Rainblog

Deliberate Accountability: an idea.

mikehudack:

attentionindustry:

Imagine a brand had an online help desk … where you could see the person who was about to help you, on skype-esque streaming video. You … are having a genuine, real time, one on one interaction with a person who has publicly, and individually pledged to help you … Because the next phase of the Internet is about accountability … Show us your face, or we’ll assume you have something to hide.

There’s some truth to this.

Ugh.

I work for a company that takes support very seriously. The main support guy sits directly behind my desk, and he’s one of the most patient and conscientious people I’ve ever met. If he can’t sort things out, he hands it off to one of the developers, who are a similarly professional bunch (even me … or at least, I try). Everyone on the technical side takes turns doing weekend support, not just to spread the load but as a way of keeping up to date on the service and its users. Everyone involved really does their best to solve people’s problems quickly and fully and send them away happy. If something goes badly wrong, the CEO actually publishes his personal phone number and invites people to call him for more information or simply to express their frustration or demand an apology. That’s ‘deliberate accountability’ in spades, and it’s been part of the company culture since Day One.

But the idea of video support - except in specialized cases - strikes me as a bad one. There are obvious technical issues (won’t someone please think of the bandwidth?) but it goes deeper than that. The first is that face-to-face communication is often a lot less efficient than email. If someone asks a question that’s been answered a hundred times, the support guy can hit the macro button to send a stored response and move on to helping the next person. Thirty seconds, tops. With video chat, you’re looking at a five minute minimum, and you still can’t be sure that you’ve given the best answer in the best way.

Email support is asynchronous. If it takes a while to find a solution, you go away and work on it in your own time, and the user finds the answer to her question in her inbox in the morning. Video chat (or telephone support) is synchronous. If you hit a problem that doesn’t have an instant fix, you end up having to say “I’m sorry, can I get back to you later?”, leaving the user feeling that they’re being blown off.

Then there’s prioritization. If the support guy sees he’s got eight emails from users saying that the server’s flat on its back, and one email from someone who thinks his homepage is the wrong shade of puce, he can get the systems people working on the server issue before attending to the user with the aesthetically-challenged homepage. If you have to wait for the user to state their problem in a video chat, you’ll be dealing with cases in queue order, and you can’t make any decisions about how to use your time most effectively.

There are the needy users, who seem to thrive on contact. You write an answer to their first question, and they’ll fire back with three more before your finger has left the Enter button. Good luck getting them off the line in a video chat. You have a hundred other people who need your help, but they have all day.

The overwhelming majority of our users are sane, courteous, rational folks who are a pleasure to help. Even in a company like ours, however, where we all poop rainbows and there’s a constant rain of kittens falling on our desks from above (which can be very distracting when you’re trying to solve a tough coding problem), some support cases can be, shall we say, ‘adversarial’. From time to time, we get an angry user who nothing can placate. We also get cases that are just plain weird. We keep a big file of the best ones for our private amusement. Unfortunately, I can’t share that with you, which is a pity, because some of them are hilarious. Trust me, however, when I tell you that there are some support stories that don’t have a happy ending. I can’t think of a faster recipe for support desk burnout than having to deal with angry users in a face-to-face chat. Moreover, the really nasty ones will use the opportunity to curse, to wheedle, to extort or to threaten, while anything you say can be recorded, submitted to Breitbart/O’Keefe-style selective editing, and uploaded to YouTube under the title of “See how <company name> lied to me/insulted me/screwed me over.” And a good accusation goes viral a lot faster than a reasoned defense.

Video chat has plenty of other problems as a support medium. What I don’t think it does is to deliver on the promise of accountability. It’s not as if you’re seeing ‘the company’ in a video chat: just one of its salaried public faces. A large company could staff a video call center with any number of smiling salespeople trained in the art of soothing users while the real problems go unsolved. (“Sincerity: if you can fake that, you’ve got it made.”) Have they really helped their users better than the small company that only offers email support but does its best to really resolve their user’s problems? 

So I’m all for ‘deliberate accountability’ - in the old days, I think they used to call that ‘standing behind your brand’ or simply ‘customer service’. I’m proud to work for a company that is, I believe, accountable and responsive. But I think video chat is the wrong way to go about it in the vast majority of cases.

This is, of course, only my opinion and not that of the company that I work for. Now, if someone would just help me sweep some of these kittens off my desk, I could get back to my work …

Introducing the Info-Stasi

Back in 2002, riding the tide of post-9/11 paranoia, the Bush administration briefly flirted with a project to harvest and analyze vast amounts of personal information about American citizens, culled from databases and electronic communications. The project, usually referred to as ‘Total Information Awareness’, but officially known as the Information Awareness Office, was headed up by former Iran-Contra conspirator Admiral John Poindexter, a man so creepily-uncharismatic that you had to wonder if they’d only picked him because Cthulhu couldn’t get the necessary security clearances. Just to make sure that no one could fail to get the message, they then apparently launched an internal competition to see who could come up with the most horrifying logo for the project. The winning entry, depicting a menacing eye-in-a-pyramid turning its baleful gaze on the world over the Latin phrase “Knowledge is Power”, was so repellent that even Congress finally woke from its perpetual slumber and voted to defund the whole vile enterprise.

The cynics among us - myself included - simply commented that TIA would be back, and that next time it would surface in the private sector, where it wouldn’t be subject to the same kind of control or oversight as a government project.

And so, gentle reader, it came to pass. TIA’s new incarnation is called Project Vigilant, and its self-declared mission is to ‘Attribute Actions to Actors’. In case that seems a little vague to you (do they also attribute thoughts to thinkers and speech to speakers, to say nothing of vision to seers, or is that outside their remit?), Glenn Greenwald over at Salon does a fine job of summarizing what we know about Project Vigilant.

Project Vigilant (which should really be written with a final ‘e’) has been in the news recently because it turns out that ex-hacker Adrian Lamo is one of their ‘volunteer members’. And Lamo has been in the news because he was the person who turned in Specialist Bradley Manning, the soldier who (allegedly) provided Wikileaks with large quantities of classified information. Quite how Manning came to be in contact with a man who, in hindsight, was probably one of the worst people in the world that he could have chosen to confide in is probably an interesting story. Greenwald drops some hints, but declines to speculate.

Instead, he focuses on Project Vigilant itself, a ‘volunteer organization’ that “collects vast amount of private data about the Internet activities of millions of citizens, processes that data into usable form, and then … turns it over to the U.S. Government”. You’d think that violating everyone’s privacy on that scale would be a time-consuming and expensive activity, but evidently the patriots of the Project count not the cost. Moreover, according to Greenwald, they enjoy some remarkably privileged access: no less than a dozen US Internet providers are reportedly sharing data with Project Vigilant, data that the Project then massages and supplies in an easily-digestible form to the government. The Project claims to be able to track a quarter of a trillion IP addresses a day, and “develop portfolios on any name, screen name or IP address.”

So we have an ostensibly private organization - wholly immune to any scrutiny or control - with privileged access to data from ISPs, engaged in packaging up information about American citizens and turning it over to the government. I say ‘ostensibly’ because this kind of activity sounds like it would require fairly deep pockets, even if only for the infrastructure needed to process the data. And that’s assuming that the workforce are indeed all ‘volunteers’, and that the ISPs are handing over all their data for free just out of the goodness of their patriotic souls. Call me a cynic, but I can’t help wondering if the relation between Project Vigilant and Poindexter’s old total awareness infowarriors (or their successors) is really quite so hands-off as we are being led to believe. What are the odds, say, that some of that useful ISP data is actually flowing out of those secret wiretap rooms at the telcos and that at least some of Vigilant’s costs are being met, directly or indirectly, by way of a line item in a black budget somewhere? 

We may never know. What’s interesting is that, if the Examiner is to be believed, Project Vigilant has been operating for more than a decade, which would mean that it was actually launched before America woke up and smelled the post-9/11 paranoia, and long before Congress ordered that Admiral Poindexter’s unlovely child should be taken out back and quietly suffocated. This is enough to make you wonder if Poindexter’s Information Awareness Office was no more than a distraction, a built-to-fail red herring whose demise would simply accelerate the transfer of state surveillance to the private sector.

If you didn’t like the idea of the government peering into every nook and cranny of your electronic life, you probably won’t feel any more comfortable with the knowledge that the work is being done by a still less accountable private organization. If the idea of government spooks rummaging through your personal data and compiling secret dossiers on you makes you a little queasy, you’re really not going to like the idea of the work being done by anonymous and unsupervised ‘volunteers’ - volunteers such as convicted hacker Adrian Lamo. And while the government almost certainly ‘facilitated’ access to some of the data being scanned by Vigilant - it’s a safe bet that when the Project knocked on the doors of the ISPs and suggested that they might like to hand over their traffic records, they had at least a letter of introduction from someone in Washington - there’s probably nothing in Vigilant’s charter that says that the results of their research have to be shared only with the government.

In many other countries, something like Project Vigilant probably couldn’t (officially) exist, because it would instantly fall foul of strong data protection laws. But US data protection laws are remarkably weak, and there are strong interests that would like to keep them that way. Don’t look for any help from that quarter. 

Of course, according to Greenwald, Vigilant isn’t the only private-sector entity in a cosy data-sharing arrangement with the government. There’s also Infragard, a ‘partnership’ between some 23,000 businesses and the FBI that gives the Bureau access to all the data those businesses happen to have collected on you. Among its founding members, Infragard counts Chet Uber, executive director of … Project Vigilant. Take a moment now to get over your surprise.

Even allowing for the possibility that Vigilant is exaggerating its capabilities, it’s clear that private sector organizations are now engaged in a data gathering exercise that has no historical precedent. The interested parties, of course, trot out the usual “If you’re not doing anything wrong, you have nothing to fear” line, a phrase that is now recognized as the surveillance state’s formal way of saying “Ha ha, fuck you”.

Because — as experience has shown — even if you aren’t doing anything wrong, there a great many things to fear. And somewhere close to the top of that list are secretive corporate cyber-stasis like Project Vigilant and Infragard, operating in a comfortable gray area outside the law and subject to absolutely no oversight or control.

The sky is not falling … much …

Going back over my post about Google Social Search, which I wrote in haste last night after the new feature was pointed out to me by a somewhat agitated friend, it looks to me as if I may have been wrong about some of the pitfalls of the new system.

The potential privacy killer is the exposure of private second-order contacts. But re-reading Google’s documentation more closely today, it turns out that Google already has a notion of ‘public’ and ‘private’ contacts. ‘Private’ contacts include your Google chat list and Google contacts, and according to the documentation, these are not shared, and will not be used to “expand your social circle”. So it looks as if the sky may not be falling after all.

I apologize for misleading you all, and for maligning Google. It seems that they have learned something since Buzz.

But systems such as Social Search are not risk-free. Google’s position is that they don’t make anything public that wasn’t already public. That’s as it should be, but it’s worth bearing in mind that what Google is doing is to make obvious what’s already public. Yes, all the individual links that make up your implicit social graph may be ‘out there’, but most people won’t necessarily connect all the dots. Tools like Social Search take the complete picture and dump it in your lap.

It’s easy enough to dream up scenarios in which that can still turn around and bite you. Your strait-laced Aunt Hettie may enjoy visiting your personal website full of kitten pictures, unaware that you’re also an active member of a flourishing bondage’n’spanking online community. The day that you inadvertently create a graph link that spans your separate personae, Google Social Search is going to make all the connections and give Aunt Hettie something to think about over her breakfast coffee.

You did it to yourself, says Google. All the information was there. We just put it all together. They’re right, but that doesn’t mean that it isn’t a problem. In general, people aren’t good at thinking about what you might call the calculus of privacy: what connects to what, who has permission to see what, and how they interact. Part of it is that we just don’t think that way yet. But part of it is that the rules keep changing. Just when you think you’ve got it figured out, Google (or whoever) will add a new way of inferring connections and suddenly the whole shape of the graph has changed in ways you never imagined.

There’s another problem. Tools for managing this new ball of wax are either non-existent or ill-adapted. Google says proudly “You control who is part of your circle”, and goes on to list ways that you can do that. But the suggestions seem to amount to changing the social graph itself by removing a person (or a network). If you detect a potential exposure, the recommended fix is to take a machete to your social network.

This seems unsatisfactory. Tools designed for one purpose - such as managing your social network - are usually inadequate for another - such as protecting your privacy or controlling your online persona. If your connection to your friend Joe reveals something about you that you don’t like, Google’s answer is that you should break that connection. But when you do that, you lose whatever functionality comes from the connection.

Let’s make that more concrete with an example (not a privacy example this time, but analogous problems exist in that space as well). Suppose Joe tends to write embarrassing drunken rants on every subject under the sun. Each time you do a search, Google’s Social Search feature brings up a couple of Joe’s inebriated screeds, which may not be what you want even when the boss isn’t looking over your shoulder. But Joe’s in your social graph, and the only way to get him out of there is to remove him from your chat contact list and your Gmail address book. To manage one feature - Social Search - you’re forced to reduce the utility of two others - chat and email. Surely that’s not the way it’s supposed to be.

Connections in the social graph are overloaded. Applications built on social networking such as Google Social Search assign a ‘meaning’ to those connections that may be quite different from the ‘meaning’ intended by the user. The connections that the user creates end up being used in ways that he or she did not anticipate or intend, yet there are no tools available to let the user correct or control the way that the graph is used or interpreted. The only tools provided are tools for editing the graph itself.

It’s unrealistic to think that we can stop Google or Facebook or anyone else from adding new whizzbang features that stitch together what people reveal about themselves online and use it in ways that we never anticipated. It’s also unrealistic to think that we can ever predict the ramifications of putting any single piece of information out there (or, equally often, having it put out there by someone else). But there ought to be a middle-ground between withdrawing from online life entirely or accepting that our online persona - the sum total of information that can be learned about us online - is completely out of our control.

If someone like Google wants to think about how to build tools to give users real, flexible control over their personal information, that will impress me a great deal more than their questionably-useful Social Search.

It’s like deja-vu all over again

[CORRECTION: This post contains a significant error, which I explain in this post. But while the issues with Social Search aren’t as bad as I claim here, it’s still not problem-free.] 

Remember the Google Buzz fiasco? In their eagerness to roll out their latest whizz-bang new killer feature (by the way, does anyone still use Buzz?), Google didn’t bother to think about - or deliberately chose to ignore - the potential privacy implications of their model and ended up exposing everyone’s contacts. A predictable outcry followed, and Google was forced to walk it all back and put in the protections that should have been in there from the start.

But that’s all in the past now, and Google have learned their lesson, haven’t they? Well, no. Because now they’ve launched Google Social Search, another exciting innovation we didn’t need that … leaks all your contact information all over again.

How does it do that? If you’re logged in when you search for something, Google will show results that are somehow related to your ‘social circle’. Google assembles your social circle by the usual connectivity voodoo - digging through your Gmail contacts, your Google reader subscriptions and so forth. So far, there’s no great cause for alarm. But Google also includes second-order contacts - friends of your friends - in the results. And that’s where the trouble starts.

To illustrate the problem, suppose you are a married man who has been secretly carrying on with the local femme fatale. Your wife does a search for that charming little restaurant where you celebrate your wedding anniversary, and uncovers a glowing review written by that shameless hussy, accompanied by a helpful note from Google explaining that she shows up in the results because she’s a friend of yours. Marital ructions ensue.

Or you’re considering leaving your job at WidgetCo and have been sending out copies of your resume. When your boss searches for something, his social search results suddenly include half a dozen recruiters and the CEO of rival GadgetCorp, all tagged as contacts of yours. Problematic, no?

The possible scenarios go on and on. Subscribe to a mailing list for wombat fetishists? One lucky search hit and the whole world can know about your fondness for those winsome marsupials. And so on. And so on.

Friend-of-a-friend (FOAF) leaks are one of those nasty social networking gotchas that most users don’t think about. Apparently Google didn’t think about this one either because - even after the Buzz mess - they went ahead and engineered it straight into their new baby. What they didn’t do, of course, is provide any way for you to opt-out. There’s no mechanism for saying “No, dammit, don’t expose my list of private contacts to all my friends.” And unlike Buzz, which at least you had to start using before it could out all your contacts, Google Social Search will go ahead and expose your friends without you lifting a finger. I guess they call that progress.

So here we go again. Once again, we need to make a noise and get Google to undo their latest piece of thoughtlessness before it starts messing up people’s lives.

Zero-day exploit targets SCADA for espionage

We live in the future. More specifically, we live in William Gibson’s cyberpunk future.

Microsoft has acknowledged the existence of a bug affecting ‘all versions of Windows’, that allows attackers to trigger execution of malicious software via a shortcut link. It’s a serious bug, and one that’s apparently ripe for exploitation.

The flaw is already being exploited, and experts predict more attacks will follow. What’s interesting, however, is that the first observed attacks using the exploit have an unusual goal. Instead of trying to turn the hijacked home or office PCs into spam relays, pestering their unlucky owners with ads, or trying to steal passwords and credit card numbers - the standard repertoire - the attack targeted systems used as controllers for industrial machinery. Moreover, according to information put out by Siemens, the goal of the malware wasn’t to disrupt the connected systems (a recurrent nightmare scenario in a world where heavy machinery and essential utilities are increasingly controlled by computers running mass-market OS’s), but to “steal secrets from manufacturing plants and other industrial facilities”.

Computer hackers using sophisticated malware to conduct corporate espionage? This is the stuff of cyberpunk fiction. The future’s so bright, we gotta wear mirrorshades.

No shortcuts

If you’re selling anything - or even if you’re not - you’ve probably been subjected to dozens of offers from people who want to help you “harness the power of social networking” to market your product. The phrase is particularly common, of course, in the sleazy world of get-rich-quick schemes and spam, but the more reputable sectors of the economy are also asking themselves the same basic question: how can I use all this Twitter and Facebook and YouTube stuff that the kids seem to be into these days to sell more of my shit?

The answer - one answer - showed up recently in the form of a viral ad campaign by the makers of Old Spice deodorant, which featured their shirtless spokesman responding to messages from Twitter users from the comfort of his own bathroom (or someone’s bathroom, anyway). The witty and surreal videos were produced in close-to-real-time and showed a deft touch and a good understanding of their medium and their audience. They may not have sold many actual cans of Old Spice, but it’s a safe bet that large numbers of people who would never otherwise have thought about Old Spice have suddenly had it dragged into the forefront of their consciousness, in a positive way. (For the record, I haven’t thought about Old Spice in years, not since a friend unwisely used it to try to mask the odor of some rotten eggs. This traumatic incident created an association in my mind that has led me to try to suppress all thoughts of the brand ever since. But I digress).

The most striking thing about that campaign, however, was the amount of effort that went into it. The advertisers made eighty-seven videos in an eleven-hour period (that’s seven and a half minutes per video, for those of you keeping score at home). To make it work, they had to be able to plan and realize their improvised responses at high speed and they had to hit exactly the right note to appeal to their audience. If they hadn’t thoroughly understood the medium they were working with and hit on a novel formula for using it, the whole project would have fizzled and died. It may have looked like a bravura piece of high-speed improvisation, but it wouldn’t have worked at all without some solid planning and preparation. It must have been, in short, a hell of a lot of work.

But the people who want to help you “harness the power of social networking” are coming from a different direction. The implicit promise that they seem to be making is that social networking is some magical new force multiplier: that you can just sprinkle some Twitter and some Facebook on your product under their guidance and your sales will magically skyrocket. What they’re selling is a hands-off, no-involvement-required magic bullet. Just put your product ads on YouTube, goes the pitch, and the kids will beat a path to your door.

Ain’t gonna happen. At best, blindly leaping onto the social networking bandwagon will yield little or nothing. At worst, listening to the advice of the snake-oil salesmen will lead you into the brand-killing swamp of spam. The Web 2.0 generation is fickle and hard to please and they have vanishingly-low irritation and attention thresholds and an almost supernatural sensitivity to anything that smells even faintly of spam. Get it wrong and it won’t be your message that goes viral overnight.

If you want to use online social services like Twitter and Facebook to sell whatever you’re selling, take a look at the Old Spice campaign and think about what made it work. It wasn’t just a charismatic actor and self-deprecating humor that made the viewers feel they were in on the joke. Equally important was the swift response time and the fact that the advertisers engaged the audience directly, even personally. You can’t get that with a hands-off approach. You only get it by hard work. Despite what the self-styled ‘social networking marketing experts’ may tell you, there’s no substitute. There are no shortcuts.