Monday, February 18, 2019

Zucked: Waking Up to the Facebook Catastrophe


Zucked: Waking Up to the Facebook Catastrophe

by Roger McNamee 



Well, this is awkward.

Roger McNamee, the author, was a mentor to Mark Zuckerberg, invested very early in Facebook, and introduced Zuck to Sheryl Sandberg. But when after the 2016 election he informed them he thought Facebook had become a danger to democracy, they didn't seem to want to talk about it.

McNamee is a smart guy, and figured out earlier than most that Facebook's unintended consequences were harming public health and enabling any number of bad actors to influence elections (Trump, Brexit) and oppress minorities (Myanmar, Sri Lanka). Facebook can be and in fact is incredibly harmful to children--for commercial gain. This is the sharp edge of what Shoshana Zuboff calls Surveillance Capitalism.


If there's a sliver lining at all, it's that McNamee and a small team of experts has been busy educating people of the hazard and what can be done. His briefs included the US Senate Intelligence Committee, the House Intelligence Committee, Nancy Pelosi's staff, experts in academia, the EU, and elsewhere. But make no mistake: Facebook (and Google, and the rest of Big Tech) won't give up money and power without a fight. And they have all of our data.

Surveillance Capitalism

The Age of Surveillance Capitalism

By Shoshana Zuboff





-->
You should read this book.

What’s your view as to the most pressing issue facing humankind today? Climate change? Nuclear war? Viral pandemic? Mine is surveillance capitalism.

Whoa, but aren’t the other issues of an existential nature, capable of wiping out the human race? Yes, but… in each case there are experts and activists working hard to make sure that doesn’t happen.

The problem with surveillance capitalism is that very few people outside of Google, Facebook, and other Big Tech even know what it is, and they aren’t working to stop it. Far from it.

You should read this book.

Shoshana Zuboff is a social psychologist who studies and writes about the impact of technology on people. I read her 1988 book, In The Age of the Smart Machine, where, over 30 years ago, she investigated the early impact of smart machines on people’s lives. But that was before Google, and Facebook, and surveillance capitalism.

Zuboff is a professor at Harvard Business School. She has spent her career researching how the information age has morphed into something not so positive: surveillance capitalism. What does that term even mean? Here are her many definitions, with which she begins the book:

Surveillance Capitalism, n:
1. A new economic order that claims human experience as free raw material for hidden commercial practices of extraction, prediction, and sales; 2. A parasitic economic logic in which the production of goods and services is subordinated to a new global architecture of behavioral modification; 3. A rogue mutation of capitalism marked by concentrations of wealth, knowledge, and power unprecedented in human history; 4. The foundational framework of a surveillance economy; 5. As significant a threat to human nature in the twenty-first century as industrial capitalism was to the natural world in the nineteenth and twentieth; 6. The origin of a new instrumentarian power that asserts dominance over society and presents startling challenges to market democracy; 7. A movement that aims to impose a new collective order based on total certainty; 8. An expropriation of critical human rights that is best understood as a coup from above: an overthrow of the people’s sovereignty.

I came across surveillance capitalism in my final job, working in cybersecurity and learning about the dark side of mobile phones with their persistent surveillance and egregious invasions of privacy. I have therefore been aware of how our corporate masters cynically capture many aspects of our lived experience so they can deliver “better” ads. The overall goal, as with all advertising, is to sell us more stuff. For this, our privacy is stealthily violated. This I already knew.

But I now know that I was only seeing the tip of the iceberg. Zuboff outlines how Google, Facebook and Big Tech can now take a “God’s eye view” of the data resulting from our lived experience--our location, calls, texts, emails, digital assistants, web surfing, online purchases, offline purchases, connections, friends, social media posts, likes, follows, and many other factors--and can appropriate that as their proprietary data and inferences which can be sold to advertisers, yes, but also to other entities including insurance companies, financial service companies, educational institutions, law enforcement, city, state and federal governments, and any other entity willing to pay.

We know that websites track us. We know our phone also tracks us, to the degree we should call is surveillance. But as the so-called Internet of Things (IoT) relentlessly comes into pervasive reality, we can (and are) being tracked by smart speakers, TVs, appliances, cars, toys, thermostats, smart vacuums, security systems, and soon--clothing and other wearables. Zuboff refers to the sum of surveillance devices as Big Other (sounds like Big Brother--get it?). And here’s a key point: It’s not big brother. It’s not the government. Out 4th amendment rights don’t protect us. This pervasive surveillance infrastructure--the Big Other--is controlled by our corporate masters. Companies such as Google and Facebook gather bazillion data points daily, and, using millions of servers deployed around the world, unseen but powerful, and deduce characteristics about us that we can’t know, can’t appeal, and which control our lives. Want a job? The algorithm that used to just scan resumes now adds everything it knows about you--right or wrong--to determine who gets the job. And who gets the loan. And who qualifies for the house. And what the length of your sentence is.

As time goes on, surveillance capitalism shifts from a system that can deliver you relevant ads, to one that controls your life. Without transparency or accountability.

I won't go too far in describing what these technologies can do to children, because it makes me too upset. Suffice it to say, something called "persuasive technology" has been weaponized by Facebook and others to manipulate children's emotions for commercial gain.

Zuboff is not a technologist, but she puts tech in perspective. She compares surveillance capitalism to the industrial revolution, totalitarianism, the cultural trend towards individualism, and how behavior modification became accepted (which also caused me to drop out of college as a psych major, coincident with B.F. Skinner’s publishing Beyond Freedom and Dignity). Zuboff cites philosophers, social scientists, economists, psychologists, and of course tech industry leaders. In this book she provides a 360-degree perspective on the many factors that influence this movement. And she sounds a warning.

Naomi Klein says “everyone needs to read this book as an act of digital self defense.” Robert Reich says “Her sweeping analysis demonstrates the unprecedented challenges to human autonomy, social solidarity, and democracy perpetrated by this rogue capitalism.”

Rogue capitalism. You don’t have to be a techie to understand it, but you have to pay attention.

You should read this book.

Saturday, December 29, 2018

My favorite books from 2018


Keeping with my annual tradition, here are my favorite books from 2018!

I know what you're thinking: Which books from Barack Obama's list did I also read in 2018? Just one: We both read American Prison by Shane Bauer, a book by an undercover journalist who went to work in a private prison and wrote about his experiences. I recommend that for anyone involved in public policy--we have a serious need for prison reform even after the recent federal legislation.

As before, I've organized my reviews by category:


Science/Psychology/Social Concerns


Thinking, Fast and Slow
by Daniel Kahneman

I think if I had read this book before 1970, I would have remained a psychology major. However, the book was not published until 2011, so I abandoned a discipline that was then dominated by "behavior modification," which was concerned with the success of having a rat press the right lever but which wasn't concerned with why. I was interested in studying psychology to better understand the human condition; software turned out to be a much better means to that end :)

Daniel Kahneman, the author, is an Israeli-American psychologist. He was awarded the 2002 Nobel Prize in economics, due to his work in on the psychology of judgment and decision-making, as well as behavioral economics. His key findings have to do with why we don't always make rational decisions. He differentiates between Econs (the rational consumer imagined by economists, especially the Chicago school) and Humans (with big brains, yes, but capable of making consequential errors in decision-making).

Kahneman's "fast and slow" refers to what he calls System 1 and System 2. You can think in general of System 1 as instinct: fast, but error prone. System 2 is our rational mind, informed by System ! but too slow to be able to validate all of its suggestions. It's a fascinating perspective into how we think. Kahneman gives many examples of how (and why) System 1 comes to a conclusion that is wrong or misleading--through which thinking is much better understood.

Daniel Kahneman's long-term collaborator and close friend was Amos Tevrsky, who died in 1996 (they worked together for about 30 years). In many ways, this book is an homage to Amos, who died six years prior to the Nobel Prize being awarded but who Kahneman makes clear was equally deserving. It's a poignant salute to someone who Kahneman loved and respected.

Kahneman, now in his 80s, writes like someone who has spent a long life patiently explaining new concepts to students: clearly, patiently, vividly. In that sense it's one of the best non-fiction books I've ever read--it was a joy to read and savor, and I learned a lot.



Dark Sun: The Making Of The Hydrogen Bomb
by Richard Rhodes

Dark Sun by Richard Rhodes is a worthy successor to his Pulitzer-Prize-winning The Making of the Atomic Bomb. As with his first book, there's a gripping narrative of the people and the science that led to the ultimate weapon of mass destruction. But the parallel story in this book is the spying and espionage of the Soviet Union, and how it accelerated if not enabled the Russian a-bomb and h-bomb in the early 1950s. Rhodes does a tremendous job of setting cultural, political and historical context for the hydrogen bomb development that by 1955 exceeded the capital investment of General Motors, Bethlehem and US Steel, Alcoa, DuPont and Goodyear combined. The book covers the background of Russian industrial spying, which started in the 1930s and resulted in the theft of blueprints and plans for heavy industry factors, tractors, and steel mills. By the start of WWII, almost all factories and heavy equipment in the USSR was an identical copy of its American equivalent. So stealing secrets regarding nuclear weapon development was a continuation of the same basic capability, but at scale. Ultimately, after the war, based on a wartime archive of decrypted Russian signals, the spying and the US/UK agents involved was uncovered. Whereas the British spies were sentenced to 14 years and then exiled, the US spies Julius and Ethel Rosenberg were executed. Spying, cold-war policies, the Korean war, McCarthyism, the public humiliation of J. Robert Oppenheimer, and the $4 trillion arms race with its surreal overkill statistics are all outlined with narrative suspense. The 20th-century phenomena of quantum physics, nuclear weapons and communism are insightfully examined, and leading figures are revealed in depth. Highly recommended.


When Breath Becomes Air
by Paul Kalanithi

I listened to the audio version of this, coming and going on I-5. Because it was well read, I suspect I got more of an emotional impact than if I had read it conventionally. Suffice to say, this was a book that made one feel: heartbroken and uplifted; tragic and inspired; despairing and yet convinced that love does, indeed, conquer all. It also makes one think about what the definition of a good death might be. As the book makes clear, that's an extremely personal question.

The first 59 chapters are Paul Kalanithi, writing in the first person and with the knowledge that he had terminal cancer; the 60th chapter, the epilog, was written by his wife and describes the end that Paul knew was imminent. The epilog was incredibly poignant and truly completed the story.


Dopesick: Dealers, Doctors, and the Drug Company that Addicted America 
by Beth Macy

A good book if you want to get angry at the system and heartbroken by the many personal tragedies of people caught up in the opioid crisis.

The author, Beth Macy, is a reporter in Roanoke, one of several "ground zero" areas where people started OD'ing in the late 1990s from OxyContin, as of 1996 being marketed for long-term pain treatment rather than just acute pain. Southwest Virginia, and surrounding areas, was coal country. Now it was wall-to-wall despair. Purdue Pharma, sole makers of OxyContin, is the drug company referenced in the title that addicted America. It led to heroin, which led to fentanyl, all of which combined to addict and ultimately kill more people than guns or car accidents.

While the statistics are overwhelming, the personal stories are what make the book: young kids getting caught up in the partying scene leading to ugly addiction, loss of everything, and a ruined life if not a sordid death. Mothers looking for answers. Sleazy pharma sales people and lawyers profiting off the misery. All of us ignoring a pandemic that's not going to get better on its own.

Tech/Politics (In 2018 These Topics Converged)


Network Propaganda: Manipulation, Disinformation, and Radicalization in American Politics
by Yochai Benkler, Robert Faris, Hal Roberts

This is by far the best explanation I've read of what happened in the 2016 election, and how politics has been fundamentally changed. Yes, the Russians were a factor. Yes, the alt-right factions became more vocal. Yes, there was fake news. Yes, Facebook has created echo chambers and disinformation campaigns. But the chaos and partisanship we're experiencing now are the culmination of a decades-long trend that started with Rush Limbaugh and culminated in Fox News and its powerful propaganda feedback loop--one that was able to amplify its partisan narrative through the alt-right, Facebook and fake news. This is the megaphone behind Pizzagate and the Clintons' Lolita Express and other conspiracy theories. This is uniquely American, and it's threatening democracy.

The authors use data sets of thousands of articles and news segments, analyzing millions of shares from the open web, Twitter, and Facebook to determine how peoples' thinking is manipulated with narrative-reinforcing stories no matter how true (and mostly they were blatantly false). See how mainstream media sometimes unwittingly played a role in validating and keeping such stories in the public eye. And read case studies of how Breitbart, Infowars and other fringe sites fed off of each other so that stories, no matter how far-fetched, were repeated so often by so many right-wing sources that people couldn't help but believe them.

Only if people understand the root cause of our crazy media and social media ecosystems is there any hope of being able to fix it and maybe save democracy. I highly recommend this book for that purpose.


Messing with the Enemy: Surviving in a Social Media World of Hackers, Terrorists, Russians, and Fake News
by Clint Watts

Clint Watts, the author, became well-known when he testified in front of the House Intelligence Committee regarding Russian interference in the 2016 election. Watts came to understand exactly what happened because, as a nerd working for the FBI, he traced online information campaigns (mostly on Twitter). Fascinating look at how news is manipulated, and how that can affect elections.


The Fifth Risk 
by Michael Lewis

I'm a big Michael Lewis fan. 

This is different from the many kiss & tell books about Trump and the White House. Lewis focuses on how the Trump administration handled the transition to power, and how they have governed (or failed to govern) three huge departments: agriculture; energy; and commerce. Spoiler alert: it's scary bad. There's a combination of willful ignorance about what the function is of government, and ideological dismantling of functions that are far more essential and competent than right-wing sound bites might have led people to believe.

One theme of the book is that many of these key government functions are staffed by people who are mission oriented rather than money or career driven. This was humbling to read, and somewhat inspiring--especially as contrasted to the political appointees they are supposed to work for.

It's a relatively short book and easy read--and very informative.


The Curse of Bigness: Antitrust in the New Gilded Age 
by Tim Wu 

Tim Wu, popularly known for coining the term "network neutrality," has thought about the impact of the huge tech companies on our lives, and he concludes that we need to pay attention to antitrust again. Wu is a professor at Columbia and he served as an advisor to the FTC, where he approved of Facebook's acquisitions of Instagram and WhatsApp. He now thinks that was a mistake.

This is a fairly short book, and instructive on the history and application of antitrust law, and why it's needed now more than ever.


Click Here to Kill Everybody: Security and Survival in a Hyper-connected World
by Bruce Schneier

With the emergence of the so-called Internet of Things (IoT), we've created a situation where devices we rely on can be hacked so they turn on us: our pacemaker, our car, our hospital devices, our home appliances--with potentially fatal results. Bruce Schneier, a well-known cyber security expert and author, has chosen this tongue-in-cheek book title to make clear the new set of hazards we need to consider.

When you combine the hacker threat with the fact many of these devices are increasingly coming under control of AI systems, you may be forgiven for feeling alarmed.


Christian History/Theology/Spirituality


Fatal Discord: Erasmus, Luther, and the Fight for the Western Mind
by Michael Massing

An excellent, highly readable history and exploration of two of the most consequential thinkers of the second millennium BCE. While billed as a dual biography of Erasmus and Martin Luther, this ends up as highly readable narrative of religious thought from Augustine to Billy Graham. The author, Michael Massing, is a journalist and he uses those skills to develop something akin to a non-fiction page-turner. Leading figures of the Reformation are presented as three-dimensional, flesh-and-blood characters at the heart of upheaval that toppled nations and resulted in the violent deaths of tens of thousands of people across Europe. And Massing provides a condensed but highly engaging biography of dozens of thinkers in the thousand years prior and the 500 years since, so that the entire thread is made clear. The result is nothing less than the intellectual, theological and cultural battle between humanist and evangelistic Christianity that is still being played out today.

A History of Christianity: The First Three Thousand Years
by Diarmaid MacCulloch

A better title for this would have been A History of Christianity and Western Thought. Broad in scope, including Greek, Roman and Hebrew influences on Christianity from 1,000 year BCE, this 1200-page book covers the theology, history and politics that shaped current religious and spiritual thinking up to the 21st century. I picked this out because I saw a comment that it is used as a primary text in seminary.

The author, Diarmaid MacCulloch, is a widely recognized scholar in this field. The intended audience seemed to shift from time to time between academics and lay people, but by and large I felt it found a good middle ground: accessible but with enough depth to engage a serious reader. The chapters on the 20th and 21st centuries seemed the weakest, as the impact of two world wars and a decades-long culture war require more depth than even this tome could provide.

God's Secretaries: The Making of the King James Bible
by Adam Nicolson

This book was quite interesting. I gave it 4 stars due to the number of quotes and references in "Olde English" which was a chore to untangle; I would have preferred to see those quotes in modern language, with perhaps footnotes to the original text.

The King James Bible was created in the early 1600s, just after the 1603 coronation of King James who succeeded Queen Elizabeth. These were interesting times. The plague that afflicted England in 1603 was the worst ever experienced there, with fatality rates over 50% in some (poorer) parishes. In the years that the translation was being prepared, Othello, King Lear and The Tempest were written. It was the beginning of the second hundred years of the Reformation, with the English civil war and the 30 Years War on the continent in the near future. The 1605 Gunpowder Plot to restore the Catholic monarchy, in which Guy Fawkes and others attempted to blow up parliament--with the royal family as well--led to oppression of Catholics on par with with how Muslims were treated after 9/11. Puritans and Separatists who refused to sign documents of conformity were being exiled. This was the setting of the King James Bible translation, where the goal of the new king was to create a Bible that would appeal to all.

Here's a quote that gives a sense of the challenge of translation; it's more that just transcribing words from one language to another:

Any well-educated man would take a text in a foreign tongue and absorb its meaning so that he could reproduce something like it in his own language. Literalism, a word for word translation, would do nothing more than transfer the corpse of the original into a new language, not the living thing. Cicero, when translating Demosthenes and other great Athenian orators, ‘did not translate them as an interpreter’, he wrote, ‘but as an orator myself, keeping the same ideas and forms, or as one might say, the ‘‘figures’’ of thought, but in language which is more suitable to the way we speak’. This, of course, was also a question of authority. Cicero did not consider himself subservient to the Greeks he was translating. He was at least their equal. Why, then, should he suppress his own eloquence on their behalf? Luther, fascinatingly, the grandfather of all Reformation translators, had taken a Ciceronian view of his task. When faced with translating a Bible text, he had written, ‘You’ve got to go out and ask the mother in her house, the children in the street, the ordinary man at the market. Watch their mouths move when they talk, and translate that way. Then they’ll understand you and realise that you are speaking German to them.’ His whole idea, he said, was ‘to make Moses so German that no one would suspect he was a Jew’. 

The King James translators took a different attitude: They sought the true meaning of ancient scriptural texts, seasoned by the wisdom of the church fathers, especially Augustine, and attempted to create a new Bible that was an accurate translation of the word of God, with a sacred tone that represented the language of religion rather than the language of the street.

Fiction/Literature


Pachinko
by Min Jin Lee

This is a wonderful book, worthy of the accolades and honors it has received (including National Book Award Finalist, a NY Times Book Review Top 10 of 2017). Pachinko is the epic saga of four generations of Koreans in the 20th century who are effectively exiles in Japan where they are discriminated against, scorned and abused. The main characters are women, powerless to start with and thrown by destiny into harsh and tragic circumstances. Some of the strongest and most memorable female characters in literature stoically accept that a woman's lot is to suffer, and be devoted to her children. Powerful and emotional. You might call it historical fiction, but that seems to sell it short; it's a deep exploration of the human condition that reminds me more than anything of Anna Karenina--but with a salute to Korean sisterhood.

Blood Defense
by Marcia Clark

If you like snarky first-person narration, you'll probably love this book. We didn't have "snark" when I was growing up; we only had "sass" and "smart mouth". Snark seems to be a mashup of snide and remark, which is a good description of much of the dialog but I think of the protagonist of this novel as sassy and smart.

And did I mention that the author is Marcia Clark? Yes, *the* Marci Clark who was the O.J. prosecutor. So we can read her novels in the assurance that she knows what she's talking about. And add plot elements that include a murdered starlet, media frenzy and great courtroom tactics and you have an interesting read. But it's got some elements of a psychological thriller, which in my option makes this a great read.

The Seal (Rosicrucian Quartet, #2)
by Adriana Koulias

If you want to know what *really* happened to the Templars, this is the book to read. It's historical fiction, so motivations and interior thoughts can be imagined. And it's inspired by Rudolf Steiner's teaching on the subject, therefore tying historical and spiritual knowledge together.

The Seal is book 2 of the Rosicrucian Quartet series. It's not the type of fiction that carries one away, hence the 4-star rating, but it does provide the deep and meaningful historical and spiritual foundations that animate the characters: Jacques de Molay, King Philip, and Pope Clement. 

Adriana Koulias lectures frequently on anthroposophical topics, and she's undertaken an ambitious project with the Rosicrucian Quartet. I'm looking forward to reading the remaining two books.

The People's House 
by David Pepper

Some key points about The People's House, by David Pepper:

1. The author, David Pepper, is chairman of the Ohio Democratic Party in real life. He knows elections, and politics, in depth.

2. The book is gripping and a page-turner; it's like reading Grisham, except it's about politics instead of law.

3. The book is about a stolen election. Russians are involved. It was written before most of the stuff about the 2016 election came to light. 

4. The protagonist is likable, and you can't help but root for him when things go sideways.

5. The ending is very satisfying.

6. It has a great first sentence.

Quicksilver
(The Baroque Cycle #1)
by Neal Stephenson

Extraordinary book by a favorite author, Neal Stephenson. Unlike other books I've read of his, this is based in the past, during the era of Isaac Newton, the English Civil War, the reformation, and the Enlightenment. The book can be thought of as historical fiction, looking at the rise and fall of kings and of nations from the perspective of the intrigue involved. The book can also be understood as illuminating the age of reason with the scientific method, as the Royal Society was formed and began to thrive during that time. Correspondingly, it is the age during which alchemy fell into ill repute.

As usual, Stephenson makes for a thoughtful read, not without its challenges. But he enlightens us with yet another perspective on the human condition. I look forward to the remaining books of this trilogy.

Our Town 
by Thornton Wilder

This is fantastic: moving, insightful, and wise. And easily accessible. I don't usually read plays, but this was totally worthwhile. Thornton Wilder is the only person to win a Pulitzer for fiction as well as for drama (this play). It was first performed in 1938, and it's now performed about 400 times per year in the US

I haven't read or thought about Our Town since junior high school, when our class put it on. Reading it 50 years later was a revelation--and a pleasure. What a fantastic play! Powerful in its simplicity,  pondering the human condition through the mundane, it triggered an uncharacteristically strong emotional response this time through. There's a deeply uplifting aspect to seeing people live in light of their destiny, but also tragic to watch their ignorance of what is to come. This play seems timeless, and profoundly wise. I'm looking forward to re-reading it in the future to see if it has the same effect.

Monday, March 5, 2018

What Makes A Great Manager?


More than most companies, Google operates based on data. So in 2008 when they wanted to identify what makes great managers great, they began analyzing performance reviews, feedback surveys and nominations for top-manager awards. They correlated phrases, words, praise and complaints. This became Project Oxygen, which resulted in 8 behaviors that are characteristic of great managers as identified by employees and teams' performance.

Google, like so many high-tech companies, had previously assumed that the best engineers make the best managers. This was partly due to their bias that management doesn't matter. In fact, that's what Project Oxygen originally set out to prove.

But that's not what the Project Oxygen data showed. From employee feedback and Google's ongoing assessment over the years, great management is highly correlated with great outcomes. And it turns out that what the data showed was that management does indeed matter.

Google understood that employee turnover was a challenge that they, like every other company in Silicon Valley, experienced to their detriment. And one of the top reasons employees leave is because they don't like or don't get along with their manager.

But good management provides benefits over and about turnover reduction. Software development is a team sport, and to facilitate successful development outcomes requires more than being able to code in your sleep. In fact, in Project Oxygen's initial assessment of 8 great management behaviors, technical prowess came in dead last. That's not what employees want or need from their manager. What was the top behavior Google employees wanted from a manager? To be a good coach.

Now, 10 years after Project Oxygen was initiated, Google has updated their list from 8 to 10 items, and tweaked some of the originals. Here's their current list of Google Manager Behaviors:




Coincidently, about a decade ago I also put my management thoughts into a blog post. I felt that much of the literature was focused on tactical skills and practices, and while laudable those skills led to good rather than great outcomes. The difference, in my view, is one of motivation: How does a manager inspire people to "be extraordinary"? It's one thing to get a product out the door; it's quite another to achieve excellence or to disrupt your space. In my experience, that requires more than just normal effort. It will never happen unless the team has the attitude that they will do everything they can to be successful.

The key skill required to get from good to great, in my option, is something I'll call, for lack of a better term, charisma. By that I mean the ability to inspire and persuade. Or another way to look at it is this: Every company function, starting with sales but not excluding engineering, requires the ability to close. To get the sale. To persuade stakeholders of your technical strategy. To secure new investors. To close a recruit with multiple offers. To lobby for additional headcount. To sell a customer or prospect on your solution's merits. To negotiate a better price with a major vendor. To convince a group of skeptical engineers that the current project matters in ways that they can relate to. In other words, to perform many common functions in a dynamic company environment.

Charisma is not a perfect term, as it sometimes implies shallowness. Most engineers have a strong BS sense, and anything said that's insincere or not supported by data will lead to a lack of respect and a downward spiral of morale.

Google's item 5, above, probably comes closest to capturing this. Being a good communicator is essential and all to often lacking. And anything like charisma should also include what Google references in item 3, especially concern for success and well-being.

No matter how high our tech is, most companies consist of people working with people. When everyone is on the same page, a good outcome is likely. When everyone is a true believer in the company and the project--when they're totally onboard--then a great outcome is much more likely.



Monday, February 12, 2018

Is It Your Smartphone That's Addictive — Or Your Apps?


The recent spate of articles on the topic of smartphone addiction reflects growing concerns about our reduced cognitive capacity, increasing loneliness and depression, and our diminishing ability to control where our attention is focused—all attributed to the increasing amount of smartphone screen time in our daily lives.

Our daily smartphone use in the U.S. has grown to over 4 hours per day, according to eMarketer. And in the details we see that the vast majority of that time is due to our use of mobile apps. It's not the smartphone that's addictive, but the apps—which are specifically designed to keep us engaged, and by that they mean using their apps for longer so that the stalker economy can profit from our attention.

Make no mistake: Apps such as Facebook, Snapchat, Instagram, WhatsApp, and Twitter employ an economic model that's tied to keeping your attention on their app (despite what their marketing departments say about connecting people). That's for two reasons: first, to serve us more ads; second, to surveil us for longer so that companies such as Acxiom, Epsilon, Datalogix, RapLeaf, Reed Elsevier, BlueKai, Spokeo, and Flurry can collect more data about us.  These companies are players in the $156 billion per year data surveillance industry— an industry that exists so that marketing companies can serve us the best ads, depending on dozens of factors including where we are at any given time. Usage patterns, what other apps we use, and how we use them allow marketers to determine our gender, profession, marital status, sexual orientation, income level, age, health conditions, and other personal characteristics. Flurry, for example, identifies app users based on their persona such as Business Travelers, Pet Owners, and New Moms, among many others.

Enterprises in the U.S. don't worry all that much about protecting employees' privacy. But they are concerned about employee productivity, and ensuring that—unlike Homer Simpson in the cartoon above—their employees focus their attention on the job at hand. That's why Facebook is one of the most common apps for enterprises to blacklist. Other approaches to eliminate employee loss of attention include adoption of container strategies such as Android Enterprise and Samsung Knox so that employees can only use work-related apps while they're at work.

But employees resist corporate attempts to control what apps are on their devices, and containers' adoption is slowed by ease of use and other concerns. What other options exist for enterprise mobile security?

As we outlined in a prior post, any mobile security approach for enterprises that requires users to delete apps from their devices will be subject to resistance from app-addicted employees. That's one reason why Mobile Threat Defense (MTD) solutions face deployment headwinds. And unless app policies are developed in a strong partnership with the HR department, and employees agree to such measures as a condition of employment, enterprises will find it very challenging to enforce any but the most egregious security concerns regarding employee-owned devices.

Instead, enterprises should investigate a lightweight approach to mobile security that's transparent to employees but which has the ability to prevent operation of enterprise-selected personal apps while the employee is at work. But every day when they leave the workplace, their apps are re-enabled and will work normally while the employee is on personal time and away from the office. That's the security model that has served enterprise laptops for the past decade, and it's a logical separation between work and personal use of mobile devices.

______________________________________________________________________

Note: Many of the ideas explored in this post were stimulated by two books: Future Crimes: Inside the Digital Underground and the Battle for Our Connected World, by Marc Goodman, and The Attention Merchants: The Epic Scramble to Get Inside Our Heads, by Tim Wu. I am indebted to them both.

Thursday, January 18, 2018

Mobile Cyber-Espionage at a Global Scale


One of the key issues that has stymied the growth of the Mobile Threat Defense (MTD) market is that the mobile threat landscape that MTD protects against doesn't really scare enterprises.

That might be about to change. Enter Dark Caracal, characterized by Lookout and Electronic Frontier Foundation, as "cyber-espionage at a global scale."

Again, like other serious threats. this is attributed to a state actor: the Lebanese General Security Directorate in Beirut. To quote further from the report:
Dark Caracal has been conducting a multi-platform, APT-level surveillance operation targeting individuals and institutions globally.
Although Dark Caracal uses tools across mobile and desktop platforms, including Windows, OSX and Linux, it uses mobile (Android) as its primary attack platform. Of the 81 GB of data exfiltrated, 59% is from Android campaigns. The report outlines the devastating surveillance functionality of a compromised device:

The breadth and quantity of exfiltrated data is significant, and includes:

Compromised devices have been discovered worldwide.

The problem with MTD is that it competes for security budget funds with advanced persistent threat (APT) solutions, largely regarded at the top enterprise threat and the type of attack that breached Sony, OPM, Target, Home Depot and others. It's easy to imagine that enterprises will re-evaluate the priority of an MTD solution as they digest the new threat landscape that includes Dark Caracal.

Tuesday, January 16, 2018

Self-protecting software, application shielding, and RASP

Many of my recent posts have provided insights regarding the Mobile Threat Defense (MTD) space; in this post I wanted to explore other mobile security segments as they relate to enterprises.

Mobile Threat Defense (MTD)
First, for background, here's how MTD is defined by Gartner:
The MTD solutions market is made up of products that protect organizations from threats on mobile platforms, including iOS, Android and Windows 10 Mobile. MTD solutions provide security at one or more of these four levels: Device behavioral anomalies, Vulnerability assessments, Network security, or App scans.
MTD solutions are designed to protect enterprises from mobile threats. The primary threat landscape that MTD addresses is mobile malware, and data leakage of enterprise data. Skycure/Symantec, Lookout, Zimperium and Appthority are vendors in this space.

Application Security Testing (AST)
As mentioned above, other mobile solutions exist besides those that fall into the MTD category. The most mature mobile security segment is part of the Application Security Testing (AST) market, which broadly applies to both web-based and mobile applications. Sometimes referred to as SAST (static application security testing) and DAST (dynamic application security testing), these solutions are applied against internally developed apps deployed for internal use for employees and contractors. There are often called private apps or custom apps. Veracode, HPE and IBM are leaders in this segment.

Application Shielding 
Another mobile security market segment, and the focus of this post, is emerging as of early 2018 and doesn't have a consensus segment name. It's referred to by participating vendors as "Protecting Apps in Untrusted Environments," "Autonomous Application Protection," and "Self Protecting Software." Gartner refers to it as Application Shielding, and names over 20 vendors with relevant solutions. The underlying technology is called Runtime Application Self-Protection (RASP). What's this all about?

Enterprises often must deploy mobile apps in support of their core business. Think of public apps from banks, retailers, gaming companies, and any app-based business. These are generally B2C apps, or consumer mobile apps, and are deployed in environments outside of the developers' control. The app could be reversed engineered for intellectual property theft or to determine and exploit whatever vulnerabilities might exist. The app could be installed on rooted or jailbroken devices, which opens it up to a wide array of attacks. The app could be re-packaged with keyloggers, spyware or other forms of malware, which could result in brand damage. Other exploits and misuse of the app are possible. How can app developers protect their app when it's in the wild?

Runtime Application Self-Protection (RASP)
Enter RASP. Gartner defines RASP as a security technology that is built or linked into an application or application runtime environment, and is capable of controlling application execution and detecting and preventing real-time attacks. Secure app development practices (often based on OWASP) and security testing remains a best practice and is not replaced by RASP. In fact, RASP solutions are applied not to the source code but to the binary (executable) app. RASP can usually be integrated into the build process but does not require SDLC changes or app developers' participation.

RASP technology is not unique to application shielding, as is it utilized by some AST vendors. But it has experienced considerable growth of late because of the application shielding requirements of mobile apps. Furthermore, RASP usage is expected to mushroom as it gets applied to IoT-based apps.

What Mobile Security Solution Should An Enterprise Adopt?
So what does all this mean to an enterprise that is developing its mobile security strategy? In short, one size does not fit all. MTD is required to protect the enterprise from attacks against its employees and its data. SAST and DAST are required to secure mobile apps developed for internal use as productivity tools. RASP is required for consumer mobile apps. The rapid adoption of mobile in the workplace and as the primary means of reaching customers requires a broad mobile security strategy with multiple components.

Enterprises seek best of breed solutions for all of their security requirements. But enterprises are not always willing to be their own system integrators, where they must glue various platforms together from a management and operations perspective. It seems likely that at the end of the day enterprises will gravitate towards single-vendor solutions, to the extent they emerge. I believe that the window of opportunity for mobile security startups is still wide open to those with innovative solutions who can execute, but history suggests the ultimate winners will be the established, mega security vendors.