Emergent Chaos

There’s a huge profusion of dating sites out there. From those focused on casual encounters to christian marriage, there’s a site for that.

So from a product management and privacy perspectives I found this article very thought provoking:

Bookioo does not give men any way to learn about or contact the female members of the site. Men can join for free, if they have been invited—and if a current Bookioo member can vouch for their information. They can then post a profile for the perusal of the female—and paying—members of the site. It’s those paying women, however, who get to call the shots.

As interesting as the approach is, what’s more interesting is how they came to it. They focused on a set of female customers, and asked what is it that they worry about, and what do they want? Co-founder David Olmos:

We think that women don’t feel comfortable with the current dating sites. The latter are too masculine: they were designed by men and they fundamentally address men’s needs. We know that many women prefer a different approach: they’re eager to socialize, to meet new people, and we propose to do that through activities. It may lead them to find a partner, of course, but they may as well enjoy an afternoon in a museum with a new girl friend whom they met Bookioo! So we propose to socialize through activities, common hobbies and common tastes.

As you can see, we actually want to revamp the “dating” concept, taking the perspective of women. The key issue for us is to make sure that women enjoy the level of privacy they wish and that the males’ profiles are fully validated. (“Bookioo: dating and social networking site gives women full control.”)

It’s also a very different approach to “creep management,” which we’ve covered in past posts like “Emerging dating paranoia,” “Dating and Background Checks in the UK” or “Dating & Background Checks in China”

At Microsoft, there’s a very long history of ‘eating your own dogfood’ or using the latest and greatest daily builds. Although today, people seem to use the term “self-host,” which seems evidence that they don’t do either.

Eating your own dogfood gives you a decent idea of when it starts to taste ok, which is to say, ready for customers to see in some preview form.

Apropos of which, there’s a really interesting post at the Inkling blog, “Pay for your own dog food:”

Using your own product comes with a ton of benefits, because you become your own customer. The quality of your product likely increases because you can’t ignore it’s problems. They aren’t just your customers problems. They are your problems.

…

We’ve gotten in the habit of actually taking out our own credit card and using it on our own account sign up page. Yes, it’s a bit silly when the credit card processing takes some money off the top. But it makes the feeling very real that you are paying for this, and now it’s an expense just like it’s going to be an expense for your clients.

If you haven’t listened to Larry Lessig’s 23C3 talk, it’s worthwhile to listen to the argument he makes. As I was listening to it, I was struck by the term non-commercial, and, having given it some thought, think that we need a better word to describe the goals Creative Commons is pursuing.

The term non-commercial reminded me deeply of the invention of non-secret encryption by James Ellis, Clifford Cocks, and Malcolm Williamson at the British GCHQ. Despite having invented what the world now calls public key encryption, the idea languished under both classification and a failure to make the critical jump from ‘non-secret’ to ‘public.’ Even when something isn’t a secret, you might not want to shout it from the rooftops, unless you’re Whit Diffie. In which case you might think that it would be great to have a phone book full of keys. Whit probably wouldn’t have thought of that with ‘non-secret’ keys, but he certainly did think of a directory of public keys.

Defining your movement by what you are not isn’t the best way to rally people to the cause. No one claims to be on either the anti-life or anti-choice side of the abortion debate. Beyond that, I’m going to say that non-commercial as a descriptor may be essential in the legal licenses associated with the Creative Commons licenses. Non-commercial may even be almost the right word but, as Mark Twain pointed out, the difference between the almost right word and the right word is really a large matter–it’s the difference between the lightning bug and the lightning.

So in seeking the right word, it may help to think about what we mean by non-commercial? We mean almost every word we say to our families, children, or lovers. We mean pillow talk, explaining to kids why the sky is blue, and that I would prefer not to live as a vegitable. We mean our scientific papers, our poems and our fair use of the song Happy Birthday. We mean blogging (others may see their blogs as commercial), asking a stranger directions, talking to our elected representatives, water cooler chatter, graffiti, and even all the unneeded words we say to a cashier in a checkout line.

It’s honest speech. It’s human speech. Let’s not demean it by asserting that commercial speech is the norm.

I posted last month about Bob Blakely’s podcast with Phil Windley.

Now (by which I really mean last month, wow I’m running behind!) Bob posts that the “Relationship Paper Now Freely Available,” and I’m embarrassed to say I stole Bob’s opening sentence.

Now that I’ve actually read the paper, I’d like to remix the ideas with some web 2.0 Zero Knowledge Infomediation craziness and having thus altered it, send it back out, its identity changed.

One of the core ideas in the paper is that of intermediaries who will represent for you. These intermediaries, who Bob says have a ‘custodial relationship with your data,’ rather than a transactional one, will know lots about you, and gossip as you let them. It’s like letters of introduction or recommendation–you select who you think can represent you well, and if they have a relationship with the person you want to talk to, then things are great.

This is a useful model because a business can perform due diligence on a few of these infomediaries, rather than on each customer. I’m using the phrase infomediary, which some of you may remember from the book Net Worth. The idea was you’d have someone representing you to the net, who would help you get good deals. It was a very consumer-centric idea in some ways, advertising-centric in others.

The difference with the 1990s infomediary concept is that Bob has a great angle on why a business would want to engage with the infomediary, rather than engage in surveillance itself.

It’s a compelling vision, but I’m not sure I buy it as a complete view of identity. As a citizen, I don’t want to work with a single identity provider. The lock in risk seems very high.

But worse, I don’t have one identity. My identity is created through a set of relationships: with family and friends, with employers, but also with colleagues who I’ve never worked with directly (like Mordaxus and Chris) and with former co-workers who aren’t exactly friends. For example, I had a great three hour lunch and walk around Rock Ridge with a fellow who I’d worked with at Zero-Knowledge, and seen maybe once since. I feel a little like Comic Book Guy, caught in a new situation, and forced to say “There’s no emoticon for what I’m feeling!”

Some of our business relationships lead to personal ones, of friendship or romance. The bright lines which once existed are gone. A business which tries to help us with all of these may end up creepy like Facebook. One which only sees one aspect of our lives may well get and give a one dimensional view of us.

I’m thinking of two folks reading this. One is saying “what’s the point?” Another is identifying this as “Adam brain spew.” Which is another way of saying that this is all over the place.

And perhaps, in a world in which we present different selves at different times, that is exactly my response to Bob.

Joseph Ratzinger (a/k/a Benedict XVI) made some comments recently made some comments that got some press. In particular, as Reuters reports: “Pope in Africa reaffirms ‘no condoms’ against AIDS.” Quoting the story, “The Church teaches that fidelity within heterosexual marriage, chastity and abstinence are the best ways to stop AIDS.”

Many of you are likely outraged. Saying, “sure, if only people would do that, then we wouldn’t need condoms. But people don’t behave that way.”

I’d like to explain what this has to do with information security. Some of you may be saying “sure, but we’re not that bad.”

In information security, we often keep saying the same thing over and over again, because we know it’s right. We tell people to never write down their passwords, to always validate their input, and to run IDS systems. Deep in our hearts, we know they don’t, and yet we keep saying those things. We tell them they “have to” fix all the security problems all the time.

It’s my hope that we in information security will be less religious than the Pope, but there’s plenty of evidence that, like him, we offer advice that makes people shake their heads in disgust.

Wherever you work, whatever you do, it’s worth asking yourself: am I being dogmatic in what I’m asking of people?

Me, I’m being dogmatic about asking you all to keep it civil in the comments.

So the US Consulate in Jerusalem sold a file cabinet full of secret documents. What I found interesting about the story is the perception of the finder:

Hundreds of files — with social security numbers, bank account numbers and other sensitive U.S. government information — were found in a filing cabinet purchased from the U.S. consulate in Jerusalem through a local auction.

“We couldn’t believe what we found,” said Paula, who purchased the cabinets and asked that her last name not be published. “We thought of calling the American consulate right away, and then we thought, you know they’ll just hide it and say, ‘Oh, we made a mistake.’” (“U.S. Consulate Mistakenly sells secret files in Jerusalem,” Fox News)

Transparency is a powerful idea. There’s little risk in disclosing this incident, except to the career of the person who sold the cabinet. Security professionals on both side know that these things happen. If we talked about the incidents we could assess their frequency and see if there are cost effective ways to prevent these things. I expect that there are, but no one wants to add a layer of bureaucracy for a threat that they can’t really assess. There are too many threats and too many ways to address them.

Ethonomethodologists talk a lot about communities of practice. Groups of people who share some set of work that they do similarly, and where they’ll co-evolve ways of working and communicating.

When everyone is part of a given community, this works really well. When we talk about “think like an attacker” within a community of security practice, it works well. When we tell developers to do that, they look like a deer in the headlights. (Sorry, couldn’t resist.)

One of the tools which different communities of practice can use to communicate is a boundary object. Boundary objects include things like ISBNs. Books have ISBNs in large part to track payments. They differ from Library of Congress catalog numbers. 0321502787, HD30.2.S563 and “The New School of Information Security” all refer to the same book in different contexts.

In STRIDE/Element threat modeling, there are two accidental boundary objects. (I learned about the theory after developing the approach.) They are data flow diagrams (DFDs) and bugs. The picture is a DFD, showing the process of threat modeling, along with boundaries. The boundaries are doing double duty as trust boundaries, and bi-secting the boundary objects.

The DFD acts as a boundary object because it’s simple. It takes about 30 seconds to learn (except for trust boundaries). It looks a lot like most whiteboard diagrams. Developers can draw the diagram, and security experts can analyze it.

The second boundary object is the bug database. Everyone in software development understands bug databases. And though the practices which surround them differ pretty markedly, almost no one would ship a product without reviewing their bugs, which is why security people like putting the output of a threat modeling session into the database.

There are other possible boundaries, such as the interface between the business and the software. This is where assets come into some threat modeling approaches.

So what’s the takeaway here? If you’re watching groups of people frustratedly talk past each other — or wishing they’d be that communicative — look to see if you can find boundary objects which they can use to help organize conversation.

I’m listening to this really interesting podcast by Bob Blakley and Phil Windley. What really struck me was where Bob said “thinking of identity as an artifact all by itself is unsatisfactory because we can talk about an identity and the attributes of an identity leaves out important details about how identities are created and how they evolve…relationships are the landscapes in which identities exist.” I think this is interesting, but I’m reading a paper about ethnomethodology and information security. One of the claims it makes is that meaning is created through conversation, and that a history of conversation and shared reference points gives us an ability to converse in meaningful ways. When someone says we’re talking past each other, what they may mean is that the conversation lacks sufficient shared context to be meaning-full.

So I’d like to fuse these ideas, and propose that identity is created through relationships. That without relationships, identities actually don’t exist. In the pathological cases of solitary confinement or hermitage, identity is severely stressed or destroyed.

I think people understand this instinctively, although perhaps not formulated as I’ve said it. Who a child spends time with shapes them, for good or ill. What parent doesn’t ask to meet their children’s new friends? The relationships create identity. As people age, and intimate relationships end either by breakup or death, people say they feel like they’ve lost a part of themselves.

As regular readers know, I’m concerned about the impact of replacing personal relationships with dossiers, algorithms and their implementations, like background checks, the use of credit scores everywhere, etc. Dossiers and databases are fed by organizations with whom we have a relationship. But the relying parties often have no relationship with us. They start their relationship defining us by the contents of dossiers, and it impinges on our sense of self. Our identities are set aside. There’s no relationship, there’s no conversation, and we feel either elated — “they like my file me!” or dejected “what’s wrong with me?” This displacement also drives the emotional response to identity theft. We’re upset that the person or organization we’re talking to is confused about who we are. They’re confused because the dossier is confused, and the dossier is confused because of a web of relationships which are hard to see or understand. The relationship re-creates our identity.

The third place I’d like to look is the rise of new forms of ‘loosely coupled’ technological relationships, perhaps first created by usenet, and now visible in places like Tribe, Facebook or MySpace. Here, we see people presenting their identity — in part — by how many ‘friends’ they have. There’s also an element of restoration of older identities — reconnecting with a boy scout troop, high school friends — all relationships that contribute to identity.

In “The Presentation of Self in Everyday Life,” the idea is that we create personas to control relationships. From lawyers to doctors to waitstaff or auto mechanics, people present a view into their identity that makes sense. I would question if I want to give business to an auto mechanic who was reading the Harvard Law Review when I came in, or a lawyer who was reading a Chilton’s repair manual. People present themselves in certain ways to control the perception of ‘who they are,’ and so a professional relationship develops in the right way.

I also want to look at privacy in the sense of Schoeman’s “Privacy and Social Freedom.” Schoeman looks at privacy as essential to freedom because it allows us to explore ideas without having to ‘answer’ for them. If we have a conversation with a friend, we need to worry less about saying dumb things, because the conversation is private. We explore and shape our identity within relationships and through those we’ve chosen to trust.

So next time someone talks about identity or identity management, ask yourself, what are the assumptions about the relationship? And when you hear someone talking about ‘customer relationship management,’ as yourself what identity they seem to want to manage.

Photo: Which one, by BeViewed.

[Update: Corrected spelling errors, including someone's name. I am the king of spelling errors today!]

Chris Hoff pointed to an interesting blog post from Peter Shankman. Someone* tweeted “True confession but I’m in one of those towns where I scratch my head and say ‘I would die if I had to live here!’”

Well it turns out that…

Not only did an employee find it, they were totally offended by it and responded to the agency person. The kicker is that they copied the FedEx Coporate Vice President, Vice President, Directors and all management of FedEx’s communication department AND the chain of command at (his employer).

Now, the twit who tweeted was clearly a twit, having mixed business and personal in a way that offended a major client. But let’s step back.

First, it’s important to remember that we all have personal lives, and it’s a good thing to be able to separate them from our work lives. If you work in IT and want to blog about gardening, no one is going to confuse things. Where it gets a little grey is when we’re deeply enthused about our work. I blog under my real name about topics that impact my employer. Not all–there are posts that haven’t seen the light of day because they’re too close. Sometimes, I cover work here when I’m really excited about it. My co-workers at Microsoft and my colleagues at Waggener Edstrom also understand that Emergent Chaos is separate, and have never asked me to post anything here.

Second, I think it’s important to generate a zone of professionalism where we it is seen as reasonable for seasoned professionals to comment on things which impact their employers without a presumption that they speak for their employer. This is not without challenges. If we’re naive about it, we create a zone of shills where people are paid to speak for their employers, and lie. At the same time, there are people with a degree of experience, maturity, and wisdom where you want them to be free to speak. Similarly, Microsoft’s willingness to accept my continued posting here without a lot of oversight made me happier in accepting their job. There are lots of companies which would have said “no way.”

Third, I think you need to telegraph where difference is. Here, it’s very clear that we speak for the President of the United States, not our employers. When I mention Microsoft, I try to be clear, although in reviewing posts, I seem to have fallen down a little. A post like “SDL Announcements” is pretty clearly me speaking about work:

I’m in Barcelona, where my employer has made three announcements about our Security Development Lifecycle, which you can read about here…I’m most excited about the public availability of the SDL Threat Modeling Tool. I’ve been working on this for the last 18 months…

(Speaking of clear, not all of the posts in the category are by me.)

The title is of course, a reference to the classic work of sociology, in which Goffman explains that we all present different facets of ourselves in different contexts. In blurring these contexts, services like Twitter and Facebook present a serious challenge to how we conceptualize and present ourselves.

Today is the 75th anniversary of the repeal of the blanket prohibition of alcohol sales in the United States.

Go pour some Champagne, Cava, or fine California bubbly and read Radley Balko’s excellent “Lessons of Prohibition.”

Photo: Jensen.Pernille. Thanks to Sama.