Pavlov's Light Bulb

In a discussion about using small frequency changes in LED light bulbs to transmit data, someone mentioned that companies are already using this technology in supermarkets and other large stores to dynamically change prices on their products.

Which led me to a little though experiment: What if retailers could change the price of a product spontaneously for each shopper? What if they did away with even the pretense of fixed prices and rewarded certain kinds of shopping behaviour in order to guarantee allegiance to their store?

  • First-time shopper gets ridiculous discounts (maybe even a few freebies) as an enticement;
  • Long-time shoppers get small but consistent discounts on selected items;
  • One shopper is publicly penalised with higher prices – retailers (ab)use fear of scapegoating to keep shoppers in line;
  • Shoppers induced to say or do things they would not normally in order to qualify for perks.

I think there’s a cute but fundamentally plausible (and scary) short story in there….

My Privacy, Your Secrecy

In the years to come, it’s possible that historians will place the battle over privacy alongside the universal suffrage and civil rights movements as one of the core social conflicts in recent history.

On one side of the issue is a definition of privacy closely linked to individual freedom and the right to protect oneself from scrutiny by the state. Fundamentally, it can be expressed as follows: “As long as no one gets hurt, what I think, say or do is nobody’s business but my own.” Essentially, it posits that you don’t have the right to know certain things about me and vice versa.

At the other end of the continuum is the contention that people have no expectation of privacy in public places. And the digital world is a very public place.

To make matters worse, many state and non-state actors deny that sauce for the goose is sauce for the gander. While they have no qualms about using the vastly more powerful surveillance capabilities that modern technology affords them, when the same tools are applied to their own secrets they call it calumny, espionage and even treason.

There are two things wrong with this argument for privacy: The first is that it imagines, paradoxically, that a legal privacy framework will be enforceable without transparency. Second, it imagines that society actually wants privacy for everyone.

Let’s take these points in turn.

Those who conceive of the battle over privacy as a Manichean struggle between individual privacy and universal surveillance are missing a fundamental fact. We are becoming a society without walls. With few exceptions, electronic data has become cheaply, nearly infinitely copyable. Steps can be taken to make it more difficult to do, but it only needs to be copied once.

The immediate problem we face, however, is unequal access to data.

If recent experience has taught us anything, it is this: Anyone in control of the flow of information inevitably leverages that control to view and manipulate the data crossing their wires.

Google is perhaps the most obvious example of this. Their stock in trade is the fact that they can see virtually everything you do and say on the Net. They use that insight to send you advertisements as well as to refine their services, giving them still greater abilities where behavioural analysis is concerned. To their credit, they credibly argue that their data mining is mostly automated. In other words, no human actually sees what you’re up to, and the computer algorithms that do watch you don’t judge you in any way. They have gone to court and even walked away from entire markets rather than divulge information about specific individuals to governments.

This is almost certainly due to the influence of founder Sergei Brin, who spent his early childhood growing up in the surveillance society that was the Soviet Union. One can only shudder when considering what will happen to personal privacy when, inevitably, he and co-founder Larry Page (also a strong defender of civil liberties) hand over the reins to their vastly powerful data store.

Google’s restraint is, however, the exception rather than the rule. Other commercial data mining operations –Facebook, for example– are not nearly as reluctant to trade in personal information. With sufficient effort, you can find out vastly more about any individual with an active online life than they would willingly divulge to you face to face.

Among the most powerful data mining operations in the world is the US intelligence establishment. The National Security Agency almost certainly monitors all information crossing US communications networks, and a great many more besides. The fact that, to date, they have contented themselves with mere eavesdropping is cold comfort.

Modern computing capabilities are such that, with sufficient resources, organisations could quite literally store details about every email, telephone conversation, text message, Facebook update and social network linkage for every single citizen on the Net. And to the extent that they can, they do.

But technology is (more or less) an equal opportunity tool. Author Bruce Sterling, in a superb essay on the WikiLeaks debacle, observes that there’s really not a lot of daylight between the spooks at the NSA and WikiLeaks founder Julian Assange:

“The geeks who man the NSA don’t look much like Julian Assange, because they have college degrees, shorter haircuts, better health insurance and far fewer stamps in their passports. But the sources of their power are pretty much identical to his. They use computers and they get their mitts on info that doesn’t much wanna be free.”

And here we arrive at the second major flaw in treating privacy as just another article in a notional Bill of Rights: As much as we might value our own privacy, we don’t value that of others.

My privacy is your secrecy.

We respect a private person; we get suspicious if they’re secretive. We’re all big fans of transparency until it affects our own ability to get things done. We’ll say the most scandalous things about others, right up to the moment when we realise they might hear. When someone else, however, repeats those same scurrilous details in public, we are delighted. As long as they don’t implicate us, that is.

The immense relief you feel when someone stands up at a gathering and says the uncomfortable thing you’ve been thinking evaporates when they turn to you and say, “And I know you’ll agree with me on this.”

Viewed in this light, there’s nothing surprising at all about the US Department of State sponsoring an Open Internet policy and at the same time calling for the extra-legal suppression of the release of their own cables. That the vast majority of these missives are little more than embarrassing is barely germane. The fact is, someone’s told tales out of school, so they can’t be friends any more. There’s hardly a person in the world who would act differently.

That’s going to change.

In an interview with New York Magazine, Author William Gibson argues that technology, not culture, is in the driver’s seat now. Technology “is not only what we do, it’s literally who we are as a species. We’ve become something other than what our ancestors were.

It’s closer to the truth to say that technology and culture are inextricably entwined. In any case, the plain fact is that secrets, as we in the West know them, are dead. If you record your thoughts or actions –and in this increasingly digital world, you inevitably do– they will be copied. And if they are copied once, they can be copied infinitely. The only limitation on this is human interest.

This is going to force some very uncomfortable compromises. Scientist and author David Brin has taken the rather unpopular stance that the answer to this unprecedented assault on privacy is more openness, not less:

“Instead of trying to blind the mighty –a futile goal, if ever there was one– we have emphasized the power of openness, giving free citizens knowledge and unprecedented ability to hold elites accountable. Every day, we prove it works, rambunctiously demanding to know, rather than trying to stop others from knowing.”

In essence, Brin is arguing for a return to village life, but for everyone, not just individuals. Companies, governments, organisations of all kinds who trade in data, should become subject to precisely the same scrutiny they impose on everyone else.

Secrecy, in other words, will be replaced by confidentiality, an unwritten social contract not to penalise people for exposing their own human foibles, provided they don’t harm others.

It’s a nice idea, and if Vanuatu society’s ability to make scandal and impropriety public without (necessarily) using it as a scourge is any indication, it could even be made to work. But it works in Vanuatu because there’s no alternative. The moment someone has the ability to evade the watchful eyes of the community, you can bet your boots they’ll do so.

Constant scrutiny is at the core of this dynamic.

The way the Internet is shaped these days, individual privacy is vastly disadvantaged relative to state and corporate secrecy. This imbalance will only be perpetuated unless the physical networks through which our data runs are restructured. As things stand right now, virtually all of our communications pass through an increasingly limited number of physical cables, websites and service providers.

If we learn nothing else from the repressive measures imposed on free speech on the Internet, it is that ownership of the means of transmission matters more than anything else. If a government or corporation has enough leverage over a significant portion of the communications network, they can define exactly how it behaves.

In a recent essay in Foreign Affairs, New York University professor Clay Shirky recounts how attempts by the Philippine Congress to co-opt the 2001 impeachment of then-President Joseph Estrada were subverted by a spontaneously organised protest, largely catalysed by a text message saying, “Go 2 EDSA. Wear blk.” (EDSA is Epifanio de los Santos Avenue, a major intersection in Manila.) Within two days, over a million black-shirted people had congregated.

The government was caught flat-footed and fell as a result.

He then describes how attempts by the Iranian Green Movement to replicate this kind of effect were quickly trumped by the government’s ability to monitor mobile and Internet traffic and to reduce it to a trickle at critical junctures. This aided them significantly in the subsequent crackdown and wholesale imprisonment of dissident activists.

The victory came at significant cost to the credibility of the state, but in the short term, the state prevailed.

The tension between privacy and secrecy is becoming increasingly lop-sided. The only comfort we can take is that even if the physical networks are increasingly centralised and therefore pulling in the direction of secrecy, the communications protocols that run across these wires are still what we call end-to-end. In other words, they allow us (or rather, our computers, smart phones, etc.) to speak directly to each other.

It may seem counter-intuitive, but the ability to communicate one-to-one militates strongly in favour of openness. Because we are the ones choosing to communicate, the network transmits only what we freely share. Above all else, we love to share what we know about others. Now, this phenomenon needs to be leavened by an awareness that the rest of the online world is within earshot. If we say something sufficiently embarrassing, be it about ourselves or someone else, the world will quickly know we said it.

Following the massive breach of diplomatic secrecy perpetrated by WikiLeaks, international relations have already seen a fundamental change in perspective. The banner of Transparency has been lowered from the ramparts. Many state and non-state actors are moving quickly to reshape the world into something they are more comfortable with, one in which a culture of secrecy prevails once more.

Odds are, they will eventually lose this ground. Just as resistance to market forces has ultimately proven futile in the global economy, those who fight openness with increasingly centralised control are working at a disadvantage to those who are willing to be more opportunistic, flexible and accepting of the opportunities that better access to information give them.

The battle –and make no mistake, this is a battle– is far from over. I sympathise with Bruce Sterling when he expresses a rather melancholic, depressed response to this first open conflict between secrecy and the transparency of the network:

“[Assange is] a different, modern type of serious troublemaker. He’s certainly not a “terrorist,” because nobody is scared and no one got injured. He’s not a “spy,” because nobody spies by revealing the doings of a government to its own civil population. He is orthogonal. He’s asymmetrical. He panics people in power and he makes them look stupid. And I feel sorry for them. But sorrier for the rest of us.”

There is a new, defining conflict in the world. Technology’s assault on secrecy will succeed just as surely as it has on our privacy. There are only two ways to come to terms with Wikileaks and its successors: Repression or negotiation. Repression is not a long-term viable option, because the costs are always greater than the benefits for the majority. A totalitarian crackdown lasting generations is possible, but unlikely. And with anything less than that, there will inevitably be a correction in the direction of openness.

Negotiation requires a state of uncomfortable, shifting compromise in which we establish new cultural tabus based on each party’s knowledge of the other. It’s almost Victorian in its essence: We retain a pretence of propriety and respect; I don’t reveal your more awkward secrets so that you won’t reveal mine.

This is an awkward and innately unfair scenario, because disparities in wealth (i.e. knowledge) will almost certainly bring about the same injustices as we see in unbridled capitalism. Only concerted social opprobrium will keep bad actors at bay.

Societies will certainly go through convulsions coming to terms with this new détente. But we will inevitably do so. Like it or not, technology makes us what we are.

No matter what the outcome, I worry about the cost.

That Cargo Cult Lie Again

In an otherwise excellent defence of Mathematics as a fundamental component of a liberal education, professor Robert Lewis of Fordham University once again draws on the old South Pacific cargo cult chestnut to illustrate Bad Thinking about Mathematics:

The story may seem sad, amusing, or pathetic, but what does that have to do with mathematics education? Unfortunately a great deal. The south Pacific natives were unable to discern between the superficial outer appearence of what was happening and the deeper reality.

How… interesting. Obviously these primitives suffered from some sort of cognitive dysfunction never, ever experienced by enlightened Westerners who never, ever engaged in pageantry, idolatry or mimicry in their lives. I guess it’s patently obvious that more advanced, educated people of a noticeably paler complexion never argued for the literal truth of artifacts that were always intended to be symbolic.

I’m going to take a deep breath now….

Okay, look: I’m no anthropologist, but I don’t think it requires more than a few moments of reflection to realise that cargo cults, while appearing novel and unique on the surface, are little more than ritualised re-enactments of a time of plenty and the invocation of a desire to return of wealth.

And -it’s shocking, I admit- there exists a remote possibility that the people partaking in this pageantry are aware of this.

The popular belief that Manaro, the god of Ambae’s volcano, departed to the US with the Americans hardly stretches credulity. It can be understood as a metaphor for the realisation that the power exerted by the Americans in their brief sojourn on neighbouring Santo was so out of scale with local kastom that it in effect kidnapped the old gods. The conclusion of this story, by the way, is that someone needs to go to the US and get him back in order to restore order. I suspect the modern word for this heroic adventurer is ‘entrepreneur‘.

The John Frum cults in Tanna do spend a lot of time and effort in their pageantry. But not significantly more than that expended in Little Italies across North America, where the cult of the Mother still thrives.

Even the Prince Philip cult (again in Tanna) is perfectly comprehensible: If the villagers demonstrate consistent faith and support by conferring the highest imaginable honour upon the most powerful person they’ve ever met, they might continue to enjoy his patronage. Read this way, you could even argue that Philip’s deification is some pretty calculated (and, if you watch the BBC, effective) flattery of the recipient.

Most important of all, though, people tend to forget that cargo cults often work:

We are all creatures of ritual. We all, to some degree or other, associate results with the gestures that precipitate them, rather than with the actions themselves. And more often than not, this modus operandi works just fine.

I’m not arguing for the fundamental validity of the logic underlying cargo cults; but just once in a while, I wish that people would look at them and see themselves.

It’s regrettable than even an eminent professor of mathematics would fall victim to the very thing he decries: the inability “to discern between the superficial outer appearence [sic] of what was happening and the deeper reality.”

"Journalism"

[Updated slightly to fix the facts around the policy more accurately reflect reality.]

Jillian York, in her rather timid defense of WikiLeaks, states that she[*] some people ‘got off the bus’, metaphorically speaking, shortly after the release of the ‘Collateral Murder’ video. Describing her personal ambivalence about the latest leak, she draws a distinction between what she characterises as WikiLeaks’ ‘firehose’ approach and conventional journalism.

But to accept that distinction, we have to ignore what happens when we back up a little from our current context and ask: what, exactly, is journalism? I think we can accept that, essentially, it is a means (until recently, our primary means) of obtaining verifiable and ostensibly reliable information about the world around us. The fact that it has become formalised -indeed, institutionalised- is a collateral feature. It does not follow that its formalisation via a collection of ethical practices is necessary to the provision of information. Journalistic ethics, in other words, are very much defined by their context and indeed their application.

As the Judith Miller debacle showed us, unconditional protection of anonymous sources can prove detrimental to the integrity of the craft. Neither selective leaks nor ‘access’ to anonymous sources are sufficient to healthy reporting. Truth, ultimately, is the only reliable measure of the effectiveness of a particular news source. It goes without saying that truth is an increasingly adulterated alloy in popular news reporting these days. It’s not even sufficient to speak nothing but truth; one must, somehow, find a way to tell all the truth that pertains to a particular subject.

WikiLeaks, for better or for worse, represents the logical conclusion of this train of reasoning. I’m open to arguments that it is actually an over-correction, but I don’t feel I’ll be moved without reference to particular details. And that requires access to sufficient information; in short, you can only make that argument retrospectively.

You can see where I’m going with this….

I’m not arguing that complete access to all information is the only true form of journalism. I’m suggesting that making a distinction between WikiLeaks and ‘journalism’ as we understand the word does not describe the process; it describes the actors.


[*] Reading comprehension FAIL on my part. I mistakenly elided the first two letters of ‘some’, changing the meaning fundamentally. Jillian was kind enough to call this mistake to my attention.


‘Nother update: I just re-read this sentence:

Neither selective leaks nor ‘access’ to anonymous sources are sufficient to healthy reporting.

I’m tempted to be a even more provocative and to ask whether they are even necessary to healthy reporting.

As a gendakenexperiment, I wonder what the journalistic craft would look like if secrets of all kinds were tabu.

As students of the Englightenment, most of us immediately shy away from the thought of an environment in which individual privacy is nearly absent. But having lived on the edges of Vanuatu village culture for the last seven years, I can attest to the fact that there are indeed ways to accommodate oneself to a world more akin to what David Brin describes than the ideal world of a doctrinaire libertarian.

Individual privacy is not as axiomatic as many in the West tend to assume….

Push and Pull

A little note about the dynamic between WikiLeaks and the 5 newspapers they’re collaborating with:

Freedom of Information advocates have been commending WikiLeaks for the decision to defer the vetting and publication of individual cables to experienced, seasoned journalists.

No argument there.

But what about WikiLeaks’ effect on these newspapers? Surely there’s some awareness -and likely trepidation- among editorial staff that WikiLeaks might become impatient or angry if the papers either published the cables too slowly, at too low a profile or if they were found to be eliding uncomfortable facts in their reporting? And surely Assange is aware of this. Whatever you may think of him, he is a very very clever boy (as are all the members of this organisation).

Strategically, WikiLeaks gains far more from this exchange than the newspapers. They garner badly-needed credibility, at the same time holding tremendous tactical leverage over highly regarded members of the popular media. Ultimately, the newspapers need WikiLeaks far more than WikiLeaks needs them.

Julian Assange’s designation as Editor In Chief is more apt than many realise….

UI Follies

Because using a longer, more verbose description in a heading is confusing and counter-intuitive. The purpose of larger, darker text is to highlight a single element. Ideally, this element is a word or a short phrase that thematically unites the contents which follow.

Why is this a bug?

Culture of Secrecy

A culture of secrecy breeds power and the ability to act with impunity. Careerist elements within any government prefer secrecy because it allows them to forego the often tedious act of being accountable for even the smallest decision. It’s often justified as a Good Thing because the actors can circumvent bureaucratic red tape and work more efficiently. Ultimately, however, the end game is the same: A small elite minority within the permanent establishment begin to take privilege and influence for granted, and act independently of government policy.

This is not something unique to the US diplomatic corps. It happens in all organisations. And it is explicitly what freedom of information laws and regulations are designed to counteract. Absent this capability, it’s left to whistleblowers and WikiLeaks to serve in this role.

Viewed in this light, we have to conclude that the attacks on wikileaks are primarily driven not by the state, but by certain of its constituents who might lose the leverage that a culture of secrecy has given them. That’s why the counter-attack on WikiLeaks has been composed mostly of deft cuts at the the service’s underpinnings rather than overt state action. A quiet word here and there, and anyone hosting material even related to wikileaks goes offline. A whisper in the ear of an ambitious (or susceptible) Swedish prosecutor and a nuisance case becomes an international manhunt.

Secrecy and a scarcity of information are crucial to the continuation of the cronyism about which so many Americans complain. It astounds me how many of these same people who rail at the unhealthy, shadowy bonds between corporations, lobbyists and the government are now scandalised that an organisation like WikiLeaks is struggling to diminish the power of these linkages.

The China Market

On Saturday, the Guardian revealed fears by US officials that China was using its privileged access to the Microsoft Windows source code in order to prepare and launch attacks against certain targets. This fear appears to be justified, in light of the tactics used in the highly publicised attacks that led to Google’s withdrawal from China. The attacks, we are told, were initiated by the Chinese Politburo when one of its senior members googled himself (naughty!) and found material that was critical of him.

I confess feeling a bit of smug satisfaction when I say I Told You So. Microsoft’s drive to secure the co-called China market at any cost demonstrates perfectly the complete imbalance in power that most businesses face when attempting to gain a foothold in China.

Back in 2007, when reviewing the purported victory, I wrote:

With trademark deftness, China has largely de-fanged one of the most effective and brutal corporate negotiating teams in the world. This is the corporation that managed to buy off the US government and avoid any real punishment following its conviction for abuse of monopoly powers. It’s the company that has consistently and rather successfully thumbed its nose at the European Union, the largest economic entity in the world today. It has controlled standards processes, locked in countless corporations and ruthlessly dominated the supply chain world-wide.

Yet Chinese negotiators got everything they asked for. Price reductions? They pay about 10% of what other governments do per seat. Control? They not only have access to the source code, they have to right to alter it to suit their purposes.

Think about what that means to the Chinese. In economic, political and strategic terms, they’ve negotiated unprecedented access to an invaluable resource, and they’ve done it in a way that costs them next to nothing. Truth be told, Microsoft got almost nothing out of this deal. China still uses Linux whenever and wherever it wants.

It still astounds me that anyone thinks that the so-called China Market is anything other than what the Chinese regime decides it is at any given moment.

Sure, there’s a lot to be said for the beneficial effects of market forces. I won’t dispute that. The one thing people tend to forget is that, if push comes to shove -and it has in the past- the Chinese are capable of enduring unimaginable suffering to achieve a strategic goal. (Well, capable of allowing their citizens to endure unimaginable suffering, at any rate.) That willingness gives them the capability to impose any number of arbitrary conditions onto the economic environment.

Western governments don’t think of themselves as the owners of their respective economies. The Chinese do.

So when the likes of Cisco, Yahoo! and Microsoft betray every iota of principle (and expose a callously cavalier attitude toward strategic security issues) in pursuit of economic gain in China, I can only caution them that things only look manageable now because they’re not happening to you.

Yet.

Open Source Diplomacy

[This column appeared in the Vanuatu Daily Post.]

Say what you like about wikileaks and their recent dump of over 250,000 US diplomatic cables, but there is probably not a single researcher in International Relations, History or Political Science without a tingle in their pants today. Never in modern history has so much information been made available in such a readily accessible format. This is, for researchers, a gift that will keep on giving for decades to come.

The thing that impressed me most from my brief perusal of the 200-odd documents released on the first day was not so much the content as the quality of the analysis. The cables were well-written and obviously well-researched. I suspect that there’s more than one junior foreign officer out there with a quiet smile on their face today, because finally the world will see just how good they are.

Yes, I’m ignoring completely the ethics and morality of the situation. That horse is out of the barn, and incidentally, what a barn it is….

These cables will provide more insight and understanding into American diplomacy than anything else ever has. Just as access to hitherto proprietary source code sometimes unearths dirty secrets of which even its author is ashamed, there is likely to be a lot of unpleasantness to be found in the cables.

I think the longer term result, however, will be that much of what’s good about the US diplomatic corps (and there’s a lot of that) will assist countless others to improve their own work. In fact I think it’s likely there might be more than one diplomat that might actually be relieved to see the unspeakable spoken aloud. This torrent of data just might break more logjams than it creates.

The rise of the Free Software movement in the 1990s increased access to the source code that runs our computers and caused fundamental changes in software development. Their echoes are still quite strong today. Code that was once hidden behind thick corporate walls was now being handed about in a vast open source bazaar. This discomfited many vendors who were dismayed to discover that their crown jewels could become valueless overnight as software became commoditised.

A lot of dirty laundry got aired in the process. Bug-reports, software update schedules, coding practices all became subjects of open discussion and, yes, dispute. Tolerance for second-rate code dwindled significantly. Emphasis began to fall more and more on results. As one acerbic commenter wrote: “A single line of running code trumps a thousand lines of argument.”

Companies who attempted to retain their secretive ways were simply bypassed and their flaws exposed for all to see. Sound familiar?

In the late 1990s, Microsoft identified Linux specifically and Free Software generally as the greatest strategic threat to their organisation. They were right. Microsoft’s stagnation is partly attributable to the advantage that FOSS has given several of its competitors. IBM, Apple and Google have all leveraged open source software to jump-start various endeavours that compete directly with Microsoft. Likewise, Microsoft’s need to increase the pace of development resulted directly in their death-march to Windows Vista.

Just as Microsoft was able to drive Netscape Communications out of the market by commoditising the web browser, others are commoditising vast swathes of the computing industry by leveraging FOSS.

The commoditisation of information proceeds apace, and although the stakes are perceived to be higher in this case, the effects will probably be similar in nature. A fractious dialectic is already emerging between those who truly believe in the benefits of information resources like those circulated to millions of US military and government staffers on SIPRNET, and those who seek to leverage proprietary knowledge for their country’s -and sometimes their own- gain.

All secrets are like kindling. Used at the right time, gossip can provide warmth, build allegiance and influence. Used rashly, well… you know where this is heading. In that sense, wikileaks may seem like a 10 year old boy with a stolen box of matches. But applied judiciously and with a sober sense of timing, the same principles of openness as a default stance and and a predilection toward sharing that are at the heart of free software development (and the Internet itself) could usefully animate international diplomacy.

To be perfectly clear: I’m not suggesting that there is no need for secrecy whatsoever in diplomacy. I’m suggest that, as we’ve discovered with programming processes, secrecy might prove to be less necessary -and effective- to security than it appears to be.

False Equivalence

Again and again over the years, I’ve listened to people excuse Microsoft’s chronic insecurity and apparent inability to escape from its virus-infected legacy. This in spite of the fact that the nearly boundless contagion of the Microsoft world has yet to spread into other, increasingly popular areas of technology.

The claim typically runs like this:

If Linux or OS X ever exceed Microsoft’s market share you’ll see the malware flood onto them too.

The logic behind this statement runs more or less as follows:

  1. Windows gets attacked a lot because it’s the most commonly used computing platform in the world.
  2. The majority of exploits these days are due to so-called Stupid User Tricks – people are gullible, witless creatures who will click on anything appropriately enticing.
  3. There is no way to tackle this behaviour using only technical means.
  4. On top of that, all software has bugs. If you build something of equal complexity to the Windows operating system, you’re guaranteed to leave holes that the Black Hats will exploit.
  5. And anyway, most of the exploits coming out recently attack flaws in third party software. These days, Adobe’s applications (particularly Flash and Acrobat) are getting perforated on a nearly weekly basis.
  6. But why don’t the bad guys attack iPhones, Blackberries or Linux servers? Well, that’s simple economics of scale. If the reward for crafting a new Windows exploit is measured in hundreds of thousands or even millions of PCs infected, and the reward for creating even a simple exploit on a competing platform can only be measured in the hundreds or thousands… well, which would you choose?
  7. So to sum up: Microsoft bears the proverbial White Man’s Burden of supporting the vast majority of benighted, clueless users, suffering the slings and arrows of its outrageous fortune. And all you MacHeads or Linux geeks: you should be bowing your heads and saying, “There but for the grace of God go I.”

So people should really be grateful to Microsoft for offering itself as a target, for shouldering the unenviable burden of having to support the thoughtless, unwatched masses.

This argument is invalid in many respects. Ultimately, it relies on false equivalence: If no software application can be 100% secured, all software is therefore equally insecure.

The big problem with usefully countering this argument, however, lies in the fact that the answer is quite nuanced and therefore not compressible into a 20 second elevator speech.

On the face of it, there is something to the argument that popularity makes Windows a target. Black Hats often do go to inordinate lengths to craft malicious software aimed at Microsoft Windows. And they often ignore holes in other operating systems. A few years ago, it was discovered that a number of Linux distributions had a gaping flaw in software used to secure websites, email and other private communications, all deriving from a single error introduced by a software package maintainer. Not only was the flaw jaw-droppingly obvious, but it had lain there undiscovered for nearly 18 moths.

I commented at the time that:

[p]eople at every stage of the production process and everywhere else in the system trusted that the others were doing their job competently. This includes crackers and others with a vested interest in compromising the code. I should exclude from this list those who might have a reasonable motivation to exploit the vulnerability with stealth and to leave no traces. If, however, even they didn’t notice the danger presented by this tiny but fundamental change in the code base, well my point becomes stronger.

So yes, it must be granted that some software benefits from an occasionally unwarranted assumption of strength. But, the occasional WTF moment notwithstanding, this assumption doesn’t come from nowhere. Linux has earned itself a dominant position in the server market because it actually is more robust, less resource-intensive and yes, more secure than Windows server. (Why these successes haven’t translated into widespread success on desktop PCs is flamebait for another day….)

But point 2 states that, even if it did succeed on the desktop, Mac OS or Linux would still be vulnerable to the same Stupid User Tricks as Windows. But wait – at what point does a platform become a useful target for mass exploitation? 10 million? How about 41 million and rising? Are iPhone users more sophisticated than their Windows-using counterparts? Contrary to what the advertisements tell us, sadly no. Do they use them for the same purposes as Windows (like online cash transactions, email, etc.)? Sure ’nuff.

So why aren’t they being attacked and exploited? Well, when we mentioned the numbers game, we forgot to mention another basic aspect of economic theory: Risk. IPhones and iPads and various other devices from Apple exist in what’s known as a walled garden. Unless you deliberately ‘jail break’ your device, you’re largely reliant on Apple’s App store, and you’re beholden as well to the telco that charges you for every byte you send. Not only is there a strong incentive to phone users to closely monitor their bandwidth use, Apple also insists on evaluating every single app that runs on its platform.

Likewise, most Linux software is installed from repositories maintained by the various commercial or community-run distributions. Oversights like the notorious SSL flaw are rare indeed. On one occasion a server that distributed packages for a popular web server was found to be compromised. The problem was fixed quickly. These days, most software is digitally signed so that the installer can verify that it has not been altered by third parties.

Argue all you like about the limitations of these approaches (and there are more than a few), they do increase the likelihood of getting caught while trying to inject something nasty onto someone’s iPhone or Linux box. Rather than being trusting by default, these systems have built a chain of trust between agents in the system. Each of these agents is verifiably trustworthy, so anyone compromising the system is subject to discovery.

Such scrutiny is largely missing from the Windows environment. At best, it’s provided ex post facto, via anti-malware applications.

This means that users of different systems can be equally trusting, with significantly different outcomes.

All computing environments are not created equal. While Microsoft has staked its entire business on giving the customer convenience at any cost, others have not. They realised that you have to be careful not to make software easy for anyone at all – especially not a total stranger.

Windows is the target for authors of malicious software, therefore, because the whole Windows environment is attractive:

  • Security is not at all systematic. Even as Windows itself improves, many popular application vendors lag, partly because they want to keep things easy, partly because security is seen as a cost-centre and therefore treated as an externality by ambitious managers.
  • Risk is low. A wide-open trust-by-default philosophy permeates all levels of the system, so you really have to be spectacularly dumb or naive to get caught.
  • AND… Windows is ridiculously popular.

I’m not for a moment suggesting that writing malware as a business won’t continue after Windows is long gone. Of course it will. I will predict, though, that the era of mass-infection will end with Windows XP.

Just as US banks in the 1920s-30s learned (eventually) to make themselves less susceptible to bank robbers (whose activity peaked at that time due to recent improvements in transportation –good roads and a getaway car made robbery popular), personal and institutional computing will eventually learn to take malware in stride, to reduce the scope of any given exploit from its current colossal size to something much smaller.

There will always be another rube willing to allow another con-man to fleece him. There will always be innocent victims who get mugged because they were in the wrong place at the wrong time. There will always be ‘bad neighbourhoods’ on the Internet. But to suggest, as the some do, that this somehow excuses the appallingly poor security models, practices and culture that ensure Microsoft’s continued relegation to the security gutter… well, that’s just disingenuous.

To tar other OSes with the same brush is to suggest that one should not move to another bank because, once enough people move to it, it too will become the target of bank robbers. It’s wrong because:

1. Nobody is suggesting that everyone has to move all their money to one single bank;
2. The new bank might not be perfectly secure, but at least it doesn’t leave all the money in a pile in the middle of the floor.

This move to a more heterogeneous and inherently secure environment will happen in small increments, and the process will lurch along in fits and starts, but it is far more likely to happen than another single, monolithic operating environment taking over from Microsoft Windows – and I include future versions of Microsoft Windows in that grouping.

And that, my friend, is why I find the contention that ‘Linux and Mac OS will be just as bad when they get popular‘ to be inane, misleading and, frankly, intellectually lazy.