It’s 20 minutes on the Boulder Creek Path. We talk about Leadership, Obsession, Battlestar Galactica, Techstars, Privacy, The Wire, and a few other fun things, including whether the machines have taken over (or rather, when they took over.) Enjoy!
Whenever someone tells me about the progress humans have made, I remind them that since the beginning of humans, man has been trying to kill his neighbor to take over his backyard. And yes, as Amy likes to regularly remind me, it’s often men doing the killing.
Simultaneously, governments around the world have spent zillions of dollars building surveillance systems since the beginning of – well – humans. Or at least since the beginning of governments.
In 14 years, Facebook has created the most incredible and effective surveillance machine in the history of humankind. And we, the humans, have given the machine much of the data. John Lanchester has the best article on this I’ve read to date titled You Are the Product in the London Review of Books. It’s long – 8674 words – but worth reading every one of them. The magical paragraph is in the middle of the article and follows.
“What this means is that even more than it is in the advertising business, Facebook is in the surveillance business. Facebook, in fact, is the biggest surveillance-based enterprise in the history of mankind. It knows far, far more about you than the most intrusive government has ever known about its citizens. It’s amazing that people haven’t really understood this about the company. I’ve spent time thinking about Facebook, and the thing I keep coming back to is that its users don’t realise what it is the company does. What Facebook does is watch you, and then use what it knows about you and your behaviour to sell ads. I’m not sure there has ever been a more complete disconnect between what a company says it does – ‘connect’, ‘build communities’ – and the commercial reality. Note that the company’s knowledge about its users isn’t used merely to target ads but to shape the flow of news to them. Since there is so much content posted on the site, the algorithms used to filter and direct that content are the thing that determines what you see: people think their news feed is largely to do with their friends and interests, and it sort of is, with the crucial proviso that it is their friends and interests as mediated by the commercial interests of Facebook. Your eyes are directed towards the place where they are most valuable for Facebook.”
Jean-Louis Gassée, always the provocateur, is blunt: Mark Zuckerberg Thinks We’re Idiots. It’s another article worth reading, but if you just like pull quotes, the best one shows up early in the article.
“As Facebook’s leader, Zuckerberg resolves to get things straightened out in the future (“it’s my job, right?”) while he delivers a callcenter-style broken record reassurance: “Your privacy is important to us”. Yes, of course, our privacy is important to you; you made billions by surveilling and mining our private lives. One wonders how aware Zuckerberg is of the double entendre.”
For a more balanced, but equally intense view, Ben Thompson at Stratechery has a long post titled The Facebook Brand. It explains, in detail, how easy it was for any developer to get massive amounts of data from the Facebook Graph API between 2010 and 2015 (where Ben suggests that Facebook was willing to give everything away.) If you don’t want to read the article, but are interested in an example of the Facebook Graph Extended Profile Properties, here it is.
Ben’s conclusion is really important.
“Ultimately, the difference in Google and Facebook’s approaches to the web — and in the case of the latter, to user data — suggest how the duopolists will ultimately be regulated. Google is already facing significant antitrust challenges in the E.U., which is exactly what you would expect from a company in a dominant position in a value chain able to dictate terms to its suppliers. Facebook, meanwhile, has always seemed more immune to antitrust enforcement: its users are its suppliers, so what is there to regulate?
That, though, is the answer: user data. It seems far more likely that Facebook will be directly regulated than Google; arguably this is already the case in Europe with the GDPR. What is worth noting, though, is that regulations like the GDPR entrench incumbents: protecting users from Facebook will, in all likelihood, lock in Facebook’s competitive position.
This episode is a perfect example: an unintended casualty of this weekend’s firestorm is the idea of data portability: I have argued that social networks like Facebook should make it trivial to export your network; it seems far more likely that most social networks will respond to this Cambridge Analytica scandal by locking down data even further. That may be good for privacy, but it’s not so good for competition. Everything is a trade-off.”
In the meantime, Facebook is arguing with Ars Technica about whether or not Facebook scraped call, text message data for years from Android phones. Facebook is pretty insistent that it isn’t. But, given that Facebook quietly hid webpages bragging of its ability to influence elections, it’s hard to know who to believe.
In shocking news, Facebook is now under federal investigation by the Federal Trade Commission. I’m sure they will get to the bottom of this quickly. I wonder if the NSA is going to have to delete all the Facebook data they’ve slurped up over the years after this is over.
In 2008, I gave a talk at my 20th-year reunion at MIT Sloan. The title of the talk was something like “Privacy is Dead” and my assertion, in 2008, was that there was no longer any data privacy, anywhere, for anyone.
I’ve been living my life under that assumption since then.
The current Facebook scandal around Cambridge Analytica, and – more significantly – data privacy, shouldn’t be a surprise to anyone. All of my experiences with companies around Facebook data over the years have been consistent with what is nicely called “data leakage” from Facebook out into the world. Facebook’s privacy and data settings have always been complex, have changed regularly over the years, and are most definitely not front and center in the Facebook user experience. And, that data has been easily and widely accessible at many moments in time to any developer who wanted access to it.
Answer the following questions:
- Do you know what your Facebook privacy settings are?
- Are your Facebook privacy settings to your liking?
- Do you understand the implications of your Facebook privacy settings?
- Do you think your data has always been subject to these current settings?
If the answer to all of these questions is yes, good on you. But, my answers are no to all of them and, unless you do some real work, you probably are answering no to at least two or three of them.
I haven’t used Facebook for a while. I broadcast my blog posts to it, but I’ve never really figured out how to engage properly with it in a way that is satisfying to me. Periodically I think about deleting my Facebook account, but since I’ve been operating under the assumption that privacy is dead since 2008, it doesn’t really bother me that my Facebook data is out in the world.
As I read articles about the current version of the Facebook Data Privacy Meltdown (or whatever name it is ultimately going to get this time around), I’m fascinated by the amplification of “nothing new going on here, but now we are outraged.” A pair of articles that are a little off the beaten path (just watch CNN if you want the beaten path on this one) include:
- Both Facebook And Cambridge Analytica Threatened To Sue Journalists Over Stories On CA’s Use Of Facebook Data
- The Cambridge Analytica scandal isn’t a scandal: this is how Facebook works
I’m not sure what I’m going to do, but I do know that I’m not surprised.
Doc Searls wrote a great, very detailed post this weekend titled Thoughts on privacy where he argues we have passed the point of “Peak Surveillance.” He says, about halfway through the post:
“I can’t prove it, but I do believe we have passed Peak Surveillance. When Edward Snowden’s shit hit the fan in May, lots of people said the controversy would blow over. It hasn’t, and it won’t. Our frogs are not fully boiled, and we’re jumping out of the pot. New personal powers will be decentralized. And in cases where those powers are centralized, it will be in ways that are better aligned with individual and social power than the feudal systems of today. End-to-end principles are still there, and still apply. “
Five minutes later, I read an article in the New York Times titled Drug Agents Use Vast Phone Trove, Eclipsing N.S.A.’s which basically explains how the DEA has been paying AT&T for access to all its phone records for at least the last six years and to embed AT&T employees alongside DEA agents and local law enforcement to supply them with phone data going back to 1987. This program is called Hemisphere and – like Fight Club – is not allowed to be talked about. The text from p12 of the official presentation follows:
“All requestors are instructed to never refer to Hemisphere in any official document. If there is no alternative to referencing a Hemisphere request, then the results should be referenced as information obtained from an AT&T subpoena.”
Searls refers to a quote from Bruce Schneier about our new feudal overlords, which I think is just brilliant.
“Some of us have pledged our allegiance to Google: We have Gmail accounts, we use Google Calendar and Google Docs, and we have Android phones. Others have pledged allegiance to Apple: We have Macintosh laptops, iPhones, and iPads; and we let iCloud automatically synchronize and back up everything. Still others of us let Microsoft do it all. Or we buy our music and e-books from Amazon, which keeps records of what we own and allows downloading to a Kindle, computer, or phone. Some of us have pretty much abandoned e-mail altogether … for Facebook.
These vendors are becoming our feudal lords, and we are becoming their vassals. We might refuse to pledge allegiance to all of them – or to a particular one we don’t like. Or we can spread our allegiance around. But either way, it’s becoming increasingly difficult to not pledge allegiance to at least one of them.”
And then, I saw the hilariously sad and funny video “I Forgot My Phone.”
I have no idea if we’ve passed Peak Surveillance. But I know we are talking about a lot these days. I’m lucky that I’m married to Amy who has spent an enormous amount of time thinking about privacy (her college thesis was on the right to privacy). Our conversations about this are rich, and it’s caused me to start thinking 20 years in the future about the dynamics. This has happened before and it will happen again. So say we all.
I was shocked for a few minutes last week after I heard that Lavabit committed corporate suicide. I pondered it for a while and then forgot, but two things this weekend caused me to remember it.
The first was the suicide of Cylon Number One (John) near the end of Battlestar Galactica. I didn’t expect it at all (there were a bunch of things in the last three episodes that I didn’t expect.) The other was Barry Eisler’s tweet about Obama’s statement about the NSA (NSFW) from the weekend (Eisler is one of my favorite Mental Floss writers.)
I didn’t see Eisler’s tweet until Sunday morning because of my digital sabbath and it made me think of Lavabit shutting down. And then I had a moment of fear that I was reading it and considering retweeting it. The thought that crossed my mind was “if I retweet this, will the NSA record it somewhere.” Then I decided this was a fear-based reaction that was absurd, but not irrational.
Then I read Homes for Hackers gets a visit from the FBI. My friend Ben, who inspired me to buy a house in the Google Fiberhood in Kansas City, talks about the FBI poking around in his house because he has gigabit Internet. Now, Ben’s a trusting dude so he let the FBI in and was polite, but he speculates that he’s now got a surveillance device in his bathroom.
We are just beginning to understand – and struggle with – the crossover of humans and technology. When you ponder the NSA, it’s starting to feel like a giant computer run by humans, where the computer dominates and the humans are just the mechanics. Sure – the humans want to feel like the ones who are actually running things, but it doesn’t take much imagination to see this evolving along the same lines as Battlestar Galactica.
I accepted a long time ago that I had no actual privacy – that all of my data was being captured somewhere. I gave a talk at my 20th business school reunion in 2008 where I stated directly that “we no longer had any privacy.” But it’s getting worse – fast. Even if we work hard to have privacy, as in using Lavabit to send email, the government can still break through this privacy, or force the service to shut down.
I’m fascinated by all of this. Not scared – fascinated. It’s easy to be cynical, or scared, or angry. But our civilization is going to evolve in very strange and radical ways over the next twenty years. Hang on – it’s going to be a crazy ride.
Near the end of the week last week, the lastest “the US government is spying on US citizens” scandal broke. For 24 hours I tried to ignore it but once big tech companies, specifically Facebook, Google, and Yahoo, started coming out with their denials about being involved in PRISM, I got sucked into all the chatter. I was able to ignore it yesterday because I took a digital sabbath but ended up reading a bunch of stuff about it this morning.
While I’m a strong believer in civil liberties and am opposed to the Patriot Act, I long ago gave up the notion that we have any real data privacy. I’ve regularly fought against attempts at outrageous new laws like SOPA/PIPA but I’m not naive and realize that I’m vastly outgunned by the people who want this kind of stuff. Whenever I get asked if I’ll write huge checks to play big money politics against this stuff, I say no. And recently, I’ve started quoting Elon Musk’s great line at the All Things Digital Conference, “If we give in to that, we’ll get the political system we deserve.”
I read around 50 articles on things this morning. I’m no more clear on what is actually going on as the amount of vagueness, statements covered with legal gunk, illogical statements, and misdirection is extraordinary, even for an issue like this one.
Following are some of the more interesting things I read today.
- We are shocked, shocked…
- Government Says Secret Court Opinion on Law Underlying PRISM Program Needs to Stay Secret
- It’s our own fault… Deal with it.
- Tech Companies Concede to Surveillance Program
- Is the NSA outsourcing its domestic spying to Israel?
- Nothing To Hide
- No One Is Talking About The Insane Law That Lets Authorities Read Any Email Over 180 Days Old
- Room 641A
- What If China Hacks the NSA’s Massive Data Trove?
And I always thought PRISM was about teleportation.
And finally, the Wikipedia article, like all Wikipedia articles, is the definitive source of all PRISM information at this point, at least to the extent that anything around PRISM is accurate.
Glassboard, a new mobile app for sharing privately with groups, just launched from my friends at Sepia Labs. They’re seeing some good initial coverage from ReadWriteWeb and Macworld and twitter is abuzz with people setting up private groups (which I find oddly amusing – but since there is no way to discover a “private board” – it makes sense.)
Glassboard highlights an interesting dynamic in the market that I’ve referenced before namely that collectively, as the creators and early adopters of technology, we still haven’t figured out the right balance of what information should be public and what should be private, and how this information should be used in the social graph.
Take location information as an example. One of the things Glassboard allows you to share with a group is your location, but they make it just as easy not to share it. You may recall that in March I had a foursquare checkin scare whereby someone tracked me down at a restaurant and called me on the phone to spook me because they knew my location. It worked – that interaction then led to me rethinking how I use my social graph – and, more specifically, how and with whom I share my location.
Location is one of those uniquely personal data points that, when used inappropriately, can leave you (or the people you care about) hugely vulnerable. And even though this vulnerability exists, your location is casually being used by advertisers to send you geo-ads and its being attached to all your photos. On one hand, its a great piece of data that can be really helpful when you need to tell people where you are or where you were, but on the other hand, the ways it can be used inappropriately are innumerable.
The Glassboard folks have recognized the sensitivity of location data and have implemented the strict end user controls over how, when and with whom to use it. They’ve also done a bunch of other interesting and important things in their group sharing app – I encourage you to check it out if you are on iPhone, Android, and Windows Mobile 7.
I’ve had a number of interesting conversions about the intersection of the virtual and the physical world since I wrote the post Did Someone Ruin Foursquare For Me Yesterday? Kashmir Hill in Forbes did a quick email interview with me titled Venture Capitalist Gets Creeped Out by Foursquare which captured a few new thoughts and I spent some time the other night at a TechStars Mentor dinner talking with Alex Rainert, the head of product for Foursquare, who had spent some time digging into this issue to try to figure out what was going on.
When I reflect on this, it’s clearly a “me problem” and not a “Foursquare problem.” Specifically, I’ve been chaotic and much too promiscuous with regard to my social graph. I don’t have a clear rule set about who I accept as friends on different services (I pretty much accept everyone) and as a result don’t have much control over what I broadcast. When I reflect on this, I also realize that it has rendered services like Facebook and LinkedIn largely useless to me as an information consumption mechanism.
Given my social network promiscuity I realize that I’ve fallen into a broadcast-only trap. Basically, I’m broadcasting on all the various services I use, but not consuming much new information, except on Twitter. When I extend this to my overall information consumption pattern, I realize that a lot of signal is once again getting lost in the noise, especially around the RSS feeds that I try to read regularly versus the endless amount of web media that is now distributed by RSS.
Toss in Quora, Stack Exchange, Disqus, and a few other high signal services into the mix and my approach has broken down. While I’m still able to manage my email, I’m struggling to get the right kind of utility out of my social graph.
As a result, I’ve decided to make one of my Q2P1s to rethink and re-architect my entire social graph. While this will require lots of effort, my expectation is that I’ll get two clear benefits out of this. First, I’ll reset how I use my social graph. But more importantly, I’ll get a better handle on the dynamics – and gaps – that exist in using and managing a very active social graph. Once again, I get to use my corner of the universe as a laboratory and hope to find some new important technologies and companies as a result. And I’ll blog the experience so you can help me figure it out while learning from what I do.
I was at lunch at Japango with some of my Foundry Group gang yesterday. When I went to my house in Alaska last July, I took a Mac with me but left my PC at home. Ross bet me $100 that before the month was out I’d beg him to fedex my PC to me. He lost and I decided to use my winnings to take whoever was around yesterday out to lunch.
We were enjoying our sushi and talking about random things, like what our family restaurant was when we were growing up (Godfathers, Pizza Hut, Burger King were three of them) and where the smokers hung out at high school. Someone was mid-sentence when the manager of Japango walked up and asked if I was Brad Feld. I said yes; he handed me the landline phone and said “someone is on the phone with an urgent call for you.”
Everyone paused while he handed me the phone.
Them: In a voice that was clearly masked “Is this Brad Feld”
Me: “Yes, who is this?”
Them: “I wrrrr whrrr your rrrr.”
Me: “I’m sorry – I can’t understand you. What are you saying.”
Them “Brad Feld – I know whrrr you rrr.”
This went on for a few more exchanges. I figured out what the person was trying to say but I wasn’t really processing it so I kept asking what they wanted. Eventually I hung up. I explained to my friends what had just happened and we had a short conversation about checking in on Foursquare and I speculated that was what had prompted the call.
A few minutes later the manager came by, picked up the phone, and asked if everything was alright. I quickly told him the story – he was pretty perplexed and apologized for bothering us. A few minutes later he came back and said the person was on the phone again asking for me. I once again picked up the phone, this time with a little anxiety, but by the time I got on the line the person was gone.
Now, I’ve had my share of Foursquare serendipity moments. I met Kevin Kinsella from Avalon for the first time when he stopped by in a restaurant in New York that I had checked in and was eating at (he was hosting a dinner for me the next week for the Do More Faster book tour in San Diego, but we’d never met in person.) In Boulder, Amy has asked me not to check in until after dinner when we eat together because she doesn’t want the periodic interruption. And I’ve had my share of emails saying something like “I see you are in town – can we get together?”
In general, I like the Foursquare serendipity a lot. I don’t check in at my houses because I don’t want to broadcast where I am overnight, although I will check into a hotel when I’m traveling just in case someone is around. And I’ve got Foursquare wired to Facebook so things show up in my feed. I recently wired up Tripit as well (and to LinkedIn) and that has resulted in some positive serendipity lately.
But yesterday’s call spooked me. I didn’t check in for the balance of the day. When I walked out of Japango, I was a little nervous about where I physically was for the first time I can remember while in Boulder. And I had a heightened awareness of my surroundings last night as I walked home.
I haven’t sorted this out yet, but as an early adopter – and a promiscuous one – of location-based checkin – I’m rethinking how I use this stuff and broadcast where I am. I expect this will be a much bigger issue in the future as humans become transmitters of their location (don’t believe me – just go read Daemon and Freedom.)
I guess it’s a good thing that this just happened and caused me to think harder about the implications. One of the reasons I immerse myself in this stuff is to understand the products and services, but also to understand the impact on humans and our society. While it’s easy to think intellectually about privacy, it’s a whole different deal when you have to process the ideas in the context of real issues that you encounter.