COVID-19 contact tracing just dropped on Android/iOS

COVID-19 contact tracing has rolled out to all Android/iOS devices this week. In other words, big tech just dropped a change to your OS without any real notice/consent.

On iOS go to Settings -> Health -> COVID-19 Exposure Logging (screenshots at the end).

On Android go to Settings and you will find a Google option:

Under Google settings, you now can select COVID-19:

There you will find that Google needs both Bluetooth and location tracking to be enabled, although they claim while location data needs to be collected, it also won’t be collected:

Confused? You should be. Bluetooth is a terrible protocol for tracing contact as it just reads everyone’s MAC addresses. It’s being used because other options are not as easy to violate for a clumsy contact tracing agenda.

There are two problems in Bluetooth, both related to privacy:

  1. Before Bluetooth version 4.2 the MAC addresses were static, which was a major privacy issue (and exploited by law enforcement using widely systems like Bluetooth Travel Time Origin and Destination (BlueTOAD), as I’ve spoken about publicly many times). After Bluetooth version 4.2 the devices started to use rolling MAC addresses for privacy protection. Google and Apple have designed their system to overcome this privacy benefit, by issuing everyone a set of tokens that can be mapped back to the device.
  2. Aside from the privacy of its identity getting in the way, Bluetooth also doesn’t record distance accurately. Strength of signal isn’t a reliable measure, given all kinds of interference variables. Thus Apple and Google have included location to overcome this secondary privacy benefit, by using location data to record proximity of Bluetooth signals.

It appears incredibly disingenuous for the companies to claim their framework was designed with privacy preservation in mind when it was designed to bypass some fundamental privacy protections.

Also while technology companies may lay claim that location data never will be shared, the entire point of their system is to inform some unnamed/unknown officials of spread of infections by… location.

What about who you would expect, such as qualified scientists, using the data? Apparently Apple and Google say they will not serve community members who are in the best position to make use of pandemic data.

If you’re a virologist or epidemiologist arguing that you need data to fight the spread of infection inside your country, you’re out of luck. Apple and Google have said no.

That’s what I call clumsy.

Finally, in terms of general trust, adoption of this system needs to be really high to be effective. Some estimates are at least 70% of people (not just phone owners) have to be in the contact tracing system to make it worthwhile.

And yet they pushed a significant update to the OS without any local notice/consent (just blog posts like this one), as if the U2 crash didn’t teach them a thing.

The music suddenly appeared on 500 million iTunes accounts. Shortly after came the backlash and, with it, a story of what may have been the most expensive gaffe in Apple’s history — upwards of $100 million…

This is the sort of top-down centralized approach with no real discussion of social contract that probably makes 90% want to throw their phone in the toilet. I’m also reminded of the science lessons from free trees in Detroit.

Detroiters were refusing city-sponsored “free trees.” A researcher found out the problem: She was the first person to ask them if they wanted them.

Ironically, America is so far behind on COVID-19 science and engineering, it’s rolling out mobile phone software just as Singapore (a global leader during this pandemic response) has abandoned the same.

Singapore’s Bluetooth-based contact tracing app TraceTogether was the first of its kind, intended to log potential exposure events without violating the privacy of participants. As with all of the efforts of this nature, voluntary adoption by the public was key to success. TraceTogether struggled in this area due in no small part to technical issues that hampered the usability of phones. The government has gone back to the drawing board and come up with a new answer: a contact tracing wearable that remains offline as it logs close contacts, only making that data available when a medical professional makes a coronavirus diagnosis and requests access to the device.

The wearable does leverage Bluetooth, to be fair, but it’s a whole different model with dedicated hardware for medical professionals to access.

It didn’t have to be this way. Engineers at the largest tech firms in the world, paid the highest salaries in the world, could have started at the point Singapore has just now reached — a personal/decentralized system that works directly with medical professionals only.

Instead Apple and Google have built a thing nobody should want: a forced update in their OS to serve mostly an Apple and Google agenda that has apparently little or no accountability to them when it’s misused or even abused. Compare and contrast these two stories, for example:

Or consider that, while Apple and Google insist they aren’t writing the apps that will use their “framework”, early studies already indicate that leaves open a lot of room for abuse:

…50 apps available in the Google Play Store that have been developed specifically for COVID-19…researchers classified nearly half as informational tools, roughly a third as tracking tools, 10% as assessment tools and 8% as scientific research apps…


Apple screenshots:

Amazon Caught Selling Toxic Bottled Water

Amazon basically operates like the mob by seeking markets where regulation or justice is too weak to stop it from taking payments for unethical business practices.

It allegedly will muscle into markets as an engine of exploitation, which measures margin in the amount of harms it can get away with. Some say this is “natural” in the sense that it fits a pattern of American history:

Inequality in America was not born of the market’s invisible hand. It was not some unavoidable destiny. It was created by the hands and sustained effort of people who engineered benefits for themselves, to the detriment of everyone else.

Thus it somewhat predictably has been accused of building “successful growth” on fake and unsafe services and products that damage or kill, with no accountability to itself for the widespread harms carried by others.

Moreover, such ill-gotten profits seem intentional as they are concentrated into the hands of one man who spends a very small percentage on attempts to fix harms. Just a few examples:

  • “Amazon has a counterfeit book problem. But it isn’t really a problem for Amazon itself…”
  • “Amazon has a history of allowing media that contains dubious scientific claims on its platform…”
  • “The Amazon fraud epidemic…”
  • “Inside Amazon’s Fake Review Economy…”
  • “Amazon’s Enforcement Failures Leave Open a Back Door to Banned Goods… Sold and Shipped by Amazon Itself
  • “Amazon gives extremists and neo-Nazis banned from other platforms unprecedented access to a mainstream audience — and even promotes [dangerous and violent hate].”
  • “Amazon’s gigantic, decentralized, next-day delivery network brought chaos, exploitation, and danger to communities across America.”
  • “While the scale and severity may vary, a single theme often unites each newsworthy incident: An unsecured Amazon…”
  • “Amazon executive Joy Covey was killed [while riding her bike by a] van delivering Amazon packages….”

Here’s a deeper look into one case (pun not intended) that has been going on for a while now, where we can see flagrant violation of health for profits.

Consumer Reports in 2020 has called out Amazon’s “Starkey” brand water bottled in Idaho because it violates safe standards that limit contaminants in water.

The bottled water, sold in most Whole Foods stores and on Amazon.com, was the only brand of the 45 tested by Consumer Reports scientists between February and May of this year that exceeded 3 parts per billion (ppb)…. Last year, CR tests found Starkey Spring Water exceeded the federal level…

Amazon was the ONLY brand of 45 tested to fail the arsenic test. Many had untraceable amounts, which is great when you look at how dangerous arsenic is to human health.

Arsenic means “disaster for almost every part of the human body”

Note that the report points out it also failed last year.

And before that?

FDA told Whole Foods that tests had found levels as high as 12 ppb, which resulted in recalls of the water in 2016 and 2017… legal to sell in a bottle across the U.S., but it would be illegal if it came out of the tap…

Recalled in 2016 and 2017, failed tests in 2019 and 2020. Why is this water, which would be illegal to sell if it came from a tap, still being bottled and sold by Amazon?

Amazon explains on their Starkey information site in 2020 that trying to make this water safer would impact Amazon profits, so they’re not doing it.

Arsenic levels above 5 ppb and up to 10 ppb are present… it does contain low levels of arsenic. The standard balances the current understanding of arsenic’s possible health effects against the costs of removing arsenic from drinking water.

Possible health effects “balanced” is how they refer to not making their water safe for consumption.

Possible health effects?

Let it sink in how incredibly vague and misleading Amazon is being on a scientific topic of arsenic in order to say they won’t protect consumers from known harms. They should not be allowed to just casually blow off the harms as “possible health effects”.

Again, Amazon is the only brand of 45 to fail this test. Other brands have untraceable amounts. Nearly 50 competing brands are able to “balance” the correct way by investing in controls for their products to be safe. Why doesn’t Amazon?

Starkey clearly states in their safety report they have decided not to invest in removing arsenic to safe levels, because they believe they can get away with it.

Amazon also clearly promotes this unsafe product with “bottled in Idaho” as if that’s a helpful reference, yet does not include anywhere Idaho Department of Environmental Quality water contamination warnings:

Arsenic is a problem in some parts of Idaho.

“Some parts” is a reference to the area of Idaho (southwestern corner) where Starkey water is sourced.

Map of Idaho arsenic detected in water. Scientists put anything above green (0-5 ug/l) as unsafe. Red is the most dangerous level.

In fact, that red area that shows up on the Idaho contaminant map stands out as being worst levels in the entire US.

US map of arsenic concentrations reveals Idaho as one of the most contaminated.

In summary, Amazon is selling water from the most arsenic contaminated region of the US, putting it into harmful single-use plastic bottles, and continues to sell it despite years of public safety test failures.

Buyer beware.

Is Lyft Based on Apartheid’s “Lift System”?

When I visited Lyft HQ when it first opened, they had a large mural timeline of their origin story that went something like this:

In 2006 Logan Green went to Zimbabwe and observed a system of crowd-sourced carpool networks. He came back to America and made a copy he called Zimride (Zimbabwe Ride).

I’ll never forget being in the office (for meetings) and having staff relate this mural story to me, because they said their founder vacationed in Africa after college and marveled at the “safety” of private drivers; white parents having a method of ride-sharing their kids to school (called the “lift system” in South Africa).

The Lyft staff didn’t say the exact word apartheid, of course, because they were blandly relating Rhodesian transportation history as if it were like any other system. It was based on white families driving their children to elitist schools, but that’s not how they framed it.

Anyway this Lyft story telling of their “safe” transport system origins from Africa raised alarms for me, given context of Zimbabwean history.

I also noticed the company seems to tell a very different story to the press, claiming their founder was just an admirer of taxis.

Zimride, in fact, is not a derivation of Zimmer’s name but a riff on Zimbabwe, where Green, now CEO, had observed the local propensity for ridesharing in minivan taxis.

This press brief makes no sense at all when you think about it even a little.

First, Lyft never attempted to work with taxis in America. From the start the company was billed as a whole alternative to taxis systems, so why would they say they liked African taxis?

More to the point who comes back from a vacation to an African country with the idea for a wealthy white person alternative to taxis in America? Does that really sound like observing Zimbabwean minivan taxis?

This kind of narrative disconnect between internal and external statements was highlighted in 2017 when Lyft eventually came around to launching a private “bus” service. I mean why didn’t they start with minivan taxis if that’s what they observed?

Anyway, eleven years late, their approach didn’t escape some predictable and obvious criticisms.

The Lyft Shuttle is pretty much a glorified city bus — with fewer poor people. The ride-sharing company’s much-hyped shuttle service seems designed to segregate transit customers by class.

A privilege bus.

Second, ride-sharing in minivan taxis (even pickups beds) has been a global phenomenon of efficient transport, not a concept unique to Zimbabwean culture. There must have been something unique to Zimbabwe being the origin story, aside from minivan taxis.

I’ve traveled all over the world in the minivan/microbus/kombi taxi and similar. From Poland to Indonesia, Zimbabwe to Philippines … you can find vehicles carrying 8-12 people running regular routes. When I was at EMC in 2012 I even worked with security systems to help make Pakistan’s “pink bus” safer (women only, with women guards riding and cameras) .

This is because a modern private micro bus naturally evolved by community-led transit planners to be an optimal solution on a development path towards achieving higher-volume buses or trains (a step on the way moving people further away from cars).

Lyft doesn’t fit that model, not at all. They started with cars where drivers were “safe” as if your friend or on your “side”, pandering openly to wealthy young white professionals and kids in school. That’s the apartheid white parents car-sharing story.

Due to congestion Zimbabwe in 2020 banned the private commuter omnibuses (kombis) that Lyft originally claimed to have been based upon. The gov only allows them to operate under a regulated national United Passenger Company (Zupco) franchise.

Again, a micro bus taxi service is not even close to what Lyft initially was planning, so the more likley Zimbabwean root is the Rhodesian/South African “lift system”.

After observing the micro bus taxis on predictable routes, CEO Green did the opposite and put passengers in the front seat of small cars on unrestricted paths. It sounds more like a trip to Zimbabwe left the founder thinking “how can I setup a service so white people like me can avoid crowded public transit such as the Zimbabwean taxi bus system”.

Anyway 2013 the founder decided to rename his original creation “Lyft”, the same as the apartheid “lift system” white parents used to shuttle their racist families and avoid the black taxis. The renaming meant a complete jettison of the Zimbabwe reference as the original name was sold to Enterprise.

The African root reference only lived on with that painted mural in the office, which I only happened to see because they invited me inside and told me a wild yet inconsistent story of appropriation. They’ve since moved their HQ and evidence of the mural is surely long gone.

You might be thinking the link to apartheid’s “lift system” is uncanny, yet insufficient on its own as just a coincidental name.

Let me now also poke here at the issue of a pink “carstache” wired to the front of original Lyft vehicles.

Lyft drivers reported overheating issues and car damage from blocking the radiator.

They were explained to me as highly distinguishable “safety” marketing for ride shares. It supposedly was meant to give riders obvious physical safety signaling. And yet anyone could buy one and celebrities promoted owning them.

A person who would dare to put a big pink thing on their car (remember the “pink bus” in 2012 Pakistan?) was advertised as someone who wouldn’t be physically dangerous to Lyft’s target population (white women).

…little-known fact: The bright pink color was inspired not only by the founders’ desire to seem friendly and bold, but also to make their branding a bit less masculine than competitors, and nod to their very welcome view toward female passengers and drivers, as well as emphasis on safety for women.

“Funny” big pink facial features when you meet your driver may instead read to some as two white guys’ doing some really insensitive appropriation of imagery in black culture. Look at the top lip in this iconic anti-black image:

Lyft adapted historic anti-black imagery as their signal for white women to feel welcome and safe

And notice how even Uber tried to portray Lyft’s requirement that riders must fist-bump drivers.

What’s so weird about requiring Lyft riders to do a fist-bump?

…the pound is “a gesture of solidarity and comradeship… also used in a celebratory sense and sometimes as a nuanced greeting among intimates and/or those with a shared social history”. They trace that history in mainstream black culture to the Sixties, when African-American soldiers fighting in Vietnam used the dap… fists meet vertically, one above the other.

I wonder if Lyft had anyone black in executive management on board with the big pink mustache/lip and forced fist-bump concepts. I found their 2018 diversity report illuminating, given they were on a massive hiring spree doubling the size of the company and yet had 0% black staff in technical leadership.

Speaking of which, did you know a whopping “75% of white Americans have no friends of color at all.”

Even worse, as you might guess from a company started by a white college grad unwittingly claiming inspiration from apartheid who partnered with a Wall Street banker, Lyft has been widely implicated in systemic victimization of women.

A single SF driver repeatedly attacked women over five years before police managed to track him down. That’s just one of literally thousands of their unsafe ride-share cases highlighted by 20 women suing the company.

“Lyft has been aware of the staggering number of assaults and rapes that occur in their vehicles for years. They continue to conceal those numbers from the public and Lyft customers,” Bomberger said in a statement. “That is not a commitment to safety. It is a commitment to profits.”

Obviously Lyft has totally obliterated their origin story now. You won’t find them speaking of Africa or the white woman “safety” angle in the same way. They now downplay the big pink face features, quit the fist-bump, and strut about like ride-sharing was just something they invented while bored and traveling around California.

It may be important to revisit the whole origin story again, however, as researchers have been looking more deeply at the decision algorithms and continue to reveal racism in ride-sharing platforms.

…fares tended to be higher for drop-offs in Chicago neighborhoods with high non-white populations…an earlier report published in October 2016 by the National Bureau of Economic Research that found in the cities of Boston and Seattle male riders with African American names were 3 times more likely to have rides canceled and wait as much as 35% longer for rides.

Confederate Names Erase History: Removing Them is a Restoration Project

Confederate memorials in prominent areas are a form of domestic terror tactics, like racist graffiti denigrating the American landscape.

They are akin to someone putting up a statue of Timothy McVeigh and Terry Nichols, or naming the streets after them, right in front of the Alfred P. Murrah Federal Building in Oklahoma City.

Who would do such a thing?

McVeigh and Nichols would. Does that mean they should be allowed to do it, or that people should avoid removing some monument to terrorism put up by the terrorists or their descendants? No. We would take them down.

What would their statues be for?

We have to ask the simple question whether the statues represent the worst of people. In other words are they known for horrible things primarily and is that the purpose of the statue?

Have you ever heard of McVeigh except as a result of his terrorism?

More to the point did General Bragg ever do anything worth celebrating in his career or was he only the guy hated by everyone, known to even shoot his own soldiers in the back during his failed attempts to expand his love of slavery?

General Bragg was considered the worst strategist in Civil War, if not the worst human being. Brutal slaveholder, miserable to his own troops and hated by all. Nobody is really willing to explain why his name ended up on a US Army base.

And why should everyone care about these issues? Banksy explains:

At first I thought I should just shut up and listen to black people about this issue. But why would I do that? It’s not their problem. It’s mine. People of colour are being failed by the system. The white system. Like a broken pipe flooding the apartment of the people living downstairs. This faulty system is making their life a misery, but it’s not their job to fix it. They can’t – no-one will let them in the apartment upstairs. This is a white problem. And if white people don’t fix it, someone will have to come upstairs and kick the door in.

Confederate celebration and monuments are a rare case of the losers trying to re-write history. They were put up to terrorize Americans in their daily routines.

Leaving them up gives the false impression that white supremacists did not lose their war of aggression against America and allows white power groups to falsely claim their cause of terrorism is validated.

Here’s what you need to know about tearing down prominent Confederate names, statues, memorials and the like:

  • Statues were being pulled down when Confederate ones suddenly went up to replace them the 1900s. Any statue that “looked too Union” was torn down and buried by people pushing the anti-American Confederate narrative.
  • Dedications of the Confederate statues included speeches that celebrated physical attacks that terrorized black women. Here’s a typical one from a statue raised in 1913:

    100 yards from where we stand, less than 90 days perhaps after my return from Appomattox, I horse-whipped a negro wench, until her skirts hung in shreds, because upon the streets of this quiet village she had publicly insulted and maligned a Southern lady.

    Is there really any debate necessary who put these statues up and why, given this is how they were presented in the dedication speech? Do not forget that this kind of violence is an encoded signal for state sanctioned rape of black women by white men, the “economy” of forced birth that America used to domestically generate its four million slaves in the 1800s. Support for that complete madness is the revision to history that these statues are meant to convey — as if white men physically attacking black women is something America is meant to commemorate.

  • Not only did the people putting up Confederate statues tear down ones at the same time, huge memorials also were targeted by them. The leader of the Union army (President Grant) has been systemically denigrated, defaced, defunded and his reputation falsely tarnished with lies by those trying to erase him from history (as revenge, because he not only defeated slaveholders on the battle field, he initiated the Civil Rights movement in American politics).

The push to raise Confederate monuments was an orchestrated effort to erase history and then rewrite it with a loser’s narrative. It perpetuates Civil War and terrorizes Americans in plain sight.

General Lee pleaded with his followers to never raise a memorial to him or his cause of slavery, yet white supremacist groups have ignored his exact orders and disrespectfully done the opposite.

On the 4th of September 1869 Lee declared there should be no monuments to him because Americans should commit to oblivion the feelings of his slaveholder rebellion.

Taking down public Confederate celebrations and signals is a restoration project.

Again Banksy explains:

Here’s an idea that caters for both those who miss the Colston statue and those who don’t. We drag him out the water, put him back on the plinth, tie cable round his neck and commission some life size bronze statues of protestors in the act of pulling him down. Everyone happy. A famous day commemorated.

America should commemorate the act of ending slavery, but also celebrate the act of ending any celebration of slavery. Either rename things with American heroes or modify the name to include context of their defeat by heroes.

Stop the erasure of American history from Confederate graffiti trying to cover up real narratives with racist and false ones. No more context-free commemorations allowed of the failed slaveholder rebellion.

And anyone who openly disagrees with taking down Confederate signals should be drafted into a minimum of two weeks service cleaning and restoring Grant’s tomb.

If you don’t recognize this as easily as the Statue of Liberty or Lincoln’s Memorial, that’s because some Americans have waged a campaign to erase Grant’s Tomb. (1901 Photo by: Universal History Archive/Universal Images Group via Getty Images)

Remember at the start when I asked “Who would do such a thing?”

I’m talking now specifically about the shocking 75% of white women in America who say they want to keep the ugly Confederate statues.

These white women prove the point made by James Baldwin:

New laws, gestures of sympathy, and acts of racial charity would never suffice to change the course of the country. Something more radical had to be done; a different history had to be told.

Baldwin was saying the real history of America has to be told, which means restoring it from those who have been trying to disgrace and erase it with their Confederate statues.

Ask yourself would you remove Nazi graffiti from a Synagogue, would you remove Nazi graffiti from a US Army base… these answers should be yes, just like they should be yes for tearing down Confederate statues polluting the landscape.

The History Behind Curtis Mayfield’s “Move On Up”

There’s a line “do not obey” within the famous Curtis Mayfield song “Move On Up”.

Take nothing less than the supreme best
Do not obey for most people say
’cause you can past the test
So what we have to do is
move on up and keep on wishing
Remember your dream is your only scheme
so keep on pushing

What might “do not obey” refer to?

To start, let’s look all the way back at Woodrow Wilson’s racist “America First” campaign of 1916, which manifested in years of organized white mobs committing widespread violence and terrorizing black neighborhoods.

Historians, for example, might point to the NYC 1917 Silent Parade meant to protest that in America “black skin was death warrant”, or the Chicago 1919 massacre that was part of a “Red Summer” of white supremacist terrorist acts.

This frightful condition continued such that by 1921 all of Tulsa’s black neighborhoods and “Wall Street” were burned to the ground, pushing black families into mass graves, and building a KKK convention hall on top of the ruins…and all of this still is rarely if ever taught in schools.

Blocked from upward mobility by violent white supremacist mobs, with police offering no help, community protection groups emerged along ethnic lines. In other words, “gangs” were started as a way to enable peace enough to prosper, by defending American communities against organized white supremacist domestic terrorism.

Although some black gangs likely formed to counter the aggressive white youth, the unorganized black youth were no match for the well-organized, all-white gangs that were centered in their athletic clubs.

Wherever white oppression tactics were found, and police failed in their duties, a gang was likely formed to defend against injustices and thus enable a degree of protection to help enable gains in health, wealth and prosperity.

Catholic (Polish, Irish, German, Italian), Chinese, Jewish and black gangs were established. These gangs depended on fund-raising and community support events.

A story from Milwaukee, for example, comes from a fund-raising event on a huge boat in Lake Michigan. A violent storm caused a collision that sank the boat, decimating that community by drowning leaders of the “Irish Union Guard” abolitionist militia. So many leaders of that community died it has been said a balance of city political power abruptly shifted towards a German militia.

Another story, this time from Minneapolis, is how Jewish gangsters violently attacked any German “Silver Shirt” militia (Nazi) rally, calling it a “patriotic duty as Americans” to shut-down pro-Hitler influence operations.

Berman learned that Silver Shirts were mounting a rally at a nearby Elks’ Lodge. When the Nazi leader called for all the “Jew bastards” in the city to be expelled, or worse, Berman and his associates burst in to the room and started cracking heads. After ten minutes, they had emptied the hall. His suit covered in blood, Berman took the microphone and announced, “This is a warning. Anybody who says anything against Jews gets the same treatment. Only next time it will be worse.” After Berman broke up two more rallies, there were no more public Silver Shirt meetings in Minneapolis.

Totally defeated on the streets the Silver Shirt members then became the Minneapolis Police Department (MPD) to gain an unfair advantage over their targets, but that’s a blog post for another day.

Gangs typically dissipated as they become assimilated by mainstream opportunities (upward mobility) in America (even a catholic president was elected). However America has such high levels of continued oppression of blacks (1950s White House urban renewal was encoded race warfare) it is no wonder black gangs have lingered.

See the film “Rubble Kings” for an excellent look at the socio-economics of how and why New York gangs were formed in the 1960s and what helped them dissipate in the Bronx. Hint: upward mobility through opportunities in music and art, the foundations of today’s rap and hip-hop markets.

With that in mind, let’s look at what Mayfield may have been writing about in his lyrics. The year was 1970 when he released his debut album Curtis, and also when one of the Chicago gangs (Blackstone Rangers) tried to pressure Mayfield to fund them.

He did not obey. Instead he offered them a concert and used his platform to drive a “move on up” message.

He was pushing hope for equality and justice of assimilation that other the races in America were allowed to achieve, leaving behind the need for paying for gang protection from the systemic violence of white power groups.

The Atlantic has described the situation as “no other society in human history has imprisoned so many of its own citizens.”

To make an even finer point on the social power of this song, by 1975 a popular TV show about black “nouveau-riche” prosperity in America, called The Jeffersons, created a theme song called “Movin’ On Up“.

CHANGEMAKERS: Data Ethics and How to Save the Web

Honored to be a part of the Inrupt mission as profiled by Andrew Sears on All Tech is Human (ATIH) CHANGEMAKERS. Here’s a full text version of my interview:

Davi Ottenheimer is the Vice President of Trust and Digital Ethics at Inrupt, a company striving to restore the power of balance on the web through data decentralization technology. For over 25 years, he has worked to apply security models to preserve human rights and freedoms. He is the co-author of Securing the Virtual Environment: How to Defend the Enterprise Against Attack (2012) and the author of The Realities of Securing Big Data, which is due to release this year. Davi spoke with ATIH about where the web went wrong and how decentralization technology can get things back on track.

ATIH: Tell us about your journey to your present role at Inrupt. How did you first become interested in digital ethics work?

My interest in digital ethics goes back to at least sometime in the early 1980s. The 414s seemed to me a foreshadowing of where the world was headed, at least in terms of society defining shades of lawful and unlawful data access. Their story felt very normal, not at all exceptional, because at that time it was similar to what I was experiencing in school and it was on the cover of big publications like Newsweek.

My family also exposed me very early to authorization concepts in both digital and analog tech. I basically grew up seeing computers as a natural next step like a tractor replaces the ox; no one really would want to be without one. That gave me a fluid understanding of ethics across a wide technology spectrum. For example as a child in very rural Kansas we had only a shared “party line” for telephone; my parents would of course tell me it was wrong to listen to our neighbors’ calls. I was fascinated by it all and by the time I was in college studying philosophy I was running my own copper from taps on building wires to connect dorm rooms, shifting underutilized resources to community service by taking over computer labs and all kinds of typical mischief. At the same time I was playfully exploring, I also ended up helping investigate or clean up some clever abuses of the lines by others (e.g. toll fraud, illegal reselling).

More to the point in college I always tried to turn in digital versions of assignments including a hypercard stack (precursor to websites) on ethics of linguistic regulation of Internet hate speech. That felt more exceptional, substantially entering digital ethics, because my teachers sometimes bristled at being handed a floppy instead of the usual paper. I was deep in a world at this time many professors had access to yet barely seen. I still figured at that point since I could dive into it anyone could and soon would. It was around 1990 that I excitedly showed a political science professor a 30 second video clip that I had spent 12 hours downloading and reconstituting. I had been studying information warfare and told him dissemination and manipulation was entering a whole new domain with Internet video… he told me “just do your damn homework” (some typical assignment on Middle East peace options) and walked away shaking his head. I felt at that moment I wasn’t giving up or going back, digital ethics had become my thing.

After college I applied to do political research at LSE and they countered with an offer in the history course. I accepted and explored far more historic cases of ethics in intervention (information warfare by Orde Wingate, and power dynamics in taking over large scale systems while not really owning them — 1940 British invasion of Ethiopia). My history advisor was truly amazing. He encouraged me to go professional with technology work and even told me it wouldn’t be a bad idea to pursue as a career.

It was great advice and I went straight into working for a DEC reseller in California pushing decentralization with PCs and TCP/IP. Getting paid to take hardware and software completely apart to fix it was like heaven for me. From those first phases of interest we can fast forward through twenty-five years of hands-on security within many industries around the world of all sizes and shapes. My journey has always been about convincing people from field to board-level that unsafe technology alters power dynamics, and that we protect liberties by bringing safety principles into engineering as well as policy.

A few years ago a very small database company reached out for help fixing their widely publicized product security flaws. Literally millions of people were being harmed, and they told me they weren’t finding people willing or able to help. I agreed to jump into it on the condition they let me drive end-to-end encryption at the field-level into their product as a feature, while I also cleaned up management practices. It was after we released that end-to-end field-level encryption feature, and after I guided them through IPO and massive growth to a much safer and more proper course including external oversight, that Bruce Schneier strongly suggested I consider the new Inrupt mission to bring Solid to life. I was thrilled to be given the opportunity to join such an important and challenging role.

ATIH: Inrupt is advancing the development of Solid, an open source platform designed to remake the web. What’s wrong with the web that we have today?

Solid presents a powerful yet very simple concept to remake the web: your data lives in a Pod controlled by you. Any data generated by you or your things (e.g. watch, TV, car, computer, phone, thermometer, thermostat) goes to your Pod. You then control access at a meaningful level, where consent has real power. I call it the need for an off button and a reset button for big data. Don’t want your data used anymore by who knows who? You have that choice. Want to be the authoritative source on data about you? Also your choice. If your doctor wants to look at your fitness tracker data, you grant that. When a family wants to share moments in photos, they grant that. Want your machines to talk with each other, not the manufacturer, and only at certain times? Up to you, through your Pod controls.

We expect this to evolve with completely distributed models, although sounding idealistic, because they are necessary and thus not out of the question. At the same time, efficiencies of scale and basic economics tell us many people will have Pod service providers instead of going with homegrown or localized varieties. As a long-time self-repair and build-your-own-kernel linux advocate I see no conflict innovating towards both off-grid piece-meal installations, as well as abstract and monolithic cloud services. You win because you have a lot more flexibility in a world where you seamlessly can flow between different worlds of control that suit you.

Sir Tim Berners-Lee calls the Solid project of decentralization being pro-human, as opposed to what he calls the current anti-human web platforms. For me perhaps the best way to explain the current problem with the web might be aggressive centralization, which historians used to say about the neo-absolutist surveillance state of 1850s Austria. I find it useful to reference history events to explain socio-economics that we see today with Google.

Another aspect of the problem, which I have been giving presentations about recently, is how our “digital bodies” owned by large proprietary platforms becomes a form of human trafficking.

Unfortunately 1850s American slave plantations seem to be an appropriate history reference as well. It actually explains Facebook data management and expansionist habits. I don’t say this lightly, especially as Memorial Day was created in 1868 specifically to honor those who made the ultimate sacrifice to win the war that was supposed to end slavery in America.

In my presentations on big data security, for example, I literally ask people to consider how the cotton gin was invented by a woman to end slavery, yet instead it led to state sanctioned rape of American women and forced births to rapidly expand human trafficking. That’s not the kind of history anyone really hears in school, and those are the actual facts. The web was invented to bring freedom, to end our digital selves being locked away, yet it has led to state sanctioned collection methods with vastly expanded proprietary control over almost our entire lives.

ATIH: How did these problems with the web come about?

That’s a great question. There has been massive pressure for data centralization from so many camps that have failed, it’s almost a wonder at all that some succeeded in cornering the web. I’d like to think the problems are the exception (e.g. like nationalization of the telephone under President Woodrow Wilson, or invasive inspection and destruction of U.S. mail under President Andrew Jackson) and we’re course-correcting to get back on track.

Cable television and AOL dial-up services both, believe it or not, were considered threats at some point to the success of a decentralized web. Microsoft too, although it obviously found itself in US government regulatory trouble when it aggressively tried to center the web around its browser and operating system. Some might point to RFC2109 but I find the socio-economics to be more important than this technical specification that helped build statefulness.

Perhaps the real turning point that set back decentralization came soon after the web was being panned as just a fad that would never rebound after the dot-com disaster. We witnessed in a time of crisis the giant transfer from small businesses to conglomerates, which might feel familiar to economists looking at today’s pandemic.

The optimism of the hugely diverse commercialization efforts by startups, which in a large part led to the crash, generated a kind of popular herd momentum that was picked up by the few dominant remaining technology firms. They in fact roared out of the dot-com crash with far more influence, far more human connectivity, and the market rewarded a kind of fast monopolistic growth as it escaped financial downturn. The web’s standardization and ease of use, once transformation to it was popular, made it a perfect vehicle for massive-scale growth.

The next market crash, from the mortgage crisis, then served as another accelerator on the trend for centralization coupled with more powerful devices becoming less expensive and default connected to the standards-based web. The technology sector became seen as a stable financial engine and attracted business innovators who believed user generated content had the best potential value and they set out to build systems that flipped the web on its head; would keep users connected by making it difficult to exit.

What’s notable about this history is the financial conditions and technological shifts that may never again materialize in quite the same way. That’s why I see dangerous centralization as a form of regression, an error that requires applied humanitarian correction. It’s like firing a CISO who steals, or countering the rise of extremist anti-science cults that typically form in response to recent scientific breakthroughs. I don’t believe in an inherent centralization need, or natural monopoly, in this context. In fact I see more the opposite, that we should think about Facebook in terms of why abolition of slavery never should even have been a debate. Had there not been the stress effects that led to over-centralization as a form of wealth preservation (arguably an incorrect response fueled by other unfortunate market conditions) the web could have continued to evolve in the more naturally pro-human model.

ATIH: Inrupt’s Co-Founder, Sir Tim Berners-Lee, calls Solid a project “to restore the power and agency of individuals on the web.” How does Solid accomplish this?

Giving users consent controls over their data, making the technology that represents a human to be actually human-centric, is the path forward. The Pod is a representation of one’s self that should be liberating, and is manifestly difficult to do without Solid. Many people now seem to agree we can and need to fundamentally alter the balance of power, whether they call it Solid or something else. Given that everywhere you are something is a computer generating data that represents you, taking control of your digital body has become essential.

In terms of projects at massive scale I’ve lived through early days on multiple data sharing standard initiatives (DICOM, TCP/IP, HTTP, HTML, KMIP) and worked deep inside the security teams for the biggest data platform companies (EMC, Yahoo, ArcSight, etc) so much of the scope and ambition feels familiar. I mean when you really think about it, the Solid protocol could be even bigger and more exciting, like a 1968 Carterfone moment or even 1862 Emancipation Proclamation, in terms of how small decisions restore power to individuals at massive scale.

The market either will keep building costly bilateral bridges and proprietary hubs people are trapped on, like we’re seeing with Apple and Google attempts at a COVID-19 alerting API. Or standard languages and protocols will emerge to lower barriers to human-centric innovation and expand the web again by decentralizing it and shifting to Solid. If it’s the latter we’ll see a boom in more generalized global prosperity. Trust is an essential step towards making it all work, just like always, yet user security awareness levels are so much higher than I’ve ever seen before. Doing things the right way for humans to preserve their agency, to help everyone avoid becoming victims of digital trafficking, brings up all kinds of granular authorization discussions. We are quite literally reimagining technology in ways that the Solid protocols will better augment and protect positive human conditions, complex communities, cultures and all.

ATIH: What does your role as VP of Trust and Digital Ethics look like day-to-day?

I get up and wonder if I can configure my toothbrush to start streaming its data to my Pod. Pour a cup of tea and think about a digital assistant reading data in my Pod to know exactly what leaf and temperature “Earl Grey, Hot” means, and how accurate automated speech recognition would become when designed from the start to be highly localized on Pod data and trained for my particular accent within my community or even my family.

But seriously, every day is running a gamut of working on trust concepts for the specification and protocols being designed, including security for the related products being engineered and the services offered to support both at a global production-ready scale.

People are coming to us with very real problems to solve across every sector and industry. It’s a great feeling to be helping them, working with such a passionate team that carries a real vision of a better future. Lately there has been a lot of discussion with both large and small organizations that have similar values and find Solid and Inrupt deliver a valuable piece in their own human-centered technology development projects.

Almost every day I am reminded of the important lessons and legacy of John James Ingalls such as his application of “ad astra, per aspera”, roughly translated as purposefully shooting for the stars, which became the Kansas state motto in 1861.

Bletchley Park Codebreaker Obituary: Ann Mitchell

The death of Ann Mitchell, aged 97, was just announced in Edinburgh.

One of only 5 women accepted to read mathematics at Oxford in 1940, she finished her degree a year early and went on to play a key role in Hut 6 “Machine Room” at Bletchley Park.

Hut 6 dealt with the high priority German army and air force codes, most important of which was the “Red” code of the Luftwaffe. They wrote out some of the jumbled nonsense which had been received and underneath wrote a “crib” of the probable German text. Ann’s key role was the next step in breaking the code, composing a menu that showed links between the letters in the text received and the crib, with the more compact the menu, the better. As every code for every unit of the German forces was changed at midnight, each day the work began all over again to identify clues to the new day’s codes. It was an intense intellectual process, working against the clock, and the urgency provided a constant challenge. Ann and her colleagues in Hut 6, most of whom had degrees in economics, law or maths, worked around the clock in shifts, with one free day each week. As the war came to a close, the number of messages declined until there were no more. “I did go up to London for VE Day on 8 May 1945 but I remember very little about the celebrations,” she said. The codebreakers returned to normal life and, having signed the Official Secrets Act and sworn not to divulge any information about her work, Ann never told anyone, not even her husband, about her wartime role.

She led a life of great service delivered quietly — her groundbreaking WWII work in mathematics was not officially recognized until 2009.

Women, whose stories have been told far less widely than the men they worked with, reportedly made up three-quarters of the workforce at Bletchley Park.

Whatever the reason for the remarkable women codebreakers to be rarely mentioned while their male colleagues were profiled, historians lately have been trying to update and correct the message.

Food for thought when you consider the origins of cyber security had such a high percentage of women, and yet in the latest surveys “women accounted for 10% of the cybersecurity workforce in the Asia-Pacific region, 9% in Africa, 8% in Latin America, 7% in Europe and 5% in the Middle East.”

Like many veterans after the war Ann contributed to other areas. She researched social impacts of divorce and made significant contributions to Scots family law, “which ensured that the needs of children were properly taken into account in a divorce settlement”.

The BBC also has details of her life.

NRA Supports Governor’s Capitol Building Gun Ban

I’ve read so many articles about the gun-toting American protesters entering a state capitol building that I’ve lost track of the number. It’s a hot news item for sure. What to do?

However, only very rarely have I seen any mention that the NRA position on this issue has been to ban guns. They backed Governor Ronald Reagan when he said it was a necessary law.

The display so frightened politicians—including California governor Ronald Reagan—that it helped to pass the Mulford Act, a state bill prohibiting the open carry of loaded firearms, along with an addendum prohibiting loaded firearms in the state Capitol. The 1967 bill took California down the path to having some of the strictest gun laws in America and helped jumpstart a surge of national gun control restrictions.

To be fair, Ronald Reagan was a bit of a racist exaggerator, so here’s the Snopes perspective on his rush to ban guns.

“The Black Panthers had invaded the legislative chambers in the Capitol with loaded shotguns and held these gentlemen under the muzzles of those guns for a couple of hours. Immediately after they left, Don Mulford introduced a bill to make it unlawful to bring a loaded gun into the Capitol Building. That’s the bill I signed. It was hardly restrictive gun control.”

[This recount by Ronald Reagan] wasn’t true, however, that the Black Panthers had held legislators “under the muzzles of guns” for hours. They were disarmed by the capitol police soon after entering the building, and, according to most contemporaneous accounts (including that of the Associated Press) were escorted out of the chambers 30 minutes later.

Source: Sacramento Bee

Of course the NRA we know today, as I’ve written elsewhere, remains very much the same organization with the same values as this period in time when it pushed for a ban on guns.

the poetry of information security