Wednesday, January 21, 2015

"The Permanent Professor": How the Long-Term Use of Social Media Transforms the Professor-Student Relationship

The presentation I recently gave at the American Political Science Association Teaching and Learning Conference...



Saturday, January 03, 2015

What Do They Teach in a Hacking Class?

Non-Computer Science laymen always seem shocked to hear that undergraduate courses are offered in hacking.  Why?  It's really just a sexy way to market a course in cybersecurity.  Or so we tell everyone.  If you've ever been curious as to what they teach in a hacking class, here's a general outline (since I'm prepping for next semester anyway):

  • Penetration Testing

  • The instructor typically sets up a "hacking lab" where one machine or small network is set up with different types of security solutions installed.  The object for the semester will be for students to hack the instructor's machine and setup.  These days, security testing in the classroom is easily accomplished using Backtrack Linux and Kali Linux.

  • Reconnaissance

  • The idea is to gather as much information about a target as possible to increase your chances of success later.  This is done through a combination of Google directives, The Harvester Python script, the WhoIs database, NetCraft, Fierce, MetaGooFil, the ThreatAgent Drone, and other tools.  The goal by the end of the Reconnaissance stage is to have a list of IP addresses that belong to the target.

  • Scanning

  • Once we have a list of IP addresses, the next step is to map those addresses to open ports and services  Students need to determine if a system is alive with ping packets, port scan the system with Nmap and use the Nmap scripting engine (NSE) to gather further information about the target, and scan the system for vulnerabilities with Nessus.

  • Exploitation

  • This is the process of actually gaining control over a system.  Students explore online password cracking tools like Medusa and Hydra, as well as learn how to use tools like the full MetaSploit framework, Wireshark, Macof, and Armitage.  This is really the stage most people think of when they think of computer hacking, but the point to stress to students is that only by engaging in the first wo preliminary steps will you get the most out of Exploitation.

  • Social Engineering

  • Making your attack vectors believable.  After all, the best hacks are those which go undetected.  Use of the social-engineer toolkit (SET), website-attack vectors, credential harvesters, and more are explored.

  • Web-based Exploitation

  • For when websites themselves (not only local networks connected to the Internet) are the target.  This stage incudes intercepting requests as they leave the browser, discovering all files and directories that make up the target web application, and analyzing responses from the web application to find vulnerabilities.  Frameworks to use include W3af, the Burp Suite, the Zed Attack Proxy (ZAP), Websecurify, and Paros, and other role-specific tools.

  • Post-Exploitation: Maintaining Access

  • Using backdoors, rootkits and meterpreters that allow the attacker to return at will.  Tools include Netcat, Cryptcat, and really just a comprehensive explanation about how rootkits operate.

    Still find this interesting or did these details deflate your excitement about learning "how to hack"?  Remember, the real challenge for us non-criminal types is to prevent these tools and methods from working.  It is an arms race, and we're in it to win it.


Monday, December 08, 2014

Tweeting Alone: Slacktivism and the Decline of Civic Engagement...

Dave Karpf of Rutgers University wrote a clarifying piece recently entitled, "Slacktivism as Optical Illusion", in which he describes how online activities labeled (with a negative connotation) as slacktivism can either be a waste of time or may actually serve a larger purpose.  It depends on how the activity is carried out.

He makes three points for explaining how slacktivist activities can be meaningful:  First, they should strategically be used to attract mainstream media attention.  It's pointed out that, today, journalists and editors actually turn to social media in order to pick out potential stories worth covering.  Second, they should have a specific target in mind.  For example, a general online petition to "stop animal cruelty" is guaranteed to make no difference, whereas the type expressing displeasure with specific corporations has a history of leading to successful policy change.  And third, organizations should develop relationships with people who've engaged in simple acts of digital engagement over time in order to "ladder" them up to larger-scale activism.

Great points all, and it's refreshing to read something of a how-to guide for constructive slacktivism rather than just yet another venting of frustration about it.

Something else that may be added to the conversation is how slacktivism is related to the decline of civic engagement in America more generally.   Robert Putnam described in his classic book, Bowling Alone: The Collapse and Revival of American Community, how social structures, or community-building organizations, from bowling leagues to weekly poker games to church-going Sundays, have been experiencing a major decline in participation for decades.  This decline in community-related activities has led to a decline in civic engagement and political participation as well, as more individuals engage in solitary activities disconnected from others.

Online social networking has raised the question since its inception of whether it fosters the concepts of "networking", community-building, and civic engagement, or whether it works against it.  And slacktivism is a strong component of this question.  If you tweet expressing support for a cause, does that make you more likely or less likely to engage in different forms of activism on the cause's behalf in the future?

Karpf is on the right track.  More ideas need to be generated in order to make "more likely" the more frequent answer.


Tuesday, November 18, 2014

CyberWar: Anonymous vs. the Ku Klux Klan

Over the weekend, a cyberwar ensued between two highly controversial groups - Anonymous and the Ku Klux Klan.  As ZDNet reports, at issue was the upcoming grand jury verdict in the Michael Brown case in Ferguson, MO.  Here is the sequence of what went down...

A Klan group named the Traditionalist American Knights of the KKK distributed flyers last week threatening the use of "lethal force" against the protesters in Ferguson.  In response, members of the hacktivist group Anonymous "skirmished" with the KKK on Twitter, at which point, after being "mocked and threatened", Anonymous launched a full-blown cyberwar campaign called #OpKKK and ultimately seized control of the Klan's main Twitter account, @KuKluxKlanUSA.

Anonymous then issued this statement explaining how the Klan is a terrorist group with blood on their hands and, as a result, the Klan "no longer has the right to express their racist, bigoted opinions".

But the story's not finished.  The Klan responded by using their other primary Twitter account, @KLANonymous, to post this message...

Anonymous then quickly seized control of that account as well.

Meanwhile, Anonymous has also been launching Distributed Denial of Service (DDoS) attacks on much of the Klan's online presence.  They've shut down websites like and as well as the Klan's largest discussion board, Stormfront.

Now Anonymous has turned its focus towards identifying Klan members with its #HoodsOff campaign.  They are doing this by looking at the Direct Messages sent over time to the Klan's seized Twitter accounts, although Anonymous explicitly acknowledges that they are still debating to what extent people's identities should be made public, considering that they "are not completely sure how much of a connection many of the people actually have to the KKK" and want to make sure they are outing the right people.

That about sums it up.  For now.

First of all, is it somewhat surprising to anyone else that officially recognized active hate groups and domestic terrorist organizations have non-secretive Twitter accounts?  Call me naive, but wouldn't a Twitter account called @AlQaeda or a website named "" be shut down by homeland security or law enforcement officials immediately?  How does Twitter even allow something called @KuKluxKlanUSA to exist?  There's no technical reason which would make removal difficult; it's just a policy decision.

Second, let us also not forget that Anonymous is considered by many to be a criminal, even cyberterrorist, organization as well, having previously launched attacks against U.S. government agencies, police departments, and even launched anti-Israel cyberattacks on Holocaust Remembrance Day.  So before Anonymous is applauded too strongly for their efforts against the KKK, let's just keep in mind that they're not exactly heroes by any stretch of the imagination.

Third, it should be observed that Anonymous is getting better at what they do.  The speed at which they managed to seize control of the Klan's Twitter accounts and launch effective DDoS attacks that shut down numerous websites and discussion boards was impressive, even by their own standards.  It makes their calling card, "You should have expected us", even that much more frightening.

No one's going to have, nor should have, any sympathy for the Ku Klux Klan, and in that sense this is a story with a positive outcome.  With that said, in the larger scheme of things, it remains difficult for other hacktivists to sympathize with Anonymous either because their problem is that they pursue their stated goal of freedom basically through intimidation.  If you cross them, they will attack you.  This blog has been flamed by Anonymous before, and to be honest, it does indeed make one hesitate from writing about them further.  And that's the problem.  Anonymous creates a very real chilling effect on the very speech they claim to protect.


Wednesday, November 12, 2014

Big Data and Municipal Governments...

Data analytics, or "Big Data", is already widely used by businesses to find correlations that help to make predictions - predictions about consumer behavior, predictions about value-chains and supply-chains, etc.  By doing so, Big Data greatly improves organizational efficiency and forecasting, spotting trends as they emerge or even before they emerge.

So why not put Big Data to use in order to improve the workings of government?

In their book titled, "The Responsive City: Engaging Communities Through Data-Smart Governance", Stephen Goldsmith and Susan Crawford explore how municipal governments, in particular, can use Big Data effectively to radically transform how local governments serve its citizens.  As summarized by the Harvard Gazette:

A “responsive” city is one that doesn’t just make ordinary transactions like paying a parking ticket easier, but that uses the information generated by its interactions with residents to better understand and predict the needs of neighborhoods, to measure the effectiveness of city agencies and workers, to identify waste and fraud, to increase transparency, and, most importantly, to solve problems.

The requirements for municipal governments wanting to adopt a Big Data strategy include, first, building a high-speed fiber network, and second, that they should publish their collected data sets publicly and with full transparency. The idea, says Goldsmith, is to allow employees to see other agencies, allow residents to hold their city hall responsible, but also to provide data that can lead to breakthroughs and solutions from both inside and outside government.

Surely, this is, indeed, a potential boon for municipal governments.  However, the potential downside to governments relying on Big Data, it must be reiterated, is that Big Data has often been criticized for enabling discrimination on the basis of race, religion, gender, sexual orientation, etc.  Alistair Croll famously declared it this generation's Civil Rights issue.

In fact, a recent report by The Leadership Conference on Civil and Human Rights highlighted this danger of institutionalizing discrimination, and even endorsed a document titled, "Civil Rights Principles for the Era of Big Data".  However, the group's recommendations include such lofty goals as "an end to high-tech profiling" and "greater individual control over personal information", both of which seem unlikely.  And by "unlikely", we mean there's no chance it's ever going to happen.

The take here is that the era of Big Data for governments is coming, like it or not.


Thursday, October 30, 2014

The Value of Online Confessionals: Evaluating the Secret & Whisper Apps...

As addictive as Facebook has become for some people as a means of feeling validated or popular - writing posts specifically to garner "likes", and experiencing disappointment when there's not a large response - there remains a hesitation by most Facebook users to post brutally honest thoughts or confessions for fear of backlash amongst those they know, not to mention that what they post may be archived and associated with themselves forever.

Two apps address this dilemma of public confessions:  Secret and Whisper.  Secret enables you to write posts anonymously and links to your Facebook account so that only your friends can see it, even though your friends won't know it was specifically you who posted.  Meanwhile, Whisper lets you do the same thing, but the anonymous posts are visible to the general online public. 

The allure of both services is to be able to write posts without personally identifiable consequences and also, as a reader of others' posts, it is tantalizing to read brutally honest and revealing confessionals written by people you actually know in your social network.

The fact that these apps are being so widely applauded is more a sign of great P.R. departments than anything else.  Rachel Metz writes for the MIT Technology Review that people do indeed say some nasty things on these anonymous apps, but that the good far outweighs the bad.  And one can go as far back as to the founder of analytical psychology, Carl Jung, to read about the value of confession as a positive force.

However, while online confessionals may serve a positive psychological purpose, there are some inherent dangers related to the fact that they are online forums.  For instance, to what extent will even private confessions be archived considering that other "private" social apps like SnapChat have recently been hacked and users' private content was then made publicly available?  What other privacy concerns should individuals consider before posting intimate details about themselves to the Internet (because, ultimately, that's what they're still doing)?  What restrictions should there be on children or teenagers both writing posts and reading/commenting on others'?

Secret and Whisper can have a positive value, and they're certainly addictive to read because you're just dying to know who could have written such a thing.  But as far as using them to write your own confessional posts... maybe a healthy dose of skepticism ought to be in order.


Wednesday, October 01, 2014

Using Proxy Servers to Help the Hong Kong Protesters...

The Chinese government is cracking down on the pro-democracy demonstrations in Hong Kong using tear gas and other heavy-handed methods, and have also begun censoring Internet content and online social media.  Hong Kong, being a semi-autonomous region, typically experiences less of the Great Firewall than does most of China proper, however due to fears of the demonstrations spreading further, Instagram, YouTube, Twitter, Facebook, numerous blogs and wikis, search engine results, and more are all being blocked for residents of the island to varying degrees.

As reported by CNN, users cannot view images on Instagram and are instead directed to a message that reads, "Can't refresh feed".  Meanwhile...

Searches on China's top search engine sites such as Baidu and Sogou for the terms "Hong Kong protest" or even "Hong Kong students" yielded irrelevant results such as stories showing a a blissful image of Hong Kong residents picnicking on the grass or how Hong Kong is welcoming tourists from the mainland during the national holiday week.

When relevant results appeared on the Chinese search engines, the articles contained a distinctively pro-China slant and even surfaced a month-old article about a small pro-Beijing counter-protest in Hong Kong.

This can hardly be considered a surprising development, and if there is a positive consequence of the Chinese government's pattern of censorship over time it is that there is an entire infrastructure already in place to help users circumvent the Great Firewall and access the sites that are being censored.

Basically, protesters and residents of Hong Kong need to use a proxy server.  Proxy servers will tunnel users' Internet traffic through to their destination sites, while masking that destination to the filters.  Users can find available proxy servers pretty easily on constantly updated public lists.

Meanwhile, for anyone observing the events in Hong Kong from afar who would like to help, setting up a proxy server for others to use is fairly simple and free.  As with many hacktivist tools these days, no programming expertise is required.


Wednesday, September 24, 2014

Internet Governance and Whether Terror Victims Can (or Should) Be Able to Seize Domain Names...

In June, a U.S. District Court issued a judgment in the case of Ben Haim et al. v Islamic Republic of Iran et al. ruling that victims of terrorist attacks could, in fact, seize the assets of the governments which sponsored them - specifically, Iran, Syria, and North Korea.  On its own, this may not seem very noteworthy.  Such money judgments are actually made quite often.  However, what sets this case apart is that the assets in question are the Internet domain name suffixes (what are officially called the ccTLDs) of those countries.

Specifically, the U.S. District Court issued "writs of attachment" against ICANN - the single institution responsible for managing the Internet's domain name system - ordering it to "hold" as property the .IR (Iran), .SY (Syria), and .KP (North Korea) ccTLDs until the final terms of compensating the plaintiffs were adjudicated.

This case raises a few interesting questions.  First of all, is a country's domain name suffix "property"?  As David Post has written, it is actually a public trust.  But even if it is to be considered property, is it really an asset controlled by national governments?  Post answers in the negative here as well:
A ccTLD, like other top-level domains, is a very strange beast; it consists of a name, a line in the Root Zone database associating that name with a specific server which offers registration services for the TLD, and all the associated services. It’s not a thing – it’s a label we give to a series of interlocking relationships and contractual and other understandings that enable the global resolution and the proper direction of messages to and from particular named entities (XYZ.IR, ABC.SY, etc.). Nor is it located “in” the United States; it is located on the global network, in the thousands of interlocking databases that allow the domain name system to function.
Second, is it desirable that one district court located within one country (in this case, the U.S.) should have the authority to seize and redistribute parts of the Internet's global domain name system?  Clearly, this is a pandora's box of problems waiting to open.  Wouldn't that grant other national governments' courts at least a similar legal ability?  Some would certainly try to claim that authority, thus leading to an unmanageable system that granted conflicting ownership rights between territorial jurisdictions - on an Internet that, in terms of technical functionality, does not recognize territorial borders.

Third, as pointed out by Farzaneh Badii, most owners of .IR domain names are actually in the private sector and have no ties to the government at all.  Badii makes the additional argument that if the Court hands over the .IR domain name to the plaintiffs, "it would be likely that neither the Iranian community nor the government would buy domain names from this non-Iranian entity which may lead to the collapse of .IR.  Consequently, the Court’s action might very well destroy the value of .IR, the capture of which was the purpose of the suit in the first place".

Badii addresses the question of whether this issue would even be raised if ICANN were an intergovernmental organization (IGO) or if "private ordering" - allowing for a consensus-based, multistakeholder approach - might be a better fit.  Good theoretical questions, both.  However, from a practical perspective, it would be a whole lot easier to simply argue that the U.S. District Court probably overstepped its bounds in asserting its jurisdiction over the entire Internet domain name space which, whether lawyers and judges believe there is a legal justification for doing so or not, is probably not the wisest or smartest political move.


Monday, September 22, 2014

Might Twitter Have Helped the Polling for the Scottish Independence Vote?

So Scotland is remaining part of the U.K.  At least for now.  A momentous event in history almost happened.  Yet didn't.

In retrospect, lots of questions deserve to be asked regarding all those public opinion polls that seemed to indicate the vote was going to be a "Yes" for independence.  Where did they go wrong, and for that matter, was social media a better predictor of the outcome?

Justin Wolfers over at the University of Michigan noted how polling got it wrong, however the betting markets got it right.  In other words, asking people how they intended to vote turned out to be a pretty bad predictor, but asking people which side they thought would win was actually far better.  As a result, all of the pollsters calling the election close were basically "looking at the wrong data to make that conclusion".

The Monkey Cage is right to point out, however, that if you only look at the polling in the final few days, the "No" movement actually came out ahead each time, albeit often within the margin of error.  Thus - since the closer you get to the day of an election, the better polls are at predicting the outcome - the polls actually didn't "get it wrong" at all.  They correctly predicted the ultimate outcome of the referendum, even though their numbers turned out to be off by a few percentage points.

Let the political scientists sort this out.  In the meantime, the Monkey Cage raises a more intriguing question: Should online social media activity inform such polling, and if so, how?  Consider:

What strikes me as potentially useful about the Twitter data is if we view it in combination with the polling data. Suppose someone had told you before the election that the final polls (Now at 52 percent) was likely to be off by 3 percent, but they didn’t know in which direction. At that point, figuring out that direction would be crucially important, and could at least in part hinge on knowing which survey response (i.e., “Yes” or “No”) could be most likely to trigger a “Bradley Effect,” that is, an overestimating of support for one side because people didn’t want to admit they were voting the other way because they thought others (including here the pollster) might think badly of them. From this perspective, the Twitter data might prove useful, as it could show us which side had the popular enthusiasm, thus making it harder for people to admit to pollsters that they might not vote in that way, which in this case would be the “Yes” vote.

Using Twitter to measure "popular enthusiasm" might be a worthy supplement.  At least for determining the youth vote.  But that selection bias might negate the benefit in the first place.  Besides, after watching Trendwatch display the frequency of "Yes" and "No" tweets the day of the referendum in real-time, which heavily favored the "Yes" movement most of the day, one has to remain skeptical about its trustworthiness in predicting voting outcomes.


Friday, September 12, 2014

Internet Slowdown Day...

Yesterday was Internet Slowdown Day, essentially a mass online protest against proposed Net Neutrality regulations.  The typical Internet user doesn't pay much attention to F.C.C. rule changes, thus Internet Slowdown Day was designed to raise awareness among the general population about such rule changes in a comprehensible way.

And the protest is being launched by large and small websites alike.  Net Neutrality rules have always protected websites in the sense that they have guaranteed that all data traveling over the Internet is treated equally.  However, the F.C.C. recently announced its intention to remove Net Neutrality rules so that ISPs could start charging websites (what are assumed to be) pretty large sums of money in order for users to reach some websites - those who would pay - faster than others.  The fear is that this would create a "two-tiered Internet" where the most well-capitalized corporate websites would operate within a faster "EZ Pass" lane of data traffic while smaller websites would have to slog along through the muck.

Readers of this blog are aware that we strongly support the principle of Net Neutrality, even despite its often inaccurate portrayal by other supporters.  That's why it's somewhat surprising to think that the best we can do is create an Internet Slowdown Day where the protest methodology being employed is simply to ask people to sign a petition and email their Congressmen.  How unimaginative.  As a result, late-night comedians like John Oliver have arguably been more productive for the cause.

In the end, Internet Slowdown Day can only be considered a success if it demonstrably raises awareness of the Net Neutrality issue in the general population's consciousness.  Will anyone remember it by this time next week?  Unfortunately, the protest participants still haven't succeeded in defining Net Neutrality and explaining why it's important to the daily lives of most individuals, and thus it remains the venue of a niche group of devotees.  As Jon Stewart put it:  "Today is 'Internet Slowdown Day' protesting changes to net neutrality rules. Or as Time Warner calls it, Wednesday."


Tuesday, April 29, 2014

Should Anonymous Reviews Online Be Banned?

Small businesses today are discovered and marketed very differently than they were a generation ago.  Reputation - especially online reputation - can make or break a budding enterprise.

The problem is what happens when people express extremely harsh critiques of your business in a public forum, and do so anonymously?  Are such anonymous reviews a protected form of free speech?  Or, because their authenticity cannot be ascertained, do businesses have a right to "unmask" the website's users - especially in cases of defamation?

The Virginia Supreme Court is about to answer these questions.  A case has arisen where a business named Hadeed Carpet Cleaning, Inc. filed a lawsuit against seven individual Yelp users claiming defamation, and demanded that Yelp turn over their true identities.  According to the Wall Street Journal, "So far, both the Alexandria Circuit Court and the Virginia Court of Appeals have sided with Hadeed, holding Yelp in contempt for not turning over the names.  Yelp in January appealed to the state Supreme Court, arguing that the reviews are protected under the First Amendment and that Mr. Hadeed offered scant evidence that they were fakes".

There are two real issues here.  First, how important is anonymity in posting reviews?  Second, what are a website's responsibilities as a third-party facilitator of the forum?

Anonymous speech is a monstrously large topic with an established legal tradition that goes back to America's founding.  Let's just say that it has been recognized in the American political tradition as being both valuable and vital to the spirit of the First Amendment.

That's legally-speaking.  However, in reality, online anonymity is regulated or outright banned more often than most people realize.  Whether it's your ISP or network administrator banning the masking of your IP address, or Facebook prohibiting anonymous accounts that don't clearly identify you as the person you are in real-life (remember when MySpace was rampant with such anonymous accounts?), the fact is that more and more online forums not only aren't valuing user-anonymity very much, they're outright viewing such anonymity as negative.

As for the website's responsibilities, it seems pretty clear that Yelp has little to worry about thanks to the most underrated federal policy of our time - Section 230 of the Communications Decency Act of 1996.  This Act provides immunity from liability for websites based on what its users publish.  In other words, Yelp cannot be held liable for a scathing review left by some individual anymore than Facebook can for a slanderous status message or Twitter can for a personally embarrassing tweet.  Web 2.0 sites based on user-generated content are shielded from such liability by Section 230.

Ironically, despite businesses like Hadeed increasingly objecting to Section 230 protections, the Act was originally devised as a boon to help support businesses and nascent industries.

Here's some food for thought.  All these same issues arise in an individual context, just as they do in a business context.  In other words, for years, people have complained about how helpless they are in the face of critical or embarrassing material being posted about them online, and how there was little recourse available to them.  Businesses are increasingly in that same boat.  Stinks, doesn't it?  But that's the trade-off with protecting privacy and anonymity, for better or worse.

The best advice going forward for businesses like Hadeed is the same as that for individuals...  Don't try to exert outright control over your online presence; it's futile, and the law may not even support you in your quest.  Instead, take steps to manage your resulting online reputation.  For example, one prudent way for Hadeed to realistically fight negative reviews would be to create incentives for its customers to go on Yelp and flood its listing with positive reviews.  No law-breaking; no subversion; just being more proactive in the marketplace of speech.

Tuesday, March 25, 2014

Timelessness vs. Timeliness: The Debate Among Scholar-Bloggers

To what extent should academics be active in social media? Also, to what extent should their social media presence and the content they share be considered towards career advancement and tenure? The bottom line: Is blogging legitimate political science?

These aren't exactly new questions, but most scholars who are active in cyberspace usually stick to writing data- or theory-driven posts, basically replicating the same style of wonkish writing found in academic journals. There remains a widespread fear, or at least strong hesitation, of writing subjective, opinion-based posts lest their "amateurism" be used against them professionally. Thus, this "shut-the-blinds and delve-into-the-data posture" remains the norm, where timelessness rather than timeliness is valued.

Mira Sucharov and Brent E. Sasley address this dilemma in the most recent issue of PS: Political Science and Politics (47,1). In their article, "Blogging Identities on Israel/Palestine: Public Intellectuals and Their Audiences", they argue very much in favor of scholar-bloggers writing subjectively and make the case for why it should be considered "an asset to be embraced rather than a hazard to be avoided".

They make three points. First, that the kinds of subjectivity and personal attachments that guide one's endeavors will actually lead to more deeply resonating critiques, thus enhancing scholarship and teaching; Second, that through the melding of scholarly arguments with popular writing forms, scholar-bloggers can become leaders of the discourse on important issues through public engagement and political literacy; And third, that despite the "subjectivity hazard", being aware of one's social media audience can help maximize scholars' potential to serve the public interest in all its manifestations.

While these are agreeable points, doesn't it raise the idea of "activist scholars"? And doesn't that notion make us instinctively recoil and pose an uncomfortable challenge to our conceptions of what a scholar is supposed to be, particularly in their roles as teachers?

Robert Farley has also argued another important counterpoint: While there is a growing acceptance of blogging as legitimate political science, and that the discipline should even provide incentives for faculty members who blog, he warns that trying to bring blogging too much into the fold of the discipline's existing structures "runs the risk of imposing rigid conditions and qualifications on bloggers that undermine the very benefits inherent in the nature of blogging".

What this question ultimately boils down to is credibility. Blogging and other forms of social media can be used to either enhance a scholar's credibility or to damage it. Thus, there is no single "correct" answer to the question of whether or not social media has intrinsic scholarly value. The question isn't a binary one, but rather is dependent on each individual's use of the medium.


Tuesday, March 18, 2014

Big Data as a Civil Rights Issue...

In classes on Information Systems, we talk about the rising use of "Big Data" - enormous collections of data sets that are difficult to process using traditional database management tools or data processing applications, and which are increasingly used to find correlations that, for instance, spot business trends, personalize advertisements for individual Web users, combat crime, or determine real-time roadway traffic conditions.

But is "personalization" just a guise for discrimination?

That's the argument put forth in Alistair Croll's 2012 instant-classic post titled, "Big data is our generation's civil rights issue, and we don't know it". He goes on to argue that, although corporations market the practice of digital personalization as "better service", in practice this personalization allows for discrimination based on race, religion, gender, sexual orientation, and more.

The way this works is that, by mining Big Data, a list of "trigger words" emerges that help identify people's race, gender, religion, sexual orientation, etc. From a marketing company's point of view, they then "personalize" their marketing efforts towards someone based on such characteristics. And that makes it a civil rights issue.

For example, American Express uses customer purchase histories to adjust credit limits based on where a customer shops - and as a result there have been cases reported of individuals having their credit limits lowered because they live and shop in less-affluent neighborhoods, despite having excellent credit histories.

In another example, Chicago uses Big Data to create its "heat map". According to TechPresident, the heat map is "a list of more than 400 Chicago residents identified, through computer analysis, as being most likely to be involved in a shooting. The algorithm used by the police department, in an initiative funded by the National Institute of Justice, takes criminal offenses into account, as well as known acquaintances and their arrest histories. A 17-year-old girl made the list, as well as Robert McDaniel, a 22-year-old with only one misdemeanor conviction on his record."

In yet another example, a Wall Street Journal investigation in 2012 revealed that Staples displays different product prices to online consumers based on their location. Consumers living near another major office supply store like OfficeMax or Office Depot would usually see a lower price than those not near a direct competitor...


One consequence of this practice is that areas that saw the discounted price generally had a higher average income than in the areas that saw the higher prices...

Price discrimination (what economists call differential pricing) is only illegal when based on race, sex, national origin or religion. Price discrimination based on ownership — for example, Orbitz showing more expensive hotel options to Mac users—or on place of residence, as in the Staples example, is technically okay in the eyes of the law...

However, when you consider that black Americans with incomes of more than $75,000 usually live in poorer areas than white Americans with incomes of only $40,000 a year, it is hard not to find Staples' price discrimination, well, discriminatory.


And in an especially frightening read earlier this month, The Atlantic published an article outlining how companies are using Big Data not only to exploit consumers, but also to exclude and alienate especially "undesirable" consumers.

The idea behind civil rights is that we should all be considered on an individual basis.  People should not be treated differently solely due to their race, religion, gender, or sexual orientation.  The Civil Rights Act of 1964 explicitly banned such differential treatment in the private sector.  That is why there are no longer separate drinking fountains on the basis of race.

So as Big Data permeates society, and as algorithms and various modelling techniques try to find patterns that seek to predict individual behavior, if those algorithms are indeed "personalizing" content on the basis of race, religion, gender, or sexual orientation, then how is it NOT discriminatory?

Just because it's the result of an algorithm doesn't make it OK.  Algorithms are programmed by people, after all.


Why Good Hackers Make Good Citizens...

By request, here is a TED Talks video on why hackers make good citizens, presented by Catherine Bracy from Code for America.


Thursday, March 13, 2014

What Would an Internet Bill of Rights Look Like?

To little fanfare, yesterday marked the 25th birthday for the Internet's most successful "killer app" - the World Wide Web.  Its creator, Tim Berners-Lee, marked the day by releasing a statement and arguing for the urgent need to create an Internet Bill of Rights.

What would such an Internet Bill of Rights look like?  Berners-Lee believes it should be focused on the Web's original founding constitutional principles of open access and open architecture and, additionally, the protection of privacy rights.

These principles may seem on the surface to be apple-pie statements - meaning that nobody really opposes them in their simply-stated form.  However, very serious political debates have arisen demonstrating just how much the devil is in the details.  For instance, open access sounds great, but how does it play out in the F.C.C.'s rulings on Net Neutrality?  Likewise, everyone will publicly support the notion of individual privacy rights but, in actual practice, determining to what extent government regulations are desirable in order to set the rules for what type of data gets stored, and by whom, is certainly a bit more controversial.

The idea of an Internet Bill of Rights is not new, and should one emerge it will likely be more of an expression of constitutional principles (that's constitution with a lowercase "c"), and not a document with any sort of legal bearing.  That said, it can still be immensely valuable and important.

In typical "open" fashion, Berners-Lee is encouraging any and all Web users to head over to the Web We Want campaign and submit their own proposals.  So, armchair-pundits, here's your chance to help draft the legislation that you want to see.  It's a massive crowdsourced effort, like the Web itself.


Thursday, March 06, 2014

The Problem with Facebook and Gun Sales...

Here's a case where we can see the "code is law" principle play out right before our eyes.  After coming under scrutiny in recent weeks by a variety of pro-gun-control advocacy groups, Facebook decided yesterday to voluntarily place new restrictions on the selling of guns through its website.

To understand the scrutiny, consider that last week VentureBeat reported that it arranged to buy a gun illegally on Facebook in 15 minutes.  Also, the Wall Street Journal reported that both assault-weapons parts and concealed-carry weapon holsters have been advertised to teenagers on the site.  Additionally, Facebook "community" pages such as one called Guns for Sale with over 213,000 "likes", have been freely available to minors of all ages as well.

Specifically, Facebook has announced that they will begin to...

  1. Remove offers to sell guns without background checks or across state lines illegally.
  2. Restrict minors from viewing pages that sell guns.
  3. Delete any posts that seek to circumvent gun laws.
  4. Inform potential sellers that private sales could be regulated or prohibited where they live.
All of which seems well and good.  Even gun rights advocates shouldn't have too much of a problem with these measures considering that their intent is not ban gun sales on Facebook but rather to better enforce existing laws (which is an argument they commonly make themselves).

But here's the rub.  There's the little detail in the Facebook press release about how the company will rely on users to report posts and pages offering to sell guns.  

So let's be clear.  With the announcement of these measures, Facebook is pursuing a policy of reacting to illegal gun sales on its site, but will not be proactive in preventing them.

The reason has to do with, what The Nerfherder has previously dubbed, The Politics of the Algorithm.  Any advertisements Facebook displays on an individual's feed is not decided upon by human decision-makers, but by a mathematical algorithm.  As a result, a 15 year old from Kentucky might be shown an advertisement selling guns from someone in Ohio based on whether or not the algorithm determines he might be interested in it - regardless of the fact that it is illegal according to federal law to 1) sell guns to a minor, and 2) sell guns across state lines without a dealer license.

This actually happened last month.  The 15-year-old was later caught with the loaded handgun at his high school football game, and the seller has since been charged.

Facebook wants to address such safety concerns and, of course, limit its legal liability.  And (not to pick on them too harshly) these measures are at least a step in the right direction.  The problem is that it's practically impossible to truly regulate online content in accordance with the law when humans have been removed from the equation.  Such concerns are an inevitable consequence of social media's dependence upon algorithms - all of which, as this case illustrates, are both flawed and modifiable.


Thursday, February 27, 2014

WhatsApp, Messaging Wars, and Privacy's Demise...

There was a lot of commotion last week when Facebook announced it was acquiring WhatsApp for a stunning $19 billion.  Was that valuation insanely high?  Was this a signal that the market is experiencing a new tech bubble and that we can expect a round of major tech mergers and acquisitions this year?  Perhaps, as the New York Times suggested, the messaging app wars are just getting started?

Everyone has their own opinion about the WhatsApp valuation, but lost in all the hype is this...  privacy advocates have suffered yet another setback.

The very fact that Facebook is the acquirer - the same Facebook which has repeatedly come under fire for purposely obfuscating the ways in which individuals can control the privacy levels governing their own information - is the clearest signal of the direction the messaging industry is headed.  Public outrage over N.S.A. surveillance be damned, Facebook outwardly wants to start performing the same kind of data mining on, not only your statuses, photos, and videos, etc., but your smartphone messages as well.  The content of your messages will now surely be factored into its search engine and advertising algorithms.

It's not as if WhatsApp wasn't data mining its messaging service already.  The problem is that they are being so heavily rewarded ($19 billion for a company with 55 employees = $345 million of value per employee) for doing exactly what privacy advocates despise, and for doing it well.  Does anyone doubt that now every other messaging competitor is going to look at those numbers and try to emulate this model, if they weren't doing so already?

This need not be the case, and it's certainly not inevitable.  Let's propose an alternative model.  There's a messaging app called TextSecure which makes the bold assumption that people actually might value their privacy and prefer not to have all of their communications archived forever on some corporation's server and mined for data that will then be used for commercial advertising.  TextSecure is encrypted, is open source, and "the server never has access to any of your communication and never stores any of your data".

As consumers, we have a very real capacity to influence the direction of a lot of these policies.  Especially since all of these apps are the same price (free), making a conscious decision over which one to use and support is a decision that may have greater consequences in the long run than simply being a matter of which interface has a sleeker design.

In other words, there's something we can do about it.


Thursday, February 06, 2014

What Matters More in Building an Ultra-High-Speed Infrastructure - Speed or Reputation?

This morning NPR profiled the city of Chattanooga, Tennessee - which is the first American city with an ultra-high-speed fiber-optic network providing Internet access with speeds of up to one gigabit per second to every business, residence, and public and private institution.  For context, that's 50 times the average speed for homes in the rest of the country.

We hear all the time about the importance of creating a high-tech infrastructure for the 21st century.  How it will spur new businesses and job creation and stimulate new economic climates based on innovation.  But what does the case of the "Gig City" - which was rolled out in 2009 - say about infrastructure's actual importance?

A few things to factor into the equation...  First of all, there is the public vs. private issue to consider.  Chattanooga's gigabit network is taxpayer-owned, resulting from a $111 million federal stimulus grant in 2009 that was actually designed for the local power utility to create a smart grid, and that public utility then borrowed an additional $219 million to finish the project.  The fact that the network is publicly owned stands in contrast to privately owned gigabit networks now found in other cities around the country run by firms like Google.

Second, in the four years since its rollout, less than 8% of subscribers and only about 55 businesses have signed up for the gigabit service, which is priced at $70 per month.  This low adoption rate could seemingly make the case against the importance of a high-speed infrastructure, however, as J. Ed. Marston from the Chattanooga Chamber of Commerce has said, the high-speed infrastructure has done much to "invigorate the entrepreneurial scene".  For instance, the Chamber's INCubator includes 20 tech companies and a 91% success rate.

Third, on the job creation front, it is unclear statistically how much the high-speed infrastructure has made an impact.  According to the New York Times, while "The Gig" created about 1,000 jobs in the last three years, the Department of Labor reported that Chattanooga still had a net loss of 3,000 jobs in that period, mostly in government, construction, and finance.

Fourth, there is the familiar problem that, whenever a new ultra-high-tech infrastructure is rolled out, no one quite knows what to do with it.  As explained by Blair Levin of Gig U., no one is going to design products that can run only on a one-gigabit-per-second network if hardly any such networks exist elsewhere.

Which brings us back to our original question.  If a gigabit network has such low adoption rates, and it is unclear how much business growth or new job creation can be attributed to it, then how important is such an ultra-high-speed infrastructure, really?

Proponents will argue that its value shouldn't be quantified so narrowly, and that having such an infrastructure attracts capital and talent into communities that probably wouldn't flow into them otherwise.  However, while I agree with this line of reasoning, what must be remembered is that this isn't an argument in favor of ultra-high-speed networks themselves, but rather for what they represent.  What's most valuable for a community that invests in such a network is not necessarily the speed of their network, but rather the reputation that a community acquires for showing a willingness to invest in it in the first place.

Chattanooga's "Gig City" demonstrates that reputation trumps speed.


Thursday, January 30, 2014

"Hadrian's Firewall" and Internet Censorship in Britain...

Without much attention, just before Christmas British ISPs put into effect a new system whereby all Internet subscribers would be required to actively choose whether they wanted filtering that would block material in broad categories such as sex, alcohol, violence, and hate speech.  At first glance, this doesn't seem too awful.  The decision is in the hands of the individual consumer, and not the government or a private corporation, right?

But here's the rub.  As laid out by TechPresident's Wendy Grossman, the biggest complaints are that there is no transparency about what is being blocked, it's extremely difficult to get an innocent site unblocked, and that the filters can be easily bypassed by determined individuals anyway.  The patchwork of different ISPs using different filtering methods has made it "almost impossible for the owner of a small online business to find out if it's being erroneously blocked and by whom - and no ISP seems to have a clear mechanism for redress".

Furthermore, the "blunt-instrument approach" to categories can lead to major problems.  For example, very legitimate websites have been blocked including child abuse hotlines, suicide prevention sites, and even many police websites - linked in the broad categorization of the filters to "violence".  This is reminiscent of problems filters have raised in U.S. schools and libraries where, for example, information-based websites about breast cancer were categorized by algorithms as being linked to pornography.

Clearly this is a problem and a far too common consequence resulting from the very noble goal of providing parents with filtering options for their children.  However, the best strategy for providing parents with filtering choices ought to be based exactly on that - more choices.  Richard Clayton is right that the best path forward lies in making it easier for people to install good user-controllable filtering tools on their own machines rather than having them controlled at the ISPs end.  Not everybody in a household has the same needs and requirements, so putting the decision-making capability in hands of users, allowing for more customization and reviewable analysis, ought to help ensure that filtering does not become the first step in a slippery-slope towards censorship.

And for goodness sake, let's have a little transparency, please.


Tuesday, January 28, 2014

Will Snapchat Ever Be a Useful Professional Tool?

Snapchat is in that category of seemingly bizarre social media products that pundits mock and that causes laymen to scratch their heads - yet its use is so widespread that it recently rejected a $3 billion purchase offer from Facebook and can now lay claim to as many as 350 million snaps in a day.  For the uninitiated, it's a photo-sharing service where all images are set to self-destruct after 10 seconds.

But is Snapchat destined to be used almost exclusively by teenagers?  Or does it have a future as a valuable tool for professionals?

That's the question raised by K-Street Cafe's Norah Heintz.  In response to high-flying claims made by Pinger CEO Greg Woock that "erasable" social communication represents the future of the medium, she argues that Snapchat will never be able to compete with Facebook and Twitter because "it's far too private.  Sharing information about oneself is intrinsically rewarding, and I would go so far to say that if the personal information shared is programmed to disappear in seconds, it's fundamentally less satisfying to share".

However, what Heintz may be underestimating is the significant chilling effect caused by, what the New York Times' Nick Bilton has dubbed, "the anxiety of permanence".  Many individuals who have online social-networking accounts do not actively engage or post on them for fear of infinite archiving.  If you extend that logic then the possibility of "erasable" social communication may actually increase the number of active users participating in online social networks and/or significantly alter the types of communications people are willing to share.

For better or worse.  While clearly that principle would mean trouble in terms of the behavior of teenagers, it also holds intriguing potential in terms of professionals in a collaborative business environment.

What Snapchat has revealed is that there clearly is an undeniable market for erasable social media.  And my guess is that that market isn't confined to America's high schools.