The area around Polk Street in San Francisco has experienced a high level of bicycle accidents. It has been ranked in the top five most dangerous streets. I can support this both quantitatively and qualitatively. Through nearly three decades of commuting by bicycle in the Twin Cities, London, Los Angeles and San Francisco the only place I have been hit by cars (twice!) is San Francisco.

In fact, in 1993 for more than six months day-or-night, rain-or-shine I rode 20 miles every day in central London and never once had impact with vehicles. (Other risks were higher: I was stopped and detained by anti-terror police once and I eventually was forced to reduce my daily ride time after a GP diagnosed me with serious respiratory damage from diesel-sulfur pollution).

Naturally the San Francisco Bicycle Coalition is looking at the same data. They work on traffic flow changes with urban planners to encourage cycling and reduce harm spots. This means increasing of non-motorist traffic, supporting higher-density of consumers and increasing sales for local businesses.

Studies have proven that an increase in safety for cyclists creates so much more non-motorized traffic that flow calculations have to be adjusted. Urban planners in London used to assume non-motorized traffic would equate to a quarter of a space used by motorized vehicles. It turns out to be much higher. This is an amazing development when you consider the potential density of bicycles and how much space is wasted by automobiles.

Separate Transport for London figures already show that cyclists now make 570,000 trips in London every day compared with 290,000 trips in 2001.

Blackfriars, Waterloo and London bridges are all now among the top 10 busiest cycle streets in London. On all of these, cyclists make up 42 per cent of traffic and 15 per cent of people – though they take up just 12 per cent of road space.

Almost 9,300 riders – 11 a minute – cross London Bridge a day.

Why aren’t more people cycling, given the obvious advantages? Turns out that even as bicycling is soaring it has been held back by safety concerns linked directly to automobile-centric thinking.

The inquiry heard that more than 42 per cent of Britons own a bicycle, but only 2 per cent of journeys in the UK are made by bike.

Many people who would like to cycle do not feel safe enough, and the inquiry heard that all road projects and urban development must include high-quality cycle lanes as part of the planning process.

In 1904 20% of traffic in London was by bicycle. It’s now planning to return to that level again because of increased value it brings across the board to a city (healthier citizens, cleaner air, higher density, lower infrastructure cost, more resilient to disasters, etc.) Look at how safety factors into their mayoral plan — a plan to reduce threat and harm from automobiles:

1. A Tube network for the bike. London will have a network of direct, joined-up cycle tracks, with many running in parallel with key Underground, rail and bus routes
2. Safer streets for the bike. Spending on the junction review will be significantly increased and substantial improvements to the worst junctions will be prioritised. With government help, a range of radical measures will improve the safety of cyclists around large vehicles
3. More people travelling by bike. We will ‘normalise’ cycling, making it something anyone feels comfortable doing
4. Better places for everyone. The new bike routes are a step towards the Mayor’s vision of a ‘village in the city’, with more trees, more space for pedestrians and less traffic

Let’s look at what higher density of more consistent-speed traffic really means.

In terms of commercial return, ask any shop owner or real-estate agent if they would rather see 1 customer enter their sales funnel or 10X customers. Instead of a single person taking up a giant parking space, or a full lane, we see the potential for 10X traffic for less cost. We also know that street-level advertisements (signs and store-fronts) are more effective on pedestrians and cyclists. That’s the kind of low-impact scalability model any modern urban space should be rushing towards. You’d expect retailers to be leading the charge.

Despite these facts, many American businesses seem to be up in arms instead. Lose a parking space? Never. Look at the data? Impossible.

Believe it or not, some Americans consider pedestrian harm collateral damage acceptable in their automobile-centric life. And if the subtext to that culture isn’t obvious enough, it’s based in racism cloaked in the “privilege” of wealth to afford a vehicle. When non-whites are disadvantaged systemically into remaining below a line of poverty, whites use concepts like property owner (car, house) to declare themselves “better” and more deserving of rights. Indeed, there are huge fines and felony charges for a car that damages property yet often none at all for killing a human.

A resistance to progress, despite obvious gains in traffic and better living conditions, comes from those who argue every parking spot translates to direct positive impact to the value of their property. The same group also seem to believe everyone can win a dead-end race to own the biggest vehicle on the road to stay safe and that pollution is a necessary evil within wealth accumulation.

It turns out that more carefully planned parking spaces, and even reduced motorized traffic flow, has an increased value to property investments. This is the converse of what car parking extremist believe. Of course common sense proves this. Suburbs, with the highest percentage of parking, struggle to hold value while urban spaces attract more people than ever despite a lack of car parking.

Consider also that the rate of driving is declining as people realize an American model of excessive automobile ownership (e.g. being stranded without a car) is the opposite of true quality-of-life values. Transportation options that make spaces clean and quiet with lower barrier to entry are where people are wisely spending money now (see “Young People Aren’t Buying Cars” and “Young Americans Lead Trend to Less Driving“)

So I just noticed that Boston news is facing a similar debate as in SF.

“There seems to be a knee-jerk reaction to the eliminated parking wherever something like this is proposed.” said Pete Stidman, executive director of the Boston Cyclists Union. “We think if it was fixed up and made safer, you’d see an even huger increase in cycling there.”

Hayes Morrison, Somerville’s director of Transportation & Infrastructure, said the city has reviewed the street with two parking studies, finding that there is ample parking available, and would continue to be after the reconstruction and loss of spaces.

Think about why a Boston or San Francisco is far more desirable to live in than a Los Angeles. It is like asking why people prefer to live near green spaces, parks and bicycle lanes instead of dangerous and polluted petroleum gulches like Polk St.

Trust me, I commuted by bicycle in Los Angeles in 1995 after I left London. It was nearly impossible. Bike lanes literally dead-ended at freeways with no options. I spent hours trying to map out routes that someone could actually ride and not be stranded by planners who ignored non-motorized traffic.

Bottom line is that areas of a city that have safe bicycle traffic will be the areas of density and prosperity growth. Cleaner, quieter…fewer cars, less parking, yet more people means better living. By comparison, neighborhoods that emphasize car parking are higher-risk, less desirable, less able to sustain heavy traffic and will lose value. Wasted space makes commerce more expensive with less return.

Until Polk street allows reasonable pathways for non-motorized traffic we all should avoid spending money in that area. Take your business elsewhere (e.g. Mission, Haight, FiDi), places that are working to maximize quality of life, reduce injury, and let us breathe easier. It’s time to support areas invested in sustainable value. Stop protecting dead spaces for empty cars.

Robert Samuelson wrote in the Washington Post “If I could, I would repeal the Internet”

He’s kidding, right? This is some kind of funny snarky sarcastic opinion piece meant to ridicule FUDslingers, right? It is supposed to make us conscious of the dangers of isolationists, right? Doesn’t seem like it.

He mentions several past threats that were “hyped” and it even seems like he believes Mandiant’s marketing engine. Uh-oh.

…the Internet creates new avenues for conflict and mayhem. Until now, the motives for hacking — aside from political activists determined to make some point — have mostly involved larceny and business espionage. Among criminals, “the Internet is seen as the easiest, fastest way to make money,” says Richard Bejtlich, chief security officer for Mandiant, a cybersecurity firm. Recently, federal prosecutors alleged that a gang of cyberthieves had stolen $45 million by hacking into databases of prepaid debit cards and then draining cash from ATMs.

Anyone who has been reading this blog (hi mom!) knows I can be somewhat opposed to the messaging of Mandiant and Bejtlich. I believe they relentlessly magnify threats into bogeymen of unbelievable proportions while at the same time oversimplifying them. Even worse, they peddle secrecy and fight against transparency in our industry.

Samuelson’s theory is possibly the fruit of their labor; an economist is scared of the Internet and banging a drum about risk in a major newspaper; a frightened result of Mandiant marketing. He doesn’t explain trends in financial theft online; just repeats the old line that attackers get progressively more dangerous and so right now, this very instant, they are more dangerous than ever.

Look at what he says about “‘infrastructure’ systems (electricity grids and the like)”, for example.

In the mid-1980s, most of these systems were self-contained. They relied on dedicated phone lines and private communications networks. They were hard to infiltrate.

That’s quite an exaggeration and misrepresents the industry. Dedicated lines and private networks in many cases made containment a nightmare — easy to infiltrate. Do you have any idea how difficult it was to search for analog lines to ensure no back-doors existed? By the 1990s countless nights were spent wandering halls and fiddling with toneloc scripts because we were in a race with attackers to hit a dial tone that *shouldn’t* be there. Containment failures wasn’t a new concept in the 1990s; phreaking for access was at least 20 years old by then and certainly a problem in the mid 1980s.

Remember the 414 Gang in 1983?

Pranksters disrupt a hospital, and nobody is laughing

Here’s a clue from 1983 that should really illustrate how “self-contained” systems were:

The flurry of recent, highly publicized incidents involving young systems hackers accessing government and commercial data bases has refocused attention on a variety of proposed and recently enacted computer crime laws, both state and federal.

Testimony of both victim and attacker in front of US Congress emphasized just how easy it was to infiltrate.

[Jimmy McClary, from the Los Alamos lab’s operational security and safeguards division] and Mr. Patrick [one of the Milwaukee teen-agers who broke into dozens of large computer systems] said that because someone using a home computer could enter another computer just by dialing the wrong number, the law should differentiate between those who enter computer systems without malicious intent and those who deliberately attempt to alter or damage a system.

The fact is businesses are always clamoring to share information and they often install all kinds of rogue technology. Containment is violated as soon as the ability exists, which predates the 1980s. If anyone thinks executives are neatly standing in rows and following orders of their computer managers then they haven’t done an assessment of containment in their life.

In other words take a quick look at real news from the mid-1980s. A similar situation of scaremongering and fear was bubbling up in America. It is dangerous to forget that we’ve seen these political machinations before. The movie Wargames released in 1983. The intel/mil community (e.g. 1980s equivalent of Bejtlich) was warning back then that they should be allowed to take control of the Internet away from civilians to protect us from harm.

As I presented to Bejtlich and others in 2011, electricity grids and the like have been proven easy to infiltrate for many, many years and this is not any reason to freak out. Bejtlich’s response, a tweet during my presentation, was that I don’t understand “sophistication” of attackers, and that I haven’t seen what he has seen.

My problem with this logic is that Einstein told us “If you can’t explain it simply, you don’t understand it well enough”. So if Bejtlich wants to argue that he isn’t able to explain it simply and he doesn’t want to share the data…well, that’s good entertainment material for security horror films but it doesn’t actually make it real. Does it?

During the mid 1990s it was obvious to auditors that infrastructure could be infiltrated. A big difference back then was that the energy industry thought they could dissuade anyone from trying. On one engagement alone for a multi-state bulk energy distribution company I looked at thousands and thousands of routers on the Internet all managed with clear-text authentication and no integrity monitoring. This seemed like the logical progression from the analog/modem risks earlier and, as usual, our ability to fix it was hampered by economics. To make a finer point the network admin running systems was begging for help from external assessors. He couldn’t convince management to budget for better security controls.

We did our best to raise infiltration issues. Upper management reminded us we were just a portion of a larger “financial” risk model and strict laws for prosecution were sufficient disincentive. In other words we were working under a US gov position that since financial backers ran the energy business, if financiers were willing to accept risk then the gov would too. As I remember it, the financiers (e.g. banks) responded they were confident that systems were not connected to the Internet…. Yet there we were looking at evidence to the contrary. We ran into a dead-end because of politics and economics, not any real failure of technology.

This is a frequent issue in defense. You find gaps and then have to set about convincing people to make change in terms that are mired in human decision. I easily could end up on the same side as Mandiant in many ways. Of course I want fewer holes, tighter controls, etc. to improve the state of technical defense capabilities. However, I pull away from them when I see how they want to change opinions with a “sky fall” marketing push, especially when coupled with secrecy and lack of accountability. Crying wolf can have dire consequences for our industry.

Information technology isn’t the only place this happens. Let me try to put things in terms of another historic event. President Eisenhower, born in Kansas, had an ambitious plan in the mid 1950s to connect the US with a system of high-speed roads called the Interstate. You might think his home state of Kansas would be his biggest supporter. It wasn’t.

I grew up not far from a town in Kansas that was a few hills from where Eisenhower grew up. This town objected to the Interstate coming near. They had fears very similar to what I see in Robert Samuelson’s post about the Internet infrastructure. Highways were not thought of as a breakthrough but rather a means for unwanted outsiders to reach them, to reduce their happy containment.

Avoiding access to the Interstate sounds insane today, right? The Interstate has become the economic engine of towns in rural and urban America. It is the link to the world that helps economies thrive by delivering people and supplies. An economist surely can see how this flow is critical to success. Dismissing information on the Internet, access to knowledge, as “shallow”…is hard to believe is a serious argument.

Of course we couldn’t be as successful without access to knowledge. Innovation is a function of exposure. There are risks to exposure. Yet good can easily outweigh bad exposure when cost-effective controls are applied. Sometimes those controls are economic as well. This race we’re in is not just between offense and defense, it is between health and disease, education and ignorance….

About 50 years after the Interstate was built (30 miles south of that little town) residents had to admit their mistake. They widened the artery and increased speeds; they knew the value of outsiders coming faster and more frequently was worth the risks. Don’t forget, attackers are always evolving. The threats today are worse than ever.

Every business knows there is friction in supply-chains. Should we treat everything as threatening when one bad guy drives into town and robs a bank? Obviously not. Is there “shallow” value to Interstate traffic? Yes, mixed in with the high value. Can we handle threats? Yes, if we approach them rationally. Compare this with how isolationists fare.

I firmly believe connectivity is the future. We need more, not less, access to data to be successful in emerging markets such as clean energy and bioscience. Where we see risk we need more sophisticated solutions than just isolation or militarization.

The Internet’s virtues are far, far from being overstated. We only are beginning to achieve potential benefits of better information exchanges. To shut off our connections now or put in the hands of the intelligence or military (or their advocates) would be a huge setback for America. We need to keep our networks open and under civilian control to focus on growth, unless under extreme danger (e.g. war); and if we ever must give up control we must have a clear and quick deadline for return.