Erosion Threatening America: And it's not global warming

At the supermarket you try to buy fresh, natural produce. but you recently heard that more than 60% of the food on the shelves today likely contains GM ingredients (a recent survey said 80% of Americans want food labels to indicate the presence genetically modified ingredients but 99.9% of GM food it is not labeled as such).

In the meat aisle you look for some meat to grill at the weekend when friends come over to watch the game. You see some are Black Angus steaks on sale, but are vaguely aware that under USDA rules any beef meat can be labeled Black Angus if the animal has a "black hair coat". You just hope the steaks taste okay.

At the checkout you swipe your debit card and hope that there is not some malicious code in the store that is capturing your card details and shipping them offshore for use in fraud schemes (which was happening for a while at nearly 300 otherwise reputable grocery stores).

Come the weekend, you fire up the grill and settle in to watch the game, unaware that one of the teams has been illegally spying on its opponents for years. At half time a friend asks about an email he got from the IRS asking for bank account information so the agency could send his tax refund via direct deposit. You tell him the message is a scam and the IRS does not use email because it can't be trusted.

In fact, you have this growing feeling that there is too much that can't be trusted these days; surely this erosion of trust is not good for the country. As the second half of the game begins you find yourself surreptiously surfing the Web on your laptop, entering search strings like: trust economic payoff, trust erosion growth, and such like. You find a widely quoted paper from 1997 that showed trust having a significant impact on aggregate economic activity, specifically "the coefficient for Trust [...] indicates that a ten percentage point rise in that variable is associated with an increase in growth of four-fifths of a percentage point" (Knack and Keefer, 1997). You find another paper from 2000 that concludes "a ten-percentage point increase in the number of respondents revealing themselves as “generally trusting others” is associated with a rise of per capita income in purchasing power standards of three-fifths of a percentage point" (Van Puyenbroeck and Cherchye, 2000).

So, increasing trust within America by ten percent could actually provide a big boost to an otherwise sagging economy. Is that feasible? Consider the numbers in this IBM study. America's trust level is 36. The figure for the Netherlands is 55 and for Norway it's 65. The UK is at 44 and Ireland's at 47. In other words, if Americans had the same level of trust as the Irish, an annual GDP growth rate of 3% percent could be boosted to 3.8%. If we reached Dutch levels of trust, that 3% GDP figure could be 4.6%. And if we achieved Norway's trust level, we could hit 5.4%, a veritable powerhouse of growth, achieved not by raping the land and ruining the environment and hogging resources, but by engendering trust between individuals and institutions.

There Should Be Blood: Oil deserves better

I finally got round to watching There Will Be Blood and I was terribly disappointed. While Upton Sinclair's Oil! painted a subtle picture of human motives and morals set against a detailed picture of the oil industry, the story told in this film just didn't make sense, at least to me.

It's not that I was expecting a true-to-the-book movie, or even the same basic story as the novel--we are given fair warning that the book merely inspired the film; but what I did expect was a coherent tale full of insights into the oil business.

Instead we get this incredibly intense character, Daniel Plainview (Daniel Day-Lewis) driven by heaven-knows-what motives. We wait all movie to learn why he is so angry and bitter and violent. I never found out. It's like a Coen brothers' movie without the humor. Indeed, I would probably have been happier if the film had been introduced as a Coen brothers production set in the early years of the California oil boom and World War I (after all, they made O Brother Where Art Thou? about the Depression in Missippi).

What I don't understand is the need to hook the film to the novel. Elements are shared, like an oil developer with a son in tow and a quail hunt that finds oil and a charismatic preacher whose family sells its land to the oil man. But that's about where the similarities end.

The differences are even more telling. While we see some of the workings of the oil business in There Will Be Blood the film passes up a lot of opportunities to educate, which was part of Sinclair's genius. The difference between leasing land to drill and buying it outright was not made clear--something that a lot of people in today's gas-boom states like Pennsylvania and New York could stand to learn more about.

Also unaddressed were the conflicting emotions experienced by the boy, used by Sinclair to address the age-old conundrum of how well-intentioned acts can produce bad outcomes. Sinclair's oil man is seemingly well-intentioned. He was a simple shop-keeper whose wife left him. He happened into the oil business at 40, got lucky, and wanted to pass along his knowledge and wealth to his son. He is not cynical in his exploitation of resources and people, he believes he is doing the right thing and being fair. The film totally omits the unions, The War, Bolsheviks, and the rise of communism and this misses a great opportunity to highlight major parallels with the world today, and underline how easy it is for well-intentioned men who think they are fair to really screw up the world, politically, economically, and environmentally.

Child Porn: Why One Man's Innocence May Worry IT Managers

Computer security news out of Massachusetts this week could be a sign of big troubles to come for IT managers in enterprises, government agencies, and SMEs, in the U.S. and around the world. It's not a virus or worm or Trojan as such, although they may be involved. No, it's a case in which an innocent man lost his job and his reputation, and may now win a landmark suit against his former employer. Why? Because he was fired for having child pornography on his company laptop without adequate forensic evidence that he put it there.

The case of Michael Fiola could become a landmark of sorts, although some observers seem to have missed the point I'm going to make: Any employer considering taking action against an employee, based solely on what is 'found' on an employer-issued computer, must have solid forensic evidence to justify that action, and preferably be in a position to justify the action on additional, non-forensic grounds. Why? Because failure to do so could have serious consequences.

Legal Precedent, the CIO/CISO Remit, and Indian Affairs

Q. Have you spent much time at the U.S. government's Bureau of Indian Affairs web site lately?

A. No.

I didn't think so. Because, when you go to www.bia.gov it's not there. According to a recent news story that may be about to change, but don't hold your breathe. There hasn't been a web server at bia.gov for most of the past 7 years. Why? The short answer, which I consider to be highly instructive to Chief Information Officers and Chief Information Security Officers everywhere--inside the government and out--is this: "Because the judge just said No."

Allow me to elaborate. Back in 2001 a judge told the BIA to take its site off the Internet because it was not secure. And, in a judgment that strikes me as a brilliant application of commonsense, he added: "Don't put it back until it's secure."

How does a judge determine if a web site is secure? The same way that the Federal Trade Commission does: submit it to examination by an objective, independent third-party who is suitably qualified, such as a CISSP (Certified Information System Security Professional). And that's what the BIA did, in 2003, and again in 2004. Basically, the BIA kept reworking its systems to try and achieve a standard that I like to call "secure enough." That means the site can withstand all of the obvious, predictable and realistically feasible attacks.

And that pretty much sums up the real world standard used by site like Amazon.com and BankOfAmerica.com. For example, a site won't fail the "secure enough" standard just because it's encryption could be defeated by a brute force attack that would take $50 million super-computer to execute. A site will fail if it is found to be vulnerable to a known cross-site scripting attack or a SQL-injection hole that was patched six months ago.

Well now there is a Court Order permitting Internet reconnection for Indian Affairs and the agency is "on the path to full reconnection to the Internet." Note that this is not happening because the judge's security experts gave the site a clean bill of health. On the contrary, the United States District Court for the District of Columbia Circuit and agreed with the agency that the judge was out of line when he issued the Consent Order Regarding Information Technology Security that suspended the site back in December, 2001. So, the court gave permission for the "information technology systems of the Bureau of Indian Affairs (BIA), the Office of Hearing and Appeals (OHA), the Office of the Special Trustee for American Indians (OST), and the Office of Historical Trust Accounting (OHTA) to be reconnected to the Internet." It will be interesting to see how long that takes, and how secure the site proves to be, in a real 'real world' test.

In the meantime, companies might ponder how they would fare if all Web sites had to pass a security review before they were allowed to go live.

Anti-spam: A Stephen Cobb Podcast

A couple of months ago I recorded a 15 minute, interview-style podcast with Brian Kraemer of TechTarget on the subject of spam, then I promptly forgot about it. Well, today I remembered and figured I would embed it in a blog post.



For those who prefer a direct link to the original MP3 podcast file, all 14 megabytes of it, here it is: Cobb on Anti-spam.

I hope you find it useful listening. The target audience was mid-market CIOs (that is, Chief Information Officers at companies with 100-5000 employees or revenue up to $1 Billion). But I think it would be of interest to most SMEs (that is, small-to-medium sized enterprises). Finally, here's a link to the podcast on the TechTarget site.

Freelancers Unite! A way to get health insurance and a voice

If, like me, you've worked as a freelance writer (or coder, developer, editor, consultant, etc.), then you know the pain of trying to get affordable health insurance for yourself and your family, of trying to get paid on time, and generally trying to get the respect you deserve [to say "America runs on freelance labor" would not be an exaggeration].

Now there's an organization that is uniting freelancers to get action on some of these items, most notably health insurance. It's called the Freelancers Union and actually has been around since 1995 when Sara Horowitz, a former labor lawyer, founded Working Today. This was renamed Freelancers Union in 2003 to better reflect its expanded role, which includes lobbying on issues of concern to freelancers (the union received 501(c)4 status in 2007). The original focus was to serve freelancers in New York City but the group is now on a national membership drive. The timing could not be better, with a lot of people being laid off from salaried jobs and rates for individual health insurance is now higher than house payments in many states.

That's right, according to the Census Bureau, the median monthly housing cost was below $1,200 in 20 states in 2006 and $1,200 which the monthly premium we were paying for basic husband/wife BlueCross coverage, no dental, no optical, limited hospital benefits, with a large deductible and hefty copays; that was until we dropped our coverage because we couldn't afford it, which is not unusual for many baby boomers who are now in the health insurance 'dead zone' i.e. too young for Medicare but old enough to have acquired a few health problems and thus really hammered by rising premiums.)

Checking over the web site it appears that Freelancers Union's health insurance rates are about half those for individual plans. Definitely worth checking out if you freelance.

The End of the Internet As We Know It?

Could the day be approaching when blogging about how much you dislike the Church of Scientology or a certain political candidate gets you knocked off the net? Or worse, a heavy knock on the door?

Love it or hate it, the Internet of old appears to be on its way out. A few years from now, two recent news items, when taken together, may reveal a turning point. Most recent was the agreement of several major ISPs to censor Internet traffic. New York Attorney General Andrew Cuomo has coaxed Verizon, Time Warner Cable and Sprint into dropping the long-accepted notion that ISPs are immune from liability for content posted by users, much the same way that phone companies have eschewed liability for what people say in phone calls and, to get historical about it, printing machine makers took no responsibility for what was printed with their presses. This principle, that the carrier is not responsible for what is carried, is even established in law, notably under the 1996 Communications Decency Act.

But as David Kravets, writing at Wired.com observes, under the Cuomo deal, "the ISPs seem to acknowledge a moral role in policing the internet."

An Historic Night for America, Great Hope for the Future

One month shy of the 44th anniversary of the signing of the first civil rights act, the headline from New York Times says it all: Obama Claims Nomination; First Black to Lead a Major Party Ticket.

We've come a long way! And we need to acknowledge that a lot of younger voters are a big part of what made this happen, and that really is a welcome dose of hope for the future.

Radio Paradise Rocks (and soothes and cheers)

When times are tough (and I think we can all agree they are tough right now*) you sometimes need a way to escape, something to take your mind off things, or onto better things. I'm finding Radio Paradise does just that, and it's free as long as you have a broadband connection. Of course, donations are accepted I have been moved to give, it's just such a deliciously eclectic stream of good listening.

Sometimes they throw in some themed sets for fun and these can be quite amusing. Also, I recently found a cool gadget you can place on your Google home page that shows what is currently playing on Radio Paradise, along with album art (just search among the gadgets at Google/ig. You have to believe that this station is boosting CD sales for a lot of artists that people would otherwise not hear.

* Just for the record, on the "tough times" assertion:
  • Largest collapse of real estate values in recorded history
  • Real incomes falling, costs rising, budgets squeezed, jobs lost
  • Potential mega-flation fueled by soaring energy prices
  • World food shortages (again)
  • Middle East in crisis (again)
  • Oppression in far too many countries
  • Impending environmental disaster
  • Health care system in disarray

Sydney Pollack: A great maker of movies

Just wanted to note, with considerable sadness, the death of Sydney Pollack, at the relatively young age of 73.

Pollack's body of work is enormous and impressive (he racked up what must be be one of the longest IMDB listings there is).

Yet, in a business too often tainted by a wealth of unpleasantness, Pollack always seemed like a genuinely nice guy with a good sense of humor and a lot of heart. He directed one of the funniest movies of the last thirty years (Tootsie) and some of the most compassionate (The Electric Horseman and They Shoot Horses Don't They). But he could also nail a cold-blooded and subversive thriller, as in Three Days of the Condor. As a producer and executive producer he helped get some very important and challenging films into theaters (Michael Clayton and The Quiet American). All that and a darn actor to boot! You could always rely on him to get it just right. His craggy face and wry smiles will be missed.