Systems Not Sith: Organizational Lessons From Star Wars

In Star Wars, the Empire is presented as a monolith. Storm Troopers, TIE Fighters and even Star Destroyers are supposedly just indistinguishable cogs in a massive military machine, single-mindedly pursuing a common goal. This is, of course, a façade – like all humans, the soldiers and Officers of the Imperial Military will each have their own interests and loyalties. The Army is going to compete with the Navy, the Fighter jocks are going to compete with the Star Destroyer Captains, and the AT-AT crews are going to compete with Storm Troopers.

Read the whole thing at “Overthinking It”: “Systems, Not Sith: How Inter-service Rivalries Doomed the Galactic Empire“. And if you missed it, my take on security lessons from Star Wars.

Thanks to Bruce for the pointer.

Lessons from Facebook’s Stock Slide

So as Facebook continues to trade at a little over half of their market capitalization of 3 months ago, I think we can learn a few very interesting things. My goal here is not to pick on Facebook, but rather to see what we can take away and perhaps apply elsewhere. I think there are three key lessons that we can take away:

  • The Privacy Invasion Gnomes are Wrong
  • Intent Beats Identity
  • Maximizing your IPO returns may be a short term strategy

Let me start with the “Privacy Invasion Gonmes.” The short form of their strategy is:

  1. Gather lots of data on people
  2. ???
  3. Profit

This is, of course, a refinement of the original Gnome Strategy. But what Facebook shows us is:

The Privacy Invasion Gnomes are Wrong

Gathering lots of data on people is a popular business strategy. It underlies a lot of the advertising that powers breathless reporting on the latest philosophical treatise by Kim Kardashian or Paris Hilton.

But what Facebook shows us is that just gathering data on people is actually insufficient as a business strategy, because knowing that someone is a a Democrat or Republican just isn’t that valuable. It’s hard to capitalize on knowing that a user is Catholic or Mormon or Sikh. There’s a limit to how much money you make being able to identify gays who are still in the closet.

All of which means that the security industry’s love affair with “identity” is overblown. In fact, I’m going to argue that intent beats identity every time you can get it, and you can get it if you…keep your eye on the ball.

Intent beats Identity

The idea that if you know someone, you can sell them what they need is a powerful and intuitive one. We all love the place where everyone knows your name. The hope that you can translate it into an algorithm to make it scale is an easy hope to develop.

But many of the businesses that are raking in money hand-over foot on the internet aren’t doing that. Rather, they’re focused on what you want right now. Google is all about that search box. And they turn your intent, as revealed by your search, into ads that are relevant.

Sure, there’s some history now, but fundamentally, there’s a set of searches (like “asbestos” and “car insurance”) that are like kittens thrown to rabid wolves. And each of those wolves will pay to get you an ad. Similarly, Amazon may or may not care who you are when they get you to buy things. Your search is about as direct a statement of intent as it gets.

Let me put it another way:
Internet company revunue per user

The graph is from Seeking Alpha’s post, “Facebook: This Is The Bet You Are Making.”

So let me point out that two of these companies, Facebook and LinkedIn, have great, self-reinforcing identity models. Both use social pressure to drive self-representation on the site to match self-representation in various social situations. That’s pretty close to the definition of identity. (In any event, it’s a lot closer than anyone who talks about “identity issuance” can get.) And both make about 1/9th of what Google does on intent.

Generally in security, we use identification because it’s easier than intent, but what counts is intent. If a fraudster is logging into Alice’s account, and not moving money, security doesn’t notice or care (leaving privacy aside). If Alice’s husband Bob logs in as Alice, that’s a failure of identity. Security may or may not care. If things are all lovey-dovey, it may be fine, but if Bob is planning a divorce, or paying off his mistress, then it’s a problem. Intent beats identity.

Maximizing your IPO returns may be a short term strategy

The final lesson is from Don Dodge, “How Facebook maximized the IPO proceeds, but botched the process.” His argument is a lot stronger than the finger-pointing in “The Man Behind Facebook’s I.P.O. Debacle“. I don’t have a lot to add to Don’s point, which he makes in detail, so you should go read his piece. The very short form is that by pricing as high as they did, they made money (oodles of it) on the IPO, and that was a pretty short-term strategy.

Now, if Facebook found a good way to get intent-centered, and started making money on that, botching the IPO process would matter a lot less. But that’s not what they’re doing. The latest silliness is using your mobile number and email to help merchants stalk find you on the site. That program represents a triumph of identity thinking over intent thinking. People give their mobile numbers to Facebook to help secure their account. Facebook then violates that intent to use the data for marketing.

So, I think that’s what we can learn from the Facebook stock slide. There may well be other lessons in an event this big, and I’d love to hear your thoughts on what they might be.

The Very Model of An Amateur Grammarian

I am the very model of an amateur grammarian
I have a little knowledge and I am authoritarian
But I make no apology for being doctrinarian
We must not plummet to the verbal depths of the barbarian

I’d sooner break my heart in two than sunder an infinitive
And I’d disown my closest family within a minute if
They dared to place a preposition at a sentence terminus
Or sully the Queen’s English with neologisms verminous

For the full sing-along, please see Tom Freeman’s
The very model of an amateur grammarian
.

Emergent Chaos: Romney/Ryan for America!

We here at Emergent Chaos have long been frustrated with the Obama Administration. Their failure to close Guantanamo, their failure to prosecute war crimes including torture, their choice to murder American citizens (never mind without due process), their invocation of the state secrets privilege, their persecution of whistleblowers, their TSA running rampant, the list of disappointments runs long.

But we’ve been waiting to see real evidence of a decisive and predictable leadership style from Mitt. We’ve been waiting for a real and demonstrated commitment to civil liberties. Now, with the combination of Paul Ryan and Clint Eastwood, we think he’s over the top.

We know that a vote for Romney/Ryan may leave many folks wondering what they’re voting for. Are they voting for mandatory health care for all that Romney passed in Massachusetts, leading the state to legalize gay marriage or are they voting for the Romney who rails against his plan being taken national with Obamacare? Or are they voting to put Ryan and his voucher-ization of Medicaid one heartbeat away from the Presidency? It’s rare that we see this kind of chaos emerge at the top of a ticket.

Chaos like that is close to our hearts, and four years ago, that was enough to win us over.

But stakes are higher today, and we’ve seen a scary degree of staying on the latest message from Mitt and his advisors. So we needed a high-stakes decision, one taken at a moment of obvious gravity and impact, one taken at the very top, to really help us judge if the velvet glove has forged Willard Mitt Romney into the sort of man we want commanding the most powerful military ever seen on the planet.

Romney decided he wanted a surprise at the convention, and chose Clint Eastwood. Now, as a rock-ribbed, gun-totin’, pro-abortion, pro-gay-marriage, pro-ERA Republican, we think he’s the sort of libertarian Republican who should be making the attendees’ days. He’s the sort of Republican who should be addressing the convention, hearkening back to the big-tent party that Ronald Reagan led.

But, traditional thinking in politics has become that conventions are tightly managed. That’s why RNC Chairman Reince Priebus changed the rules on the convention floor to lock out Ron Paul’s delegates. He wanted to show that the GOP stands fast in its commitment to the rule of law and the importance of democracy, not running a convention where anyone who just happened to have committed delagates can show up and hope to win their party’s nomination.

That’s the sort of strategic thinking that led Romney’s most senior advisors to not ask Clint for a rehersal. And, apparently, their commitment to free speech led them to just toss him a list of talking points and not worry about it. (No, really, go read it, and consider what it means about decision making.) And that’s the sort of emergent chaos that we can’t help but nervously endorse.

So months from now, if you want chaos in the financial markets or chaos on the international stage like we saw chaos on the convention stage, the choice is clear. If Romney/Ryan can let chaos like that into their moment to shine, just think about the chaos that will happen when they’re blindsided. So if you want more leadership like that, if you want to live in interesting times, vote Romney/Ryan. We’re not sure what we’ll get, but we’re confident it will be exciting.