Platt Perspective on Business and Technology

Big data 10: redefining the group demographic 3

Posted in business and convergent technologies by Timothy Platt on May 24, 2013

This is my tenth installment in a series on an emerging capability that has become surrounded by hype, even as it has emerged as a powerfully disruptive societal force: big data (see Ubiquitous Computing and Communications – everywhere all the time, postings 177 and following for Parts 1-7 and its continuation page, posting 207 and 209 for Part 8-9.)

I have been writing about the collection, organization, accumulation and sharing of data, personally identifiable consumer data included, in this series. And in Part 9 I turned to consider the role and activities of governmental Big Brothers in this. Then towards the end of that posting I brought up the issues of corporate Little Brothers, and corporate big data accumulation and use. And I noted that at least collectively, these Little Brothers are coming to be both more pervasive and more impactful than any of their perhaps more visible Big Brother counterparts. And while Big Brother does this for survival, Little Brother does this for profit.

I stated that I would look into the issues of Little Brother in this series installment, “focusing on concerns that have continuously seemed to have arisen regarding Facebook and its development and use of big data.” And I continue that narrative here with a set of crucial observations:

• Facebook offers incredible resources for individuals and groups – for all of us as we develop and connect into communities, and as we connect and organize to achieve goals. This is all very positive.
• Facebook also accumulates vast amounts of user submitted data, and with increasing capability for scanning and searching and tagging more and more types of data, more and more of what is added to the Facebook databases can be searched and individually identified and bundled into progressively more comprehensive individual profiles.
• The best working example as of this writing, for how Facebook is leveraging new technologies to expand its searchable and functionally usable database resources, comes with its very active program for scanning and individually identification-tagging people depicted in photos uploaded to their site.
• That and essentially everything else that they do with the personal data uploaded to their site became a problem when Facebook as a business decided to monetize and commoditize this bonanza of personally identifiable data, and when they started to change their privacy policies to better meet their business model needs – in too many cases doing so with opt-out options only, for their member users.
• So people submitted information into their user profiles, for example, under one set of usage and reuse terms and conditions. Facebook loosened the restrictions they agreed to honor, allowing them to use and to sell more of this information and in new ways and to a wider marketplace. And unless a user/member went into their profile and navigated their way through the menus there to the right screens and clicked the right opt-out choices, Facebook saw itself as authorized to proceed in selling access to their data.
• So I cited Facebook in Part 9 as a rapidly emerging poster child as to how to do this badly and wrong. Facebook, as of this writing, has on the order of a billion member profiles in their system and there are people everywhere, globally who know how that social networking site and business has repeatedly shot itself in the foot for this, to put their business practice decisions most charitably. But there are others and some are much more worrisome than Facebook could ever be who also play Little Brother in this. Many work essentially behind the scenes and in ways a public facing company such as Facebook never could. Many impact widely across hundreds of millions of lives.

My goal for this posting is to at least briefly touch upon a few of those Little Brothers that for the scope of their impact, are not actually so little at all. And I begin with credit reporting agencies.

Experian, Equifax, TransUnion and similar credit reporting agencies accumulate vast amounts of information on essentially everyone, as to our spending behavior and any debts that we might carry and of any sort, our history for paying off those debts, our income and savings and investments, and our financial situations and behavior in general.
• And they run all of this raw data through statistical models to predict our future financial behavior and our capacity to pay off future debt obligations, assigning overall credit scores as summary overall ratings to the profiles that they assemble on us.
• Every time we seek to make a major purchase such as buy a car, every time we seek to sign a lease or buy a home, or when we seek to acquire a new credit card, the businesses we would carry through on these transactions with all go to at least one of the major credit agencies such as the three named above, to check our creditworthiness.
• It is important to note that while this can serve as a gatekeeper in deciding whether, for example, we can get a loan at all to buy a new car, this also sets the interest rates we would be required to pay on that car loan if we can get it. This, quite arguably is justified. A buyer with a lower credit score and shakier repayment history can credibly be considered as representing a greater risk to a lender than one with a significantly higher score, simply assuming that credit scores are set on sufficient amounts of sufficiently accurate data and that the models used to categorize individuals under review are well designed and empirically validated.
• But credit reports are also used for other purposes as well. As an arguably justifiable example, individuals can get copies of their credit reports to monitor what is in them, and both to know where they stand from their own financial behavior and history, and to spot if they have become a victim of identity theft. That is a reactive and after-the-fact way of finding out, but for most of us this can be a crucial tool for protecting ourselves from further harm.
• On a more negative side, a lot of hiring companies have started using credit report findings to eliminate job candidates from consideration – in spite of the fact that empirical evidence shows this not to be a valid metric of value for the purpose of finding a good let alone a best job candidate. Credit report scores tend to go down for people out of work and the longer they are, the more their finances and their credit scores can suffer. So as far as hiring is concerned, the credit score primarily just shows that a given candidate has been out of work, and perhaps through no fault of their own and that they really need this job. And that use of credit scores has become an increasingly important revenue stream for these credit reporting agencies, and that is one of the reasons why I write of them here as Little Brother examples.

Facebook is very public and very directly connected with vast numbers of members of the community. And they have found ways to both gather and organize and to monetize and sell information about essentially everyone in their system, and as both anonymized demographic data and as personally identifiable and even profile-organized information about us. The big credit reporting agencies are also well known to the public – at least for their major lines of business. But their resources are packaged and sold for other less well known purposes too, and some of them are problematical and even directly contrary to our needs and both as individuals and as members of communities. Then there are the much less known companies that accumulate, organize and sell marketing intelligence, and both anonymized and individualized and in many cases for essentially any end-use purpose. Business to business, and more generally business to organization Little Brother accumulators and sellers of big data, are becoming a major driving force in reshaping both marketplaces and the businesses that serve them – and every group or organization that is trying to publically push an agenda.

When I wrote Big Data 7 I invoked the extremes of utopias and dystopias, and in the course of this series I have at least pointed towards both. But most of what I have been writing about fits more into the vast gray area in between. In Part 9 and this installment I have touched on both extremes while noting the Big and Little Brothers of our world, and their developing impact upon us all. I am going to continue this discussion in my next series installment, beginning with a basic question that comes out of this series and its installments up to here as a whole:

• The first ten installments of this Big Data series have delved at least briefly and selectively into where we are now. Where are we going, and what can we as individuals and as businesses, and there perhaps particularly as small businesses, do to more effectively succeed in the midst of all of this?

Meanwhile, you can find this and related postings at Ubiquitous Computing and Communications – everywhere all the time and its continuation page.

leave a comment

Some thought concerning a rapidly emerging internet of things 1: starting a new series

Posted in business and convergent technologies, social networking and business by Timothy Platt on May 22, 2013

I have been writing on an ongoing basis in this blog about what could be called the internet of people, and about using the tools and resources, and the connectivity reach of cyber space for achieving meaningful goals through it. A second separate, parallel if connected network has also begun to take shape as an internet of things.

• And if the number of people – the number of connectable nodes involved in the former is limited as an absolute maximum to the few billion who populate this planet,
• The number of devices and objects – the number of nodes achievable in the later can realistically be expected to expand well into the trillions.

I have at least briefly touched upon the emerging existence of an internet of things a few times in the course of writing this blog, but the first time I explicitly wrote about it was quite recently with a 16th installment to a series on information systems security: Information systems security and the ongoing consequences of always being reactive – 16: the internet of things and the emergence of next generation DDoS attacks.

• I began discussing this emerging reality there and in that context, as it is when a complex and comprehensive system is first being planned out and implemented, that basic systems security and risk management capabilities have to be built into it,
• If basic risk management and related considerations are not built in from the beginning, all subsequent efforts will have to keep addressing them ad hoc and forever.
• I cited in that posting, as a still unfolding historical example, how gaps in basic source identity validation that were overlooked in the early pre-public internet: the original ARPANET still haunt us as root vulnerability causes of much of the malware and black hat hacker activity that we still see today.

So I first formally began addressing the issues of an emerging internet of things, in terms of a need to build this right, and from a solid and well thought out and implemented foundation that is as flexibly and robustly secure from tampering as possible. And at the end of that information systems security posting I said that I would follow it with a series on the internet of things per se, and on what it is and on what it is headed towards becoming. I begin that here.

I defined some key terms in my security series posting that I will be referring to in this series, and begin here by noting two of them (though I strongly recommend reading that posting too.) I divided the emerging internet of things into two basic and fundamentally distinct spheres of activity:

• The Internet 1.0 of Things where more and more items and objects are tagged and in ways that can be connected into the internet and tracked through it. These objects – these nodes in this system are passively connected in so this can also be thought of as the passive internet of things.
• The Internet 2.0 of Things where more and more nodes and types of node are added that do communicatively, 2-directionally interact with the internet and with other nodes, and more actively and even proactively than would be possible with simple ID tagging or other 1.0 activity. This can be thought of as the active internet of things.

I cited barcode tagged and RFID tagged objects as the primary (as of now) sources of passive nodes in this overall system. Active nodes are already much more diverse than that, and even just in the still embryonic stage of development that we are in for this internet of things. I cited as one source of such examples, smart appliances as would be found in an emerging 21st century kitchen. I add here an entirely separate area of examples that, referring back to that security systems posting for its topic area, will become all but ubiquitous and that will become crucially important and even nationally from a security perspective: Supervisory Control and Data Acquisition (SCADA) systems.

I actually did raise the possibilities there of small, home-SCADA systems for managing the emerging household of tomorrow, but large scale industrial and core infrastructure SCADA systems are going to become progressively more fine-grained networks of active 2.0 nodes in a globally interconnected network of things too.

I am going to start delving into some of the details in all of this in my next series installment, where I will focus on the passive, internet 1.0 of things and how a myriad of objects and items are being connected in, with the implications that this creates. Meanwhile, you can find this and related postings at Ubiquitous Computing and Communications – everywhere all the time and its continuation page, and at Social Networking and Business.

leave a comment

Information systems security and the ongoing consequences of always being reactive – 17: incentivizing more secure software and information systems

Posted in business and convergent technologies, social networking and business by Timothy Platt on May 20, 2013

This is my seventeenth installment to a series on the state of information systems security going into the second decade of the 21st century, and on challenges that will have to be addressed in moving forward from where we are now (see Ubiquitous Computing and Communications – everywhere all the time, postings 185-188 for Parts 1-4 and its continuation page, postings 189 and loosely following for Parts 5-16.)

I have been writing about reactive and proactive approaches to information and cyber security in this series, and about integrated and multi-level approaches to making these systems more agile and effective. And I have been writing here about approaches for making this work. But even where the approaches I suggest and others would offer real value, they cannot work if they are never tried and applied. Doing so would require incentivizing change, and I add removing some disincentives too. My goal for this posting is to at least begin a discussion of that, and I want to begin with the disincentives side of this set of issues, which in this case revolves around antitrust laws on the one hand, and the pressures of a highly competitive industry to thwart collaboration even when allowed on the other.

Antitrust laws, also called competition laws are formulated and enforced to prevent collaborative agreements between competitors that would artificially restrain trade and control consumer prices and access to marketplace choice. In principle at least any collaborative relationship or understanding between businesses in for example, the antivirus software arena, could at least potentially be seen as fitting that outlawed pattern. But it is recognized that if these computer and information security resources are to work at all and provide any benefit, they have to be based upon and updated according to the best and fullest of what is known about threats faced by all. And certain best practices frameworks of understanding are going to have to be collectively shared across the industry, as well as insight into the rapidly evolving nature of those threats collectively faced. So certain types of industry-wide organizations are allowed for and even encouraged – provided they meet certain basic requirements of openness and participatory inclusiveness. One that comes immediately to mind for me is The Open Web Application Security Project (OWASP).

But a shift from a more strictly reactive approach to information security to a more proactive paradigm of information and computer systems security, is going to call for new types of collaboration. The implications and requirements of this shift are going to have to be incorporated into the legal frameworks that limit and permit collaboration between competing for-profit businesses in these arenas. And as already noted in several contexts in this blog, the law is always reactive and when a field is rapidly changing, it can be significantly behind the curve and disconnected from addressing actual current needs and circumstances. It is a hallmark of information and cyber security that their challenges and priorities and the solutions they have to provide in response, change faster than any regulatory law ever could.

• So law regulating competition in this specific arena has to be open as far as specific technology or processes are concerned, and focus entirely on openness and inclusion of participation in any umbrella organizations involved, and on their transparency.
• But even if the law was perfectly in tune with industry and marketplace needs for this, competitive pressures in this marketplace all too often put a greater premium on pushing new products and services out the door, and less on providing the most robust possible security and risk management solutions. The pace and force of competition here effectively compels that.

I turn to address that set of challenges with a very specific working example from a very different industry in mind, that while different in detail might offer insight of value here too: organic food and more specifically, California’s legally defined standards as to what can be called organic food.

Words like natural, healthy and organic convey powerful messages when marketing food items, and credible claims that a food product offered is organic or that it is made entirely from organic ingredients, to pick up on that key word from that, increases its sales and profitability. So as a result, some businesses began using the word organic very loosely. Consumers in the state of California spoke up in response and got their legislators involved, and as a result California passed what at that time was the strictest set of guidelines in United States law as to what can be identified as being organic. This was seen as a truth in advertising and a consumer protection initiative, and this law: California’s Organic Foods Production Act of 1990 became the gold standard for regulating this area of the food industry. And that is where this story connects with the narratives of this posting and this series.

California is among other things one of the major producers of fruits, vegetables and other produce in the United States, so when growers there were restricted to only using the word organic when strict standards were adhered to, that had national and even international impact California produce is sold very widely. But perhaps more importantly for this discussion, California’s population is very large and in fact constitutes a significant market segment for essentially any wide sales distribution processed food manufactured essentially anywhere in the entire country. So when California law imposed very specific and precise accuracy requirements for calling a food organic, businesses that produced foods in other states and even in other countries noticed. The potential of losing this part of their market share forced a lot of businesses to rethink their ingredients and their production processes if they were to continue to use that word – remember here that if they had suddenly just taken “organic” off their labels that would have sent a clear message that they had been lying and that their foods were not as pure or as good as they had been claiming.

My point is that when a sufficiently large market segment or share of a customer base suddenly demands that some new standard be met and in specific ways, that puts real pressure on all prospective providers to meet those new standards, and for all of their intended customer base. Now consider how this applies to antivirus and related anti-malware software.

• If even just a few key, high purchase volume state governments and a few major corporations were to suddenly demand that a new collectively agreed to higher standard be met for information and computer systems security, as a threshold requirement before any of them would consider purchasing a given product or service, every major information and computer security provider would in effect be forced to meet that new standard and for all of their customers, everywhere.
• To clarify that last point here, they would need to meet those new standards for this market segment to keep its business. And they couldn’t very well tell the rest of the world “we sell software and other products that really works to our larger and more demanding customers …and we sell our old design-paradigm stuff to everyone else.”
• Other customers would, of course, begin demanding that this new standard be met for them too.
• An organized consumer base that only collectively included a significant minority of the overall market could begin this process and in effect force this industry to meet higher standards for all.

Antitrust and competition laws limit and control producer collaborations and the prospect of producer collusion and marketplace manipulation. They do not address or seek to address consumer-side collaboration or the development of consumer-side standards that would have to be met by any successful vendor or provider. A “consumer-side trade group” could in effect force all significant participants on the producer and seller side of this to uniformly meet and adhere to newly defined minimal standards and even to new types of standards.

• If governmental and other major purchasers required that the software and systems they acquire be secure, and according to a specific robust standard as to what that means, that would incentivize all software manufacturers and other IT systems, products and services providers to build and maintain to that higher standard.

You can find this and related information security-related postings at Ubiquitous Computing and Communications – everywhere all the time and its continuation page, and at Social Networking and Business.

leave a comment

Big data 9: redefining the group demographic 2

Posted in business and convergent technologies by Timothy Platt on May 17, 2013

This is my ninth installment in a series on an emerging capability that has become surrounded by hype, even as it has emerged as a powerfully disruptive societal force: big data (see Ubiquitous Computing and Communications – everywhere all the time, postings 177 and following for Parts 1-7 and its continuation page, posting 207 for Part 8.)

I began a discussion of how big data serves to redefine and expand the types of hypotheses that can be tested from empirical population data in Part 8, where I offered a societally positive working example. My goal for this series installment is to continue that discussion, here focusing on the types of negative examples that can and do provoke pushback against big data as a developing capability.

• At the end of Part 8 I stated that I would turn here in this posting to consider the ways that “Big Brotherauthoritarian states are coming to use big data to “identify and crush political dissent and open public discussion” and I will at least briefly look into that here.
• But more than that, I will at least begin to look into how a legion of “Little Brothers” such as major corporations can and at times do misuse big data capabilities too, and certainly when their policies and practices for collecting, organizing, using and commoditizing individually identifying and tagged information puts them at odds with the needs and wishes of the people they develop all of this big data content from.

But I begin here with Big Brother, and I begin that by making a basic foundational observation:

• Governments that accumulate big data about their own nationals and about foreigners who interact with them, with a specific goal of tracking them to control them – governments that play a true Big Brother role, do this as a perceived survival requirement, and not out of intentionally malicious or evil intent. “Malicious” and “evil” are traits that might be attributed to them, but they are not ones that they would embrace or accept as accurately applying to them. They do this out of perceived overriding need.

And with that in mind, I turn to consider the People’s Republic of China as a first working example.

• China is widely known, at least in the West for its Great Firewall – its Golden Shield Project as it is more officially called there. But this should only be seen as one half of a larger and more comprehensive system, as simply tracking the online conversation and blocking or allowing online access can only be seen as half of a solution to controlling and managing their population so as to stifle the possibility of dissent.
• The other half of this comes from knowing who is doing what online and off and in being able to predict who might do what, and with tracking online activity attempted and pursued only constituting a small part of that. This other half is where China’s one allowed Party and its government seek to in effect predictively know their entire population and on both a fine-meshed population demographic basis, and on an individual basis.
• This approach to population management at a demographic and individual level goes back much farther than do computer systems or computerized databases, of course but the advent of those systems have made it possible to know and to predict with a level of detail and at both levels, never previously even conceivable let alone possible.
• Publically and openly, big data systems development are still in a relatively early stage in China with the bulk of this activity appearing to be taking place in their internet industry, with for example, companies such as Taobao, Tecent Holdings and Baidu developing big data applications on open source software frameworks. Financial sector institutions and others are also beginning to actively, publically enter this arena in China too now.
• And of course, China’s big data objectives go far beyond simply accumulating data about individuals and population groups. They are also collecting data about and from businesses and organizations, private sector and public and of all sorts too. And some of this also has a more public face as well.
• Here, it is crucially important to remember that the boundary between China’s true private sector with its privately owned businesses on one hand, and its government and government owned enterprises on the other is porous and hazy at best, and not just from the way that its People’s Liberation Army controls and even directly owns a larger share of China’s overall business and industrial sectors than any other participant. So in a fundamental sense, China’s private sector big data initiatives are governmental big data initiatives too. And that government can and does collect together as much as it can from all of these data accumulators and processors and more for its own use too.
• China’s government is still, by all appearances, at an early state in developing a Big Brother big data capability but that is clearly one of their highest priority information technology and knowledge management systems goals. I expect to see more and more of that news story to come out as these capabilities continue to be developed and put in place.

And what China is doing, others are at least attempting to do too, and that in at least embryonic stages of development includes initiatives arising in countries such as Iran and North Korea too.

• Whenever you find a country is developing or seeking to develop its own counterpart to China’s Golden Shield Project, you can be sure it is also at least planning and prioritizing for building a matching computer systems-based big data population oversight and control capability too.

But with that said, I would argue that the “Little Brothers” of corporate big data accumulation and use, as noted above at the top of this posting are going to at least collectively be both more pervasive and more impactful than any of their perhaps more visible Big Brother counterparts. And while Big Brother does this for survival, Little Brother does this for profit. I am going to look into the issues of Little Brother in my next series installment, there focusing on concerns that have continuously seemed to have arisen regarding Facebook and its development and use of big data. Meanwhile, you can find this and related postings at Ubiquitous Computing and Communications – everywhere all the time and its continuation page.

leave a comment

Information systems security and the ongoing consequences of always being reactive – 16: the internet of things and the emergence of next generation DDoS attacks

Posted in business and convergent technologies, social networking and business by Timothy Platt on May 13, 2013

This is my sixteenth installment to a series on the state of information systems security going into the second decade of the 21st century, and on challenges that will have to be addressed in moving forward from where we are now (see Ubiquitous Computing and Communications – everywhere all the time, postings 185-188 for Parts 1-4 and its continuation page, postings 189 and loosely following for Parts 5-15.)

In a very real sense this is also a posting where I find myself writing out of order from what I have been intending, as circumstances intervene and provoke a rethinking of that. I had been planning to write to this blog about the internet of things for several months now, and I am still planning on doing so. But I see reason to start addressing that more general topic area here, and before building a more organized framework of discussion on it, with at least a brief discussion of its information security implications coming first.

In anticipation of that fuller discussion, I would divide the internet of things paradigm into two distinct if connectible approaches:

• The Internet 1.0 of Things where more and more items and objects are tagged and in ways that can be connected into the internet and tracked through it.

This is, in its extreme, where every item or object that can be RFID tagged is and if it is not RFID tagged then it is either standard 1-dimensionally, or 2-dimentionally barcode tagged. Think of this as enabling a universal supply chain capability and this is where the number of nodes on the internet could conceivably expand out from the billions of computers, tablets, handheld and smart phones and the like of today to include trillions and more connected points – with all of those tagged items passively interacting as they are tracked and remote inventoried for identity and position.

• The Internet 2.0 of Things where more and more nodes and types of node are added that do communicatively, 2-directionally interact with the internet and with other nodes, and more actively and even proactively than would be possible with simple ID tagging.

This is where the dream house of tomorrow comes in where a smart refrigerator would know that you have only one egg left in and that you are about to run out of milk and that you always want at least six eggs and a half quart of milk on hand – so it orders them as per routine programming from Fresh Direct, verifying that you have not already done so first. More real-world and here-and-now this is where you can use a smart phone app and a smart and connected thermostat to raise the temperature of your house back up to the “return home” setting, from a colder “away” setting on a Winter weekday when you realize you will be getting home early. And for purposes of this posting that also includes an increasing number of devices that we do not think of as computers or as being connected to the internet per se at all – but that are. And as an example there, I cite the cable box that so many of us have hooked up to our televisions for accessing and connecting into a programming content provider service such as Time Warner Cable. We tend to think of those boxes as being nodes in dedicated, special use systems – in this case limited to accessing television programming service. But those same set-top boxes can be used in combination with an internet service such as Netflix’s instant viewing service, to access a streaming version of a movie – via the internet and directly to our televisions.

• The primary source of vulnerability that we all face in online and information security, and in computer systems security is always “the unexpected.”

When we as end users do not think of those cable boxes – or other online connected and connectible resources as computers and as being at least potential internet nodes we do not think about securing them from outside access or control. When the cable service provider and others who send these resources out and set them up for their customers do not think about them that way either, each and every single one of them set up and connected in becomes a target of opportunity for black hat hackers.

The internet of things, and particularly in its 2.0 form creates a whole new world of exploitable opportunity for black hat hackers and particularly when the potential for this is left open and unexpected. And this brings me to the specific threat assessment topic of this posting: the emergence of a whole new type of distributed denial of service attacks (DDoS) that capitalize on the, in this case distributed vulnerabilities of cable boxes and more, as new sources of third party controllable online activity – and with the capabilities for assembling larger botnets than ever before out of them.

We are already beginning to see this new and emerging arena of vulnerability being exploited, and certainly for those set-top cable boxes. The prospect of the fully wired home with refrigerators and thermostats and more able to connect online for remote home-SCADA management indicates that this arena of emerging vulnerability will only become more important. Imagine all of this as being vulnerable to outside botnet control – and that just takes household devices and resources into account that on their own, number far more at least potentially than all desktop, laptop and other computers that are suborned in a traditional DDoS attack – and all servers that would be targeted. Now add in the still wider potential for expanding this out in a more general internet of things, and particularly an internet 2.0 of things that is more generally and globally developed. And of course DDoS attacks only represent one possible form of attack here.

As I noted at the beginning, my original intent was to delve more into what an internet of things is first, and then with that as foundation turn to consider its security issues and how they might be addressed. But the order I am presenting this in here may in fact be the best, as:

• It is vitally important that potential information security and related issues be understood and addressed from the beginning, and from initial design and implementation rather than waiting until systems are in place and infrastructure built – and any response would have to be piecemeal and reactive.

I will add in that context and as a historically all too well known example, it is all too easy to spoof the actual identity of an email or other online content sender. That, in principle at least, could have been addressed and forestalled early on and even at the very beginning ARPANET stage of internet development when the initial core connectivity protocols were first being developed. That was not done, and source authentication was not built into the core networking architecture of the internet and from the beginning, and we are still dealing with the consequences of that lack of foresight as they continue to unfold.

I am going to start a series on the internet of things soon now, in follow-up to this posting. Meanwhile, you can find this and related information security-related postings at Ubiquitous Computing and Communications – everywhere all the time and its continuation page, and at Social Networking and Business.

leave a comment

Big data 8: redefining the group demographic 1

Posted in business and convergent technologies by Timothy Platt on May 9, 2013

This is my eighth installment in a series on an emerging capability that has become surrounded by hype, even as it has emerged as a powerfully disruptive societal force: big data (see Ubiquitous Computing and Communications – everywhere all the time, postings 177 and following for Parts 1-7.)

Big data has what can be considered a series of Holy Grail goals – purposes and functional objectives that would be reached through creative, thoughtful use of vast amounts of accumulated data by identifying and characterizing unexpected or unpredictable patterns from it. I have already written in this series about one of these goals: determining a true demographic of one for at least potentially, each and every individual member of a larger marketplace community in order to directly personalize marketing and sales to them and their individual needs and preferences (see particularly Part 1: the emergence of the demographic of one for that.)

A second core goal is to better understand, and I add define and parameterize the group marketing demographic, and more generally the group demographic per se. After all, businesses and business marketers only constitute one constituency that sees value in big data and its accumulation and availability.

I have recently been posting to a series: Opening Up the Online Business Model for New and Emerging Opportunity, in which I have been discussing how big data can be mined in developing these more nuanced and business objective-defined group demographics (see Startups and Early Stage Businesses, postings 142 and following.) And my initial thought for this posting was to divide this topic of big data defined and driven group demographics between these two series along a simple set of lines. I would focus on how data is assembled into these data sets and warehouses here, and on how demographics are defined from all of that as a matter of process. And I would focus on how knowledge of those demographics would be used, at least in a business context, in my Opening Up series. Even brief consideration, however, reminded me that that breakdown and division cannot work.

• Standard marketing demographics are defined according to and in terms of standard, a priori classification standards such as age and gender, home or business zip code, family income levels, and perhaps measures of buying interest such as whether an individual or family subscribes to a cable TV service.
• Big data mining allows data analysts and data users to assemble novel and even uniquely conceived demographics models according to essentially any possible set of shared, correlated traits – and what sets of correlated traits are included and data mined for is highly hypothesis driven.
• So what is collected and organized into a demographics model, and how that would be used cannot be separated.

I want to take that out of the abstract with a specific real world case in point, coming out of a data mining team that works for the office of the Mayor of the City of New York.

New York City, like most large urban areas has and supports an infrastructure for collecting and managing waste, with both regular trash pickups and disposal, and an active recycling program. Connected into both is a system for managing disposal of hazardous waste of all sorts, and that can include recyclable environmentally toxic materials such as lead, cadmium and mercury, and less recyclable materials such as old mixed petrochemical solvents. A goal in this is to both collect all of this so it does not contaminate the land or ground water or pose a health hazard, and to find ways to more effectively recycle it where possible.

And no matter how New York, or I add any other municipal government sets up their waste collection and management systems, there are always going to be both individuals and businesses that cannot be bothered to dispose of even hazardous waste correctly – and that probably holds true particularly for hazardous waste as it usually requires special packaging and it is generally collected separately from regular trash and regular recycling. In New York City, there are both City owned and managed Department of Sanitation services, and private waste hauling businesses that are licensed to pick up, transport and dispose of these varying materials. And with that as background, I come to my working example.

Sanitation Department workers and others see waste and hazardous waste that has simply been illegally dumped. But it can be difficult to identify where it came from and who disposed of it improperly simply from an examination of the waste materials themselves. As a very serious example of the consequences of this, I cite a specific incidence that I remember reading of where someone disposed of bottles of hydrofluoric acid, hiding them in regular trash bins. The Sanitation Department worker who emptied those cans into the back of his trash truck and pushed the button to compress this new addition to his pick-up and push it deeper into the truck, broke those bottles when doing so – simply following practices as usual for picking up and carting off standard trash. A cloud of highly toxic, corrosive acid mist rushed out of those broken bottles and he breathed some of it in, destroying his lungs. And he died there and then as a result. I remember reading that he had a wife and small children. When that data mining team from the NYC office of the Mayor set out to sift through the evidence they had in their data warehouse to better pinpoint who was illegally dumping, they were looking for people who create irritating problems that add to costs, and also the ones who cause real and even tremendous risk for others.

• They wanted to find where the most likely businesses where for illegally dumping waste and particularly hazardous waste and they wanted to identify the most likely specific culprits responsible for this, for on-site inspection by agents from appropriate city agencies.
• So they searched their data to find where this was being found – knowing that people who do this rarely just toss these materials in their own trash cans or dumpsters. In the hydrofluoric acid incident that I cited above, someone brought these containers from what was most likely a commercial or industrially zoned area to a residential neighborhood and put them in with the household trash that had been left at the curb for pick-up.
• They also searched the records for businesses that did not have contracts with licensed private haulers, licensed to handle and dispose of hazardous waste, and who had not been contacting the City Sanitation Department for guidance and information on how to safely, lawfully dispose of this either.
• Actually, following a process similar to criminal detective work as would be carried out by a Police Department, they sifted through and correlated a fairly wide range of data types. And the result was that they had a list of suspects who were very likely to be illegally disposing of these waste materials. And when Sanitation inspectors went to visit and surprise inspect them, virtually all were caught with sufficient evidence that the city could file charges.

To finish this example, I would at least briefly cite a second type of waste that is far less dangerous than hydrofluoric acid as a dumped waste problem, but that is far more common too: restaurant grease. Every restaurant that runs deep fat fryers generates significant and even huge volumes of this waste and if it is simply dumped down the nearest storm drains, it congeals there and with time creates a thick waxy barrier to water flow. With time this can even effectively stop up those drain pipes and cause local street flooding. And it turns out that restaurants that dispose of this grease illegally are also much more likely to be following poor safety and cleanliness practices in removing grease build-up in air vents and from behind stoves, greatly increasing risk of grease fires. The same types of big data mining for business and industrial waste dumpers has been used successfully for identifying restaurants that dump their waste too – and as a side benefit that appears to have cut down on the numbers of restaurant kitchen fires that the Fire Department has to respond to as well, and certainly for those at-risk businesses.

This set of examples is all about assembling and systematically using novel big data-enabled demographics models. And the more data is accumulated and the greater its diversity the wider the range of data sensitive questions and hypotheses can be address with it.

It can fairly easily be argued that identifying businesses that illegally dump hazardous and toxic waste should be considered a societally positive goal. But these same tools and capabilities can be used for other and less positive purposes too. I am going to continue this discussion of big data-driven social demographic modeling in my next installment in this series, there considering how this can be used to identify and crush political dissent and open public discussion. Meanwhile, you can find this and related postings at Ubiquitous Computing and Communications – everywhere all the time and its continuation page.

leave a comment

Information systems security and the ongoing consequences of always being reactive – 15: putting the puzzle together as a strategic and operational process 3

Posted in business and convergent technologies, social networking and business by Timothy Platt on April 27, 2013

This is my fifteenth installment to a series on the state of information systems security going into the second decade of the 21st century, and on challenges that will have to be addressed in moving forward from where we are now (see Ubiquitous Computing and Communications – everywhere all the time, postings 185-188 for Parts 1-4 and its continuation page, postings 189 and following for Parts 5-14.)

I usually write my postings to this blog fairly quickly and without any real pause – I know basically what I want to cover in them and how, and simply flesh out the details as I write, knowing I can add another series installment if needed. I have, however, been thinking about this posting for several days now – and in this case precisely because I do know and clearly, the basic message that I would seek to convey. In a real sense this posting is what this entire series has been building towards.

I sit down to write this thinking of the meat-grinder conflict of World War I, and of how so many, trained and equipped for a previous century’s war were thrown into a trench warfare environment dominated by machineguns and early stage but still deadly armored weapons such as tanks. And it is in this setting that men on horseback, as if still 19th century cavalry, met chemical warfare and the strafing of aerial attack.

• Millions died and have seemingly always died because potential next wars are prepared for as if their general officers were going to fight the last war.

And I write this with a conversation in mind that I participated in a couple of years ago at the end of a cyber-security meeting. And I was talking with a speaker who had just given a detailed and I admit interesting presentation and this speaker and his aide had a lot to say, some of which was probably not intended. The speaker was a General officer and his aide was a Full Colonel and both were actively serving in and leading in the national cyber-defense effort. And what they had to say and their focus of concern sent chills down my spine and brought me to think of those soldiers in the trenches of World War I then too. Their primary concern, as far as safeguarding mission-critical systems was in safeguarding networks, and particularly government command and control networks – from threats like denial of service attacks. So they spoke of packet authentication and other defensive approaches. They were preparing to fight and to mount a defense from what could only be seen as a last war mentality.

I have been writing in this series about a series of issues and factors that would perhaps serve as grounds for reconsidering the nature and targets of potential cyber-threats and both from private sector and governmental/military sources, and stealth is likely to be the hallmark of any serious 21st century military-based or large scale private sector-based attack, with efforts made to install malicious software that would not show itself or even be readily detectable unless and until activated. A frontal assault denial of service attack, if launched, might only be developed as a distraction and a diversionary tactic. And the real targets of any large-scale and definitive attack might be found more in largely private sector national infrastructure systems such as power grid and communications SCADA control systems, than anywhere else – as successfully targeting them could in principle paralyze an entire country.

I tend to be circumspect and do not, for example, generally name my consulting clients when I write to this blog. I do not name them in my LinkedIn profile either. And I have been known to mask at least some identifying details when drafting case studies from my own work experience. But I have decided to write more bluntly here and to more directly express these concerns here. And with that as an all too real-world case study example I state that private or public sector or combined:

• We cannot defend ourselves from cyber-threat if we only think in terms of and prepare for a last war, and as if next-war potentials were not and could not be developing around us.

History has shown the foolhardiness of a last war mentality in more traditional military conflict. And if anything, the pace of technological development in computers and networked systems, and in their uses have made this concern even more pressing for any potential cyber-conflict arena.

I have alluded, much more obliquely to this meeting and conversation before in this blog, at least once, and spell out its issues and my concerns stemming from it more clearly and directly here. And that is why I paused and thought before writing this for open online publication. The officer I wrote of above is very intelligent and highly trained – with a PhD in electrical engineering and a background that is fairly solid in computer systems hardware among other things. But the generals of World War I were intelligent, articulate, educated and experienced too – even as they sent horse cavalry to the barbed wire and machinegun trench warfare environment of that conflict.

The basic principles and concerns that I write of here apply across the board for acknowledging and dealing with cyber-threat. We can do better and we must. And I finish this posting and this series with that, and looping back in my thoughts to the reactive versus proactive lines of argument that I have raised here, and the other issues that I have touched upon – as only one small part to a larger and more complex story.

I might very well find myself coming back to this topic area in future postings. Meanwhile, you can find this and related postings at Ubiquitous Computing and Communications – everywhere all the time and its continuation page, and at Social Networking and Business.

leave a comment

Citizenship in an increasingly global context 3: cultural identity as a source of pushback

Posted in business and convergent technologies, UN-GAID by Timothy Platt on April 25, 2013

This is my third posting in a series that unlike most of what I write here, can perhaps best be considered a shared and open-ended rumination. I began writing about the changing, broadening nature of citizenship, and of belonging and membership in Part 1: shareholder value, stakeholder value, and openly-sourced social value, with a discussion of how our increasing interconnectedness through direct and immediate point to point communications bring us together. And I began discussing some of the issues and forces that would push back against that and against perceived homogenization and loss of local group identity in Part 2: membership, citizenship, loyalty and belonging, there focusing on issues of political will and the drive to maintain local and geographically defined control and identity.

• I turn in this posting to consider a second major source of pushback, as grounded in cultural identity and the will to maintain historically and experientially grounded local, national and regional identity and individuality.

And I begin by considering my own country, the United States of America, as a source of working examples. The United States is a nation of immigrants, with our citizens and our ancestry coming from every country and region and culture on the entire planet. We are called and we think of ourselves as a melting pot, while at the same time striving to preserve our cultural and regional individualities and distinctions, as well as our distinctly national identity. We are all Americans but we are also Poles and Hispanics, and even there differently origined Hispanics, Chinese and Japanese, Italians and Irish and so much more. It is estimated that some 800 languages are spoken in the New York City metropolitan area alone. And here living in this country as a whole we are New Englanders and Southerners, West Coast and Californians and Midwesterners and more. And we are Conservatives, and Liberals and Progressives, and Independents and more and Catholics and Jews and followers of Hinduism and Jainism and Buddhists and Atheists and Agnostics and more. We are the great melting pot but when you look into that pot you see essentially anything but homogeneity and uniformity. And our ubiquitous interconnectedness has not changed that. In ways it has simply accentuated our differences. This is because we all too often look for and find online voices and information sources that highlight our own local and group perspectives, and that support and justify them for the mirroring and repetition of message known and expected that flows back to us through them.

Pick any socially or economically or politically dividing and contentious issue and there are news sources and opinion sharing channels online and in the overall range of immediately available media that support each contending view, and with each such partisan perspective at the heart of the communications and information sharing of its own particular local community.

• There, local does not necessarily mean geographically local though. It can mean geographically diffused, but united as a single community by shared perceived identity.
• And when much of this connectivity is through cyber space, geographic position or localization do not matter, and in fact more groups can form and meaningfully connect and find identity together than could be possible if we were all limited to immediate geographic reach.

I could just as easily have cited the big and globally obvious cultural divisions of Latin America and the Middle East, or dividing things a bit differently, the predominantly Catholic countries or predominantly Christian countries in general and the largely Islamic world – with countries such as Indonesia added into the group of nations that reside in the Middle East and much of Latin America, and I add some significantly large African countries aligned with their European peers. On economic lines I could still cite First, Second and Third World countries, even if the Second World is very different now than initially envisioned when the Soviet Union and Warsaw Pact where still present. My point is that we are and remain distinctively members of local and localized groups and whether or not those groups are strictly geographically bound. And the tools of our increasing interconnectedness can also serve to maintain the boundaries that divide and define us, and on religious and socioeconomic and political and ethnic and linguistic grounds and more.

But for all of this, connectedness across those boundaries continues to leak through and the barriers and boundaries that I write of here and that I noted in Part 2 continue to become just that tiny incremental measure more porous every single day. What brands to people look for, everywhere and globally? What music and YouTube videos go viral and globally? We retain our group identities but we also seek to embrace and capture elements of an increasingly more global culture too. And the politically motivated isolationism of nation states such as Iran and North Korea, as noted in Part 2, simply makes those foreign and global alternatives that much more attractive when word of them does leak through – yes making those governments strive all that more actively to stop the inflow and the leaks.

I stated in Part 1 that:

• Our increasing interconnectedness brings us together and in ways that make those old borders transparent for more and more of our actual lives – and in our business lives and where monetizable value is concerned as much as in any other aspects of our lives.

And I noted in that context that I fully expect that the transformations we are still just viewing the start to here, will be viewed societally as a great historic shift as our descendants look back at this 21st century and define its historical meaning. I write that thinking of the little and simply assumed local barriers and distinctions that form and fade to be replaced by new as local social and political groups form and carry through and fade away. I write this thinking of the massive efforts of nations such as China with its Great Firewall, as their government seeks – ultimately futilely to isolate their peoples both from open communications with the outside world and with themselves.

• Our sense and understanding of belonging and of membership and alliance and allegiance and of citizenship are all at least beginning to shift and change, and will continue to do so, and in ways we can only partly guess at now.

I am going to end this short series here with this third installment but I am certain to keep coming back to issues raised here and by the changes and shifts that I write of here. Meanwhile, you can find this and related postings at Ubiquitous Computing and Communications – everywhere all the time and its continuation page, and also at my United Nations Global Alliance for ICT and Development (UN-GAID) directory page.

leave a comment

Information systems security and the ongoing consequences of always being reactive – 14: putting the puzzle together as a strategic and operational process 2

Posted in business and convergent technologies, social networking and business by Timothy Platt on April 22, 2013

This is my fourteenth installment to a series on the state of information systems security going into the second decade of the 21st century, and on challenges that will have to be addressed in moving forward from where we are now (see Ubiquitous Computing and Communications – everywhere all the time, postings 185-188 for Parts 1-4 and its continuation page, postings 189 and following for Parts 5-13.) It is also a direct continuation of Part 13, where I first wrote of the first, second and now rapidly approaching third waves of black hat hacker and cyber-criminal activity.

To repeat, or at least expansively paraphrase from the end of Part 13 and continue from there:

• Early, first wave hackers primarily sought to show their prowess and count coup by proving that they could gain access to computer systems. Their vulnerability identification efforts were closely held as proprietary to themselves so as to limit competition from their peers, and the exploits that they developed were highly individual and crafted as exercises in their personal technical mastery.
• Second wave black hat hackers then moved in with a strictly for-profit motive. Some, of course have shown as high a level of computer technology savvy and expertise as any first wave hacker, but here that skill and its fruits became commoditizable products and services, and the buyers of their efforts need not be computer technology experts of any type – only business people who see value in these business supporting capabilities.
• At the same time that first wave hacking was being supplanted by a second wave as the primary source of motivation for malicious online and computer-targeting activity, the first low level and ineffective efforts to standardize and streamline exploit development began to take form. And I have already noted that, at least for those first steps in Part 1 where I wrote of script kiddies, who either attempted to hand assemble their own malware code from more expertly developed blocks of code that others had produced, or who used early development tools to do this for them.
• On a non-malware track, legitimate software developers work with blocks of code that others develop, and both in tapping into established code libraries and in coordinately developing larger programs where their own work has to fit in and work with the products of other developers’ efforts. Think team development of large object oriented software packages as a working example there. So this basic approach does not in and of itself necessarily mean lack of skills – it can also be pursued as a possible route to faster and more efficient development. For malware production this of course carries a price though. Among other things, reusing lines of programing code might mean that a presumably “new’ malware threat might already be known by reactive malware detecting security software in place, due to its containing specific code snippet sequences already in its malware definitions libraries. So when code developed is static, reuse of established code that has already gone out to the world as a means of productivity and product development improvement can be self-limiting.
• Then polymorphic code arrived on the scene and two things happened. The potential threat profile that would have to be identified and blocked by standard reactive gatekeeper software such as anti-virus programs began to grow hyper-exponentially, and reuse of code specifically designed to offer polymorphic code variability to a threat as it spreads might remain as difficult to generically identity by reactive means as if it were completely novel. This, I add would particularly apply if the polymorphic engine component of a malware package were itself developed in specific instance through a polymorphic code generator. And this brings me to the next step of this code development and its evolution.
• When malware producers went commercial and developed and sold their wares as profitable market offerings, pressures developed and increased to produce more, better, and faster. More and more sophisticated and I add expensive development tools began to be added to the malware designer’s and producer’s toolkits. And the rate of development of new malware threats with no previously identified code signatures to identify them skyrocketed. And this brings me to here and now.

If I were to succinctly if somewhat cartoonishly summarize the first two waves and introduce the third I would probably do so as follows:

Wave 1: The script kiddie approach, giving way to more and more sophisticated automated malware development tools with visual programming and related technologies.
Wave 2: Development and spread of polymorphic code and capacity of malware to adaptively change to stay effective when deployed, coupled by larger scale and business production level malware innovation, development, production and sale.
Wave 3: The application of web 3.0, or semantic web and artificial intelligence (AI) technologies to flexibly automate threat vectors and their production, distribution and management.

I wrote this three step progression strictly in terms of technology deployed. Technology enables, and progressively more enabling technology brings progressively wider ranges of participants into this activity. Newer and more flexible malware technologies and methods of developing and deploying it open doors to new players who bring in new motives and reasons. And the more automated and standardized malware production becomes as a marketable commodity, the less necessary it becomes that any buyer/deployer have hands-on technical skills of their own. They only need a business model and capacity to follow through on it that would call for malware as a part of their tool set, and a source of motivation and direction that would lead them to do so.

So some of the organizing understandings as to who is deploying malware and why that would go into developing a more proactive response system are at the very least getting more complicated. The primary sources of threat are not going to fit into a basic, simple, generic monetary profit motive model anymore. And simply adding in the variously skewed perspectives that different governments can display when preparing for their cyber-“defense”, will not necessarily complete the threat source assessment set as a simple addition to what has to be accounted for in combination with wave 2 profit motives.

If I were to summarize this operationally, I would state that the current and ongoing sweep of evolutionary change in malware production and in black hat hacker activity in general is to:

• Progressively increase the pace of change in what threat profiles have to be addressed, and
• Progressively increase the pace of change in which new types of vulnerabilities have to be identified and new exploit types addressed,
• While decreasing the visibility of the human sources of these events and their threat profiles and reducing their accountability,
• By making successful exploits more surreptitious and less overtly visible to infected and compromised systems and users.

I am going to continue this discussion in a next series installment where I will more fully discuss third wave hacking and malware. Meanwhile, you can find this and related postings at Ubiquitous Computing and Communications – everywhere all the time and its continuation page, and at Social Networking and Business.

leave a comment

Citizenship in an increasingly global context 2: membership, citizenship, loyalty and belonging

Posted in business and convergent technologies, UN-GAID by Timothy Platt on April 20, 2013

This is my second posting in a series that unlike most of what I write here, can perhaps best be considered a shared and open-ended rumination. I began writing about the changing, broadening nature of citizenship, and of belonging and membership in Part 1: shareholder value, stakeholder value, and openly-sourced social value, with a discussion of how our increasing interconnectedness through direct and immediate point to point communications bring us together. And I wrote of how this is even serving to standardize and homogenize our understandings of belonging and of citizenship and on a more open and even global scale.

I turn here to consider sources of push-back to that and of boundary and distinction preservation, in the face of the challenge to come together that our increasingly ubiquitous interconnectedness is creating. And the primary forces that would bring us together are met by and will continue to be met by powerful forces and voices of difference and individuality too. I would at least tentatively divide those forces into two distinct, if interrelated spheres:

1. Political will and the drive to maintain local and geographically defined control and identity, and
2. Cultural identity and the will to maintain historically and experientially grounded identity.

And I begin with the first of those and with the personally, individually anecdotal example of my own experience with this blog. When I go to my blog admin dashboard I can see where my site visitors come from at least to the level of what country their IP addresses are associated with. And looking back over the past months and over the past year to where visitors come from by country, I see a very telling pattern emerge that I suspect will not prove all that surprising and certainly for its gaps.

I get at least occasional visitors from some 130 countries and consistent visitors and readers from a swath of them that are globally distributed. That is to be expected for any blog or web site that shows openly online and that conveys a significant volume of content of a type that would address general interests. So when I look at the map of the world on my visitors location listings, I see a significant range of coverage, color and shade coded as to how many have visited from which individually identified geographic areas. But I also see some very predictable gaps. I get a significant number of blog visitors from South Korea for example but to the best of my knowledge I have never had one from North Korea. I get visitors from virtually all of the countries of the Middle East and from the Islamic world in general – but never from Iran. There are a number of tiny population island nations that I at most rarely get visitors from, but I refer here to larger population countries and to countries where there is at least some online access – and for all of its poverty and backwardness that does include North Korea.

The leadership of countries such as Iran and North Korea see the potential for breaking down barriers in open online communications and information sharing, but they see this as dire threat. It is not just my blog that they block – a government such as the Kim dynasty regime of North Korea, or the orthodox religious leadership of Iran with its Ayatollahs in control seeks to block all unfiltered access to the outside world, and I add all unfiltered conversation within their borders too.

China provides an interesting if somewhat complex case in point that in many ways proves any points that I would make here, by the way its at least a partial exceptions to the principles I discuss. My blog is specifically blocked by the People’s Republic of China’s (PRC) Great Firewall, or their Golden Shield Project as it is officially called, and it has been since I first started writing about China and its information control practices and policies. But I still get some blog visitors who specifically show as coming from mainland China and the PRC – and who can officially bypass their firewall. I get a lot more from Hong Kong and on a quite regular basis. They are formally a part of the PRC now, but Hong Kong is specifically excluded from the coverage area of the Golden Shield Project and from that level and form of centrally controlled and mandated censorship. I also get a lot of visitors from Taiwan – the Republic of China. And when my blog was first blocked in Mainland China itself, I suddenly started getting large numbers of visitors from places like Christmas Island. I feel free to cite that detail now as the anonymizer servers there, used to help people bypass censorship systems are long known of by the people who run the Golden Shield Project and blocked by it.

• Open governments that feel confidence in their holding truth and value and that hold to principles that can withstand scrutiny and comparison do not do this.
• Fragile governments that fear alternative views and the power of communication and knowledge do.

But my first numbered point at the top of this blog does not only refer to the extremes of repressive, frightened governments.

• One of the principle functions of any government is the protection and continuation of its own separate identity and existence, as the overall voice of authority over its territories and its citizens.

This holds for open and democratic governments that respect and support human rights and freedom of speech as much as any others. Open and democratic governments are simply more willing to embrace the challenge of open and free communications, connectivity and information and knowledge sharing. But even they tend to set limits, and that is where classified information and its position in national security enter this narrative. And considering the United States as a source of working examples for that, this is where:

Daniel Ellsberg and the Pentagon Papers,
• And more recently and as a different sort of challenge, Bradley Manning, Julian Assange and WikiLeaks enter this.

My intent here is not to argue the case either way as to the merits of secrecy or confidentiality of information in general or of information that could be seen as holding national security value – or even to particularly discuss it. I simply note its existence here and the fact that governments and governmental leaders and voices of authority seek to defend their rights to hold information internal to their governments and to their countries. All of these examples I have noted in this posting from the most repressive to the most open hold one crucial point in common. They all represent centralized and governmental pushback against completely open homogenization and the breaking down of borders and boundaries.

I am going to continue this discussion in a next series installment where I will focus on that second numbered point at the top of this posting, and cultural identity-based pushback. Meanwhile, you can find this and related postings at Ubiquitous Computing and Communications – everywhere all the time and its continuation page, and also at my United Nations Global Alliance for ICT and Development (UN-GAID) directory page.

leave a comment

Follow

Get every new post delivered to your Inbox.

Join 51 other followers

%d bloggers like this: