Liminal states

Tales from the Net co-author Deborah Pierce’s Into the Lion’s Den — a privacy advocate’s work is never done (on her tribe.net blog) talks about a panel she was just on at ere expo, “the nation’s leading recruiting conference.” She was there for a debate with the CEO of a company whose mission is “to map every business organization on the planet, contact by contact”:

The CEO started by asking how many in the audience had heard of Jigsaw or had used Jigsaw. About half of the people raised their hands. When my turn came, I asked how many people had heard of Fair Information Principles*. There were about a hundred people in the room and about three people raised their hands. With this crowd I wasn’t surprised.

Continue Reading »

Fourteen years ago today was my last day at Digital Equipment Corporation before leaving to work on the technology today became PREfix and the company I started with a few friends that became Intrinsa, so it seems especially appropriate to post about this today …

I’m delighted to announce that I’m starting a part-time strategy consulting gig working with San Francisco-based software engineering startup Coverity. My initial focus will be exploring possibilities in the security space, and I’ll be using techniques like community-driven strategy and design, asset-based thinking, and social network analysis. So it’s a very natural followup to each of my last three professional incarnations: static analysis architect, computer security researcher, and grassroots strategist.

Continue Reading »

Update, March 27: Macbook Air pwned and owned — in two minutes!

Update, March 28: Vista laptop pwned via an Adobe Flash vulnerability.

Update, April 16: Apple issues Safari patch.

Props to the winners — and to Ubuntu Linux, which emerged unpwned!

Continue Reading »

It’s amusingly difficult for me to write professional biographies, especially for print publications. Not only do I have a hard time reducing my career to the paragraph you’re usually allowed, at some level it feels like it forces me to reify my identity. Nonetheless, it has to be done; right now, I’m on the hook for bios both for the Computers, Freedom, and Privacy program committee and an upcoming book chapter on computer science as a social science.

So here’s a stab at it … feedback, please!

Update, 3/27: revised substantially after great feedback. Original version in the comments. Thanks all!  Additional minor edits on 3/29.

Jon Pincus’ current professional projects include Tales from the Net (a book on social networks co-authored with Deborah Pierce), starting a strategy consulting practice, and blogging at Liminal States and elsewhere. Previous work includes leading the Ad Astra project as General Manger for Strategy Development in Microsoft’s Online Services Group; creating the static analysis tools PREfix and PREfast (now available in Visual Studio) at his startup Intrinsa and then at Microsoft Research; security planning with the Windows Security Push and XPSP2 task forces; and the National Academies/CSTB panel “Sufficient Evidence?” His primary research interests relate to recasting the field of computer science as a social science. In addition to the applications of this lens to security discussed here, other social science approaches embodied in Ad Astra and the earlier Project Fabulous include asset-based thinking, narratology, cognitive diversity, intersectionality, philosophy of technoscience, oppression theory, and hot pink beanbag chairs.

(Note: that’s the version for the computer security paper; the other one will have slight differences in the last sentence.)

I’ve been working on a couple a potential proposal a keynote for this year’s Computers, Freedom, and Privacy conference related to the topic of intersectionality and social networks. Here’s an overview:

Since first being developed by Kimberlé Crenshaw in the 1970s, theories of intersectionality have become a powerful lens for examining questions of race and gender. In the interim, advances in network theory have shown the importance of intersectional hubs; and research in cognitive diversity and problem solving have highlighted the unique contributions of those at the intersections. Does the recent development of social computing technologies, allowing “micro-niche” generation of content as well as enabling people to participate more easily in multiple online social networks, point to new approaches for valuing and leveraging intersectionality? And what does this imply about technology policy in a web 2.0 world?

To explore this area, I propose an joint keynote session (perhaps over lunch or dinner), featuring an expert on intersectionality and an expert on social networking. Crenshaw herself, currently at UCLA law school, would be ideal for the intersectionality expert [unconfirmed; if she’s not available, there are many excellent alternatives]. From the social networking perspective, researchers such as TL Taylor, danah boyd, Joi Ito, and Clay Shirky who explicitly consider questions of race and gender would be good choices.

Thoughts? As always, critiques, suggestions and feedback welcome!

The Economist’s Technology Quarterly has an excellent article on Software bugtraps: software that makes software better. This is something of a followup to an article they did a few years ago; most people quoted think that the situation is improving, although of course as Capers Jones points out it depends on your metrics. And why the improvement?

According to … the chairman of the Standish Group, most of this improvement is the result of better project management, including the use of new tools and techniques that help programmers work together. Indeed, there are those who argue that computer science is really a social science. Jonathan Pincus, an expert on software reliability who recently left Microsoft Research* to become an independent consultant, has observed that “the key issues [in programming] relate to people and the way they communicate and organise themselves.”

Indeed, I have argued that — in keynote talks Analysis is necessary but not sufficient at ISSTA 2000 and Steering the pyramids at ICSM 2002, and then more explicitly in the “BillG thinkweek paper” Computer science is really a social science (draft) from early 2005 and my 2006 Data Devolution keynote with Sarah Blankinship applying this lens to computer security.

Continue Reading »

Facebook once again is in the middle of major flakiness right now: links to nowhere, spontaneous logouts. The best thing to do when something like this happens is to treat it as a sign that it’s a good time to take a break from Facebook for a little while. So I decided to write this blog post.

Given the high tensions on all sides, the ongoing troll infestation in the group, and examples in the election campaign of what certainly seem to be some Republican dirty tricks being played, it’s natural to wonder whether this is some kind of attack like those described in “How to Rig an Election”. Speaking as somebody who’s had a lot of software engineering and computer security experience, my initial answer is probably not.

Continue Reading »

From the CFP2008 web page:

This election year will be the first to address US technology policy in the information age as part of our national debate. Candidates have put forth positions about technology policy and have recognized that it has its own set of economic, political, and social concerns. In the areas of privacy, intellectual property, cybersecurity, telecommunications, and freedom of speech, an increasing number of issues once confined to experts now penetrate public conversation. Our decisions about technology policy are being made at a time when the architectures of our information and communication technologies are still being built. Debate about these issues needs to be better-informed in order for us to make policy choices in the public interest.

This year, the 18th annual Computers, Freedom, and Privacy conference will focus on what constitutes technology policy. CFP: Technology Policy ’08 is an opportunity to help shape public debate on those issues being made into laws and regulations and those technological infrastructures being developed. The direction of our technology policy impacts the choices we make about our national defense, our civil liberties during wartime, the future of American education, our national healthcare systems, and many other realms of policy discussed more prominently on the election trail. Policies ranging from data mining and wiretapping, to file-sharing and open access, and e-voting to electronic medical records will be addressed by expert panels of technologists, policymakers, business leaders, and advocates.

Updates:

• if you’re on Facebook, please join the Computers, Freedom, and Privacy Cause and/or group. Presence on other social network sites coming soon!
• For journalists writing about information technology and policy: some funding (covering registration, hotel, and travel) is available.

CFP2008 is being held in New Haven, Connecticut, on May 20-23. Back in 2000 Elizabeth Weise called it “the most important computer conference you’ve never heard of”; I think of CFP as the most important conference — and network of people and organizations — focused on civil rights (and increasingly, human rights in general) in an electronic society. Lorrie Faith Cranor’s Ten Years of Computers, Freedom and Privacy gives the early history, where hackers, lawyers, law enforcement, and goverment representatives fought out “crypto wars” and internet censorship battles (ending with a defiant “we’ll be back” from the Clinton adminstration as the Clipper Chip went to its well-deserved fate).

The technology policy focus is extremely timely. The upcoming election will feature significant differences between the parties and candidates on issues like net neutrality, warrantless surveillance, immunity for corporations who may have collaborated with illegal government wiretapping programs, Real ID, the McCain bill to censor social networks, and privacy — now on the national agenda thanks to MoveOn’s stance against Facebook’s Beacon.

Over the last several years, CFP has steadily broadened its horizons to take a more global view and pay increasing attention to perspectives that are getting overlooked: digital divide issues, normalization of surveillance and censorship by governments and corporations, hactivism, the special challenges of communities like the Mohawk Nation (spread over multiple jurisdictions), high school students in a panel organized by danah boyd in Seattle in 2005. After a few (in my humble opinion) rather bland and corporate years, things have taken a more activist turn: a 2003 New York walking tour by the Surveillance Camera Players, a 2005 demo by the ACLU that led to the US State Department changing policy on encryption and passports (props to State Department official Frank Moss for being there and taking the message back), Patrick Ball accepting his EFF Pioneer Award by satellite from Sri Lanka, where he was working with the truth and reconciliation commission. Last year in Quebec, during the height of Stop Real ID Now! grassroots activist campaign, a half-dozen coalition members ranging from libertarians to labor activists were there (as well as some people from DHS and elsewhere who strongly disagreed with us but were still willing to have very honest discussions), and Bruce Schneier’s keynote on the Psychology of Security for people on both sides of the debate.

The call for presentations, tutorials, and workshops asks for proposals on panels, tutorials, speaker suggestions, and birds of a feather sessions through the CFP: Technology Policy ’08 submission page. The deadline for panels tutorials, and speakers is March 17, 2008, and the birds-of-a-feather deadline is April 21.The list of suggested topics is really broad (I’ll include it in a comment) and so as always there are likely to be a lot more high-quality submissions than can easily fit; the program committee often merges and suggests changes to sessions to help squeeze more in. The submission process can seem a bit intimidating (this is an ACM conference and so it has some academic overtones) but the guidelines are helpful and have links to some examples.

So if there’s a topic you’d like to see covered, one or more speakers you think would be good, a presentation you’d like to give, a panel you’d like to organize, or a tutorial you’d like to attend (or provide), please think about submitting it. If you’re not sure whether it makes sense, feel free to give it a trial run in a comment here or just send me some mail.

If it seems like CFP means a lot to me, it does: I’ve been going there for over 10 years; my SO Deborah Pierce has been going even longer and chaired it in 2005. I’ve volunteered, asked questions, been on a panel, run a couple of BoFs, and taken photos of Deborah during the various sessions she’s appeared in or moderated, and this year I’m excited to be on the Program Committee. There are lots of friends and long-term acquaintances we only get to see in person at CFP — and every year we met a lot of new people. This year, with the two of us working together on Tales from the Net, and Computers, Freedom and Privacy 2008’s ambitious goal of “shaping public debate” on technology policy in an election year, I’m particularly looking forward to it!

jon

Note: this thread summarizes what others are thinking, and my reactions. My opinion on the potential acquisition is here — and along with many others’, on MiniMSFT.

Andy Borowitz has the biggest news: Obama to buy Yahoo! Other than that …

Microsoft has been fined a record €899 million ($1.4 billion) for defying the EU’s sanctions, which brings the total over the last few years to €1.68 billion ($2.5 billion). This is for past actions; Neelie Kroes, the Competition Commissioner, after noting that Microsoft was the first company that had ever defied the sanctions, then goes on to add that she hopes “that today’s decision closes a dark chapter in Microsoft’s record of non-compliance with the Commission’s March 2004 decision,” she added. Microsoft’s response is basically “we hope so too”, and affirming that as of October 2007 they believe they were in compliance.

Continue Reading »

Hactivists Cult of the Dead Cow (cDc) have released a Windows-only beta of Goolag, a rich client for the Google Hacking techniques pioneered by hacker J0hnny I Hack Stuff.

Basically, Goolag makes it easy to use Google to search out security vulnerabilities related to your web site — or, presumably, others.  From cDc’s blog:

SECURITY ADVISORY: The following program may screw a large Internet search engine and make the Web a safer place.

Continue Reading »

Plunking down $44.6 billion, or whatever the number turns out to be, for “change” and “social software” sends a huge message — although bizarrely enough a lot of Microsoft employees, on MiniMSFT and internal email discussion lists like Litebulb, have managed not to hear it.

It’s been several weeks since Microsoft’s unsolicited offer for Yahoo. My initial reaction was that while high-risk, it’s a good deal for Microsoft. Since then, on further reflection … I think it’s a brilliant move on Microsoft’s part — whether or not the deal goes through. And despite all the coverage around the web, I haven’t seen anybody discuss a couple of the most important strategic issues. So I thought I’d take a stab at it.

Update, 2/27: Press roundup (with some commentary) in a new thread; a meditation on cool in a comment. Also, MiniMSFT’s new thread Because the last acquisition went so well links back here, without comment, under Other perspectives. There’s plenty of discussion over there, and I’m crossposting some of my responses here as well.

Continue Reading »

The two-part series I posted on Tales from the Net and Wired’s How-to Wiki is starting to get some coverage.

Shai Sachs has an excellent piece on MyDD:

There’s been a lot of buzz lately about Facebook “censorship” of free speech. The Blackadder One case I wrote about a couple weeks ago was just an early warning sign of more trouble to come. Recently Jon Pincus has been posting a series of diaries at Tales from the Net and Liminal States about his encounter with problems very similar to those Derek Blackadder ran into when he tried to organize workers on Facebook. Pincus’s posts include a very good trail of documentation of the problems he’s encountering, which make this series one of the more interesting resources on Facebook censorship I’ve seen.

Continue Reading »