Monday, November 27, 2017

Uber Under Pressure for Data Breach


In recent years, the rideshare-app company called Uber has not led anyone to believe they would win a corporate personality contest.  Their aggressive growth and shouldering aside of municipal regulations and the charges of sexual harrassment that ultimately led to the resignation of Uber co-founder Travis Kalanick last June have now been followed by a revelation that Uber had a massive data breach in October of 2016, over a year ago, and didn't make it public till last week.  Besides probably violating state laws, this latest flap raises serious questions about the responsibility of companies to protect consumers' data, and what companies should do when that data is compromised.

Here is apparently what happened.  A year ago last October, Uber discovered that hackers had obtained about 57 million names, addresses, and emails of customers who had used Uber's services.   The hackers also snagged driver license numbers for over half a million of these people.  Then they pulled a classic blackmail act:  for a mere $100,000, the hackers offered to destroy the data and keep the whole thing a secret.  Under the reign of Kalanick, Uber agreed to this deal.  The company claims that they have evidence that the data was destroyed, but one can be permitted to wonder about something that amounts to proving a negative. 

The main problem with all this skulduggery, other than the breach itself, was the way Uber handled it.  Many state laws require companies to disclose major data breaches like this within a stated time, usually within four to six weeks of discovery.  Uber clearly didn't do this.  And even if Uber's new CEO, Dara Khosrowshahi, had disclosed the incident upon taking up his new job in September, instead of waiting for two months, Uber would have still been violating these laws. 

As hacks go, in terms of numbers and the kind of data stolen, there have been worse incidents.  But still, knowing that your email and linked phone number, and maybe your driver license number, are floating around out there in the hands of blackmailers, is not a comforting thought.  Even worse is the fact that Uber caved so fast to the blackmailers' demands.  True, not many hackers offer to destroy the data they've stolen, but words are cheap. 

What should consumers do when faced with a choice to either (a) deal with a company that offers an attractive service at a good price, but has a reputation for shady actions with regard to its own employees, hackers, and the law, or (b) well, maybe there isn't another good choice, except to try calling an old-fashioned cab and hope for the best?  (Full disclosure:  I have never used Uber, airbnb, or any of those other newfangled apps that are breaking down the time-honored traditional service industries.  There's nothing intrinsically wrong with using them, and many millions of happy customers continue to do so.  But I have no personal experience with them myself.) 

Even if a person is well aware of Uber's less-than-stellar corporate reputation, in many cases one doesn't have a choice:  Uber has chased away most of the competing apps (Lyft being an exception in some locations).  To use anything else may require a great deal of conscious effort and ingenuity, and in some locations and situations it simply may not be possible at all.

There is a paradox in the fact that the digital online world on the one hand promises an infinity of options and choices.  But on the other hand, when it comes to certain close-to-essential services such as search engines, online transportation apps, and Internet service providers, the list of workable choices at a given time and place is usually radically limited to a few, or even one. 

From a business point of view, this narrowing of choices is a function of what is called the network advantage.  As Ma Bell found out around 1890 when the telephone network was experiencing rapid growth, every customer a network company adds not only increases the company's customer base, but also makes that same company more valuable to all of its other customers.  That doesn't apply in exactly the same way to Uber as it does to AT&T, but the principle is the same:  the biggest firm in a network-intensive business automatically has built-in advantages over everybody else, and so you usually end up with a winner-take-most situation.  For those lucky enough to invest in the biggest company before it takes over the whole market, it is a very attractive deal indeed.  But for consumers wishing to have a meaningful choice among a number of alternatives, the dominance of a single firm is less than salutary.

The concept of privacy, and the related idea of security, may simply have to keep changing as we seem to accept risks that a few years ago would have simply been unacceptable.  Even in the Middle Ages, there was no such thing as absolute security.  A man carrying a purse of gold coins was always liable to run into some ruffians who would knock him down and rifle through his possessions.  But one of the basic attractive features of civilization is that under most circumstances, people can go about their daily business using services that they need, without unduly running the risk of somebody coming along and taking valuables from them. 

Now that identity theft is so easy, it's something that is ethically equivalent to a purse of gold coins carried by a Middle Ages merchant.  But in the wild-West environment that is the global Internet, we have left the providing of security largely to service firms themselves, with results such as the Uber breach that are far from encouraging.  In breaking the law requiring timely notification, Uber became one with the hackers, at least to the extent of ignoring the law.  Unfortunately, none of its customers knew what they were up to.  And now that we know, many people will simply shrug the incident off as one of the risks of modern digital life.

Maybe it is, but to my mind, accepting and tolerating such things is a step backwards in the progress of civilization.

Sources:  I referred to reports on the Uber data breach at Gizmodo.com, posted on Nov. 24 at https://gizmodo.com/uber-s-new-ceo-was-told-about-the-companys-massive-data-1820722228, and the Washington Post at https://www.washingtonpost.com/news/the-switch/wp/2017/11/24/uber-is-sued-over-massive-data-breach-after-paying-hackers-to-keep-quiet/.  I also referred to the Wikipedia articles on Travis Kalanick and Uber.

Monday, November 20, 2017

Will Tesla's Electric Semis Take Over?


Elon Musk's latest product unveiling, held last week in Hawthorne, California, was done in the accepted fashion of introducing a new product these days, which is for the CEO to stand alone on a stage, backed by giant screens and, if possible, a piece of the subject hardware too.  Musk claimed that the new electric truck he plans to start building in a year or so will travel 500 miles on a single charge.  Critics cited in the New York Times article about the announcement say the more likely distance is 300 to 450 miles, which is a big constraint for commercial truckers, who can currently cover a lot more than that distance without refueling.  And Musk's figure assumes there are rapid-charging stations everywhere they are needed, which is currently not the case.

The new truck will also feature the same semi-autonomous driving technology that other Tesla vehicles have, which would be a big asset for truckers.  But you can have autonomous driving technology on a conventional diesel-powered truck, and in fact some other companies are already doing experiments along those lines.  It may turn out that the self-driving features make more sense to the trucking industry than the electric-power feature, an ironic twist that would not be unprecedented in the introduction of new technologies.

When personal computers were introduced, marketers desperate to include women in the potential customer base tried to sell the machines as a replacement for the kitchen card file of recipes.  Replacing a $5 card file with a $2000 computer never caught on, but a little afterthought feature called a modem turned out to be the genesis of the Internet, and the rest is history, so to speak.

Robotics expert Rodney Brooks, writing in IEEE Spectrum, thinks that convoys of autonomous-driving trucks may be one of the first widespread uses of self-driving technology.  It's a logical extension of the two-trailer articulated trucks you see fairly often on many highways, and forming a closely-spaced convoy of identical autonomous vehicles is one thing that the technology has demonstrably done well.  Brooks also thinks that once the freeway part of the trip is over, cities will insist on putting drivers in every truck before they are allowed off the freeway.  If that's the case, then right away, the main appeal of autonomous truck convoys to trucking companies—the ability to fire needless drivers—goes away.  So even that possibility is fraught with problems. 

Right now, buying an all-electric car or truck is a triumph of faith over reason.  The faith is a conviction that going electric is the wave of the future and, for many, a moral obligation in the face of rising carbon-dioxide levels and climate change.  The trouble for makers of all-electric vehicles is that, so far, only the faithful with a lot of money can afford to live out their convictions by buying an all-electric car. 

The conventional automakers are selling to people whose reason for buying a car is more or less the same as it's always been:  the need to get from A to B reliably and with a minimum of expense for the amount of comfort and convenience provided.  For many of these people, hybrid vehicles combine the best of both worlds.  They have better fuel economy than gasoline or diesel cars, and don't cost all that much more.  And the payback time, in terms of saving enough fuel money to pay for the premium in price, is often reasonable too, just a few years or less depending on how much you drive.

Most commercial truck owner-operators and the companies they work for are intensely practical.  They can't afford to make political statements with the kind of truck they drive, and what they're looking for is reliable, efficient, low-cost transportation systems.  If there is any economic benefit to be derived from converting a truck fleet to Tesla all-electric models, some corporation will figure it out–maybe one that runs well-defined routes between locations that have already got charging stations.  But beyond such special cases, Musk may have an uphill battle in trying to sell all-electric technology to a market segment where politics and faith is outweighed by bottom-line considerations.

After all, given the rise of autonomous vehicles, the long-term prospects for employment as a truck driver are not great, depending on how things play out.  If the convoy idea catches on, the job might actually get better for a while if you are lucky enough to be one of the drivers riding along in the convoy, ready to take over once the freeway ride is over and each truck has to be independently piloted through a city or town. 

But the current tendency of most automation is to eliminate jobs, not make them easier.  And without strong unions or other countervailing political forces, the profession of truck driver (and if you think it's not a profession, try it yourself some time) may be entering a long-term decline, closing off yet another avenue of employment for those without a college degree.

And as for the all-electric feature of the new Tesla truck, well, it's still true that even if we all started driving Teslas tomorrow, the big-picture carbon emissions caused by the resulting increased electric load on a power grid that still uses a lot of fossil fuels, plus the multiple inefficiences of generating electricity, transmitting it over lossy lines, charging a battery, and discharging it into an electric motor, mean that the nation's carbon footprint would probably get bigger, not smaller.  So it really boils down to faith, or even esthetics. 

I think most of the people who drive all-electric vehicles simply do it because they think it is cool.  And that is fine for those who can afford to be cool in that way.  But as for any larger good consequence of the move to all-electric vehicles, it remains to be seen whether the rest of the power infrastructure will catch up to the point that the fossil-fuel-free vision of the future will come to pass.

At any rate, it will be easier to pass than a row of five autonomously-driven trucks in a row on the freeway.

Sources:  The New York Times website carried the article "Tesla Unveils an Electric Rival To Semi Trucks" on Nov. 16, 2017 at https://www.nytimes.com/2017/11/16/business/tesla-electric-truck.html.  Rodney Brooks' article "The Self-Driving Car's People Problem" appeared in the August 2017 issue of IEEE Spectrum on pp. 34-37 and 50-51. 

Monday, November 13, 2017

From Cops On the Beat to Spycams and Algorithms


Police departments these days are using the latest technologies in data analytics and surveillance, often without letting either the public or their own higher-ups know about it.  A recent online article in Slate asks whether these public-safety measures are threatening privacy to the extent that instead of Big Brother, we now have to worry about a lot of Little Brothers snooping around.

Consider these cases. 

For the last several years, the Chicago police force has operated a system that does for arrests what a credit score does for loan applications.  Every person arrested gets a computer-generated "threat score" that rates their chances of either committing a crime in the future or being the victim of one.  People with higher threat scores get extra attention such as home visits.  In domestic-abuse cases, this could have the desirable effect of providing more security for an abused wife or girlfriend, and that is certainly a laudable goal.  But as anyone who has had their credit rating fouled up by a rating agency knows, mistakes in these systems can happen.

And in Baltimore, a firm was hired to fly a private plane above the city and take wide-angle high-resolution video with no particular crime scene in mind, just to furnish a God's-eye view of everything going on in the event that some of it turned out to be criminal activity.  When the citizens of Baltimore heard about it, they raised such an outcry that the program was terminated.  But similar technology is available and is being used elsewhere—maybe even in your town.

We already know about police-car dashcams and body cameras, which have been viewed as protecting the rights of citizens as much as aids to police trying to enforce the laws.  But wider-scope systems such as database-generated algorithms and synoptic surveillance not targeted at a specific crime or criminal are new things, and for understandable reasons, some law-enforcement authorities are not being as open as they could be about using them.

There is some justification for this.  One can argue that a novel surveillance method can be more effective if the people being spied on don't know about it.  But this argument is lost on the millions of stores that have prominent signs saying things like, "Smile! You're on TV" and otherwise make no secret that customers are being watched electronically, as a deterrent to shoplifting. 

Also counter to that argument is the notion that in a democracy, citizens have a right to know what methods law-enforcement authorities are using, and to make a considered judgment as to whether the alleged benefits of reduced crime and improved public safety outweigh the potential harm to what remains of our privacy. 

The Slate article treats the fact that there are around 17,000 separate law-enforcement organizations in the U. S. as a problem, because any given location may be under the authority of several of them, and sometimes it's a big headache even to figure out who to ask about these things.  But the Big Brother reference I began with comes from George Orwell's dystopian novel 1984, which featured "telescreens" everywhere that not only projected images of a Stalin-like figure named Big Brother, but reminded everyone that Big Brother was watching, through hidden cameras.  For most of the novel's lifetime, nobody worried about universal spycams becoming a reality, because the only way for every citizen to be watched was to hire enough people to sit there and watch the screens, which would have meant as late as the 1960s, it would have taken maybe 50 or 100 million people monitoring the 200 million or so U. S. citizens—clearly an impractical project. 

But now with digital storage, face-recognition algorithms, and artificial intelligence, spying on everybody in the U. S. all the time is still a remote possibility, but not nearly as remote as it used to be.  Things have reportedly progressed a lot farther along these lines in Great Britain, where it's not possible to walk outside in London for more than a few feet without becoming a feature in somebody's surveillance camera somewhere.

In such a highly spied-upon situation, it's a good thing that there are 17,000 different policing authorities instead of one big one, as George Orwell imagined in 1984.  Even if a few of them go overboard, the damage will be limited to that authority's geographic region.

But this isn't an argument for complacency.  Actions that affect the privacy of the average law-abiding citizen, especially when funded with that law-abiding citizen's taxes, need to be made known to said law-abiding citizen.  And so when police departments and other government-run security organizations start doing wholesale data gathering on innocent and guilty alike, this kind of thing needs to be advertised or made public in some way that brings the awareness of the activity to those who are directly affected by it.

Abuses of these technologies can happen.  It's probably because policing authority is so diffused in this country that we don't have more scandals relating to the abuse of surveillance technology.  The FBI, one of our few national-scope law-enforcement agencies, has been involved in a few such cases, but eventually Congress or someone else outside the executive branch manages to blow the whistle on them and correct the abuse. 

But many municipalities don't have such a mechanism to ensure that law-enforcement agencies inform the public they are watching that certain technologies are being used.  The Slate article cites a program sponsored by the American Civil Liberties Union called "Community Control over Police Surveillance" that can serve as a model of accountability.  I haven't studied the ACLU's efforts in this regard and can't vouch for its effectiveness, but it would probably be a good place to start.

Privacy is a much-neglected right in some areas of U. S. life.  We have gradually been trained by private interests to say good-by to it whenever we log online and do a search or buy a product.  But in going about our daily lives, and especially in our homes, it is a valuable thing to know that one is not being watched by a stranger who could, if he chose, use information gathered about you to complicate your life in some way.  At the very least, if such things happen, the people who are paying the taxes that pay for the systems need to know what they're buying—and refuse to buy it if they don't like it. 

Sources:  The article "The Fragmented Surveillance State" by Andrew Guthrie Ferguson appeared on the Slate website at http://www.slate.com/articles/technology/future_tense/2017/11/the_united_states_fragmented_surveillance_system.html.  More information about the ACLU's Community Control over Police Surveillance program can be found at https://www.aclu.org/issues/privacy-technology/surveillance-technologies/community-control-over-police-surveillance.  And George Orwell's novel 1984 was published in 1949, when television was just beginning to appear in large numbers of private homes in the U. S.

Monday, November 06, 2017

For Consumer Electronics, The Fix is Out—Or Is It?


Did you know that Apple can tell if you break your iPhone screen and take it to get fixed by somebody who isn't in Apple's authorized repair network and uses a non-Apple screen to fix it?  Not only can they tell, they can intentionally disable your phone when they find out. 

That's exactly what happened to Antonio Olmos, a news photographer covering the refugee crisis in the Balkans, when he broke his iPhone screen and couldn't find an Apple-authorized repair facility in Macedonia.  But he did find somebody who fixed it with an aftermarket screen, and the phone worked fine until a routine sofware update a few months later.  Then, wham—Apple turned his phone off.  When Olmos inquired, he was told that Apple did this as a "security measure" in case some of the unauthorized parts were defective.  But that wasn't the problem—the phone worked fine until Apple broke it in an act that looks suspiciously like punishment. 

Olmos had enough connections with the media to raise a public stink about the issue, and eventually Apple caved and quit turning off phones that have been repaired by non-Apple facilities with non-Apple parts.  But with his inquiry, Olmos turned over a rock to reveal just one of the many ways that manufacturers are increasingly trying to discourage repairs of their products by anyone other than their own limited number of authorized repair facilities—and sometimes not even then.

In an article on the website of the professional engineering magazine IEEE Spectrum, two leaders of the "right-to-repair" movement, Kyle Wiens and Gay Gordon-Byrne, describe how this is happening, not only with consumer electronics but with items as big as tractors.  For example, John Deere, the agricultural-equipment maker, took the position that in selling a tractor to a farmer, the company didn't really let go of the tractor—they only granted an "implied license" to operate it.  John Deere reserved the right to repair it or say who was going to repair it—certainly not the farmer.

This didn't sit well with farmers, who complained, and the U. S. Copyright Office ruled that John Deere was wrong—when a farmer buys a tractor, he can do anything he wants with it, from fixing it himself to driving it into a lake. 

These are only two of the most egregious examples of manufacturers who try to discourage consumers from fixing their own stuff, or using independent repair shops who use aftermarket parts.  As anyone who has been to a non-dealer-owned auto repair shop or an Autozone knows, independent repair facilities are often cheaper than dealerships and can do work of just as good a quality as the dealerships.  And many aftermarket parts are comparable in quality to OEM (original equipment manufacturer) parts.  So why do the makers seem to hate it if you fix something of theirs that breaks?

Well, the obvious reason is that as soon as a company sells you one of their products, they are competing with themselves.  If the product breaks, you have two choices, in principle:  fixing it or buying a new one.  The maker wants to sell you a new one, of course, and anything that can be done to make fixing difficult or impossible will tend to tilt your decision in the direction of a new purchase.

This helps a maker's bottom line, but it also contributes to the millions of tons of electronic scrap that goes into landfills worldwide every year.  As economist John C. Médaille put it, "Only by constantly buying what we don't need or already have can the system sustain itself; the size of the garbage dump becomes the true measure of our 'wealth'."  So what should be done?

The answer that Wiens and Gordon-Byrne favor is legislation at the state level to prohibit manufacturers from monopolizing product repair or preventing it altogether.  While this has some chance of working, it is only part of the problem. 

The things a culture values can tell you a lot about the culture.  Multinational corporations have encouraged the development of a worldwide consumer culture that values things that the corporations can sell at a profit.  And in the absence of strong counterforces from custom, religion, or politics, the consumer culture increasingly dominates the lives of not just millions, but closer to billions of people.  In 2016, almost two-thirds of the world's population owned a mobile phone.  That's about the same percentage of the globe's population who, as of 2013, do not have indoor plumbing (flush toilets, in other words).  Now don't get me wrong—having a smart phone, or any kind of a phone, is a huge leap forward toward all sorts of civilizational goods:  the ability to call for emergency services, to participate in a market economy, and so on.  Mobile phones can on occasion be lifesavers.  But so can flush toilets.  There are good reasons, however, that Apple is in the smart-phone business and not the flush-toilet business. 

State laws protecting our right to fix things can redress some of the grievous wrongs that companies are trying to put across with regard to product repairs.  But even if all service manuals were posted for free on the Internet and you could find a competent independent repair shop in every city and town, many of us would still be just waiting for our phone to break down to give us an excuse to buy a new one. 

This is a moral issue, really, and to explore its depths would take us far beyond the limits of this blog space.  But the heart of the matter is whether we believe what the manufacturers want us to believe, namely (as Médaille again puts it), "that our happiness lies not in persons, but in things, and not merely in things, but in constantly new things." 

That notion is, to put it indelicately, a lie.  But it's behind much of the advertising and marketing that we are subjected to all the time.  Until we recognize that lie for what it is, and change our ways of living and using our resources to reflect our realization that it's a lie, all the repair-protection laws in the world won't make much difference in the flood of electronics that goes from store to user to garbage dump faster every year. 

Sources:  The article "Why We Must Fight For the Right to Repair Our Electronics" by Kyle Wiens and Gay Gordon-Byrne was posted on the IEEE Spectrum website on Oct. 24, 2017 at https://spectrum.ieee.org/green-tech/conservation/why-we-must-fight-for-the-right-to-repair-our-electronics.  The statistic on worldwide mobile phone use is from https://www.statista.com/statistics/274774/forecast-of-mobile-phone-users-worldwide/, and the one on flush toilets is from http://www.slate.com/blogs/future_tense/2013/02/22/_60_percent_of_the_world_population_still_without_toilets.html.  John C. Médaille's book Toward a Truly Free Market (ISI Books, 2010), pp. 194-195, is the source of the quotations attributed to him.