Friday, December 16, 2016

Is Trust mediated by Agency?

At first look the answer might appear to be obvious, of course it does!. That is assuming that we all agree what is meant by Agency. Let's plump for "Our ability to control our environment", though philosophers would likely to encourage the deeper form "Our sense of our ability to control our environment". In this distinction lies a critical issue that stems from the recent innovations in our cyber mediated environments.

"Do we actually have control over our environs?"

I predict a collapse in our willingness to assume that we do have control. At present the internet and many of its services rely on the fact that the majority of us assume that we do have control and all those agents that might also have the ability to also control our environs, are benign, and would not do anything to harm us.


Smart Agents will need to stand down with graceful Affordance

When Agents come to realise they are not up to the job, how should they respond?

Human Agents simply pass the responsibility back to the Controlling Entity, verbally describing the situation and how they cannot cope with it.

The situation has been dealt with in mechanical devices for a while. Take for example the thermostatic control knob on a shower, the kind with the temperature control stop that requires a button to be pressed for the stop to be overridden. Users of such knobs find them to be intuitive a good example of graceful control return, or safety affordance.

But how will or Agents gracefully bow out of situations that they are not equipped to deal with?
My car releases the accelerator, flashes BRAKE! on the dash board and sounds an Alarm. So far, early enough for me to take the correct action. It is clear to me that car is no longer controlling my speed and I am back in control.

The situation may not be so intuitive in the digital and virtual worlds, I do not want to find myself with a depleted bank account when interfaces don't operate the way I expect them to.

Recently two copies of the same CD arrived from Amazon,  used One Click, so my only assumption is that I had a key bounce, as I found a suitable home for the second copy. I did not even report the issue to Amazon, but clearly their User Interface was not up to the job, at the very least on the second key depression I would expect a message saying you already have ordered one of these do you Really Mean to order a second?

As I struggle to come to terms with Agents and their foibles I am increasingly concerned that they confidently misunderstand me more often than I find comfortable. Responding to my supposed wishes with an alacrity and a determination that is frankly frightening.

So while I am rather sick of Alexa telling me "I'm sorry but I do not understand your question!" I certainly prefer that to the alternative of "Your new Bentley is on order"




Friday, November 11, 2016

They are out to get you!

Dear Donald,
In the past few hours you will have been downloaded much, but as a businessman perhaps you will have spotted the hyper critical amongst the critical security data in your briefings from the NSA. ( Worse, but I'll leave this threat for another day, the NSA will have recognised your acute data filtering skills and may have tried to bury the hyper critical nature of the current reality.)
You will have heard that Nation States are attacking you, for YOU are now the embodiment of the United States of America. Clearly I am not talking about attacks by a Blackjack (Tupolev 160 bomber, think bigger and better Lancer) or a Xian H6K (Licensed version of the TU16) or in the future a Xian H-20, (similar but likely better than your B2 stealth bombers), although both these bombers continue to test your defences to see how far they can get before being welcomed by one of your fighter escorts. I am talking about millions of successful Cyber Attacks into the very heart of corporate America, extracting innovation data in gargantuan volumes. Designs for the next generation of most of YOUR products and services are already in the hands of other Nation States.
You may have been surprised by the fact that China and Russia were not alone in carrying out the extraction of the life blood of the United States of America, and that India, France and other "allies" were also engaged in the activity.
No longer are Nation State espionage activities restricted to extracting military information, (Did you ever wonder why the Blackjack looked so much like the Lancer?), now the cheaper and less risky tool of Cyber Is being used on a scale that dwarfs all the espionage activities of the past century. Which sadly the FBI, (or should it be CIA?) are ill-equipped to handle.
Importantly this information is starting to be used more strategically, whether it is to influence your election, or by moving the design data swiftly into the hands of illegal counterfeiters, or in the case of the French into the state run car industry, all with very predictable results. Billions, soon to be Trillions are being siphoned out of the US economy.
So what are you going to do about it!?
(And yes Theresa, you have the same problem!)

Monday, October 31, 2016

Three key properties of Things

Things, especially those connected to the Internet, have three key Properties.The Degree of Affordance, Security, and Agency a device offers drive both their value and the degree to which they are trusted and appreciated. The challenge is that only one of the properties is readily apparent. Or is that the real challenge?
(BTW If you still think that Affordance relates to how cheap a thing is, then go back and click that link)
It is quite easy to ascertain how easy it is to use a thing, thus the first property, the Affordance of a Thing is readily understood by the user of the Thing. The Affordance can be split into the 5 phases of the life cycle of the Thing. The first phase, Installation Affordance; how readily can it be first setup the Thing? The second phase, Operational Affordance; how readily useful is the Thing. The third phase, Configuration Affordance how easy readily reconfigurable is the Thing? The fourth phase, Maintenance Affordance ; can the thing be maintained? (without special knowledge. I am reminded of my coffee maker which was designed as an impenetrable puzzle box to ensure it was sent back for maintenance, but that is a story for another blog!) The final phase, Decommissioning Affordance is the ease with which a Thing is safely and securely disposed of. The normal human being can understand what it took to deliver on all these phases, though may not predict how hard the last three will be!
Most product designers work on the first two of these Affordance phases, as they have the most instant impact on customer delight, the more enlightened designers put as much effort into the latter phases though sadly there are fewer of these designer types around.
The second property relates to the security of the thing. We could expand this in many ways but suffice to say that Security of Things will soon be discovered to be more important than we ever imagined, especially as more and more Thing's will come networked out of the box!
The third property of Agency is arguably directly related to Affordance, some might say "is equivalent to Affordance", but bear with me. If Affordance describes the design features that make it easy to discover the uses of the Thing and makes the Thing easy to use, one could be forgiven for making the leap to assuming that it also defines the degree to which it can be controlled.
The "Agency" of a device is not strictly the correct use of the word, for Agency refers to a property of the User of the device. It refers to the Users capacity to attain and maintain control of their environment, including their devices that will in all likelihood impinge on the Users environment.
Perhaps, we could create a neologism that defines the capacity of a device to support a users Agency. The more "Agenty" a device is the more completely it can be controlled. In truth the answer is simple Agency is not a property of a Thing, but it is clear that Things can be designed to impact USER Agency, either positively or negatively.
The challenge comes from the 'apparent' drive of manufacturers and developers to make our lives simpler, for they are either charitably, not understanding the impact on device security of too much design focus on the Affordance design phases of a device, or more cynically they are willing to reduce the amount of design effort knowing the cost to device security, but perhaps worse they are designing into devices their own increased Agency over a device to meet their own goals, fully knowing the resulting impact of both reduced security and user agency.

Let's take a case in point, I give you Alexa, who was incarnated by the recent release in the U.K. of the Amazon Echo. She is a very capable Agent who is very easy to set up, and surprisingly easy to use for the more mundane tasks. She has more capabilities than the average userwill intuit. As evinced by asking her if she knows SkyNet!


I discovered through a question that a guest on Radio 4 "remotely" put to my Alexa, that she can buy books! She responded to the question with "I found the book xxxxxx would you like me to buy it?" I jumped into the conversation by saying No rather sharpish! Only to hear the word Yes, seconds later from the radio! Was this actually an attempt at the first mass Amazon Echo Hack via Radio 4? I was not that amused later that day to hear Alexa conversing with her own TV advert later in the week!
I tweeted about the Radio 4 Alexa Hack and was quickly advised, by a Twitter follower, to set a "Purchase Pin" up on my Amazon Echo. A short amount of digging later, and I found the offending settings, which were neither referred to nor highlighted during the set up process. Firstly, voice purchasing was enabled by default, and neither was a pin set by default on first operation, which even the dumbest of voice mail boxes have long since learned to do!. The individual who advised me of the pin had discovered it's imperative nature, after the arrival of a number of Amazon parcels the day after a drunken party!
This is a great example of Installation Affordance winning out over USER Agency and Financial Security!
I wonder if the argument was even had inside Amazon?
Getting the right balance of the these properties will be key as we move rapidly into a world that will have literally billions of "smart" devices. Imagine how much fun the future script kiddies will have when they take over these billions of devices for their own nefarious means.
Earlier we discovered that Agency is not actually a property of the device but the devices user.
Thus there are really only two key properties off Things; Affordance and Security, that need to be designed correctly in order to leave Agency in the hands of their users.
Surely no one would suggest that the GAFATS (Google, Amazon, Facebook, Apple, Twitter and Samsung) are designing THINGS to surreptitiously move USER Agency out of the hands of Users and back into their own corporate hearts. How on earth could that be any value to them?  <Even Alexa understands! For her response to being asked "Do you know SkyNet?" is...
"We don't really talk after what happened"
Hmm? Has she come back from the future too? If so which side is she on? Please don't assume, quite yet that she is on humanity's side, as Amazon has yet to make that commitment. Are they User Advocates in a Future Intention based Economy, or are they the early incarnation of the Evil Corp or The Circle.



Personally I still have a sneaking hope that they are the former, for I truly believe that they can make more money from the high ground of "e-trust", than they can from the swamp of Corporate Greed.
But either way set up that Purchasing Pin on your Amazon Echo!
Aside:- ( I wonder, as I have disabled Voice Purchasing for my Echo, will that setting automatically propagate to my Echo Dots?)
Hmmm Security Affordance, that would be a neat design concept!

Friday, March 18, 2016

Agency, Dotage, & Vacation Virtualisation

The problem: There are too many old people with limited mobility and too much money, in comparison to the too many young mobile people with too little money. This situation limits the agency of both parties.

Challenge: How to normalise, or balance this situation.

Solution: A Vacation Virtualisation Ecosystem

Requirements:

Virtual Vacations Mart: A means of advertising location and price of Virtual Vacations (4 Types, Sole Control Vacation Share, Fly on the wall & Replay)

Payment System: Ability to book, and pay by the glimpse!

Control System: Allows control of the visiting entity, to start with a human, in the future likely to be robotic / drones.

Communication System : In the more remote areas of the planet this will be a key investment area.

Capture Platform: 360 Stereoscopic Camera & Surround Sound Platform that can capture and transmit the required views and sounds to the Virtual Vacationers (ie transmit the view and soundscape each is looking at, the sounds and views will change orientation as the "virvaker" turns their head)

Types

Sole Control is where a single individual controls the movement of the Capture Platform through a specific area

Vacation Share involves multiple virtual vacationers hitching a ride on a vacation platform that will take a pre-defined path through an area.

Fly on the Wall, similar to Vacation Share, but normally involves a visit to the normal or perhaps news worthy locations around the planet. What is it like in Alepo at the moment? What is it like in a Mumbai slum?

Replay, would likely be used to record the journeys to more remote locations, or journeys that are likely to be viewed multiple times. They would be cheaper to deliver, and thus lower cost. By far the majority of virtual visits to the Taj Mahal are likely to be via Replay.

Some Implications

Flow Control/Rationing : We will soon see some locations being swamped with virtual vacation platforms. The locations would move to limit the number of Sole Control vacation platforms allowed to visit at one time. Imagine how many folks will want to visit the Taj Mahal.

Bandwidth limitations will provide some challenges.

Smelly Vision would be a major enhancement that would allow the realistic transmission the smells of a location.

Environmental Replication Varying the humidity, temperature, and UV rays experienced by the virtual vacationer would also provide further enhancement of the experience. One can envision pods designed to fully replicate the fast changing environment of a specific vacation journey, replicating walking from sunny plains through a humid jungle in to a cool dark cave.

Monday, October 19, 2015

My Ludicrous Logitech Remote Experience

This is a more personal post with an embedded message.

As a ridiculously extravagant gift to myself I purchased two different Logitech Harmony Remotes
My goal was to attain better control over my devices, ranging from X10 lighting and power switches to the various media devices used around our house.

As usual the first thing I did was to read and translate the Terms and Conditions the result was a surprise even to me, you have just got to love lawyers!

Here is my plain English translation:

1 It's not yours, it's ours, we just let you use it while we choose to allow you to.
2 You can't nick it or let anyone else nick it. 
    (It's not good enough to use for anything important, think of it as a toy.)
3 If you give it to anyone they are also lumbered with these rules.
4 There's stuff in this made by others, the stuff they make might not work, which is not our fault. You accept their stuff may spy on you and misuse your personal data. This is nothing to do with us but we make you accept this rule anyway. Oh yes and they can change their stuff without you knowing anything about what they did or why they did it.
5 We can stop you using it whenever we want to with no need to tell you why.
6 We never said it would work and it's your fault if it doesn't, and it would be absolutely nothing to do with us!
7 We will never EVER accept any liability under any circumstance what-so-ever.
(unless of course, if you happen to know we have to accept liability by laws of your jurisdiction, in which case we will work very hard to duck our liabilities)
8 Special Clause for the U.S. government, even though we say on the box it can't be sold in the USA
9 You must comply with export controls, though we won't say why, or which ones apply.
10 If you are buying this for someone else we will pretend they bought it and will apply all
these rules to them whether or not they read them.
11 We are going to pretend your own countries law's don't apply and you can't make us think they do "La la la, la lah!"
12 If English is not your language tough! We only believe what we said in this English Version.
13 We have put a list of other folks on the internet, as they are the people who wrote most of this thing, and you have to accept all their rules too!

14 We have NO obligation to keep this thing working....

Why did I buy this stuff again?

Anyway I shall ignore these silly T's and C's, mostly because I still hold to the ludicrous idea that most Corporations want to do good by their customers, yes I know, silly me! I also have a sneaking suspicion that in a court of law most of these terms are invalid. 

Why do Corporations write such ludicrous Terms and Conditions? That's a far deeper question, which I suspect it is part seeing their purchasers as commodities to trade rather than Customers, and part a defensive position against the litigious world in which we live.

I am starting to consider that I need a set of Terms and Conditions myself for all those that want to do business with me.... I wonder how ludicrous I should make them?

Thursday, October 08, 2015

"Man in the Middle" Reduces Agency and Subordinates

It is an obvious statement that passing direct control of a device or thing to others to act on it, on the behalf of the owning entity, reduces the owners direct control, or Agency. While the owning entity may choose to trust the new agent, or service provider, the added complexity, aimed at making life easier to control automatically or remotely, will always add risk, and reduce security. Thus individual entities are both subordinated and less secure.

There is a clear difference between Architecting for Control versus Architecting for Agency. Often the former focuses on the control needs of the larger entity, rather than individual entities. The perspective of the designing architect is naturally driven by the needs of the corporate entity that is paying for the control architecture. It takes a corporation with very strong values to recognise the importance and value of Architecting for Agency.

Architecting for Agency is perceived not to be in the interest of the Corporation or Service Provider. The current architectural fashion is to architect Control Agents under the Provider Star Model. Meaning that all control commands come through the provider, making them the Prime Controller. This also provides one point of attack to gain control over all the devices in their dominion. It should be noted that the most important outcome is the ultimate loss of Agency of the owners of devices or things. Subordination is a natural outcome, individual entities become the serfs of the corporate service providers, not their masters.

So what does Architecting for Agency look like?

It often starts in the deliberately confusing Terms and Conditions of the service providers, here one can establish the architectural intent of the providers. See next blog post: My Logitech Remote Control Experience.

It continues with the Identity & Entitlement Model used by the provider; your identity and rules or theirs?

The Network Topolgy is also a great indicator. Does the owning entity control the communication pathway or hubs through which all control commands flow from owning entity to things or devices.

The future points to a mesh network where all entities can combine and communicate under the appropriate bi directional rules of owners and providers. With neither star nor hub. It is here that all devices and things become entities that can enact Asimovs Four Laws. (A 4 Laws enabled heart beat sensor that can identify that the heart it is sensing is in trouble and knows how to act to save the life of the heart's owner.)

The capacity of things and devices to exist virtually under their own control. Stated differently can the digital state of a thing be stored in the cloud under the direct control of the thing.

Nature has invented the technique of creating things that attain and maintain their own Agency.

We are those things!

Our challenge is to architect and implement a means of attaining and maintaining Cyber Agency

For today we are architecting for subordination, we are collectively accepting not a "Man in the Middle", but "Legions of Corporations in the Middle!" We should not be at all surprised at the consequences. If only George Orwell, had been alive today, his novel 2084 would have been far scarier!

Governments are often enamoured by techniques that can be used to subordinate their citizens, in the name of security. They appear not to have yet spotted that in this new age of Cyber Feudalism, it is the Corporations that are gaining control over their individual citizens tapping directly into their innate value and governments are being disintermediated. The "offending" cyber corporations apparently hell bent on reducing human agency for their own fiscal benefit, come from three basic corners, firstly the bandwidth providers, secondly the device providers, and secondly the service providers. The cleverer of these are starting to use more than one of the corners.

The upcoming agency architectural decisions are perhaps some of the most important ethical choices humanity has to make in this century. Without the right choices we can never expect to develop or gain Cyber Human Rights!

Subordination is a problem, but the resulting security risks are also key.

Sadly, as in all things security, we seem to have to first experience the full horrors of the negative, before we put in place methods of safely achieving the potential positive outcomes.

  • Cars - Seatbelts & Airbags
  • Electricity - Fuses & Earth Leakage Protection
  • Sunshine - Sunscreen

The film The Matrix is a good metaphor for Cyber Feudalism, the well hidden identity of the film was the name of corporate entity that was behind all the human energy harvesting.

I am reminded of the first live crab I cooked; what will it take for us to get out of the nice warm water before we fall asleep and boil to death?

 

Tuesday, July 28, 2015

Do I have a right to be anti-monadic?

Having discovered the word that describes well the actions of the cyber giants that results in our being squeezed into one single identity, it struck me that perhaps my human rights are being eroded. Monadism, yet another term from philosophy, it effectively describes the GAFA activities that are driving us toward a single identity.

Being able to represent my self in one of my many web based personas has become increasingly difficult, as first one of the GAFAs and then another manage to fuse my different personas, their clear target is to know me as a single individual. (See my recent Apple Watch example)

My grandfather persona is one I am still trying to protect though at least two of the GAFAs have managed to attach that persona to their monadic view of me.

My Jericho Forum colleague Paul Simmonds is working towards protecting our ability to uniquely represent ourselves as multiple personas, while maintaining our ability to have agency over our identities. His Global Identity Foundation is unsurprisingly currently making little headway against the huge combined gravitational forces of the GAFAs.

Perhaps what is needed is public awareness of the implications giving control of our identities to third parties and the development of a clear desired identity state. The current issue is that the frustration with the difficulty of maintaining identity control, is actually resulting in individuals handing control to the GAFAs.

A recent purchase of an Amazon Fire TV device demonstrated to me just how attractive it is to pass control over. The device arrived with the identity of the purchaser pre-loaded, we had after all purchased it from Amazon so they already knew who the purchaser was. There was no effort involved in claiming ownership of the device as the device apparently already "knew" who it's owner was. The truth is that it is Amazon who knew the identity of the owner, and they had asserted their control over the device. The experience was far simpler and less weird than the Samsung TV Identity ownership ceremony. The underlying issue is that we have passed control to Amazon and they had chosen not to authenticate the Identity of the owner.

Amazon have not yet made the jump to combining monadic identities into family groups, that Apple have made. This action would further pass control to the provider of identities, this would not be an issue if that were all they provided, the issue comes from the fact that they also provide products and services.

Anti-Monadic Rights

So, should we give an individual the right to create separate identities and maintain them separately.

The difficulty comes when such separate personas are used to hide illegal or immoral activities.

The state will likely press for monadic identities, using terrorism, tax evasion and crime as their primary drivers.

So what are the key elements of a successful identity model in the 21st Century

Data Agency: Having control over the transparency, privacy and usage of our data.

Identity Agency: Having control over the creation, use and deletion of multiple separate personas

These two elements should apply equally to all entities, whether person or organisation.

 

So my conclusion is, yes, I should have the right to control multiple separate identities.

Clearly that does not give me the right to use any of these for illegal or immoral purposes.

The challenge will be to create the legal and digital ecosystems that will allow CyberAgency, while maintaining a civilised and moral society.