and good security (as long as you didn’t lose your wallet).

Nowadays, every request for information on Google is sold to online advertisers who continually build a detailed dossier on your digital life – reducing your anonymity substantially; you give up a substantial amount of privacy by participation in social sites such as FaceBook; and it’s easier than ever to ‘follow the money’ with credit-card or PayPal transactions being reported to central clearing houses.

With massive ‘data mining’ techniques – such as orthogonal comparison, rule induction and neural networks – certain data warehouse firms are able to extract and match facets of data from highly disparate sources and assemble an uncannily accurate composite of any single person’s habits, likes and travels. Coupled with facial recognition algorithms, gps/WiFi tracking, the re-use of locational information submitted by users and so on, if one has the desire and access, it is possible to track a single person on a continual basis, and understand their likes for food and services, their political affiliation, their sexual, religious and other group preferences, their income, tax status, ownership of homes and vehicles, etc. etc.

The more that a person participates in social applications, and the more that they share on these apps, the less privacy they have. One of the side effects of the cloud is that it never forgets… in ‘real life’ we tend to forget most of what is told to us on a daily basis, it’s a clever information reduction technique that the human brain uses to avoid overload. It’s just not important to remember that Martha told us in passing last week that she stopped at the dry cleaner… but that fact is forever burnt into the cloud’s memory, since we paid for the transaction with our credit card, and while waiting for the shirts to be brought up from the back we were on our phone Googling something – and Google never forgets where you were or what you asked for when you asked…

These ‘digital bread crumbs’ all are assembled on a continual basis to build various profiles of you, with the hope that someone will pay for them. And they do.

So… what can a person do? And perhaps more importantly, what does a person want to do – in regards to managing their anonymity, privacy and security?

While one can take a ‘bunker mentality’ approach to reducing one’s exposure to such losses of privacy this takes considerable time, focus and energy. Obviously if one chooses to not use the internet then substantial reductions in potential loss of privacy from online techniques occur. Using cash for every transaction can avoid tracking by credit card use. Not partaking in online shopping increases your security, etc.

However, even this brute-force approach does not completely remove the threats to your privacy and security: you still have to get cash from somewhere, either an ATM or the bank – so at least those transactions are still logged. Facial recognition software and omniscient surveillance will note your presence even if you don’t use FourSquare or a cellphone with GPS.

And most of us would find this form of existence terribly inconvenient. What is reasonable then to expect from our participation in the modern world which includes the cloud? How much anonymity is rightfully ours? What level of security and privacy should be afforded every citizen without that person having to take extraordinary precautions?

The answers of course are in process. This discussion is part of that – hopefully it will motivate discussion and action that will spur onwards the process of reaching a socially acceptable equilibrium of function and personal protection. The law of unintended consequences is very, very powerful in the cloud. Ask any woman who has been stalked and perhaps injured by an ex-husband that tracked her via cellphone or some of the other techniques discussed above…

An interesting side note: at virtually every ‘battered woman’s center’ in the US now the very first thing they do is take her cellphone away and physically remove the battery. It’s the only way to turn it off totally. Sad but true.

There is not going to a single, simple solution for all of this. The ‘data collection genie’ is so far out of the bottle that it will be impossible on a practical basis to rewind this, and in many cases one would not want to. Nothing is for free, only alternatively funded. So in order to get the usefulness many of us find by using a search engine, a location-based query response for goods or services, etc. – the “cost” of that service is often borne by targeted advertising. In many cases the user is ok with that.

Perhaps the best solution set will be increased transparency on the use of the data collected. In theory, the fact that the government of Egypt maintains massive datasets on internet users and members of particular social applications is not a problem… but the use that the military police makes of that data can be rather harmful to some of their citizens…

We in the US have already seen efforts made in this direction, with privacy policies being either voluntarily adhered to, or mandated, in many sectors. Just as physical laws of behavior have been socially built and accepted for the common good, so does this need to occur in the cloud.

Rules for parking of cars make sense, with fines for parking in areas that obstruct traffic. Breaking into a bank and stealing money will incur punishment – which is almost universal anywhere in the world with a relative alignment of the degree of the penalty. Today, even blatant internet crime is highly variable in terms of punishment or penalty. With less than 20% of the 196 countries in the world having any unified set of laws for enforcement of criminal activity on the internet, this is a challenging situation.

Today, the truth is that to ensure any reliable degree of anonymity, privacy and security of one’s self in the cloud you must take proactive steps at an individual level. This requires time, awareness, knowledge and energy. Hopefully this situation will improve, with certain levels of implicit expectations coming to the norm.