I’ve been watching a lot of Curtis’ work recently. HyperNormalisation, The Mayfair Set, The Trap, The Century of the Self, Bitter Lake and Pandora’s Box.
More information
Just Adam Curtis channel on YouTube – has curated many of his documentaries.
The Yahoo! Data Breach Post
Yahoo! had a data breach in 2014, it declared the breach to consumers on September 22. This isn’t the first large data breach breach that Yahoo! has had over the past few years just the largest.
In 2012, there was a breach of 450,000+ identities back in 2012. Millions of identity records were apparently being sold by hackers in August 2016 that the media initially linked to the 2012 breach. It would be speculative to assume that the records for sale in August was part of the 2014 raid.
The facts so far:
- 500 million records were stolen by the hackers. Based on the latest active email account numbers disclosed for Yahoo! many of these accounts are inactive or forgotten
- Some of the data was stored unencrypted
- Yahoo! believes that it was a state sponsored actor, but it has offered no evidence to support this hypothesis. It would be a bigger reputational issue if it was ‘normal’ hackers or an organised crime group
- There are wider security implications because the data included personal security questions
The questions
Vermont senator asked the following questions in a letter to Yahoo!:
- When and how did Yahoo first learn that its users’ information may have been compromised?
- Please provide a timeline detailing the nature of the breach, when and how it was discovered, when Yahoo notified law enforcement or other government authorities about the breach, and when Yahoo notified its customers. Press reports indicate the breach first occurred in 2014, but was not discovered until August of this year. If this is accurate, how could such a large intrusion of Yahoo’s systems have gone undetected?
- What Yahoo accounts, services, or sister sites have been affected?
- How many total users are affected? How were these users notified? What protection is Yahoo providing the 500 million Yahoo customers whose identities and personal information are now compromised?
- What steps can consumers take to best protect the information that may have been compromised in the Yahoo breach?
- What is Yahoo doing to prevent another breach in the future?
- Has Yahoo changed its security protocols, and in what manner?
- Did anyone in the U.S. government warn Yahoo of a possible hacking attempt by state-sponsored hackers or other bad actors? When was this warning issued?
Added to this, shareholders and Verizon are likely to want to know:
- Chain of events / timing on the discovery on the hack?
- Has Yahoo! declared what it knew at the appropriate time?
- Could Yahoo! be found negligent in their security precautions?
- How will this impact the ongoing attrition in Yahoo! user numbers?
Additional questions:
- How does Yahoo! know that it was a state sponsored actor?
- Was there really Yahoo! web being sold on the dark web in August?
- Was that data from the 2014 cache?
- How did they get in?
More information
An Important Message About Yahoo User Security | Yahoo – Yahoo!’s official announcement
UK Man Involved in 2012 Yahoo Hack Sentenced to Prison | Security Week
Congressional Leaders Demand Answers on Yahoo Breach | Threat Post
Oprah time: Heaven’s Bankers – inside the hidden world of Islamic finance by Harris Irfan
I was given Heaven’s Bankers
It helps that Harris was not only an insider, but passionate about banking in its widest sense. He’s also sickening polymath who is a top flight racing driver.
History never repeats itself, but the Kaleidoscopic combinations of the pictured present often seem to be constructed out of the broken fragments of antique legends. – Mark Twain and Charles Dudley Warner
Irfan delves into the intricacies of how modern Islamic finance grew and contracted. The industry he provides us an inside view of is now worth a trilliion dollars. The start of history like most things were pretty straight forward. As the industry grew more arcane and complex financial instruments became the norm. This reminded me of a lot of Mark Lewis’ Liar’s Poker. Lewis dealt with bonds and modern derivatives became so complex customers didn’t understand them. The Savings and Loans debacle of 1985-1996 foreshadowed subprime mortgages.
Where Irfan really excels for the non-banker as reader is in his ability to break down the basics. He takes the concepts many of us learned in business or economics classes back into pre-medieval history. He provides a historical perspective on modern capitalism as we know it. So the book becomes invaluable regardless of how you feel about the current economic system. The background gives you a more informed perspective.
PrivaTegrity: the flawed model of distributed keys
Dave Chaum’s idea to to try and balance between state actors demand for internet sovereignty and the defacto end of citizen privacy, with the need to address emotive causes such as terrorism, paedophile rings and organised crime got a lot of attention from wired.
The principle behind PrivaTegrity is that there would be a backdoor, but the back door could only be opened with a nine-part key. The parts would be distributed internationally to try and reduce the ability of a single state actor to force access.
However it has a number of flaws to it:
- It assumes that bad people will use a cryptographic system with a known backdoor. They won’t they will look elsewhere for the technology
- It has a known backdoor, there is no guarantee that it can’t be opened in a way that the developers hadn’t thought of
- Nine people will decide what’s evil
- If you’re a state actor or a coalition of state actors, you know that you have nine targets to go after in order to obtain access by hook-or-by-crook. It was only Edward Snowden who showed us how extraordinarily powerful companies where bent to the will of the US government. The UK government is about to grant itself extra-territorial legal powers to compel access. There is no reason why a form of extra-ordinary rendition couldn’t be used to compel access, rather like Sauron in The Lord of the Rings bending the ring bearers to his will. Think of it as Operation Neptune Spear meets a Dungeons & Dragon quest held at a black site
More information
The Father of Online Anonymity Has a Plan to End the Crypto War | WIRED
Privategrity
The changing culture of Silicon Valley
When I was in college I interviewed for a few placements, one was with Hewlett-Packard in Germany. They wanted a marketing student to look after their printing brochures on demand initiative for their UNIX product line. This was going to save them a mint in terms of marketing spend using an Indigo Digital Press rather than brochure runs on litho printing, reducing waste, storage needs and allow for faster document updates. (HP went on to buy Indigo in 2001).
Commercial adoption of the web was around the corner, I was already using it in college, but its ubiquity still seemed quite far away. I decided I didn’t want to go for the job primarily because I wanted to get my degree over and done with and HP weren’t paying that much for the role.
We were interviewed by a succession of people, the only one who was memorable was a guy called Tim Nolte who wore a Grateful Dead tie and had a Jerry Garcia mouse mat in his cubicle.
At that time HP, had the dressing of the company man but had more than a few hippies on the payroll who permeated its culture. Reading Robert X Cringely’s Accidental Empires made me realise that technology was as much a culture war as technological upheaval.
If one looks at the icons of the technology sector up to and including the early noughties many of the people were influenced by the counterculture movement if not part of it. The Grateful Dead where one of the first bands to have their own website at dead.net. The Electronic Frontier Foundation was founded by John Perry Barlow, a lyricist with The Grateful Dead. Steve Jobs was influenced by Indian mystics and his experiences using LSD.
Stewart Brand who founded WIRED magazine and The WeLL was the editor of The Whole Earth Catalog, a guide to useful things for people who wanted to get back to the land. He was influential in the early environmentalist movement and had been involved in the counterculture of 1960s San Francisco.
Ideas from open APIs and creative commons came from their libertarian values. Open Source Software again comes from academic and countercultural attitudes to information and has had to defend itself from accusations of communism, yet it now runs most of the world’s web services and gadgets from smartphones to Google’s search engine.
Reading the Cluetrain Manifesto is like reading a screed that could have come from an alternative Haight Ashbury.
Aeon magazine wrote an article on how yuppies have hacked the hacker ethos, but the truth is they’ve got behind the steering wheel as web2.0 declined. The move from open web API’s and the walled garden approach of Facebook and their ilk marked a changing of the guard of sorts.
Flickr had and ability to move your photos as a matter of pride in their product. Just a few clicks kept them honest and kept them innovating. Joshua Schachter’s similar approach on del.icio.us allowed me to move to pinboard.in when Yahoo! announced that it would be sunset.
Government always is the last to catch up, which is the reason why open data only really gained mainstream political currency in the past five years.
Were now in a Silicon Valley whose values are closer to the Reagan years and I am not too sure what it will do for innovation. I suspect that the change won’t be positive.
More information
Accidental Empires: How the Boys of Silicon Valley Make Their Millions, Battle Foreign Competition, and Still Can’t Get a Date by Robert X Cringely
Don’t listen to Bill Gates. The open-source movement isn’t communism. | Slate
How yuppies hacked the hacker ethos – Aeon
Tim Cook at The White House Cybersecurity Summit
Whilst on the surface this is a puff piece for Apple, but Cook uses the Obama administration’s call to cooperate making life easier for the intelligence industrial complex get access to consumer data and lays out an opposing vision.
He basically kicked Washington DC in the teeth, other significant companies just decided to turn up with a significantly less senior representative to send the same message.
The Facebook paper on mood research paper post
Over the weekend if you went on to quality (not Buzzfeed) news sites you would have probably seen something about a scientific paper that was published by researchers in the pay of Facebook on how emotion spreads through social networks.
There was a lot of copy written already about the experiment, so I recommend that you read The Atlantic‘s piece on it instead. There has been a lot written about whether it is moral, legal or ethical. As far as it being legal, Facebook’s highly paid legal counsel could provide a better steer on it than I could; and I suspect they would tell you it was completely legal.
As for the morals and ethics of it, I rather think that those are a mute point. Consumers emotional states have been tweaked for decades, the question of morality sailed with the rise of the mass market consumer product.
Whilst public relations as it is practiced now is more of a mechanistic craft; its father Edward Bernays viewed propaganda as a ‘modern instrument’ driven by scientific thinking including understanding of audience psychology to move people.
Advertisers utilised motivational research from the early 20th century on to create cognitive dissonance with a consumer and then provide the product as a solution. The Atlantic carried an article on the psychology of advertising back in 1904. You are a better Mum if you wash your kids clothes with Persil, Cadbury’s Dairy Milk will put a smile on your face.
Political pollsters use voter psychographic profiling to induce a constituency result. We already live in the world of a malleable proletariat envisioned by by George Orwell in his novel 1984.
The people who are outraged by this need to get over it, log-in to Facebook less and realise that they are already sheep with a gallery of multinational shepherds herding them through their consumer lifecycle. What you can do is become more informed and read your environment in a more critical way.
More information
Everything We Know About Facebook’s Secret Mood Manipulation Experiment | The Atlantic
Experimental evidence of massive-scale emotional contagion through social networks by Adam D. I. Kramera, Jamie E. Guillory and Jeffrey T. Hancock
The Oxford Handbook of Propaganda Studies (Oxford Handbooks) the Auerbach and Castronovo edited anthology gives you pretty much everything you need to know from Bernays onwards about psychology and audience manipulation
Be the first to review this item
The Psychology of Advertising by Walter D Scott | The Atlantic (1904) – no that’s not a typo
Frontline: The Persuaders | PBS
Advertising’s Fifteen Basic Appeals | Jib Fowles
Algorithmic Accountability and other Big Data issues
In the past, what is now included in the envelope of big data resided with just a few organisations. The story of big data started with the US government. The government used a young company called IBM and their punch card technology to help tabulate their census data. Punch card technology started in the textile industry, where industrial revolution-era jacquard looms manufactured complex fabric patterns. Punch cards also controlled fairground organs and related instruments. It was with early tabulating machines made by IBM and others that started to change the world as we know it.
When the mainframe came along governments used them to manage tax collection and to run the the draft for Vietnam. It came a key part of the US anti-war protesters to destroy machine readable draft cards. (The draft card destruction didn’t affect the draft process. But burning the draft card was still an offence and some people underwent punishment.)
Also around this time, the credit agency was coming into its own in the US. Over a period of 60 years, it had gradually accumulated records on millions of Americans and Canadians. The New York Times in 1970 described the kind of records that were held by Retail Credit (now known as Equifax):
…may include ‘facts, statistics, inaccuracies and rumors’ … about virtually every phase of a person’s life; his marital troubles, jobs, school history, childhood, sex life, and political activities.
These records helped to vet people for job applications, bank loans and department store consumer credit. It was like a private sector version of the J. Edgar Hoover files. Equifax moved to computerise its records. One reason was to improve the professionalisation of its business. This also had an implication on the wider availablity of credit information. Computerisation led to the Fair Credit Report Act in the US. This legislation was designed to give consumers a measure of transparency and control over their data.
Forty years later, mainframe computers are still used to process tens of thousands of credit card transactions every second. New businesses including social networks, search engines and online advertising companies have vast amounts of data; unlike anything a credit agency ever had.
The recent The Social, Cultural & Ethical Dimensions of “Big Data” event held at New York University by the Data & Society Research Institute was important. Events like these help society understand what changes to make in the face of rapid technological change.
The Algorithmic Accountability primer from the event highlights the seemingly innocuous examples of how technology like Google’s search engine can have far reaching consequences. What the Data & Society Research Institute called ‘filter bubbles’. Personalisation of search will change that consumers see from individual to individual. This discrimination could also be applied to items like pricing. Staples has produced an algorithm that based pricing on location of the web user; better off customers were provided with better prices. One of the problems of regulating this area is first of all defining what an algorithm actually is from a policy perspective.
Algorithmic systems are generally not static systems but are continually tweaked and refined, so represent a moving target. During my time at Yahoo! we rolled out a major change to the search algorithm every two weeks on a Wednesday evening US west coast time. I imagine that pace of change at the likes of Google and Facebook has only accelerated.
The problem with many rules based systems now is that we no longer write the rules or teach the systems; instead we give the system access to large data sets and it starts to teach itself – the results generally work but we don’t know why. This is has been a leap forward for what would be broadly based artificial intelligence, but makes these systems intrinsically hard to regulate.
Given all this it is hardly surprising that research carried out on behalf of President Obama by The Whitehouse showed a high level of concern amongst US citizens.
More information
Jacquard Loom – National Museums Scotland
Separating Equifax from Fiction | Wired (Issue 3.05)
Data & Society | Algorithmic Accountability primer
This Landmark Study Could Reveal How The Web Discriminates Against You | Forbes
Websites Vary Prices, Deals Based on Users’ Information | WSJ
The 90-day review for Big Data | Whitehouse
Data & Society | Alogrithmic Accountability Workshop Notes
Digital Me: Will the next Cringely be from Gmail? | I, Cringely
Data privacy around the world
The Boston Consulting Group pulled together data about data privacy around the world. This gives a really good view into consumer’s attitudes towards data privacy. Location comes across as particularly high compared to other information like credit card details for surfing history.
Jargon Watch: microaggression
Time magazine had an interesting article about older people in the work force. One part of the article struck me; that older people were likely to face microaggression from colleagues. This was categorised as:
“brief and commonplace daily verbal, behavioral, and environmental indignities, whether intentional or unintentional, that communicate hostile, derogatory or negative racial slights and insults to the target person or group,”
Doesn’t sound that serious, until I read that it would
“affect older workers in the same way that they do members of racial minorities, eroding self-esteem,”
You can find out more:
The Costs of Age-related “Microaggressions” | AGEnda Blog
Oldest Boomers Are Increasingly Facing Discrimination in the Workplace | Time
Faster: cannon fodder and real-time media
At the beginning of the week, I read about Sarah Leibowitz who is an account coordinator at Sparkpr* in New York. Sarah had sent an email to Valleywag on behalf of client Paltalk who had been mentioned in Edward Snowden’s PRISM slide deck. Sarah mentioned this in her email introduction and the Valleywag journalist dissected her pitch so that the whole of the PR industry and the technology sector could read it. I imagine it’s going to take a good while for Sarah’s personal SEO campaign to bury this article.
As an industry we trust the core part of our value proposition to the most junior people often without the necessary oversight and coaching to prevent these kind of mistakes. It is not intentional, client demands and new business pitches get in the way of the best intentions: most of the time we get away with it. Show me an experienced PR person that hasn’t made a potentially embarrassing mistake at any time in their career and I will show you a liar.
We sell influence: by influencing influential people, be they bloggers, journalists, editors, researchers or DJs. Reputation management is an outcome of this process, strategy is the management of the process: neither are the core value we provide. Ms. Leibowitz is likely to have been a casualty of an industry trying to run ever faster.
Moving forward to this morning I read about David Monagan writing for Forbes who made a grovelling apology for calling Irish president Michael D. Higgins an “acknowledged homosexual”. Mr Monagan in his apology talks about having never made a mistake like that in his 35 years as a journalist; the mistake came about due to a tight deadline. It then went through the Forbes editorial process without question and was published. Mr Monagan is an acknowledged casualty of faster media s we move towards real-time.
Watching the content-free real-time TV coverage of the royal birth and the numerous lame brand #royalbirth hashtag hijack attempts this week showed me as an audience member how an attempt to do real-time media can wear down the the consumer as well as the other parts of the media chain. It is time that we opened a dialogue about taking a step back from this self-defeating treadmill.
More information
Apology as Forbes withdraws ‘homosexual’ claim about President Michael D Higgins | Irish Independent
Reminding People About PRISM Is a Terrible PR Strategy | Valleywag
Archived from blog posts I wrote for PR Week
On the Levenson report
I have been viewing the outcomes of the Levenson Report from afar and decided to revisit my first post on all this:
In the grand scheme of things the impact wasn’t that big. Whilst the News Of The World (NoTW) closed down, the replacement paper by News International has only managed to sell roughly half the NoTW’s circulation. I suspect that this is less about outrage and more about the disappearance of a well-loved brand – I was mildly surprised by the value in the NoTW brand.
News Corporation’s resilience. What is probably most interesting about the whole debacle is the way Rupert Murdoch has used the opportunity to split the firm in two and structure News Corporation for future growth. The company has also changed its approach towards its news media properties. With the split, there is a less sentimental approach and something similar to a fast-failure model has been in play. But this has also spurred innovation:
- Closing down The Daily
- The Times adopting a subsidised tablet model in a clear nod to the mobile phone industry
It was interesting that News Corporation used it as such a catalyst for change, either way it’s rivals will be competing against a leaner more dynamic business. They would have been better off with the status quo.
The confluence of interests. Whilst the Levenson Report was quite measured compared to some of the sentiment expressed, there was no way that it was going to get through on all recommendations. This would have upset the eco-system too much and there would have been likely blow-back in the future for the body-politic. Who knows the exact motivations but David Cameron’s administration took things about as far as they could. If one looks at the overall stance on the media industry from the Digital Economy Bill onwards, any greater moves would have been very out of character. The established media industry still has friends in power.
More information
The News Of The World: it’s probably not the revolution that you think it is
An enquiry into the culture, practices and ethics of the press by the Right Honorable Lord Justice Levenson – executive summary (PDF)
Anatomy of a hoax
Around about Monday lunchtime news of a spoof Shell site appeared on my network via Richard Heap’s Twitter account @richheap.
Awesomely misjudged Shell social media experiment. Catch it while it’s still live! arcticready.com/social/gallery
— Rich Heap (@RichHeap) July 16, 2012
The site was eerily reminiscent of a crowdsourcing advertising stunt that General Motors had done six years ago to get a new advert for one of its large SUVs, The Chevrolet Tahoe. This was then hijacked by environmentalists, which set alarm bells off in the back of my head because this example is well known amongst the kind of people likely to be counseling Shell – a crowdsourcing site of this nature would be well supervised or just not happened as the reputational risk was too great.
Looking at the page source and and web console views (using the Firefox browser) for both ArcticReady.com and Shell.com showed that they were both similar, which made me wonder why ArcticReady.com domain was not just a redirect to a shell micro-site rather than apparently different site but built exactly the same. Some nice touches for authenticity included submitted artwork like this one below, which made it look like there was an agency asleep at the wheel:
How to spot it as fake:
The definitive evidence for me was looking at the WHOIS report for the domain:
Registrant: c/o ARCTICREADY.COM P.O. Box 821650 Vancouver, WA 98682 US Registrar: Domain.com
Domain Name: ARCTICREADY.COM Created on: 29-APR-12
Expires on: 29-APR-13 Last Updated on: 09-MAY-12
Administrative Contact: UIzZJb@PRIVACYPOST.COM c/o ARCTICREADY.COM P.O. Box 821650 Vancouver, WA 98682 US +1.360-449-5933
Technical Contact: KHJlKb@PRIVACYPOST.COM c/o ARCTICREADY.COM P.O. Box 821650 Vancouver, WA 98682 US +1.360-449-5933
Domain servers in listed order: A.NS.MAYFIRST.ORG B.NS.MAYFIRST.ORG
Here is the key information that the WHOIS record provides you. Firstly, the organisers who registered their domain did a reasonable amount of work to hide who they were.
The privacypost.com domain name used in the email address belongs to a company that provides privacy services to domain name registrars. For someone like Shell I would have expected a contact detail of sorts or maybe even the details of the agency responsible. But I’ve used privacy offerings by registrars before so this isn’t completely out of the question.
The name servers that point to where the website sites was more interesting. Mayfirst.org is a ‘politically progressive’ internet service provider. Whoever set the website up chose to use a hosting provider that wasn’t likely to buckle on first contact with the legal department of a large oil company. They aren’t the kind of provider that Shell or an agency would go to. This is the big telltale sign.
Greenpeace then showed their hand as reports of closed Shell service stations affected by direct action started to appear on the news.
Ethics
Whilst the environment is important, and the issues surrounding deep-sea drilling in the Arctic deserve greater analysis; I was concerned about the quality of the site. It was not obvious that it was fake or satire fooling many of the the great and the good in the industry.
Instead it masqueraded as a groundswell of community action – what I would have called sock puppetry. As for the site itself, I have seen apparently successful phishing attacks built with less convincing sites.
Which brings me to a larger point. I am concerned the way organisations like Greenpeace are prepared to deceive the general public through online stunts like this. Yet if an opponent used similarly deceptive tactics there would be hell to pay. In the war of public opinion the first casualty is truth, if organisations are prepared to trample on that, how much further are they prepared to go?
There is no moral high ground of conduct, no discourse, there is only the dogmatic belief of the religious extremist; and it is that dogmatism which I find so distasteful. A website like this is the first step on a slippery slope. Not one that was slide down at great speed but in salami slices over time, which is the way moral transgressions usually progress – until you reach a place you never thought you would be and don’t really understand how you got there.
Occupy Hong Kong and the rise of social concern
If you had seen the ragtag nature of the Occupy protests in the UK, the orderly city tents underneath the HSBC building Hong Kong looks genteel by comparison.
It seems to be part of a wider social concern springing up there which manifests itself in concern about local independent shops, the power of supermarkets and the excess produce thrown away by supermarkets that could have been beneficial to the less fortunate in Hong Kong society.
More information
Hong Kong: are you a friend of the earth? Not if you shop at a supermarket – Jessie Tao’s blog