About

I'm a partner in the advanced analytics group at Bain & Company, the global management consulting firm. My primary focus is on marketing analytics (bio). I've been writing here (views my own) about marketing, technology, e-business, and analytics since 2003 (blog name explained).

Email or follow me:

-->

3 posts categorized "security"

June 12, 2013

Privacy vs. Security Survey Interim Results #prism #analytics

This week, one of the big news items is the disclosure of the NSA's Prism program that collects all sorts of our electronic communications, to help identify terrorists and prevent attacks.

I was struck by three things.  One is the recency bias in the outrage expressed by many people.  Not sixty days ago we were all horrified at the news of the Boston Marathon bombings.  Another is the polarization of the debate.  Consider the contrast the Hullabaloo blog draws between "insurrectionists" and "institutionalists".  The third was the superficial treatment of the tradeoffs folks would be willing to make.  Yesterday the New York Times Caucus blog published the results of a survey that suggested most folks are fence-sitters on the tradeoff between privacy and security, but left it more or less at that.  (The Onion wasn't far behind with a perfect send-up of the ambivalence we feel.)

In sum, biased decision-making based on excessively simplified choices using limited data.  Not helpful. Better would be a more nuanced examination of the tradeoff between the privacy you would be willing to give up for the potential lives saved.  I see this opportunity to improve decision making alot, and I thought this would be an interesting example to illustrate how framing and informing an issue differently can help.  So I posted this survey: https://t.co/et0Bs0OrKF

Here are some early results from twelve folks who kindly took it (please feel free to add your answers, if I get enough more I'll update the results):

Privacy vs security

(Each axis is a seven point scale, 1 at lowest and 7 at highest.  Bubble size = # of respondents who provided that tradeoff as their answer.  No bubble / just label = 1 respondent, biggest bubble at lower right = 3 respondents.)

Interesting distribution, tending slightly toward folks valuing (their own) privacy over (other people's) security.

Now my friend and business school classmate Sam Kinney suggested this tradeoff was a false choice.  I disagreed with him. But the exchange did get me to think a bit further.  More data isn't necessarily linear in its benefits.  It could have diminishing returns of course (as I argued in Pragmalytics) but it could also have increasing value as the incremental data might fill in a puzzle or help to make a connection.  While that relationship between data and safety is hard for me to process, the government might help its case by being less deceptive and more transparent about what it's collecting, and its relative benefits.  It might do this, if not for principle, then for the practical value of controlling the terms of the debate when, as David Brooks wrote so brilliantly this week, an increasingly anomic society cultivates Edward Snowdens at an accelerating clip.

I'm skeptical about the value of this data for identifying terrorists and preventing their attacks.  Any competent terrorist network will use burner phones, run its own email servers, and communicate in code.  But maybe the data surveillance program has value because it raises the bar to this level of infrastructure and process, and thus makes it harder for such networks to operate.

I'm not concerned about the use of my data for security purposes, especially not if it can save innocent boys and girls from losing limbs at the hands of sick whackos.  I am really concerned it might get reused for other purposes in ways I don't approve, or by folks whose motives I don't approve, so I'm sure we could improve oversight, not only for what data gets used how, but of the vast, outsourced, increasingly unaccountable government we have in place. But right now, against the broader backdrop of gridlock on essentially any important public issue, I just think the debate needs to get more utilitarian, and less political and ideological.  And, I think analytically-inclined folks can play a productive role in making this happen.

(Thanks to @zimbalist and @perryhewitt for steering me to some great links, and to Sam for pushing my thinking.)

April 10, 2013

Fooling Around With Google App Engine @googlecloud

A simple experiment: the "Influence Reach Factor" Calculator. (Um, it just multiplies two numbers together.  But that's beside the point, which was to sort out what it's like to build and deploy an app to Google's App Engine, their cloud computing service.)

Answer: pretty easy.  Download the App Engine SDK.  Write your program (mine's in Python, code here, be kind, props and thanks to Bukhantsov.org for a good model to work from).  Deploy to GAE with a single click.

By contrast, let's go back to 1999.  As part of getting up to speed at ArsDigita, I wanted to install the ArsDigita Community System (ACS), an open-source application toolkit and collection of modules for online communities.  So I dredged up an old PC from my basement, installed Linux, then Postgres, then AOLServer, then configured all of them so they'd welcome ACS when I spooled it up (oh so many hours RTFM-ing to get various drivers to work).  Then once I had it at "Hello World!" on localhost, I had to get it networked to the Web so I could show it to friends elsewhere (this being back in the days before the cable company shut down home-served websites).  

At which point, cue the Dawn Of Man.

Later, I rented servers from co-los. But I still had to worry about whether they were up, whether I had configured the stack properly, whether I was virus-free or enrolled as a bot in some army of darkness, or whether demand from the adoring masses was going to blow the capacity I'd signed up for. (Real Soon Now, surely!)

Now, Real Engineers will say that all of this served to educate me about how it all works, and they'd be right.  But unfortunately it also crowded out the time I had to learn about how to program at the top of the stack, to make things that people would actually use.  Now Google's given me that time back.

Why should you care?  Well, isn't it the case that you read everywhere about how you, or at least certainly your kids, need to learn to program to be literate and effective in the Digital Age?  And yet, like Kubrick's monolith, it all seems so opaque and impenetrable.  Where do you start?  One of the great gifts I received in the last 15 years was to work with engineers who taught me to peel it back one layer at a time.  My weak effort to pay it forward is this small, unoriginal advice: start by learning to program using a high-level interpreted language like Python, and by letting Google take care of the underlying "stack" of technology needed to show your work to your friends via the Web.  Then, as your functional or performance needs demand (which for most of us will be rarely), you can push to lower-level "more powerful" (flexible but harder to learn) languages, and deeper into the stack.

February 07, 2008

Just When I Thought I Was Getting Clever

Since publishing your email address on the web invites spam, I recently used a free external service to add an "email me" form to this blog (see link at left).  The service uses captcha, the system that asks you to prove that you're human when you register for something online by copying a set of squiggly letters and/or numbers into a form.  I was feeling very smug about this until I read my former ArsDigita colleague Carsten Clasohm's post on how some spammers now get around this.