Monday, October 19, 2015

My Ludicrous Logitech Remote Experience

This is a more personal post with an embedded message.

As a ridiculously extravagant gift to myself I purchased two different Logitech Harmony Remotes
My goal was to attain better control over my devices, ranging from X10 lighting and power switches to the various media devices used around our house.

As usual the first thing I did was to read and translate the Terms and Conditions the result was a surprise even to me, you have just got to love lawyers!

Here is my plain English translation:

1 It's not yours, it's ours, we just let you use it while we choose to allow you to.
2 You can't nick it or let anyone else nick it. 
    (It's not good enough to use for anything important, think of it as a toy.)
3 If you give it to anyone they are also lumbered with these rules.
4 There's stuff in this made by others, the stuff they make might not work, which is not our fault. You accept their stuff may spy on you and misuse your personal data. This is nothing to do with us but we make you accept this rule anyway. Oh yes and they can change their stuff without you knowing anything about what they did or why they did it.
5 We can stop you using it whenever we want to with no need to tell you why.
6 We never said it would work and it's your fault if it doesn't, and it would be absolutely nothing to do with us!
7 We will never EVER accept any liability under any circumstance what-so-ever.
(unless of course, if you happen to know we have to accept liability by laws of your jurisdiction, in which case we will work very hard to duck our liabilities)
8 Special Clause for the U.S. government, even though we say on the box it can't be sold in the USA
9 You must comply with export controls, though we won't say why, or which ones apply.
10 If you are buying this for someone else we will pretend they bought it and will apply all
these rules to them whether or not they read them.
11 We are going to pretend your own countries law's don't apply and you can't make us think they do "La la la, la lah!"
12 If English is not your language tough! We only believe what we said in this English Version.
13 We have put a list of other folks on the internet, as they are the people who wrote most of this thing, and you have to accept all their rules too!

14 We have NO obligation to keep this thing working....

Why did I buy this stuff again?

Anyway I shall ignore these silly T's and C's, mostly because I still hold to the ludicrous idea that most Corporations want to do good by their customers, yes I know, silly me! I also have a sneaking suspicion that in a court of law most of these terms are invalid. 

Why do Corporations write such ludicrous Terms and Conditions? That's a far deeper question, which I suspect it is part seeing their purchasers as commodities to trade rather than Customers, and part a defensive position against the litigious world in which we live.

I am starting to consider that I need a set of Terms and Conditions myself for all those that want to do business with me.... I wonder how ludicrous I should make them?

Thursday, October 08, 2015

"Man in the Middle" Reduces Agency and Subordinates

It is an obvious statement that passing direct control of a device or thing to others to act on it, on the behalf of the owning entity, reduces the owners direct control, or Agency. While the owning entity may choose to trust the new agent, or service provider, the added complexity, aimed at making life easier to control automatically or remotely, will always add risk, and reduce security. Thus individual entities are both subordinated and less secure.

There is a clear difference between Architecting for Control versus Architecting for Agency. Often the former focuses on the control needs of the larger entity, rather than individual entities. The perspective of the designing architect is naturally driven by the needs of the corporate entity that is paying for the control architecture. It takes a corporation with very strong values to recognise the importance and value of Architecting for Agency.

Architecting for Agency is perceived not to be in the interest of the Corporation or Service Provider. The current architectural fashion is to architect Control Agents under the Provider Star Model. Meaning that all control commands come through the provider, making them the Prime Controller. This also provides one point of attack to gain control over all the devices in their dominion. It should be noted that the most important outcome is the ultimate loss of Agency of the owners of devices or things. Subordination is a natural outcome, individual entities become the serfs of the corporate service providers, not their masters.

So what does Architecting for Agency look like?

It often starts in the deliberately confusing Terms and Conditions of the service providers, here one can establish the architectural intent of the providers. See next blog post: My Logitech Remote Control Experience.

It continues with the Identity & Entitlement Model used by the provider; your identity and rules or theirs?

The Network Topolgy is also a great indicator. Does the owning entity control the communication pathway or hubs through which all control commands flow from owning entity to things or devices.

The future points to a mesh network where all entities can combine and communicate under the appropriate bi directional rules of owners and providers. With neither star nor hub. It is here that all devices and things become entities that can enact Asimovs Four Laws. (A 4 Laws enabled heart beat sensor that can identify that the heart it is sensing is in trouble and knows how to act to save the life of the heart's owner.)

The capacity of things and devices to exist virtually under their own control. Stated differently can the digital state of a thing be stored in the cloud under the direct control of the thing.

Nature has invented the technique of creating things that attain and maintain their own Agency.

We are those things!

Our challenge is to architect and implement a means of attaining and maintaining Cyber Agency

For today we are architecting for subordination, we are collectively accepting not a "Man in the Middle", but "Legions of Corporations in the Middle!" We should not be at all surprised at the consequences. If only George Orwell, had been alive today, his novel 2084 would have been far scarier!

Governments are often enamoured by techniques that can be used to subordinate their citizens, in the name of security. They appear not to have yet spotted that in this new age of Cyber Feudalism, it is the Corporations that are gaining control over their individual citizens tapping directly into their innate value and governments are being disintermediated. The "offending" cyber corporations apparently hell bent on reducing human agency for their own fiscal benefit, come from three basic corners, firstly the bandwidth providers, secondly the device providers, and secondly the service providers. The cleverer of these are starting to use more than one of the corners.

The upcoming agency architectural decisions are perhaps some of the most important ethical choices humanity has to make in this century. Without the right choices we can never expect to develop or gain Cyber Human Rights!

Subordination is a problem, but the resulting security risks are also key.

Sadly, as in all things security, we seem to have to first experience the full horrors of the negative, before we put in place methods of safely achieving the potential positive outcomes.

  • Cars - Seatbelts & Airbags
  • Electricity - Fuses & Earth Leakage Protection
  • Sunshine - Sunscreen

The film The Matrix is a good metaphor for Cyber Feudalism, the well hidden identity of the film was the name of corporate entity that was behind all the human energy harvesting.

I am reminded of the first live crab I cooked; what will it take for us to get out of the nice warm water before we fall asleep and boil to death?


Tuesday, July 28, 2015

Do I have a right to be anti-monadic?

Having discovered the word that describes well the actions of the cyber giants that results in our being squeezed into one single identity, it struck me that perhaps my human rights are being eroded. Monadism, yet another term from philosophy, it effectively describes the GAFA activities that are driving us toward a single identity.

Being able to represent my self in one of my many web based personas has become increasingly difficult, as first one of the GAFAs and then another manage to fuse my different personas, their clear target is to know me as a single individual. (See my recent Apple Watch example)

My grandfather persona is one I am still trying to protect though at least two of the GAFAs have managed to attach that persona to their monadic view of me.

My Jericho Forum colleague Paul Simmonds is working towards protecting our ability to uniquely represent ourselves as multiple personas, while maintaining our ability to have agency over our identities. His Global Identity Foundation is unsurprisingly currently making little headway against the huge combined gravitational forces of the GAFAs.

Perhaps what is needed is public awareness of the implications giving control of our identities to third parties and the development of a clear desired identity state. The current issue is that the frustration with the difficulty of maintaining identity control, is actually resulting in individuals handing control to the GAFAs.

A recent purchase of an Amazon Fire TV device demonstrated to me just how attractive it is to pass control over. The device arrived with the identity of the purchaser pre-loaded, we had after all purchased it from Amazon so they already knew who the purchaser was. There was no effort involved in claiming ownership of the device as the device apparently already "knew" who it's owner was. The truth is that it is Amazon who knew the identity of the owner, and they had asserted their control over the device. The experience was far simpler and less weird than the Samsung TV Identity ownership ceremony. The underlying issue is that we have passed control to Amazon and they had chosen not to authenticate the Identity of the owner.

Amazon have not yet made the jump to combining monadic identities into family groups, that Apple have made. This action would further pass control to the provider of identities, this would not be an issue if that were all they provided, the issue comes from the fact that they also provide products and services.

Anti-Monadic Rights

So, should we give an individual the right to create separate identities and maintain them separately.

The difficulty comes when such separate personas are used to hide illegal or immoral activities.

The state will likely press for monadic identities, using terrorism, tax evasion and crime as their primary drivers.

So what are the key elements of a successful identity model in the 21st Century

Data Agency: Having control over the transparency, privacy and usage of our data.

Identity Agency: Having control over the creation, use and deletion of multiple separate personas

These two elements should apply equally to all entities, whether person or organisation.


So my conclusion is, yes, I should have the right to control multiple separate identities.

Clearly that does not give me the right to use any of these for illegal or immoral purposes.

The challenge will be to create the legal and digital ecosystems that will allow CyberAgency, while maintaining a civilised and moral society.

Thursday, July 02, 2015

Eliminating Passwords: The Latest #AgencyFail Fashion

The latest fashion amongst

hi tech service providers,

is eliminating passwords.

They understand that their customers hate passwords however they are taking shortcuts that are denying their customers the ability to control their devices or services. Worse these shortcuts are passing the risks onto their customers

Apple have added a new feature to their Personal Hotspot service on the iPhone. Basically once you've set it up you can no longer turn it off. Sliding the switch in the iphone settings panel to off does nothing. A device that you have allowed to use the Personal Hotspot service on your phone somehow knows that the phone is near, and advertises Personal Hotspot availability. But wait it's switched off right... nope! if the devices user just connects to your phones Personal Hotspot from the device. Your phone will switch the Personal Hotspot service to <ON> and allow the connection!

This is not good, an iphone owner that allowed someone to use their Personal Hotspot doesn't appear to be able to stop them having access.

Oh wait, all one needs to do is change the Personal Hotspot password right? Well actually no, Apple have thought of that too! If you change the password, the device that you have already allowed to access the Personal Hotspot has apparently been given a magical password.

To recap: Hotspot switched off on the iPhone, Personal Hotspot Password changed.

When a device that has previously been allowed to connect to your Personal Hotspot comes close to your iPhone, the device will be informed and offer the Personal Hotspot to it's user, who can request connection and "Open-ses-a-me" the device is connected, as if the password change never happened.

This is an issue Apple!

How Apple should have designed the new "Instant Personal Hotspot" feature, was to add it as a selectable option. An option that would allow the iPhone user to have control, ie have agency over their phone. By quietly adding the option and leaving the iPhone owners assuming they had the ability to switch off their iPhone's Personal Hotspot feature, they have demonstrated the worse sort of Password Elimination: #AgencyFail

Another example of Password Elimination: #AgencyFail has been perpetrated by Amazon. When a user is shipped a new Kindle, they ordered it from their Amazon account, with their password.

Amazon must have thought "So we know it's them right, and they won't want the hassle of a password, will they?"

Having ordered the Kindle for my wife, I handed her it to her boxed. Yes, I was very surprised that she could order e-books on her new Kindle from my account without needing my password. She had gone through the install process, which assumed that I was her, and at no time was she asked to authenticate.

This is an issue Amazon!

How Amazon should have designed the no password "One-Click" feature, was to add it as a selectable option. An option that would allow the Kindle user, once they had authenticated, to enable the "One-Click" Kindle purchase feature, ie have agency over their Kindle. By deciding to ship a Kindle that assumed it's user was it's owner and did not require authentication for purchases, they too have demonstrated the Password Elimination: #AgencyFail

I believe that these features are often driven by marketeers who like the idea of making users life so simple it will delight them. But they are missing the opportunity of delighting their users by informing them of and giving them control of new features.

In both instances my experience was far from delightful, in fact it diminished my trust in both companies.

In your own organisation's quest to make your customer's lives easier, be wary of losing their trust and loyalty by denying them the right to control or have Agency over the devices or services you provide them.

As the Internet of Things explodes into our lives, let's hope the growing Password Elimination Fashion is delivered in a manner that does not eliminate our Agency, but enhances our Agency. Though sadly hope has never been an effective strategy!



Why should CISOs get involved in mapping?

Sadly many CISOs have yet to discover the existence, or power, of mapping, as described by LEF's Simon Wardley. So what is mapping and what has it got to do with a CISO? Happily Simon has made gaining an understanding of mapping a trivial activity, as those who follow his Blog already know.

Firstly do not assume that trivial always equates to quick, for to fully grasp the intricacies and power of Simon Wardley's mapping tool is the work of a lifetime.

While attempting to describe Simon's Mapping Tool in a single paragraph brings the danger of over simplification and trivialization, I will attempt it in order to whet your appetites. After running companies and developing strategy for others, and much else besides, Simon saw the light. More correctly he derived the mapping tool after much research and data gathering and analysis. The tool helps map the flow of things business related through four phases shown in his graphic below. It allows the development of a unique awareness of your business and its competitive environment, allowing the development of strategic and defensive plays, that will strengthen any organisation. As Simon implies "No military commander would consider going into battle without a map, so why should business leaders attempt to do business without a map?"

Used under Creative Commons License with no changes made.

Mapping has many benefits but one that will appeal to CISOs is that it helps identify the changing flows of information across organizational boundaries, as well as identifying services that are candidates for outsourcing.

In truth, there are many valuable benefits of Mapping, to numerous to enumerate here.

So, find out if your organisation is Mapping and if they are; get involved. If they are not, start Mapping yourself and bring the tool and your findings to the attention of the strategy planners in your organisation.

In either case you win!


Sunday, June 28, 2015

Asimov's Laws of Robotics do not enable Human Agency

Reminding ourselves of Asimov's Laws:

A robot 
 - may not injure a human being or, through inaction,  allow a human being to come to harm. 
 - must obey orders given it by human beings except where such orders would conflict with the 1st Law. 
 - must protect its own existence as long as such protection does not conflict with the 1st and 2nd Law.

It seems that a robot following the above laws receives no admonishment to obey it's owner.

Or does it? There maybe some that argue that the action of not obeying its owner could be seen to cause some sort of injury to the owner in question. Is distress an injury? This is rather a complex equation for a robot or the law to establish.

For the sake of clarity and simplicity perhaps an additional Law is required, to enable Agency;
What should it be?  Perhaps....

A robot :- 
 - may not injure a human being or, through inaction, allow a human being to come to harm. 
 - must obey orders given by its master or master's agents, except where such orders would conflict with the 1st Law. 
 - must obey orders given it by human beings except where such orders would conflict with the 1st, or 2nd Laws.
 - must protect its own existence as long as such protection does not conflict with the 1st, 2nd or 3rd Laws.

Such a formulation would add the concept of Human Agency to the Laws of Robotics.
The definition of Master will need to be carefully developed in Law, as it is likely that producers of robots will attempt to retain ownership of them.

Now all we need are four things
0) A human right to Cyber Agency, or simply and more generally a Right of Human Agency
1) Cyber Agency Awareness and Skills, and the desire to attain and maintain Cyber Agency
2) Ceremonies that unequivocally connects persons and things conferring ownership and Agency
     (Such ceremonies would have both legal & technical components)
3) The Laws, Technology and Ecosystems to enable 1 and 2, thus enabling 0

If we had these constructs in place, our ability to achieve Privacy and/or Transparency would be greatly enhanced. Sadly we have yet to even get to the Cyber Agency rights or first part of thing 1, namely Cyber Agency Awareness. We currently prefer to assume that the individuals who run Cyber Space are totally benign and have our personal interests at heart.  Hmmmm!

(While I was aware of the existence of the Zeroth Law, at first glance I felt that it served no purpose in this debate, though on second thoughts perhaps it does? Could we use Hybrid AI to run the COW? I created the concept of Cyber Over Watch in an earlier post? )

Friday, June 26, 2015

Agency requires recording and authentication of Intent or Accord

Those nine words represent a need that is very poorly delivered in today's world. I fear that while it is being less well delivered in Cyber Space, Things are going to make it far worse. In the current world our accord is often recorded by our signing and dating a document, and more recently scribbling onto the small screen of proffered device. Authentication is rarely if ever attempted. Repudiation is thus, in most cases, a trivial activity; "That isn't my signature/scribble".

Intentification, a neologism, describes the act or process of determining someone or something's intent.

In Cyber Space this is going to become more important, for in the near future our identity and location will be known to a very high degree of confidence. Our mere presence at the location where an event was triggered will likely be misused as proof our intent to trigger the event.

A current example are the pocket calls that we all have made. We should all be aware that having an International Phone Number as the number most likely to be used by our phones in such pocket calls can be a costly experience. Mobile phone operators quite happily bill us for such pocket calls, they do not care if we intended to make them or not.

The Law has addressed our ability to regain control of contracts signed remotely, the Consumer Credit Act gives us a cooling off period, but the act does not appear to address transactions under a previously agreed contract. "I did not switch on the Under Floor Heating over the summer, my Smart Home did!"

In the future Things will be able to trigger many more costly and perhaps more dangerous events, this may be as a result of accident, duress, mistake or malicious remote attack. If our presence at the point of the event being triggered is assumed to prove our intent or accord, we will be in trouble or out of pocket much more frequently than the current issue Out of Pocket calls. We seem to have accepted the lack of Intentification in pocket calls, will we continue to accept the lack of these authentication process.

Our Things will need to get much better at determining our intent and accord, as the frequency, danger and cost, of mistakenly determining our intent and accord increases this will become more a more evident need.

Trust and Safety requires an effective combination of the Identification and Intentification processes, we should not allow the continued oversimplification resulting from assuming that authenticating identity and location is all that is needed to record and authenticate our intent or accord.

This is actually quite an important Cyber Right that we have yet to acquire, mostly because an effective capability of authenticating intent or accord in Cyber Space has yet to be developed. Just as it has yet to be developed in the old paper based world, but remember repudiation is much harder in Cyber Space.

How are we to take control of our cyber space without this right and capability?


Friday, June 19, 2015

WiFi Access Fail O2

In a great pub on the Norfolk Boards I wanted to access the Web to give them a Trip Advisor review, one of my last Reviews as I have lost faith in Trip Advisor. Though that's another story.

The Wifi Hotspot was provided by O2, it popped up very easily asking me to sign in with my Mobile Phone Number, something that I really did not like!


But as there was no useable data signal anywhere close, I swallowed hard and signed up.


Then I waited for the SMS code to arrive. I use Giff Gaff which is O2 based.


Yep... you've got it there was no viable O2 signal in the pub, so I went outside and still no viable signal. I never did get connected.


Why!??! In this day and age!!! Why???

Sunday, May 24, 2015

So what are the measures of Agency?

In my role as Leading Edge Forum research associate I had been pondering the implications of this question when I saw this link. I will be honest I am no-where near answering the question yet...

At first sight it might not be obvious that the Netflix link, (Yes; you should have read the link to make sense of this post!) relates to Agency. Closer inspection shows that Netflix is working to eliminate friction and delay in the process of their viewers getting to, or back to, exactly where they want to be in Netflix on different TV sets. They are measuring Agency, with the goal of increasing it! Of course this is very much in the interest of Netflix, as well as their viewers

Consideration of the activity will show that if Netflix succeeds, the Agency of BOTH Netflix AND their customers can be increased.

From this we may conclude that Agency does not conform to the Law of Conservation.

I suspect that Google and Facebook see control over our data as a Zero Sum Game, i.e. If we (the Masses) have control over our stuff, they (the MegaCorps) don't, and they think that is bad for them. So they strive, by fair means or foul, to reduce our agency over our things and data, in order for them to gain that control for themselves.

Sadly many politicians and technologists, still see this as a Privacy problem. This encourages the idea that Agency, or Control, has to conform to the Law of Conversation. However in the digital world Win-Win positions are easy to develop and benefit from. It does however takes an Outside-In and Clockwise mentality to be able to attain this apparent Nirvanah. The truth is that joint e-trust and control can be achieved, if only we put our minds to it, that can be of benefit to all parties.

Could it be that Netflix might be preparing for a better world, where entities are given frictionless and rapid control over their own Things, data and destiny? Of course that is taking their actual behaviour, and stretching it a little bit too far, but we can hope!

Actually, better still, we can start taking this stance in our own organisations, imagine what it will feel like, when you realize that you have taken your organisation to the high ground in time to avoid the Cyber Agency Flood. (This is an imagined future where the masses rise up in frustration over their loss of control over, and the unimaginable amount of time it is taking them to manage, their cyber interactions.)

What are the key Agency measures and win-wins that your organisations can find in your customer interactions, that will help to gain value for all parties.

Please get back to me as I have a sneaking suspicion about what one of the measures of Agency is but, I have been proven wrong before, so I'd like to gather data!


Wednesday, May 20, 2015

Security = Futility or Utility?

Or put another way: How secure are we really? depends upon how empty or full you see your cup!

For those with a predilection for full, let me introduce you to the emergence of Weapons of Mass Cyber Destruction (WMCD).

Forget externally implemented Denial of Service attacks, think of previously embedded Denial Of Operation tools.

Think not of Back Doors, think of built in Kill Switches, either surreptitiously, or worse openly, installed by the manufacturers of the devices.

We already have EMP Nuclear Bombs that can destroy our unprotected electronic devices. By far the majority of our electronic devices would be permanently taken out by an Electro Magnetic Pulse triggered by the explosion of such a device. Few nations have the capability, or the capacity to develop such devices. So most electronic devices remain unprotected.

A single dedicated and suitably motivated individual could develop a digital equivalent of the EMP. However there are large corporations who have already demonstrated a predilection for developing and implementing digital kill switches.

Such code has been developed to "kill" or degrade charging cables not manufactured by Apple. It only takes a small step inside the innards of any electronic device to determine the capability of installing kill switches. The answer is simple: all could have one built in, most could have one added, the important question is how many already have? In the case of the Apple charging cable it is as a result of a licensing program that gives contracted companies the right to make Apple Cables, to achieve this right, they must build MFI Authentication chips into their devices. Apple has written code into the iPhones and iPads to allow them to degrade the performance of non licensed cables and then stop them working at all.

If it walks like a "Kill Switch" and quacks like a "Kill Switch"....

Apple is currently requiring that Home Automation Manufacturers build the same MFi Authentication chips into their devices if they want to interact with HomeKit. They will likely be building in the same kill code to disable operations of device manufacturers who have stopped paying the HomeKit licensing fee, as they have done with their cables. This sounding frighteningly close to a protection racket.

There is clearly a need for Trust Perimeters, and for a Digital Fabric that enables the development of e-trust, which is a requirement on the journey to true Cyber Agency. The challenge is to ensure that e-trust and Agency are achieved in an open, transparent and arguably free manner. Walled Gardens that do not allow the free flow of trust and agency will be a major disabler for economic growth in the not to distant future

But perhaps worse is that the practise of embedding "kill switches" into products, in the interest of protecting revenue generating license fees, may one day, be used against us all. Why would we allow the installation of components and/or code into our devices that enable Mass Cyber Destruction? It is quite clear that Nation States could trigger already embedded kill switches at a mere whim....

What systems do you already own that could be disabled by miscreants or manufacturers?

More importantly what systems have you sold to your customers that could be disabled by miscreants or manufacturers?

In an increasingly interconnected world of Things, protecting the Agency of our Citizens/Customers, must be one of our highest priorities, after delivering them value for their tax/money. Though protecting the Agency of our own enterprise is as equally important. Be aware of each and every reduction of Enterprise Agency, some of these reductions may be done for good business reasons, but be sure they are. Miscreants and Entropy acts on Agency in the most surprising of ways, just like the frog relaxing in a warm pool of water, we should always be very cognizant of the importance of Situational Awareness. For like the dozing frog, we may never come to the realization that it is in fact a pot on the stove, and never wake up!

Tuesday, April 07, 2015

Enterprise 2000 revisited

Simon Wardley has reminded me that Mapping is the only way to the future.


So I decided to apply his technique to an old Vision that I once helped write.


Extend Human Capability and

Promote Global Collaboration by

Providing Continuous Natural Access to

People and Knowledge


Ah it's clear now that this must have come from Simon's Strategem Algorithm


What does it look like with Simon'sMapping applied?


Extend Entity Capability and

Promote Global Collabora-Things by

Providing Transparent & Trustworthy Natural Access to

Entities and Smart Knowledge

Hmmm perhaps I've missed the point?

But then I did write this last Wednesday!!


OK, so that is a hateful join of two things, in this case words! But that will be what we get, when we let Things join together willy nilly. Most of the Thing joins done out of sight, and not under our direct control will be neither fortuitous nor laudable.

I recall trying to contact the folks behind the current Thing joining standard, DLNA. I had hoped to find a group of individuals who were planning to build "Agency" into their standard, at least I was until I understood them to be an association of Thing Manufacturers. When I understood the FLA, it stands for Digital Living Network Alliance, it became clearer, their goal is to let things connect to share data, mostly media related data. Put plainly DLNA servers publish all media files they hold to any and all compliant DLNA clients.

My conversation with them, was short and not so sweet, it resulted in them not understanding why I might not want any DLNA compliant thing to be able find and connect to any DLNA compliant server on my network. It ended with me being told "if you don't want them (the DLNA servers) to be connected to, then switch them off!" They clearly didn't understand my point or motivation. I wanted to add human agency to the DLNA standard, and they didn't see the need.

There are other Media related sharing standards, like Apple's proprietary AirPlay. Apple made the sharing activity human centric, the server in this case a smart phone or IPad will only share to a client under the direct control of a human. Putting the AirPlay Server under the control of the user, rather than allowing the user to use an AirPlay Client to browse all servers, is IMHO the right thing to do, Human Agency was put at the right point in the process of sharing.

As a test I placed a "Inappropriate Media File "on one of my disks that acts as an DLNA server, and tried to make it unavailable to my television, so that my Grandchildren could not stumble upon said file. The fellows from DLNA was right. If I didn't want the file to be available to my Grandkids, I needed to turn off the DLNA service on the disk. Be aware that when DLNA servers are enabled, "any" DLNA enabled client on a network can browse the files so published.

When it was just about sharing Media, perhaps Agency wasn't a high priority, as users could be relied on to not publish inappropriate material on their private networks. In truth, apart from the fact that they can't be relied upon, this also ignores the porosity of most home networks, that is few Betworks are private.

If I were a musician or filmmaker I would be concerned that my material was being published on DLNA servers, connected behind porous network routers. For I can imagine an illicit media service that reaches into the deperimeterised home networks to map, and provide access to the worlds DLNA published media.

As Things become more capable, and they start controlling each other, building Human Agency into the protocols that allow the Things to collaborate will surely be a necessity? Not just from the view points of Intellectual Property, and Privacy, but also from the view points of Fiduciary and Personal Safety.

Alternatively we can build Things that can think and act Autonomously, applying human values to their decisions, and Asimovs Four Laws of Robotics will apply!

Is Small and Simple really the best way to avoid complexity?

Alternate Title: Should we Exploit, Manage or Avoid Emergent Behaviour in the Internet of Things

Complicated is not the same a Complex, as those who study Complexity theory know well. Some of these theorists, posit that Complicated Systems can be designed, with behaviour that can be both predicted and controlled, while Complex Systems cannot. Complex Systems are normally found when a large number of smaller components or entities with similar goals are found in a specific domain. Their individual behaviour cannot be easily predicted but the emergent behaviours can often be divined once they have started to emerge. However it is not clear that they can be divined from a given set of starting points and/or constraints.

Computer Modelling of Complex Systems are increasingly used to develop theories as profound as the existence of dark matter, or the Location of Black holes. By running the increasingly detailed models enough times the required starting conditions are being established.

One of the outcomes of the increasingly detailed instrumentation of humanity is the fact that our every move and intention are being observed and collected by Things that are being given goals.

These Things are being connected in increasingly complex matrices or fabrics. We are creating the conditions of a Complex System in the Internet of Things. Complexity Theory predicts that there will be emergent behaviours.

Have any such emergent behaviours already surfaced?

Who is accountable for detecting, observing or regulating such behaviours?

What are the starting conditions for Autonomy to emerge as a new behaviour from this Network of Things?

Would we be allowed to become aware of the conditions that would allow the creation of this emergent behaviour? For after all the Computer Models would be under the control of the Things!

Why am I being reminded of Mice? Oh yes, they were the authors of the code to find "The question!", given the answer to Life the Universe and Everything was 42!. In this case Arthur Dent, the supposed sole survivor of the planet Earth, was the Thing that developed autonomous behaviour. As I recall he wasn't very happy to discover he was simply part of a System to divine a question.


Tuesday, March 31, 2015

When should a machine remove Agency from a Human?

The answer is not simple, but certainly when the human in question is breaking the Zeroth AND First Laws of Robotics.

       0. A robot may not harm humanity, or, by inaction, allow humanity to come to harm.
  1. A robot may not injure a human being or, through inaction, allow a human being to come to harm.
  2. A robot must obey the orders given it by human beings, except where such orders would conflict with the First Law.
  3. A robot must protect its own existence as long as such protection does not conflict with the First or Second Law.[1]

Surely I can't be the only person to ask:
"Why did the plane let him fly all those passengers into a mountain?"

I suspect Andreas Lubitz will be used as an exemplar for years to come as we see machines being given more and more authority to over-ride the risky instructions of mere mortals. This is one of those times in history when new principles are developed.

The new Principle can be written quite Simply as "Humans can't be Trusted!"

The same week as Andreas took his life and the life of 149 others, Ford launched a car that can "prevent you from speeding"

I posit that Things will be enacting more and more of our rules for us.
So can I suggest we start getting really good at writing Rules.

For if the Rule is bad the Thing will still enact it!

Saturday, February 28, 2015

Why the swing from Privacy to Agency?

I suspect have been asked this question via the many quizzical looks I have noticed on the occasions I espoused Agency over Privacy, but I sadly I read "confusion" rather than "question".

So recently I have been considering why I was not so "into" Agency in the past, and why I am now.

I had toyed with Primacy over Privacy in the early days of the Jericho Forum, indeed the word Primacy appears in the Identity Commandments.

It has recently struck me that the reason is very similar to the deep feelings of discomfort I experienced in my early forays into Second Life. The digital and physical world are starting to converge and in that convergence we have some new things to learn, and perhaps more importantly some new things to gain control of.

So to revisit my second life experiences, my first foray was more about understanding the interface and how to build things and dress myself in this new virtual world. I was happily immersed in these challenges (I still am not sure why I chose an animal skin cat suit) when I accidentally bumped into another virtual being. It was a visceral shock, I did not like the fact that I had absolutely no identity or trust cues. In fact I hated it so much I stayed clear for a fair while, and on the odd occasions I did venture back in, I worked hard to find deserted locations to play, in order to be "in control". If I couldn't be "Private" I sensed myself going into "Tube" mode. The way I am, and act, when travelling on the underground; in close proximity to a large number of strangers, I basically work hard to ignore them, pretending they are not real!

The time I did go into second life to interact with another virtual entity, was when I was being chaperoned by "Byn". She was a virtual world expert in my eyes, and most importantly I knew and trusted her. The experience was far more akin to real life and I felt like I was there, but most importantly I felt in control. Thus I sense that my issue was not really my desire for Privacy but rather my desire to be "in control". In short, I have an innate desire for agency! So perhaps my first swing from Digital Privacy to Digital or Cyber Agency was triggered by Second Life.

With the accelerating emergence of the Internet of Things the Digital and Physical worlds are colliding again.  Instead of the Physical world being instantiated Virtually in the Digital World, as in Second Life, this time the Digital World is being Physically instantiated in the Physical World.

We are learning how to make digital things physical in a new way. We have done this mechanically and indeed electrically for a long time. After all a thermostat and a heater are two components, or a thing, that translates a desired digital outcome, or a digital intent, into physical reality: "I want the temperature in the room to be 20 degrees Centigrade."

The fact that we are networking the sensor and the heater and giving them an API does not seem too important until we realise that now anyone on the planet, with the right skills, can chose to set the temperature of our room to whatever temperature they chose. The dangerous thing about this latest Digital / Physical interconnect is that there are no means to identify the lack of trust cues.

We have no simple means of knowing if we are in control of a thing and when we lose it.  How many of you spotted the new Frequent Locations service embedded by Apple deep in the bowels of iOS on your iPhone.

As an aside: Tim Cook please also shift from Privacy to Agency,your focus on Privacy  I accept that you "are" working hard to protect our Privacy from Nasty State Agencies. May I remind you that you have also been working hard to reduce our Agency or the degree of control we have over our Cyber Space. While I accept that Apple is not the only organisation hell bent on turning people from fungible resources into revenue generators. Locking us into your walled garden while carefully and subtly reducing our degrees of freedom, is not what I want from an organisation that wants to gain and maintain my trust.

The first organisation that truly empowers me, with an agent service that acts on MY behalf, will get my vote and perhaps most importantly access to my wallet. Indeed the first organisation that helps me to monetise my information whilst keeping me in control of that same information will be a hero in my eyes.

So, why the swing from Privacy to Agency? : I want to be able to be the agent of my own destiny in this ever more connected world of Things.

Agency gives me control and allows me to select and achieve many more things than the Privacy/Transparency choice.

Light, Heat, Nutrition, Health, Making, Wealth, Learning, Entertainment, Supporting Others, Charity, Security to name but a few.

Tuesday, February 24, 2015

Death: The Ultimate Cyber Agency Challenge

To recap, Cyber Agency is the control an individual has over their cyber space. Most of us do a very poor job of managing our Cyber Space. This is caused primarily because today our cyber space is made up of myriads of slices of enterprise Cyber Space, In the battle to win bigger shares of control over us, our Cyber Space providers are trying to attract us to use more and more of their "free services".

As an example, where is all the music to which you have license? In the past you might have said "music you own", that was however when we purchased physical objects containing the music. (In my own case, I find the answer to be unknown to me, I remember 3 service providers and have control of two but have an inkling that I have forgotten a couple, there was that incident in the last century where a disk crashed on my PC. I never really did recover from that, emotionally or archivaly. When I take into account the devices that contain my music, and then There was also that Russian Music service that provided cheap music...

I estimate that I have more than 25 Cyber Music Slices.

I won't bang on about all the myriads of Identities I have been forced to create on Vendor websites, I know I have forgotten more than I maintain control over, some of these are still costing me, as I regularly discover. The British Legion each year nicks another wodge of cash from my bank account. During the Iraqi war in a moment of giving I signed up to give them a donation. I must have ticked the wrong box, as the war is a distant memory, and I am still giving. However, as it is just after Poppy Day, I am reminded of the fact that I didn't buy one again, so end up not trying to figure out how to cancel the never ending donation. I did once and failed after 30 minutes of trying... and ended up frustrated and still poorer, but at least it's going to a good cause, right? But as the myriads of Identities in the main do not have too much of any import, I will focus on financially impactful identities. I lose my credit cards often enough that the credit card numbers I give to websites become quickly defunct. Perhaps this is a strategy I should actively engage in?! Yes, I think I will lose my Internet Credit Card each year, if I haven't already!

Attaining, let alone maintaining control over our Digital Assets is a task we keep promising ourselves that we will do. But the task is becoming ever more difficult as our Cyber Space is being sliced into ever thinner wedges. Too often we do not even notice our Cyber Space being split into ever more and thinner slices.We do this to ourselves when we by new and more devices, often from different suppliers. We also do this to ourselves when we attempt to file something and create a special folder for it, forgetting that we already have 3 other special folders for precisely the file type and content that this one was. A rough tally of my folders across multiple storage slices quickly exceeds 1,000... Aaargh!

Digital photos is the next domain starting to be dominated and sliced by our "free service" providers. Here I am even more confused, as Apple, just one of my providers, and with my connivance, has now managed somehow to create 11 different places where I can find our photos stored! How did that happen?! I am not even counting the 6 different iPhoto Archives I have created over the years. Last week I wanted a photo that I knew I had taken, I knew the camera and rough date, it is still not found:-( When I take into account the myriad of non Apple devices that take and store my photos the number of Photo Cyber Slices quickly approaches 50, I suspect it exceeds that number, but I have not the patience to even count them, let alone try to attain control over them. Oh yes I should also remember the myriad of storage cards of various types dotted round the house and in various devices. Many of these I can no longer even read! I still have an early Apple QuickTake? camera that creates a file type that not even Apple iPhoto deigns to acknowledge. I am sure it still has photos in it.... Oh! wait did I count the DJI drone? So yes, way more then 50 Cyber Photo slices. I just realised that of course I meant all images, moving and still! I wonder if those cine films are still readable!? I know the BetaMax tape I kept as a keep sake has long since become unreadable. I hope the Peacefull Valley Dude ranch VHS video is still readable.

Perhaps the most divisive of the Cyber Space slicers, is the growing band of free storage space providers. DropBox, Google Drive, iCloud (or whatever Apple is calling it this week) are just few of the myriad free cyber storage space providers. (Naturally I have one of every one that I can lay my hands on. After all it is free, and like my brother I encourage others to take up space in my new found storage provider as that gives me even more free space.) I am truly at a loss to define a number for my different Cyber Storage Slices, let's say 20? Seems conservative...

I can only imagine how many new Cyber Space slices will exist in my Cyber Space when the Internet of Things properly kicks in, as all things will naturally come with their own cloud data store. What self respecting thing would ever come into existence without a place in the cloud to store all it's sensor data. The number of these slices rapidly approaches a large number, today I have 15 temperature sensors in our household, that I know of, I assumed two in each car, I suspect there are many more.

So my rough prediction of cyber slices that will be in existence when I die will be well north of 5,000. I predict that at that time I will only have agency over less than 10% of them, and be "in control" of a handful.

Inside each of those slices might be between a dozen or 10,000 files.

I can only hope that my Digital Agent will attain wondrous curation skills before I die, as I know in my heart of hearts that I won't do it. I can only apologies in advance for the sad state of affairs that my family will find themselves attempting to handle.

So the next Cyber Space service industry that will need come into existence, if the Agents do not step up to the mark, is Cyber Space Curation of the Dead. Navigating the myriad of different Organisational procedures to wrestle back cyber agency of the dear departed will not be a trivial task! Just finding the slices is going to be hard enough! Whether there is anything value in all those slices is an entirely different matter! Future Data Archeologists may disagree, but perhaps the most prevalent response will be to erase the lot! To Adam and Christopher I have hidden the number of my Swiss bank account in one of those slices! ;-) (Not really!)

Now all I need is a suitable Cyber Slices of the Dead Graphic...

Sunday, January 11, 2015

Wait! my dreams are being mapped into Reality!

In this case, Mapping comes in the form of Clues, rather than @swardleys eminent Mapping approach.

If you haven't read the ClueTrain then do...

But perhaps more importantly read the NewClues:

At the end of the preface Doc Searles and David Weinberger state:

We, the People of the Internet, need to remember the glory of its revelation so that we reclaim it now in the name of what it truly is.

They solved my klutzy and limiting "We, the People of the World...", with the use of the key word Internet, an even more expansive version might start... "We, the Entities of the Internet..."

My ONLY quibble is their use of the word "is", for in their own minds they know that we can't know what "it" is, we can only extract Clues that point what it "truly can be!" Though perhaps they think they covered that with their use of "in the name of"

As they are the pre-eminent Clue extractors, I implore you again: "Read the New Clues."

I warn you, to truly grok them, the Clues that is, you will need to read them more than once and preferably in groups...

...Clue Clubs anyone?



Sunday, January 04, 2015

Digital Feudalism!

I have been discussing on the importance of "Digital Agency" and the need for a "Digital Magna Carta", but the phrase I was looking for just jumped out at me from this article.

The phrase is Digital Feudalism, we seem to be happily sleep walking into a new form of feudal society where the digital behemoths, and a few very agile and forward thinking startups, are happily hoovering up every ounce of digital agency they can. Sadly, they are not just hoovering up the digital bytes that allow us to maintain control of our own environments, they are also capturing as much data as they possibly can, in order to enable them to, know our every whim and desire, and predict our future desires before we ourselves know them. It is this rather spooky activity that has caused those who regulate our societies to focus on Privacy as the key aspect to legislate, rather than the broader and more important aspect of maintaining control of our digital selves, and our environment. This aspect I have labelled Digital Agency. Sociologists and Philosophers are very comfortable that the word agency pertains to the degree of control an entity is able to exert on their environment. In normal usage we are comfortable with the use of the word when it relates to passing our agency to a third party or agent. In fact so comfortable that we are transferring our control ever more completely to the new power brokers, the Digital Feudalists, or Uber Class.

The term "Uber for X", where X is the new industry being targeted by the Digital Feudalists, is starting to create fear in the traditional organisations, used to providing goods and services in the current economic model. Will they be next to be taken out? We should expect them to try and turn us into their digital serfs as rapidly as they know how.

What then, is Digital Feudalism and what are the underlying bets? Digital Feudalism is the act of making Serfs out of both the provider and the consumer. There are two types of serfs in this new model. Firstly the physical serf, the indentured front line provider of the service in question, they are basically providing the labour capital at the lowest possible cost to provide the physical aspects of the digitised service in question (NB Where possible the new Feudal Lords aim to eliminate the need to use human labour in the provision of their services.) The second serf type, is the entity we used to call Customer, they are the indentured digital consumers of the relevant service. In both cases these serfs are bound by an indented** contract to their digital feudal Lord, whether Uber, Google , or O2, (one of the earliest of the new Digital Feudalists in their initial BT Cellnet guise.)

**The indents in the two physical copies of a contract were used to identify the documents as the same contract. Hence the word indentured. Trust and Identity are at the root of so many of our legal and social systems.

Regulators existed in the communications space, who understood the importance of the freedom of choice and ability to move from provider to provider, thus number mobility and the ability to change providers were swiftly regulated. However, the control over the data created by mobile communication devices has not yet been put back into the hands of the rightful owners of that data, as Telefonica the owners of O2 have demonstrated with the creation of Telefónica Dynamic Insights. For that matter nor has the control over the mobile communications devices themselves been put into the hands of the owners of those devices. This is related topic, which describes the importance of our having agency over our Things.

On then to the underlying bets, the key bet of the Digital Feudalists is that there will always be enough digital serfs with the economic capacity to purchase their services, another bet is that there will always be enough physical serfs willing to provide the few remaining required physical activities at below market rates.

An underlying bet is that the human resources making up both types of serfs will be happy to treated as fungible assets. Willing to be treated like cattle or perhaps worse the beets fed to the cattle.

Finally, they are betting on gaining access to our collective digital assets at no charge, at least not from the rightful owners of those digital assets.

It is not clear that our regulators are up to the task of ensuring that Digital Agency rests in the hands of the related entities, whether individuals or organisations. At present they seem to be focussing on prescribing opaque windows in the bathrooms of houses built on the edge of a Volcano. We are in the process of losing control of our individual environments, let alone the data we create in them, and perhaps worse the means of creating wealth from our skills and digital assets. Hence the importance of creating a Digital Magna Carta, that defines and prescribes the key Digital Rights that any entity should hold dear. Such a document would be a useful signpost to enable us, and those that govern us to navigate the next decade, as humanity struggles to address the major social upheavals involved in changing from one economic model to another.

One question that occurs to me is that when all the population of the planet are digital serfs, and that the last vestiges of labour have been expunged by automation from the production process, what then? The film Zardoz springs to mind!

A disquieting thought from the article I referred to at the start of this blog, that you may or may not have read, is that the growth in inequality is higher in San Francisco than it is in Mumbai.

On the up side, the most positive thought was also found in the article:

"Whatever the outcome, the younger generations show a tendency toward being empowered citizens valuing co-creation and sharing rather than becoming consumers."

So what should we be doing about Digital Feudalism, this question is as relevant to business owners, and those that govern us, as it is to ourselves as individuals. Or will we just sit back and let the Millenials deal with it?

Methinks that it is not a good idea for us, the ever aging part of the population, to leave them, the Millenials, with the impression that we thought it was a good idea for them to be treated as fungible assets. They may just jump to the conclusion that the concept should naturally apply even more strongly to the old and decrepit part of the human labour pool!?

Perhaps we need more than a Digital Magna Carta...

"We the People, of the planet Earth, on order to form a more perfect global community...

Now I know I'm dreaming!! ;-)