" /> net.wars: January 2017 Archives

« December 2016 | Main | February 2017 »

January 27, 2017

The price is right

Thumbnail image for manhattan-flood-zone-sandy.png"Work is currently somewhere we go, rather than something we do," said Mark Cliffe, the chief economist for ING Group the other week. He was speaking at the Westminster Forum event on intelligent mobility and plans for a Modern Transport bill (PDF).

It's when you hear people talk about different modes of transport all in one place that you realize how many of their visions conflict. Just self-driving cars - a particularly magnetic subject - are expected simultaneously to deliver less congestion and more travel. First, the cars can be small pods. Their better safety means they can be lighter, consuming less energy. They can take people door to door, freeing up space, not least from downtown parking. Elderly people, children, the disabled...who can't (or shouldn't) drive now will be able to use cars. Intelligent networks mean that road pricing can be used to balance loads as airlines do.

But how small are these pods? People talk about families hanging out, working, eating breakfast en route. Does a living room/workspace fit in a pod? What about a wheelchair? If you assume that shared cars will appear on demand in whatever form factor suits your needs that day, then fine. But the prevailing consumer ownership trend is very clearly towards bigger vehicles. What's the incentive for pods, particularly if you never have to worry about parking?

What happens to public health if cars go door to door and no one ever needs to walk? How do you keep local shops open if you eliminate their foot traffic from park-and-walk?

Less pollution ought to depend more on how cars are powered than on what drives them: think diesel versus electric. Less congestion seems to depend on two possibilities: the cars don't stay "downtown" but drive back to home base, or the cars are shared. The first case implies that every commuting car does a double journey, which ought to roughly double the peak traffic period. The second, which is basically the scenario of Vernor Vinge's novel Rainbows End could carve giant holes in the automotive industry. Which do you, as a policy maker, favor? How many fewer cars will be needed if everyone still needs to commute to work at the same time? Or do you plonk as many people as possible on trains and use self-driving pods only for the last mile?

It was around then that I refocused on a discussion of big data and public transport. This was when Will Phillipson, the founder and CEO of SilverRail, started talking about big data and AI, and the sophisticated pricing strategies airlines use. Understanding personal and aggregate patterns, he said, will make it possible to proactively send you updated, alternative routes when something goes wrong. "It will be fascinating, though scary,"" he said. My mind raced off after personalized pricing, and then came the sentence I started with, and I thought, "Hang on, that's not fair."

Thumbnail image for hasrbrouck-cpdp2017.jpgFor one thing, as travel data privacy expert Edward Hasbrouck has written in the context of airlines, personalized pricing is generally anti-consumer: you have no way to tell in advance what a given journey is going to cost, or what it should cost, and therefore no way to prevent discriminatory price gouging (not that Transport for London would do such a thing). At CPDP this week, Hasbrouck gave an example of how this might work in the era of converging data: the airline knows from your Facebook page that your mother is dying and tacks an extra $10,000 onto your personalized ticket price. This possibility keeps getting closer.

For the first time, it occurred to me that charging people extra to travel in peak times unfairly penalizes the generally lower-paid people for whom work is still and will continue to be "somewhere you go". We saw this emerging class divide in the aftermath of Hurricane Sandy, when a Google employee in upper Manhattan (dry and lit up) could go to work exactly as if nothing had happened even though Google's New York office (dry and dark) was without electrical power and the Chinese restaurant downstairs was closed because its workers (probably commuting from a wet and dark area) couldn't get there. But it is even more true now.

When peak pricing was originally conceived, things were different: banker or cleaner, shop assistant or corporate lawyer, you all had to travel to work and get there at about the same time. Today, the richer end of the spectrum can work at home until peak time has passed. The poorer end of the spectrum gets hit twice: first by peak pricing, second by the fact that housing prices typically mean they must live much further away from their jobs. To make it fairer, personalized pricing would have to take into account the job you do and the necessity of your trip, things that are much harder to quantify, as Cathy O'Neil might say. Since the transport networks' interest is in increasing efficiency and smoothing out the numbers of passengers across the network and the schedule, personalized, ad hoc pricing will systematically and disproportionately impose extra cost on the lowest-paid with the least choice. This is something modern computing systems afford us the opportunity to redress: if we think to do so.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

January 20, 2017


tesla-model-s.jpgOne of this week's entertainments was the story of venture capitalist Ryan Negri, who set off with his family in his keyless-entry Tesla S for a snow-finding drive through the desert. Absent a cell signal, when he stopped the car to make some adjustments to his children's seats, he couldn't start the car back up again. So let's understand the super-convenience of this: to unlock the car door and start the engine, his phone has to send a request to Tesla, which then unlocks the car for him. It reminds me of an old Usenet signature that used to ask whether your message was really worth all the computing time and energy expended by the servers you sent it through.

One of the biggest digital class differences may be the difference between those who assume that they are always connected, and those who assume that they may abruptly be abruptly shunted offline at any given moment. The former trust they can always edit and read their webmail and get driving directions from their phone. The latter suspiciously download everything for offline access, buy paper maps, emergency flares, and a spare tire, and carry cash - oh, the horror! - in case of emergencies.

petergneumann-homepage.jpegThere are a number of ways to patch Negri's problem, of course. Tesla could embed Bluetooth or NFC (near-field communication) so phone and car can talk to each other directly. Negri has apparently decided to always carry the key...at which point you figure you might as well just always *use* the key, maybe keeping the app for backup in case you lose it. But these do not change the fundamental problem, which is that many modern "conveniences" are being designed by people whose experience of the world is so limited that they can assume that everything works at all times. They should be - but aren't - reading Peter G. Neumann's RISKS Forum.

What interested me more in this story - aside from the sheer pointlessness of using all this technology and energy to solve a ridiculously non-problem - is that it is another example of a personal transaction into which a technology company has successfully inserted itself. In the mid 1990s, when all the talk was of how the internet was going to "disintermediate" everything, I recall predicting that instead we would get a new set of intermediaries.

You could argue that both predictions were right. A newspaper like The Guardian can distribute itself directly to readers as well as through the more traditional wholesale-distributor-retailer route. Its more successful columnists can also communicate directly with their readers and eliminate the newspaper-as-middle-man-slash-gatekeeper-slash-employer. But, as any privacy advocate will tell you, this situation has been thoroughly colonized by new intermediaries, whose myriad trackers and algorithms collect and swap masses of data about who you are and what you're interested in, mostly in the interests of feeding you advertising. At The Verge, veteran journalist Walt Mossberg explains that quality news sites lose out here, too, as they are only of interest to these intermediaries as a way to find cheaper places to advertise to you (story found via Charles Arthur's invaluable The Overspill).

A couple of weeks ago, at The Long and Short, Brett Scott made a similar point about the war on cash, an issue we revisit here with similar views every spring during the Tomorrow's Transactions Forum. The way cash replacement is presently practiced means that anything that used to be a private transaction - I hand the shop around the corner some coins and they let me walk out with some groceries - perforce becomes one involving at least three parties. This process has been accelerating for so long that few of us even see it as the addition of an intermediary.

This process of reintermediation is everywhere you look: in our friendships (Facebook, other social media); our news (Twitter), navigation (Google), and so on. When it benefits them, these companies show us bigger horizons than we ever had before they existed; but eventually growth makes those horizons unwieldy, and they begin making decisions for us that narrow them again.

At a panel organized this week by ORG Cambridge to follow a screening of Oliver Stone's movie Snowden, an audience member asked this question: How can we get people to care about the issues Snowden's revelations raised? We, the panelists, had lamentably few ideas beyond continuing to try to make the case, particularly to vulnerable groups who really do have skin in this game. But so much of this reintermediation is about convenience and deliberately obfuscating the intermediary's existence and interests. So the answer I didn't give is this: I'd start by making the intermediaries visible. Maybe the receipt you're issued for point-of-sale transactions should include a list of all the parties involved; instead of those stupid cookie banners, perhaps a list of all the trackers and data collectors that populate even the most apparently innocuous of library sites. I know: alert fatigue. And these intermediaries aren't, though they may aid, government spying. But it would be a start.

As for the movie: skip it and instead see the less-intermediated CitizenFour.

Illustrations: Tesla Model S, Peter G. Neumann.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

January 13, 2017

The long tail of the bit bucket

Hot_Air_Balloon_Shadow.jpgBecause I've been writing about the internet for a long time, I have a trail of partially used email addresses following me around. One of the most prominent of these is @skeptic.demon.co.uk, which dates to 1993, when I wrote one of the very first articles published in Britain about how to use the internet. This week, I discovered that Demon has been rejecting my password, for how long I'm not sure. Since 1993, however, Demon has been sold several times, and the last person I knew to call who worked there left at least five years ago. The last time this happened, I was told it would never happen again, but that was at least one owner ago, and who knows what code someone tweaked? Wikipedia provides the likely explanation, that the Demon Internet service was wound down last year to migrate customers to Vodafone products. I had, because of that previous experience, migrated the important things that still used one of those addresses to the domain I started using in 2003, but now it was clearly time to migrate the rest. Pause to mourn the passing of one of the UK Internet's most significant early ISPs.

demoninternet.jpegIt took most of a day. And yet: I recommend it as an exercise. Most people, granted, don't have all these old email addresses. But I bet most people do have old accounts they've forgotten about or have at least a few sites they signed up for with addresses they've forgotten about. I found accounts so old they had *dictionary words* as passwords because in 1995, when they were created, we weren't all so worried about that. Changing those was probably worth the time the whole thing took.

Sites vary enormously in how they process these requests. The good ones - however inconvenient it may be - ask for confirmation of the change. Facebook, for example, sent a confirmation email with a one-time code I had to type in to confirm the newly added up-to-date email address. Once that was done, it was simple to set that as the primary address and delete the other. Ideally, for really good security, you'd want a confirmation sent to the old email address, but there's an obvious problem with that. At the other end of the spectrum, the UK railway ticket seller TheTrainline was happy to change both email and password in one pass, and if they sent a confirmation email I didn't see it. In many cases, I found that I had actually changed the email address back in 2012. At a few sites, changes failed for reasons I couldn't determine.

But email archives are only a partial guide. Probably every web user of more than a few years' standing has accounts they've forgotten about: media sites that require logins just to read one article; retail sites that require an account for a single purchase, or sometimes even just to find out the delivery charge. I would never see email from these accounts because I typically used an address directed straight to the spam bucket. When I eventually thought to look at one of the internet's older media sites, for example, I discovered I'd given it an AOL address, which should tell you something about how long ago I created it. And herein lies one advantage of a standard password for sites you don't care about: you can successfully guess it. So now: do I want the New York Times to have a functioning email address for me, or do I want all the tracking they do of what I read to be diverted to a decoy?

And then I remembered there are all those old press directories...and...

The point about this very boring task is that except in unusual circumstances most of us never bother to audit the many dozens of accounts we accrue. Most discussions of online privacy focus on the major players who amass vast quantities of detail about all of us, but few of us think about the long tail of our data exhaust that's made up of forgotten, aging bits and pieces. My guess is that is plenty of revelatory, though possibly misleading, information there for anyone who cared to assemble it. Worse, the older it is the more likely it is to date to a more innocent moment when we knew less about how intently we were being watched.

Under the data protection laws - which will continue to apply in the UK for the most pragmatic of reasons no matter what the country's EU membership status is - we have the right to delete or view the data that's held about us. Probably more of us should use these rights - but the first requirement is knowing what accounts we have and who, after mergers, bankruptcies, and acquisitions, owns the data now. Have I Been Pwned? can help identify forgotten accounts if they've been hacked (using it reminded me of several more languishing examples). But if you've lost access to the associated email address and can't remember the password you may not be able to do much more than make a note that once upon a time, in a universe far, far away, you briefly flirted with MySpace.

Illustrations: Balloon shadow (source: Wikimedia Commons, public domain); Demon Internet logo.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

January 6, 2017

Your grandmother is smarter than you think

Granny-Clampett-shotgun.jpgAt a meeting a few months ago, a distinguished computer scientist approximately my age (62) trying to find an exemplar for the utterly clueless, digitally illiterate computer user picked this word: "granny". I wish I could say it was a one-off, but in fact he used "granny" in just that way no less than three times in his 15-minute talk. This approach is not uncommon.

I find I am losing my sense of humor about this as I continue to age into the demographic in which I could be confused with a grandmother. Some of you will argue that if I'm 62 I long since aged into it; but because my mother was 41 when I was born I tend to think of grandmotherhood arriving much later. In writing this, I was startled to realize that in fact my mother was 48 when she became a grandmother, though I didn't really notice that at the time since I was only seven years old. The only grandmother I had growing up was in her 80s, so that's the age I imagine.

The 70- and 80-something women I know vary as much as any other demographic group. Some took to email like they'd found what was missing from their lives because it made it so much easier for them to organize family gatherings and trips. Many worked, whether for pay or not: they did the bookkeeping for their husbands' businesses, they were secretaries, they ran Scout troops, football teams, the local quilters' guild, and volunteered for charities. Underestimating their abilities and skills is the same mistake that employers have made for decades in assuming that because the work they did was invisible and/or unpaid it must not have existed. This kind of thinking is lazy, obnoxious, and offensive.

In fact, the *most* helpless computer users I've met have been older men. Either they had the kind of jobs that didn't involve desk work or they had secretaries to do everything for them. Again, older men vary as much as any other demographic, but among my admittedly unrepresentative sample are several who refuse to have anything at all to do with computers, and at least one who gets his son round to help when he needs to delete a file. Yet geeks searching for a poorly assimilated computer user to use as an example never pick "my father" or "my grandfather". It's always "my mother", "my grandmother", or, as in the example we began with, "granny", as though all the women above a certain age had but one role in life: to be a technical support burden on their children.

R-Thurber-grandmother.jpgIn the last couple of years, as I've had to fend off more and more people intent on giving me their seats in the Underground (I tell myself they've just never seen grey hair before), it's begun to dawn on me that this is actually an issue of personal importance. I go to many events where I offer commentary based on the expertise about computers, freedom, and privacy that I've collected over many years of writing in this field. The constant depiction of older women as clueless is going to make this harder, year by year, as the gap increases between my age and that of newly arrived Bright Young Things. They will make assumptions, and one will be that I don't - can't possibly - know what they're talking about.

I had a sample of this last year at an event on online voting, where I set out to argue that the vast security problems mean it's a truly bad idea. A guy barged up to me and demanded: "Do you know what open source software is?" I was taken aback, because no one's ever asked me that before. I think at the events I normally attend that knowledge is assumed. As it happens, I wrote my first articles about open source software in something like 1993, and I hazarded the guess that my questioner wasn't even in the workforce at that point. I wound up telling him offensively that open source plus blockchain do not equal magic fairy dust you can sprinkle on online voting to make it mathematically secure, and it was clear he didn't know what I was talking about. I don't think he'd ever heard of an NP-complete problem, and he dismissed out of hand the notion that academic research had anything useful to say on the matter.

I like to think he was a one-off disturbance in the Force. But just in case...I would take it kindly if we could find some other demographic group to use as our archetypal clueless user. How about one-year-olds? They can't tell the difference between a tablet and a magazine. And it's clear they'll grow out of it, so any discrimination will clearly be purely temporary.

In the wider world, this particular prejudice has worse consequences. Not long ago, Kevin Marks wrote about the web's increasing unreadability due to skinny, grey type. If you think older people are too stupid to program for, you're likely to think it's not worth catering to the visual impairments many have (and which are waiting for all you programmers as you turn 40). So, please, folks: lay off the grandmothers.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.