Wednesday, March 08, 2017

Fake Facebook Friends and the CIA

Last night I received a Facebook friend request from an old friend and accepted it.  Within a minute or two, a FB Messenger chat started up about the UN and the Sustainable Development Goals.  So, I of course kept the conversation going.  Until it quickly became a classic advance fee scam conversation (originally made famous by folks in Nigeria with faxes). 

I quickly checked, and found that (of course) I already was Facebook friends with my old friend.  Someone had borrowed her picture and name and was starting to ply the scam trade.  Facebook has a handy way of reporting this exact problem and the fake account was suspended within minutes.  But, it was a reminder of how somebody who has been working with people at the forefront of the security field can be taken in, if only for five minutes. 

So, my advice: if an old friend reaches out to you on Facebook, someone who really should already be a Facebook friend, it's probably not your friend.  With the exception of a few folks who decline to participate on Facebook on principle (and are unlikely to join now), people in my network probably are not newcomers to Facebook.  And these new accounts are pretty obviously new: if you think about it.  If you want to check, go out of network and email them.  My friend appreciated me jumping on her impersonator.

Which brings me briefly to the WikiLeaks CIA disclosure, which doesn't surprise me in terms of capabilities that the CIA has. It did surprise me that it got disclosed!

  • If a sophisticated state actor really wants your data, they have a lot of ways to get it, and probably will
  • The whole point of crypto and security is to raise the cost of breaking into your data. Use crypto.  Use Signal.  Use WhatsApp.  Encrypt your hard drive. Use HTTPS. And so on.
The raising cost argument may be counter-intuitive, but it's intensely practical, and familiar.  The old lock analogy goes a long way.  I don't put my family's valuables on a table out in front of my house with a sign saying: take me.  I don't leave my front door wide open when nobody is home.  I do have a deadbolt and a security system, because I want to discourage theft.  Those measures do not ensure I will not get robbed, but they raise the cost of robbery, either by slowing the robbers down or increasing the chances they will be caught by the police. But, a perfect home security system does not exist, and if it were claimed, I wouldn't believe it. 

I can stretch this analogy a lot further, but here's my advice to the nonprofit sector specifically.  When we collect data on vulnerable people about what makes them vulnerable, we owe it to them to treat their data with the respect we'd like our most sensitive data treated.  We need to implement security so that getting that data is not free and cheap to grab: we need to protect it with locks (data security) that raise the cost.  And, we increasingly have to realize that parking that data openly with corporations that are susceptible to government pressure is not honoring our commitment to the communities we serve.  I'm ok with Amazon hosting sensitive data for us because I know that we encrypt that data so that Amazon can't be pressured into giving up anything more than encrypted (scrambled) lumps of data.

The fact that a government still may be able to get that data with enough expenditure of money in terms of people, technology and legal effort (warrants) is simply a fact of modern life.  We just need to make it hard enough that they don't bother almost all of the time.  That's what we owe to the people we serve. 

Thursday, August 25, 2016

Seeing Through Walls for Greater Independence!

Kent Presents 2016

I just attended the second annual Kent Presents conference in Kent, Connecticut. It’s the brainchild of Donna and Ben Rosen, a New York power couple with connections to science, technology, politics, the arts and more. There were too many awesome talks to do them justice, but you are welcome to sample the session titles here.

The talk that especially blew my mind was by MIT professor Dina Katabi. She and one of her graduate students demonstrated their Emerald technology, and it was the first time I’d seen this capability. I’m sure you remember the “Help I’ve Fallen and Can’t Get Up” TV commercial of late night fame. Dina’s question was: why doesn’t this work most of the time? The answer is that it’s hard to get people to wear something.

The Emerald approach is to do away with the thing you wear. They place a low-power (far less than a wifi router) wireless beacon in your apartment, and it can track the exact location (including altitude) of up to five people. Even through the wall into the next room. (Two rooms away is more challenging: you probably need another beacon.) She demonstrated fall detection, heartbeat, breathing detection, and more.

The possibilities are exciting. Fall detection better than that of an on-person accelerometer. Gait tracking to detect health challenges (gait is apparently a huge flag of issues). Figuring out if a senior isn’t getting out of bed, or taking their meds.

There are challenges: the cat and dog filter came up of course. And privacy is a significant factor: this is the kind of technology that triggered my essay last year on privacy, Little Sister.

But, it’s clear to me that these issues could and should be addressed and the considerable benefits for independence of seniors and people with disabilities could be huge!

Monday, June 13, 2016

Geek Heresy

I just finished reading Kentaro Toyama’s new book, Geek Heresy, tackling the cult of technology as a cure-all for society’s ills. He’s a geek (former Microsoft Research guy) who is making the case that technology doesn’t make the kind of social impact it claims to deliver.

There’s often more value to me in reading iconoclastic books than feel-good affirmations of popular icons! For example, I extracted many insights about the international development field reading books like Easterly’s Tyranny of Experts or Maren’s Road to Hell. Toyama offers up strong criticisms as well as constructive advice about how to best apply technology to social problems. At the same time, there are some flaws in his arguments that are worth pointing out.

Smashing Icons

Toyama’s central thesis is that we tend to overstate the benefits of technology as a magic bullet. He’s countering the world view that the technology just needs to get in the hands of the poor and miracles will happen. He broadens this to tackling what he labels “the packaged intervention,” the neatly wrapped solution that will solve a social problem.
Along the way of making his case, he takes on a lot of the popular tech and business for social good memes, like:
  • One Laptop Per Child 
  • The Hole-in-the-Wall experiment 
  • The Arab Spring as social media revolution 
  • Toms Shoes 
  • The Fortune at the Bottom of the Pyramid (CK Prahalad) 
  • Telecenters 
  • The fetish of school testing (aka No Child Left Behind) 
  • Google (especially some optimistic pronouncements) 
He scores some good points here, usually by pointing out that the hype doesn’t match up with the claims. As a geek who is trying to apply tech for good, it is instructive to hear the critiques. Of course, from my long experience in the field, I didn’t find Toyama’s choice of targets all that surprising.

Constructive Observations

Toyama makes some excellent points about the application of technology, and I think this is where the most value is to be gained.

His “Law of Amplification” was particularly insightful: “technology’s primary effect is to amplify human forces.” A short-hand for this might be that technology is most useful in the hands of people who are ready to use it. He uses this to analyze why many technology interventions are successful in the pilot phase and fail when they go to scale. In the pilot phase, you frequently have the best (human) conditions: the best partners and the best program staff making something work. But, when you go to scale, you reach many partners (such as schools) who lack the human capacity to use the technology effectively. He notes: “the right people can work around a bad technology, but the wrong people will mess up even a good one.”

Wishful thinking makes many people dream of quick fixes. Why is it in the social sector we think it is so easy? I often run into this thinking, where ideas which would not be taken seriously in business are suddenly sensible in social good. Toyama on that issue:
If a private company is failing to make a profit, no one expects that state-of-the-art data centers, better productivity software, and new laptops for all of the employees will turn things around. Yet, that is exactly the logic of so many attempts to fix schools with technology. 
His prescription for how to use technology successfully is the following:

  1. Identify or build human forces aligned with your goals. 
  2. Use packaged interventions to amplify the right human forces. 
  3. Avoid indiscriminate dissemination of packaged interventions. 
His biggest prescription is around connecting with these human forces. A great teacher is going to be better than a software program on a laptop or tablet. A mentor is going to have a more powerful impact over somebody than YouTube videos.

I found this to be an eminently sensible approach. When the personal computers were first dropped into American schools, they didn’t have the desired impact because the supporting environment wasn’t there. A technology intervention is only a tool, a seed. And planting a seed in a dry desert is not going to yield an abundant harvest.

Collateral Damage

Although I found Geek Heresy to be a useful critique of the misapplication of technology and packaged interventions, Toyama seems to overreach in my opinion. Sometimes to the point of being just wrong.

In addition to the icons I mentioned above, Toyama also takes on:
  • Vaccines 
  • Randomized controlled trials (calls their proponents the Randomistas) 
  • Elections 
  • Conditional cash transfers (labeled as manipulation) 
  • Social entrepreneurs 
Now, these criticisms were more balanced than the first wave. Toyama takes vaccines to task for not curing all preventable diseases, perhaps to emphasize how the wrong people can mess up a good packaged intervention? He’s happy to use research trials to prove that One Laptop per Child doesn’t work, but takes them to task when he thinks they get the underlying truth wrong (he picks one RCT that showed a successful result and makes the case that the positive result was really an observation of correlation not causation).

It’s on the last one that Toyama makes his biggest error. He seems to define social entrepreneurs as rapacious for-profit businesspeople who are modeling “themselves on the Steve Jobses and Mark Zuckerbergs of the world.” He criticizes the founder of Toms Shoes, Blake Mycoskie, as a prototypical social entrepreneur exploiting disadvantaged children on the way to making a few hundred million selling out to Bain Capital.

This mistake seems odd, given that most of the people he cites as outstanding counter-examples against the badly applied packaged intervention craze, are what everybody else calls social entrepreneurs. People who start novel organizations like Ashesi University in Ghana, Technology Access Foundation in Seattle, and Shanti Bhavan (a boarding school) in India. It is also odd given that he cites David Bornstein’s seminal book, How to Change the World, to make an unrelated point and omits the full title: How to Change the World: Social Entrepreneurs and the Power of New Ideas. None of the people Bornstein profiles meet Toyama’s straw man definition of social entrepreneur as for-profit entrepreneur willing to step on the little people to make a buck.


Social change in the real world is difficult, and magic bullets are few and far between. Kentaro Toyama’s Geek Heresy reminds us of this, and emphasizes that leaving humans out of the equation is a losing strategy. The hubris that is frequently on display, and the often overwrought hype claiming incredible results, are worth taking on. His observation that technology tends to amplify pre-existing differences in society is a useful insight.

Toyama’s biggest point seems to be that people matter. And that tech innovations are not done to people, but intimately depend on people for any impact they successfully make. Something that any geek that aims to do social good must keep in mind!

Tuesday, March 29, 2016

From Money to Meaning

Big complex social problems.

Your skills and experiences.


Combining those three potent ingredients is how we change the world. If you’ve been burning to use your considerable talents to make a difference, rather than make a lot of money, it’s time you considered joining our growing team.

We are looking for more than a dozen motivated individuals to make the leap to positive social impact. From executives to summer interns, from engineers and product managers, to communications and outreach professionals, we have a wide range of opportunities.

From children with disabilities to African human rights activists, you will have direct exposure to how Benetech’s products and services change lives for the better. Our benefits are great, and our pay is excellent by nonprofit standards! Flexibility is one of our core values. It’s just one of the reasons that Benetech is the rare software company that is majority women (also true of our managers). We believe in wildcards: if you have a creative way to address one of our needs, let us know!

Silicon Valley is an incredible force for change. Unfortunately, the economic model that works so well for creating wealth, falls short when it comes to helping the poor. Communities that most need our help are often the least able to afford it. That’s why Benetech is organized as a nonprofit: we can afford to work on exciting problems. We just have to find a way to break- even!

If you have read this far because this is what you are truly wishing for in your career directions, or because you know of someone great who has been dreaming our shared dream of tech for good, check out our list of openings. We would love to hear from you!

Thursday, March 03, 2016

Ratify Marrakesh!

The United States Senate has a terrific opportunity to expand opportunity

The United States Senate has just been presented with the ratification package for the Marrakesh Treaty. We are joining with our peers in the disability and library community in a joint statement to strongly encourage the Senate to ratify the treaty and for Congress to implement the minor legislative changes recommended as part of the package.

We know a great deal about this Treaty, which is designed to help people who are blind or have other disabilities that interfere with reading, such as dyslexia. Our nonprofit organization operates Bookshare, the largest online library in the world that focuses on the needs of people with these disabilities. The creation of Bookshare was made possible because of an enlightened copyright law exception. And, that American copyright exception was the inspiration for the Marrakesh Treaty!

Because the Marrakesh Treaty was modeled after the Chafee Amendment, as the Section 121 copyright exception is widely known in honor of the senator who proposed it in 1996, only minor changes have been recommended to align U.S. law with the Treaty language. As the operators of the largest library using this exception in the United States, we see these changes as minor and helpful clarifications. We do not see these changes as having a major impact on who we serve in the U.S., or the work we do. Here are the three changes of note:
  1. Clarifying the definition of a disability that qualifies. We see the new recommended language as replacing antique and obsolete language (“reading disability from organic dysfunction” is one example) with language that describes functionally someone with a disability that gets in the way of reading print. While we already serve many people with dyslexia, or returning veterans with traumatic brain injuries, these changes will be remove much of the confusion that exists in the field because of ambiguous, older language. 
  2. Including illustrations as part of books to be made accessible. We include illustrations in our accessible books because many of our users can see them. People who are low vision can usually magnify pictures to see them better, and our dyslexic users often get much more out of illustrations than they get out of text. We often add image descriptions to illustrations, as well as supporting partners developing tactile versions of illustrations today, to further improve accessibility. 
  3. Serving U.S. citizens abroad under Section 121 as if they lived in the U.S. This question has also been unclear, and different libraries have treated this inconsistently. Our default setting in Bookshare has been to treat an American with a disability living in another country as being only allowed the books we have permission to provide there, which leaves out over 100,000 titles that are only available inside the United States to Americans. This change would allow us to better serve American overseas.
These three changes clarify Section 121 in minor ways that are quite helpful to Americans with disabilities.

Of course, the biggest change that the Marrakesh Treaty makes is easing the import and export of accessible books. This cross-border exchange will make the lives of people with these disabilities better worldwide, as we reduce needless duplication of effort. Americans with disabilities will have access to far more accessible books, especially in languages other than English. And, it will become possible for nonprofit organizations such as ours to help bring accessible books to people with disabilities in developing countries, often the poorest of the world’s poor, who have mostly lacked access to books entirely.

We’re excited about the prospect of Marrakesh ratification and implementation by the United States to make our work more straightforward in serving Americans with bona fide disabilities the books they need for education, employment, and social inclusion, as well as lowering the barriers to serve people around the world with similar needs!

Tuesday, March 01, 2016

Silicon Valley’s Developing Conscience: It’s Called Apple

Silicon Valley has a problem. In our quest to build better products and better meet the needs of the world for information, we built the most amazing system for effortless government surveillance as a byproduct. It is now incumbent on Silicon Valley to remedy this situation.

Forcing tech companies to weaken their products through compelling the creation of backdoors would be a massive step backwards.

Whatever the power of search engines or social networks, it’s really the smartphone that is the most incredible tool for tracking our every move and activity. With access to the information collected by a person’s smartphone, it’s probably straightforward to figure out everything important about that person. Who they love. What religion they profess. Their ethnicity. What drugs (legal or illegal) they consume. What content they read or watch. What laws they violate. Every secret.

And, without encryption of this information, the makers of smartphones had effectively handed those secrets to governments. Not just the U.S. government. Just about every government. For very little expense compared to other ways of gathering secrets.

Over the last couple of years, Apple figured out the implications of this expanded surveillance. They decided that their value proposition to smartphone users did not include making it easy for governments (or others) to collect everybody’s secrets.

As a society, Americans have frequently decided to put limits on our government’s powers, because we were founded in a period where government abused its powers extensively. We don’t allow our police to torture suspects for confessions. We throw out evidence gathered through illegal searches. The government does not, and should not, have automatic access to every secret.

The battle between Apple and the FBI is one of those crucial limit-setting moments. And Silicon Valley understands it as such a moment for the tech industry generally. If the FBI can force Apple to construct a back door for one iPhone for the U.S. government, we techies understand why this sets a strong negative precedent for extensive surveillance in the U.S. and globally.

This is not a theoretical problem. We have seen this problem here in the United States and around the world. My nonprofit creates the Martus software for human rights activists to securely store their sensitive information (via encryption). It may be documentation of atrocities they plan to use in later advocacy, or simply items like current membership lists. When we called an LGBT organization in Africa last year for a regular check-in, we found that they took the call from the back yard of their offices. They were burning all of their records because they had a tip that their government was going to raid them. Luckily, their records were already safely stored in Martus. Without a backdoor for that government, or any government for that matter.

As a society, we should not make it easy for governments or other interests to get lists of all of the gay people, or Christians, or Muslims, or rape survivors, or HIV positive people, or supporters of the opposition. We need to make it harder to find out our sensitive personal information, whether it’s our medical information, or when our 11-year-old child is home alone. And encryption without backdoors is how we secure that information against attackers of all stripes. A backdoor is an open door for any one that’s willing to try hard enough to gain entry.

That is why we, and so much of the technology sector, stand with Apple today. This is not a tradeoff between security and privacy, as this issue is so often portrayed. This is a tradeoff between security of our sensitive information and surveillance. And, making it easier to surveille us by weakening the technical protections on our private information makes it possible for governments, especially repressive ones, and others to exploit a user’s or organization’s vulnerabilities.

We should not be able to compel software developers to sabotage security protections that they carefully built for excellent reasons. We should not compel them to work against the interests of us, their users.

Wednesday, February 24, 2016

Understanding Income Inequality

Data is a bigger and bigger topic in social change. We need to do a better job of understanding social needs, both to improve our programs and measure their ultimate impact. I spend more and more of my time talking to leaders in the sector, helping advance the use of data for action and impact.

I encourage groups to begin collecting data as part of their basic program activities, and I make the claim that it will eventually allow them to connect their data to other, larger databases and maybe begin to take advantage of big data.

Imagine how my mind has been blown by learning about a huge international income database that has microdata on millions of households from more than 50 countries, all harmonized to make the same kinds of analyses possible across any of these countries! This database should be critically important for understanding poverty at a detailed level.

I just had the thrill of spending an hour with Janet Gornick, the Director of LIS, an international data archive that is located in Luxembourg. LIS is the institute that created and manages this giant database, which is called the Luxembourg Income Study (LIS) Database. I met her last year at KentPresents, a brand-new conference organized by the incredible duo of Ben and Donna Rosen.

Janet is also a professor at the Graduate Center of the City University of New York (CUNY), and she runs a satellite office of LIS there. Her group in New York includes Nobel Prize-winning economist Paul Krugman and renowned inequality scholar Branko Milanovic. I asked her what kind of insights could be gleaned by an anti-poverty group, say in Uruguay (to pick one country out of 50), accessing the LIS. She suggested:

In Uruguay:
  • What is the poverty rate among individuals and households (using any of a number of poverty lines – absolute or relative, national or regional)?
  • What does the distribution of poverty look like, that is, what share of the population is extremely poor, poor, and/or near-poor?
  • Which individuals and households are most at risk – the youngest children, all children, women, the elderly? single-adult households, multi-generational households?
  • What “micro” factors raise the poverty risk for persons and households – age? family structure? employment attachment and educational level of adult household members? other?
  • Have the answers to these questions changed during recent years (2007, 2010, 2013)?
In cross-national perspective:
  • How do these outcomes in Uruguay compare with those in 50 other middle- and high-income countries (including several in Latin America)? Which outcomes/patterns are unusual? Which are widespread?
  • How do national-level demographic and labor market features shape the Uruguayan outcomes, in comparative perspective?
  • Which national-level public institutions (e.g., government anti-poverty programs, income transfers more generally, taxation) help to explain the Uruguayan results?
In short, working with the LIS data would enable this Uruguayan anti-poverty group to better understand the causes and components of poverty in Uruguay, which – in turn – would enable them to think more specifically about a range of intervention strategies.

Wow! Now, it turns out that this database has been made available under careful limitations to a select group of researchers. There are special constraints to ensure that database queries don’t accidentally reveal personal information about individuals, since that is part of convincing all of these different countries to supply this detailed microdata about household in their country.

Janet and her team get asked all the time to answer questions that the database could help answer, especially around income inequality. And, they often have to decline to help because of limited staff resources. Janet named some very well-known international publications that they had to disappoint in the last year.

Luckily, Janet and her team have an idea for how far more people could benefit from this database. For less than a million dollars on top of their existing funding, they could build an online portal so that researchers, journalists, policymakers, students and the general public could run their own queries on the LIS data.

Something tells me that this is definitely fundable. I am happy to help advocate that donors take a serious look at funding Janet and LIS make this happen. And if it does, we’ll have a major new tool for combating income inequality and poverty in much of the world!