" /> net.wars: September 2017 Archives

« August 2017 | Main | October 2017 »

September 29, 2017

Ubersicht

London_Skyline.jpgIf it keeps growing, every company eventually reaches a moment where this message arrives: it's time to grow up. For Microsoft, IBM, and Intel it was antitrust suits. Google's had the EU's €2.4 billion fine. For Facebook and Twitter, it may be abuse and fake news.

This week, it was Uber's turn, when Transport for London declined to renew Uber's license to operate. Uber's response was to apologize and promise to "do more" while urging customers to sign its change.org petition. At this writing, 824,000 have complied.

Travis_Kalanick_at_DLD_Munich_2015_(cropped).jpgI can't see the company as a victim here. The "sharing economy" rhetoric of evil protectionist taxi regulators has taken knocks from the messy reality of the company's behavior and the Grade A jerkishness of its (now former) founding CEO, the controversial Travis Kalanick. The tone-deaf "Rides of Glory" blog post. The safety-related incidents that TfL complains the company failed to report because: PR. Finally, the clashes with myriad city regulators the company would prefer to bypass: currently, it's threatening to pull out of Quebec. Previously, both Uber and Lyft quit Austin, Texas for a year rather than comply with a law requiring driver fingerprinting. In a second London case, Uber is arguing that its drivers are not employees; SumOfUs begs to differ.

People who use Uber love Uber, and many speak highly of drivers they use regularly. In one part of their brains, Uber-loving friends advocate for social justice, privacy, and fair wages and working conditions; in the other, Uber is so cool, cheap, convenient, and clean, and the app tracks the cab in real time...and city transport is old, grubby, and slow. But we're not at the beginning of this internet thing any more, and we know a lot about what happens when a cute, cuddly company people love grows into a winner-takes-all behemoth the size of a nation-state.

A consideration beyond TfL's pay grade is that transport doesn't really scale, as Hubert Horan explains in his detailed analysis of the company's business model. As Horan explains, Uber can't achieve new levels of cost savings and efficiency (as Amazon and eBay did) because neither the fixed costs of providing the service nor network externalities create them. More simply, predatory competition - that is, venture capitalists providing the large sums that allow Uber to undercut and put out of business existing cab firms (and potentially public transport) - is not sustainable until all other options have been killed and Uber can raise its prices.

Black_London_Cab.jpgEarlier this year, at a conference on autonomous vehicles, TfL's representative explained the problems it faces. London will grow from 8.6 million to 10 million people by 2025. On the tube, central zone trains are already running at near the safe frequency limit and space prohibits both wider and longer trains. Congestion will increase: trucks, cars, cabs, buses, bicycles, and pedestrians. All these interests - plus the thousands of necessary staff - need to be balanced, something self-interested companies by definition do not do. In Silicon Valley, where public transport is relatively weak, it may not be clearly understood how deeply a city like London depends on it.

At Wired UK, Matt Burgess says Uber will be back. When Uber and Lyft exited Austin, Texas rather than submit to a new law requiring them to fingerprint drivers, within a year state legislators had intervened. But that was several scandals ago, which is why I think that this once SorryWatch has it wrong: Uber's apology may be adequately drafted (as they suggest, minus the first paragraph), but the company's behaviour has been egregious enough to require clear evidence of active change. Uber needs a plan, not a PR campaign - and urging its customers to lobby for it does not suggest it's understood that.

At London Reconnections, John Bull explains the ins and outs of London's taxi regulation in fascinating detail. Bull argues that in TfL Uber has met a tech-savvy and forward-thinking regulator that is its own boss and too big to bully. Given that almost the only cost the company can squeeze is its drivers' compensation, what protections need to be in place? How does increasing hail-by-app taxi use fit into overall traffic congestion?

Uber is one of the very first of the new hybrid breed of cyber-physical companies. Bypassing regulators - asking forgiveness rather than permission - may have flown when the consequences were purely economic, but it can't be tolerated in the new era of convergence, in which the risks are. My iPhone can't stab me in my bed, (as Bill Smart has memorably observed, but that's not true of these hybrids..

TfL will presumably focus on rectifying the four areas in its announcement. Beyond that, though I'd like to see Uber pressed for some additional concessions. In particular, I think the company - and others like it - should be required to share their aggregate ride pattern data (not individual user accounts) with TfL to aid the authority to make better decisions for the benefit of all Londoners. As Tom Slee, the author of What's Yours Is Mine: Against the Sharing Economy, has put it, "Uber is not 'the future', it's 'a future'".


Illustrations: London skyline (by Mewiki); London black cab (Jimmy Barrett; Travis Kalanick (Dan Taylor).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

September 22, 2017

Fakeout

original-LOC-opper-newspaper.png"Fake news is not some unfortunate consequence," the writer and policy consultant Maria Farrell commented at the UK Internet Governance Forum last week. "It is the system working as it should in the attention economy."

The occasion was a panel featuring Simon Milner, Facebook's UK policy director; Carl Miller, from the Demos think tank, James Cook, Business Insider UK's technology editor; the MP and shadow minister for industrial strategy Chi Onwurah (Labour - Newcastle upon Tyne Central); and, as moderator, Nominet chair Mark Wood.

cropped-Official_portrait_of_Chi_Onwurah.jpgThey all agreed to disagree on the definition of "fake news". Cook largely saw it as a journalism problem: fact checkers and sub-editors are vanishing. Milner said Facebook has a four-pronged strategy: collaborate with others to find industry solutions, as in the Facebook Journalism Project; disrupt the economic flow - that is, target clickbait designed to take people *off* Facebook to sites full of ads (irony alert); take down fake accounts (30,000 before the French election); try to build new products that improve information diversity and educate users. Miller wants digital literacy added to the national curriculum: "We have to change the skills we teach people. Journalists used to make those decisions on our behalf, but they don't any more." Onwurah, a chartered electrical engineer who has worked for Ofcom, focused on consequences: she felt the technology giants could do more to combat the problem, and expressed intelligent concern about algorithmic "black boxes" that determine what we see.

Boil this down. Onwurah is talking technology and oversight. Milner also wants technology: solutions should be content-neutral but identify and eliminate bad behavior at the scale of 2 billion users, who don't want to read terms and conditions or be repeatedly asked for ratings. Miller - "It undermines our democracy" - wants governments to take greater responsibility: "it's a race between politics and technology". Cook wants better journalism, but, "It's terrifying, as someone in technology, to think of government seeing inside the Facebook algorithm." Because other governments will want their privilege, too; Apple is censoring its app store in order to continue selling iPhones in China.

Thumbnail image for MariaFarrellPortrait.jpgIt was Farrell's comment, though, that sparked the realization that fake news cannot be solved by thinking of it as a problem in only one of the fields of journalism, international relations, economic inequality, market forces, or technology. It is all those things and more, and we will not make any progress until we take an approach that combines all those disciplines.

Fake news is the democratization of institutional practices that have become structural over many decades. Much of today's fake news uses tactics originally developed by publishers to sell papers. Even journalists often fail to ask the right questions, sometimes because of editorial agendas, sometimes because the threat of lost access to top people inhibits what they ask.

Everyone needs the traditional journalist's mindset of asking, "What's the source?" and "What's their agenda?" before deciding on a story's truth. But there's no future in blaming the people who share these stories (with or without believing them) or calling them stupid. Today we're talking about absurdist junk designed to make people share it; tomorrow's equivalent may be crafted for greater credibility and hence be far more dangerous. Miller's concern for the future of democracy is right. It's not just that these stories are used to poison the information supply and sow division just before an election; the incessant stream of everyday crap causes people to disengage because they trust nothing.

In 1987 I founded The Skeptic in 1987 to counter what the late, great Simon Hoggart called paranormal beliefs' "background noise, interfering with the truth". Of course it matters that a lie on the internet can nearly cause a shoot-out at a pizza restaurant. But we can't solve it with technology, fact-checking, or government fiat at it. Today's generation is growing up in a world where everybody cheats and then lies about it: sports stars.

What we're really talking about here is where to draw the line between acceptable fakery ("spin") and unacceptable fakery. Astrology columns get a pass. Apparently so do professional PR people, as in the 1995 book Toxic Sludge Is Good for You: Lies, Damn Lies, and the Public Relations Industry, by John Stauber and Sheldon Rampton (made into a TV documentary in 2002). In mainstream discussions we don't hear that Big Tobacco's decades-long denial about its own research or Exxon Mobil's approach to climate change undermine democracy. If these are acceptable, it seems harder to condemn the Macedonian teen seeking ad revenue.

This is the same imbalance as prosecuting lone, young, often neuro-atypical computer hackers while the really pressing issues are attacks by criminals and organized gangs.

That analogy is the point: fake news and cybersecurity are sibling problems. Both are tennis, not figure skating; that is, at all times there is an adversary actively trying to frustrate you. "Fixing the users" through training is only one piece of either puzzle.

Treating cybersecurity as a purely technical problem failed. Today's crosses many fields: computer science, philosophy, psychology, law, international relations, economics. So does the VOX-Pol project to study online extremism. This is what we need for fake news.


Illustrations: "The fin de siecle newspaper proprietor", by Frederick Burr Opper, 1894 (from the Library of Congress via Wikipedia); Chi Onwurah; Maria Farrell.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.


September 15, 2017

Equifaction

equifax-announcement.pngThe Equifax announcement this week is peculiarly terrible. It's not just that 143 million Americans and uncertain numbers of Canadians and Britons are made vulnerable to decades of identity fraud (social security numbers can't - yet - be replaced with new ones). Nor is it the unusually poor apology issued by the company or its ham-fisted technical follow-up (see also Argentina). No, the capper is that no one who is in Equifax's database has had any option about being in it in the first place. "We are its victims, not its customers," a number of people observed on Twitter this week.

Long before Google, Amazon, Facebook, and Apple became GAFA, Equifax and its fellow credit bureaus viewed consumers as the product. Citizens have no choice about this; our reward is access to financial services, which we *pay* for. Americans' credit reports are routinely checked on every applications forcredit, bank accounts, or even employment. The impact was already visibly profound enough in 1970, when Congress passed the Fair Credit Reporting Act. In granting Americans the right to inspect their credit reports and request corrections, it is the only US legislation offering rights similar to those granted to Europeans by the data protection laws. The only people who can avoid the tentacled reach of Equifax are those who buy their homes and cars with cash, operate no bank accounts or credit cards, pay cash for medical care and carry no insurance, and have not need for formal employment or government benefits.

Based on this breach and prior examples, investigative security journalist Brian Krebs calls the credit bureaus "terrible stewards of very sensitive data".

It was with this in the background that I attended a symposium on reforming Britain's Computer Misuse Act run by the Criminal Law Reform Now Network. In most hacking cases you don't want to blame the victim, but one might make an exception for Equifax. Since the discussion allowed for such flights of fancy, I queried whether a reformed act should include something like "contributory negligence" to capture such situations. "That's data protection laws," someone said (the between-presentation discussions were under the Chatham House Rule). True. Later, however, merging that thought with other comments about the fact that the public interest in secure devices is not being met either by legislators or by the market inspired Duncan Campbell to suggest that perhaps what we need as a society is a "computer security act" that embraces the whole of society - individuals and companies - that needs protection. Companies like Equifax, with whom we have no direct connection but whose data management deeply affects our lives, he suggested, should arguably be subject to a duty of care. Another approach several of those at the meeting favored was introducing a public interest defense for computer misuse, much as the Defamation Act has for libel. Such a defense could reasonably include things like security research, journalism, and whistleblowing,

The law we have is of course nothing like this.

As of 2013, according to the answer to a Parliamentary question, there had been 339 prosecutions and 262 convictions under the CMA. A disproportionate number of those who are arrested under the act are young - average age, 17. There is ongoing work on identifying ways to turn the paths for young computer whizzes toward security and societal benefit rather than cracking and computer crime. In the case of "Wannacry hero" Marcus Hutchins, arrested by the FBI after Defcon, investigative security journalist Brian Krebs did some digging and found that it appears likely he was connected to writing malware at one time but had tried to move toward more socially useful work. Putting smart young people with no prior criminal record in prison with criminals and ruining their employment prospects isn't a good deal for either them or us.

Yet it's not really surprising that this is who the CMA is capturing, since in 1990 that was the threat: young, obsessive, (predominantly) guys exploring the Net and cracking into things. Hardly any of them sought to profit financially from their exploits beyond getting free airtime so they could stay online longer - not even Kevin Mitnick, the New York Times's pick for "archetypal dark side hacker", now a security consultant and book author. In the US, the police Operation Sundown against this type of hacker spurred the formation of the Electronic Frontier Foundation. "I've begun to wonder if we wouldn't also regard spelunkers as desperate criminals if AT&T owned all the caves," John Perry Barlow wrote at the time.

Thumbnail image for schifreen.jpgSchifreen and Gold , who were busted for hacking into Prince Philip's Prestel mailbox, established the need for a new law. The resulting CMA was not written for a world in which everyone is connected, street lights have their own network nodes, and Crime as a Service relies on a global marketplace of highly specialized subcontractors. Lawmakers try to encode principles, not specifics, but anticipating such profound change is hard. Plus, as a practical matter, it is feasible to capture a teenaged kid traceable to (predominantly) his parents' basement, but not the kingpin of a worldwide network who could be anywhere. And so CLRNN's question: what should a new law look like? To be continued...


Illustrations: Equifax CEO Rick Smith; Robert Schifreen;

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

September 3, 2017

Going dark

"Democracy dies in darkness," slogans the Washington Post on its morning emails and front page. This week, a case in point surfaced with the news that during the US presidential campaign Facebook sold about $100,000 worth of ads to a Russian company with a history of pushing pro-Kremlin propaganda. A "troll farm", the article calls it. The news comes directly from Facebook, in both testimony to congressional investigators and a blog post by Alex Stamos, the company's chief security officer. Stamos says there were roughly 3,000 of these ads and that they were associated with about 470 "inauthentic" accounts. (That is, the accounts were real enough, but the people behind them weren't provably who they said they were.) "We don't allow inauthentic accounts on Facebook," he advises, adding that the accounts have been shut down.

Thumbnail image for Facebook-76536_640.pngThe Post writers note that although Facebook reports in that blog post that about a quarter of these ads were geographically targeted, company' official declined to provide specifics about which areas or demographic groups were the targets. The company also declined to disclose samples of the ads in question, citing "federal law" and Facebook's own data policy as reasons why they couldn't disclose user data and content. However, a company official did say that the ads were directed at "people on Facebook who had expressed interest in subjects explored on those pages, such as LGBT community, black social issues, the Second Amendment, and immigration". Stamos says in his blog post that the "vast majority" of these ads didn't specifically reference the election, voting, or any specific candidate but appeared to focus on "amplifying divisive social and political messages across the ideological spectrum". This is the kind of strategy that worked so well for Iago. Games People Play author Eric Berne would call this one, "Let's you and him fight". Democracy can also die in divisiveness, as in "divide and conquer".

At the Atlantic, David A. Graham considers the history of Russian interference efforts and the implications for election law: US campaign finance laws bar foreigners from spending to influence an election. When you're talking about the auditable financial accounts belonging to candidates and their campaigns, that's a manageable prospect, as the Sunlight Foundation shows. What makes the Facebook situation hard is the lack of insight into the company's inner workings: darkness deeper than that of the "dark web" because it's defended by well-paid experts.

James_Comey.jpgWhen James Comey, the head of the FBI under the Obama administration, complained about "going dark", he meant encryption. This is the same back door argument so exercising UK Home Secretary Amber Rudd at the moment, and it elicits the same response: it's dangerous, unworkable, and counter-productive. All of this was laid out clearly in the 2015 paper Keys Under Doormats: Mandating Insecurity, written by a parliament of security experts, who noted that today's law enforcement has access to a wildly greater supply of data about all of us than at any time in history.

What is really at risk of going dark is our visibility into public life as more and more of it moves onto proprietary platforms whose inclination is to stockpile information rather than make it transparent. In another of this week's Facebook stories, Politico's Jason Schwartz talks to Facebook's new army of fact checkers and finds that the company's refusal to share data about their results is hurting their ability to decide which stories to prioritize for fact checking. The only feedback they apparently get is the advice that false news is decreasing on Facebook. It's hard to know what that even means: does it mean fewer fake stories are shared, that fewer people see fake stories, or, the hardest to measure, that the stories' influence is less? Have they found any unwanted side effects, such as the disappearance of real stories? Recall that only a few months ago, Facebook's leaked training slides showed that the company's policies are already a mess of ad hoc precedents.

THE_BRAINWASHING_OF_MY_DAD.jpgAlong with this is the Slate story from a couple of weeks ago following the post-Charlotteville purge of hate speech, in which April Glaser finds that the "alt-right", Nazis, and white supremacists are building their own web of social media sites. This is unsurprising to anyone who's seen filmmaker Jen Senko's excellent documentary, The Brainwashing of My Dad. In studying the personal transformation of her own father under the influence of a steady diet of Fox News and Rush Limbaugh, Senko unearths the history of conservative right-wind media. The Nixon strategist (1968) and Fox News chair Roger Ailes played a key role in creating a media of "our own". The bubble that created was bad enough; now we have a group of already-alienated, angry people pushed together even further away from the mainstream on platforms where they can bond as "martyrs" and "refugees". What could possibly go wrong?

In lamenting the end of the Sun operating system Solaris, Brian Cantrill says that becoming proprietary is the moment of death for software. Only open source, he writes, lives eternally. The same is true of public discourse.

Illustrations: Facebook logo; James Comey; Jen Senko's dad.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

September 1, 2017

Capture the flag

John-Sherman.jpgEarlier this week, at BoingBoing, Cory Doctorow alerted us all to the existence of a lengthy Yale Law Journal article by Lina M. Khan that discusses the last half-century of the operation of US antitrust law (aka the Sherman Act) using Amazon as an example case. The tl;dr: where antitrust law originally sought to balance market power, in current interpretation, influenced by the Chicago School of economics, it focuses narrowly on pricing and profits, and fails to consider broader impact on workers, creators, competitors, and society at large. Khan is a third-year law student and a fellow with the Open Markets group - the one the headlines say was dumped by the New America Foundation for being welcoming of the EU's fining Google. Numerous people cite reasons to believe pressure was applied.

Both Khan's original 24,000-word, accessibly-written article and Doctorow's discussion of it are worth reading. Khan lays out clearly many, often unconsidered, aspects of Amazon's dominance: it is the biggest single player in online retail; it is a force in book publishing; it is building its own delivery network that critics fear will eventually bypass UPS and Fedex; its Marketplace infrastructure allows it insight into smaller competitors' businesses; and it owns the infrastructure on which many other internet businesses - including Netflix - rely.

Lina-Khan.original.jpgMost important, as Khan writes, all those activities have produced huge piles of data Amazon can leverage to push its way into further sprawl. At one time, investors were concerned that Marketplace would divert customers away from Amazon's own offerings; I remember seeing in an annual report that to Amazon's bottom line the transactions were of equal value. That calculation is more or less what Khan is complaining about: the same dollars and cents accrued, but no one valued the data it collected from all those small sellers' transations. The result, Khan finds, is that Amazon has developed its own retail lines by cherry-picking Marketplace successes. No muss, no fuss, no risky maybe-this-is-a-good-idea. Netflix selects its original content the same way: unlike traditional broadcasting, it knows what people actually watch instead of what people want others to think they watch.

Companies like AT&T, Standard Oil, and the Hollywood studios got broken up for less.

For me, Khan's analysis explains a lot: it answers critics who insist that the EU is wholly animated by obstructive nationalism. The EU may also be nationalist, but the principles it's applying are ones that the US has progressively abandoned. In that sense, although the EU's choice of target, Google's shopping search seemed quirky and somewhat out-of-date, the idea was not necessarily wrong.

Amazon is chiefly providing fodder for Khan's main point, which is that the school of thought inspired by failed Supreme Court nominee Robert Bork's book The Antitrust Paradox has made American antitrust practice ill-equipped to deal with today's technology titans. This was less true 20 years ago, when the US Department of Justice went after Microsoft for leveraging Windows 95 to force people to use Internet Explorer.

Fifty years ago, when IBM was investigated by the antitrust authorities, the company was ordered to unbundle its software and services from its hardware. Thirty-five years ago, when AT&T was broken up, the company was split between local service provision (the seven Baby Bells, which have since coagulated back into three, and long distance services. The arrival of the internet then up-ended everything. Twenty years ago, when the Microsoft case was being decided, there was a lot of talk: should Microsoft be broken up into operating systems (in that scenario, the equivalent of pipes) and office software (the equivalent of content)? The internet, Google, open source software, and smartphones utterly changed that landscape. Since then, it may have seemed reasonable to think that we only had to wait for two guys in a garage to up-end any or all of GAFA.

But AT&T could have blocked the consumer internet by continuing to refuse to allow the connection of third-party phone equipment to phone lines. IBM might have sought to control microcomputer design. In all these cases, innovation hasn't up-ended older players until some limitations have already been placed upon them and they've known they were under scrutiny. As Khan's analysis suggests, giddy optimism that new technological breakthroughs will make regulatory intervention unnecessary is misplaced.

Google's moment of truth arrived this year, when the EU issued its monster fine. Facebook, too, is finding the EU attentive: it was fined $122 million for misleading regulators in its acquisition of (former) competitor WhatsApp. Despite widespread disquiet over Amazon's various disputes with publishers, so far Amazon has escaped, yet it's arguably been the most successful of the lot in burrowing its way deep into the internet infrastructure.

bezos-final-0404-cropped.jpgI have come to think in terms of capturing gateways that control our access to the internet, media content, social relationships, real-world navigation, and so on. Amazon, all the over >there< by itself using shopping, has looked to be outside the fray. GAFA's strategies are known. Amazon is capturing - look, ma! no advertising - an entire business landscape, rather like Uber, by exploiting investors' willingness to provide it with the cash to finance the whole thing. We've had a nice long run with its cheap prices - now coming to a Whole Foods near you. But predators always get us in the end.


Illustrations: John A. Sherman; Lina Khan; Jeff Bezos.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.