Philippe's Fillips

May 18, 2010

On May 4, I wrote that the reliance of our Information Age on ever higher levels of automation increasingly looked like a drug addiction. On May 6, US stock markets took a 20 mn phony dive during which Accenture could be bought at a penny a share. Even more worrisome, I just read from Floyd Norris that "the regulators are still trying to figure out just what set off the crazy trading a week ago Thursday" (*).

When I assumed Cassandra's mantel, I forgot she did witness the fall of Troy against which she had wainly warned her heedless fellow citizens. I shudder lest my fate too closely follow hers. Plus predicting the obvious is nothing to boast about. Remember the bumpy flight of United Airlines shares on September 8, 2008? They caught the butterfly whose fluttering caused chaos in that case. More crowded, today's skies are less friendly.

While I insist the Internet in particular is spinning out of the control of the sorcerer's apprentices, I am aware other voices who deserve respect defend a different point of view. Michael Schrage for instance favors greater system interoperability as a powerful source of future innovations. And despite acknowledging the need for "rules of engagement", he cautions against fixing them too rigidly before one knows what works. Similarly Jonathan Zittrain speaks highly of the "procrastination principle", i.e. "waiting for problems to arise before solving them" (1).

Yet imagine "get-rich geeks", to remix Gillian Tett's title (**), had successfully jumped from weather modeling to weather making. I wonder whether Michael Schrage and Jonathan Zittrain would continue to relish the perspective of "new interconnections - and extreme fragilities, which are poorly understood"? Her own suggestion comes straight from soccer. "[Regulators] should start watching [...] where the real brains in finance are heading and then allocate their resources towards monitoring that field". If your team has lost the ball, mark the opponents most likely to get it.

Perhaps we can learn from the past. A few years ago the collapse of Enron led to a sudden urge in the US to compel companies to strengthen their reporting practices. The resulting law, Sarbanes-Oxley or SOX for short (2), has been widely derided for burdening public corporations with costly reviews of their financial controls.

Successful companies focusing on essential operations, it is likely that SOX made them retrofit their entire reporting systems to satisfy a whole new set of requirements foreign to the original specifications. Every software engineer or project leader know how costly and unyieldy such an imposition can be. And yet one wonders. How much trouble can it be to develop from scratch a reporting system with what amounts to natural measures against tampering with the books and then scale it up to match the growth of the company?

The problem though is that companies do not become small public companies overnight. They start much smaller than that, mostly oblivious to the need for internal controls. When I was working at a small Californian start up, I remember how shocked we all were when our well meaning accountant suggested the person in charge of opening the mail should not be our bookkeeper too, with the authority to deposit the checks.

Companies as well as societies evolve happily under the procrastination principle until it is too late for them to adapt to a harsher environment without paying a sizable penalty. Call it the curse of the retrofit.

Take privacy. Nothing in this principle imposes a burden out of scale with a normally constituted company as long as it is respected from the very beginning. Facebook is another story. It now ranks "among the most powerful internet companies [...] in the world", "with 400m users, 35m of whom use it at least once a day". As John Gapper correctly points out (***), "it is arguably complying with the law" but could it afford the price of a retrofit on privacy? This would so deflate its valuation as to make an IPO all but impossible.

A careful observer will say Facebook is not a good example for "[its] privacy policy has weakened from its pledge in 2005". But this does not prove privacy does not scale up well. It only means that privacy policies are to our privacy what confidence tricks (3) are to our interests.

Still I admit Facebook is exceptional because, contrary to what John Gapper says, it is so transparent about violating our privacy. How else did Mr Zuckerberg give him "the impression of not caring a hoot about privacy"? I am actually more concerned about the other companies. How much for instance would cost a retrofit at John Gapper's employer, the Financial Times, and the corporate owner of the latter, the Pearson Group?

Cooking the books and trading gossips about one's neighbors may be too ingrained in our societies, making belated retrofits there unavoidable. But surely nothing predisposes Americans to network their cars. Future interoperability in tomorrow's cars will test whether retrofits must be the norm.

Relayed by John Markoff (****), some scientists say "taken together, ubiquitous computer control, distributed internal connectivity, and telematics interfaces increasingly combine to provide an application software platform for external network access". We have been warned. "The car industry [runs] the risk of repeating the security mistakes of the PC industry".

Privacy concerns, I hypothesized, take a back seat because there has not yet been any bodily harm. With networked cars, expect the worst, say, a car barreling down a one way street in the wrong direction. Last year I had such an encounter on a street recently made one way. The driver told me he was only following his GPS guidance, obviously out of date. Today he would be held responsible. Tomorrow he might say his car did it.

What is to be done? The simpler, the better. Let us start by making it illegal to act under what a reasonable person would call a conflict of interest.

What a powerful principle! It would eliminate pronaocracy overnight. If solliciting funds from those who will come under your laws is not a conflict of interest, what is? It would end the hypocrisy of self-regulation. Can you be judge and party? It would put a stop to the current business models of Facebook, Standard & Poor's and Goldman Sachs among others.

This recommendation targets no more than conflicts of interest. It is all right to openly act in self-interest. Indeed, why should lobbyists stop putting their clients' cases to the legislators, as long as they do not finance the latter's campaigns? If Warren Buffet invests in Goldman Sachs, why should he not recommend the company, as long as he remind people of his bias and does not sell his advice?

Ruling out self-regulation does not mean the regulator must rule out innovation all together in order to limit retrofitting costs. Until more is known, why not simply require innovators to truthfully disclose what are the risks and ask all the persons concerned for a free and informed consent? Isn't it already the case in prescription drug trials? Why should bankers be allowed to take people wholescale as unwilling guinea pigs?

No one may know ahead of time what an innovation entails but it should not be difficult to determine when consent has been extorted. Indeed turning evidence of systematic extortion is the only redeeming feature of most privacy policies as they can be changed without prior user approval. As for personal profile based advertising, I have already proposed that each ad lets the consumer click and freely access the profile used for targeting with the right to have the original and all copies deleted within 24h (4).

Not that I entertain any delusion about being heard. Cassandra is all the company I have and the curse of the retrofit is on us (5).

Philippe Coueignoux

(*) ........ Impose Market Order, and Avoid an Encore of the May 6 Follies, by Floyd Norris (New York Times) - May 14, 2010

(**) ...... Risks posed by get-rich geeks are not just a flash in the pan, by Gillian Tett (Financial Times) - May 14, 2010

(***) ... Facebook's open disdain for privacy, by John Gapper (Financial Times) - May 14, 2010

(****) . Cars' Computer Systems Called at Risk to Hackers, by John Markoff (New York Times) - May 14, 2010

(1) The Future of the Internet And How to Stop It, by Jonathan Zittrain (Yale University Press) - 2008, 342 pages

(2) for more information, see the references given in my lecture on Protecting Digital Information

(3) read on this highly educational subject, see Confidence trick in the wikipedia

(4) see Comments relative to the FTC November '07 Workshop on Ehavioral Advertising: Tracking, Targeting, Technology, November 2007

11/19/2010:
............the following quotation shows that I have had company all along I had not realized was there. Unfortunately it does not alter the result.
(5) "It is far cheaper to architect privacy protection now rather than retrofit for them later",
............ quoted from "Code, version 2.0", by Lawrence Lessig (Basic Books) - 2006, 410 pages

May 2010

Copyright © 2010 ePrio Inc. All rights reserved.