Weeknotes: Security/safety/economics, accountability, empathy

Matthew Taylor on accountability, highlights mine:

If accountability is based on multiple objectives, relating to quite different domains, things become more complex. Perhaps it is not surprising that organisations often duck that complexity. More and more businesses advertise their ESG framework, but in many of them employees find their day-to-day incentives are still overwhelmingly aligned with profit.

A friend of mine who works on ethical leadership says that acknowledging the existence of genuine dilemmas is an essential first step to developing a practical ethical mindset but that most executives are loath to admit such conflicts exist. Unless accountability systems incorporate multiple measures and openly recognise potential trade-offs between objectives they are neither as powerful nor honest as they could be.

... Weak and mythical accountability is a big part of the erosion of trust and credibility in our politicians and political institutions. Ministers make promises they can’t realistically deliver – for example negotiating a Brexit deal without making any significant concessions – while at the same time evading accountability for things that are their responsibility like honesty, coherence and the effective delivery of policy.

... As I sit here finishing this piece the BBC website features the headline ‘Formula for locating new homes revised after Tory backlash’. This highlights three failings. First, why is the government dialogue with its own party activists so weak that it couldn’t build or sustain support for this policy? Second, why do we seem to think it is acceptable that a government elected to represent all of us is demonstrably and unashamedly much more influenced by its own unreconstructed activist base than the view of the public, experts or third sector groups? Third, why does so much policy emerge without going through the kind of deliberative processes that might make it stronger and less likely to be abandoned at the first contact with reality? This is our broken system of democratic accountability in a microcosm.

David Edgerton hopes that Brexit will lead to a bonfire of national illusions. 

What's the state of AI? Not great. Here's a roundup of 2020 lacklustre news from Filip Piekniewski, covering machine learning and robots and software-driven vehicles.

Matt Stoller writes about security and the private sector:

Cybersecurity is a very weird area, mostly out of sight yet potentially very deadly. Anonymous groups can turn off power plants, telecom grids, or disrupt weapons labs, as Israel did when it used a cyber-weapon to cripple Iranian nuclear facilities in 2010. Bank regulators have to now consult with top military leaders about whether deposit insurance covers incidents where hackers destroy all bank records, and what that would mean operationally. It’s not obvious whether this stuff is war or run-of-the-mill espionage, but everyone knows that the next war will be chock full of new tactics based on hacking the systems of one’s adversary, perhaps using code placed in those systems during peacetime.

... The most interesting part of the cybersecurity problem is that it isn’t purely about government capacity at all; private sector corporations maintain critical infrastructure that is in the “battle space.”

...And yet these companies have no actual public obligations, or at least, nothing formal. They are for-profit entities with little liability for the choices they make that might impose costs onto others.

Indeed, cybersecurity risk is akin to pollution, a cost that the business itself doesn’t fully bear, but that the rest of society does. The private role in cybersecurity is now brushing up against the libertarian assumptions of much of the policymaking world; national security in a world where private software companies handle national defense simply cannot long co-exist with our monopoly and financier-dominated corporate apparatus.

This is all down to firms run for profitability above all, which is made worse through private equity.

 ... There are many ways to see this massive hack. It’s a geopolitical problem, a question of cybersecurity policy, and a legally ambiguous aggressive act by a foreign power. But in some ways it’s not that complex; the problem isn’t that Russians are good at hacking and U.S. defenses are weak, it’s that financiers in America make more money by sabotaging key infrastructure than by building it.

As Ross Anderson points out, perhaps this suggests a new thread of research in security economics. 

It's no better in open source. Tech Republic writes:

A new survey of the free and open-source software (FOSS) community conducted by the Linux Foundation suggests that contributors spend less than 3% of their time on security issues and have little desire to increase this.  ... Moreover, responses indicated that many respondents had little interest in increasing time and effort on security. One respondent commented that they "find the enterprise of security a soul-withering chore and a subject best left for the lawyers and process freaks," while another said: "I find security an insufferably boring procedural hindrance."

Thanks to Joanna Bryson for the pointer to that - 

screenshot of tweet

Martin Stanley looks at who is responsible for safety, in a piece for the Bennett Institute.

The second lesson, surely, is that regulators must be properly funded.  Most businesses may not need frequent inspections, but the occasional criminals and ‘chancers’ can do huge harm – and will do so unless faced with energetic prosecution and/or enforcement.  It is worrying, therefore, that recent governments have reduced the resources available to regulatory bodies, typically by around 50% in real terms.

Anonymous shell companies have been banned in the US. Thanks Alex Howard for writing about this sort of less-noticed DC news amidst everything else. 

A depressing paper about the growing use of management consultancies in the (mostly UK) public sector:

the results show that, in general, high levels of prior MC use (in terms of expenditure) predict higher future use. This suggests a pattern of repeat or persistent external sourcing to MCs within buyer–supplier networks that leads to demand inflation. Consistent with this picture, a relationship was also found between previous high levels of MC use and the subse-
quent adoption of commercialization practices (H2). Turning to H3, the analysis further suggests that processes of demand inflation have negative consequences for
client performance in terms of efficiency. Consistent with earlier research ... we found that higher overall levels of expenditure (influenced by past patterns of use) are associated with lower efficiency in hospital trusts. Another indication of this tendency is related to the adoption of commercialization practices. Crucially, we found that the organizational inefficiency generated by higher levels of MC is amplified when it is linked to out-
sourcing and structuring of PFI contracts. In other words, it seems that the use of MCs to assist with the implementation of these initiatives is having a reinforcing, negative effect. 

Marcus Baw has been working on what's missing (alongside what's awesome) in the NHS data infrastructure:

screenshot of tweet

Alex Blandford writes about the failure of open data (highlights mine):

Open data, as a movement, relied heavily on buy-in from government that was contingent on delivering savings and value for money. It was meant to be a technocratic revolution from government's point of view, and for civil society, a way to understand the quantitative data of Whitehall which might, in turn, bring up more detail on the qualitative.

But almost none of the promised gains of efficiency have actually happened. Making more open financial data happen at the same as closing down bodies like the audit commission doesn't lead to the same outcomes.

And so in epidemiology data. All data is readable, able to be put into contexts that suit particular outlooks, it isn't neutral. Fine. But. The political decisions have lagged data and very little has been made of that by political journalists (there is the oft-cited problem that lobby journalists might bring a particular ontology of understanding all crises as crises of the cabinet rather than of government or state).

Open data sits clearly in the "I need" rather than "so that" part of a user story. I've been able to make personal decisions in a pandemic using this data, but we need to acknowledge that this creates a narrative of personal responsibility for your own safety in a global pandemic. The publication of data has political possibilities and is a product that needs thought and iteration like any other.

Personal responsibility and personal use of data seems to have been a highlight of many tech people's response this year. So many graphs...  The most poignant bit of this post is:

... I've been confused as to why charities like Diabetes UK weren't advocating for diabetics while this was happening. I saw lots of comms around following shielding/lockdown rules (which is all good and fair enough), but almost nothing about trying to push for better support and conditions for people who are shielding. Early letters in the pandemic advised me to isolate indefinitely from my family. This is not possible. NGOs representing groups asked to shield should have been acting for us, standing up for bad policy, pointing out that households shield, not individuals and pointing out the massive deficiencies in the way that policy was drawn up and implemented so it could be improved.

Zeynep Tufekci dives into "an eye-popping story in the New York Times, the headline blaring that, “Britain Opts for Mix-and-Match Vaccinations, Confounding Experts.” The subtitle continued, “If a second dose of one vaccine isn’t available, another may be substituted, according to new U.K. guidelines”" and finds this is mostly not true or significant. But:

What we are seeing polarization and, in fact, moralization of every little thing, turning banal scientific manuals making routine recommendations into fodder for social media dunking and expressions of outrage. These developments have certainly made everything harder, including maintaining trust in public health guidelines. An ordinary person reading the article in the U.K. may leave with the impression that British scientific authorities are completely out of their minds, making outrageous, unprecedented decisions and gambling with public health on everything.The reality is much, much more mundane, and not that related to this most boring of guidelines. We’ve increasingly lost the ability to interpret even the smallest things outside of frameworks of outrage.

I don't think I have anything to say about the US this week but Zeynep's post seemed the most perceptive commentary I've seen. It seems so easy to get distracted by the facepaint and private jets etc.

Ban recommender engines:

screenshot of tweet

On social media bans:

screenshot of tweet

Also how does this work elsewhere... (whole thread):

screenshot of tweet


screenshot of tweet

I should re-read Jennifer Cobbe's paper....

But there is also good news:

screenshot of tweet

Panthea Lee writes about a new politics of solidarity and joy. There are many interesting bits in this long article but I think the bits about empathy and power struck me most. Highlights mine.

I am rejecting a politics of empathy. I have spent the last 15 years advocating for greater empathy in powerful institutions. And I am done. My early professional training — in journalism, arts, and design — believed empathy to be both means and end. ... Because empathy begot good solutions, or so the mantra went.

...But major decisions were still made in big offices in the capital cities, or in even bigger offices in DC, New York, or London. In those boardrooms, armed with my photos, frameworks, reports, and slides, I’d try to convince those with power to address the injustices I’d witnessed. If I could just generate enough empathy within these decision-makers, I thought, then they’d approve the policy, allocate the funds, or greenlight the project. Generate enough empathy, I thought, and the injustices would go away.

How naive I was. For a few years now, I’d sensed that “building empathy” was a red herring, but I’d struggled to put it into words. Then I heard Aruna D’Souza nail it: “A politics based on empathy imagines justice as something to be bestowed by newly enlightened individuals on other lesser individuals and communities. A politics of empathy allows those called upon to be empathetic to remain in a position of supremacy, doling out justice as a matter of kindness.

  ... Much of my work has been at the intersection of communities, activists, and “powerful institutions”. But I’ve been questioning what exactly we mean by “powerful” — most of the time, we’re simply referring to concentrations of economic and political capital. There is so much we miss in this shallow formulation of power.“Powerful” institutions by design struggle to be generous, creative, adaptive, and consistently values-driven. Yet we accept the central roles they play in setting our public agendas. Even most dogged activists focus on influencing the decisions of “powerful” institutions within the rigid frameworks they’ve set, rather than on reimagining our world anew.

... Our visionary artists and writers, with their gifts of radical imagination, can help us see beyond our current realities. Our bravest activists, with their unwavering moral clarity, can help us set the bar for solutions that protect and nurture our humanity. Our most creative community groups, with their powers of loving generosity, can help us map out how to implement radical alternatives. The models exist. They’ve been pioneered by visionaries who have lacked economic and political power, and who’ve been harmed by mainstream solutions.

From there, our think tanks and researchers, with their intellectual rigour, can help us define paths to seizing this future. And “powerful” institutions, with their infrastructure and resources, can then set policies and organize markets to realize these agendas.

But the current norm is literally the reverse: “powerful” institutions set the agenda, and we fight on the fringes for crumbs. It’s just not good enough. If we want a world that is loving, joyous, and kind, we must give key tasks to those who are most structurally fit to illuminate that path. And then we must line up behind their visions.


Fascinating ideas from Citizen's Advice about how the Post Office could invest and improve. (I had no idea the government has committed to investinng £177 million in the Post Office network in 2021.) One is "Address and collect" - like a PO box for people with no fixed address or whose post at home may be intercepted. Another is Post Offices holding parcels for collection, rather than leaving "we missed you" cards. This wasn't possible before but now it is!

Previously only parcels delivered by Royal Mail could go to post offices. But following a new agreement in December, that’s no longer the case. And Post Office Limited have already started talks with other delivery companies.

There is a European Spreadsheet Risks Interest Group (Wired, October 2020).

From the Redecentralise newsletter:

“The Decentralized Web of Hate”, a recent report by Emmi Bevensee of Rebellious Data and the ScuttleButt community, investigates how peer-to-peer communication tools developed with social ideals end up being used for purposes antithetical to those — specifically, by white supremacy groups — and what could be done about this. Being both sympathetic towards and worried about the technology, the report gives nuanced reflections about trade-offs and challenges:

    “Centralization, such as a server controlled by a corporation, allows us to quickly remove dangerous content but it puts the control for what constitutes “dangerous” in the hands of a privileged few.

    Radical democratization of the responsibility for maintaining a healthy Internet that respects difficult discourse, free speech, and the rights of marginalized persons to safety online is the great task of the P2P era”

Whether or not you think of this as the P2P era, it seems like this is a task for now.

    “For many in the P2P space, particularly those influenced by political ideologies such as techno-libertarianism, a belief in a combination of maximized liberty through free-markets and technology, the affordance of malicious use of their tools is understood as a necessary risk to advancing goals like freedom of speech and curtailing state overreach. To those in the P2P space more influenced by leftist and social justice ideologies, affordances such as use by white supremacists using a technology is something to be counter-acted as much as possible while still trying to leverage the potential of the tool. Further, there is a subpopulation of people in the P2P development space who themselves identify with white supremacist ideologies though they may take the cover of other political ideologies or dogwhistles.

    There are also those in the P2P space who are driven not so much by political or moral ideology but as by curiosity of the technical and mathematical possibilities. … This group is less concerned overall about whether any given group, hate or otherwise, uses their tools and more that they can advance the technology and theory.”

Of course, most people do not fit in exactly a single category:

    “The reality of these communities though is that many ideologies and motivations overlap and most people that I’ve spoken to have nuanced and complicated views on a range of these issues. Tensions at the level of code are embedded in the social context that creates them. The freedom of speech represented by an uncensorable P2P protocol interacts with the freedom to not experience racist violence organized through the very same protocol. Therefore it is important to investigate how some actors are pushing back against hate in a technological space that is, by design, difficult to censor.”

Rather than giving up on decentralised tools, the report looks for ways to discourage or mitigate their abuse, hinting at explicit project values, various content moderation approaches, and instance block-lists...

But, as the author concludes, in the long run we need social solutions to social problems. “P2P systems mimic the questions of how we combat racism and intolerance in the real world” — much depends on the real-world communities and culture around the technology. Perhaps this writing itself already helps by cultivating a culture among decentralisation enthusiasts in which nuances, trade-offs and responsibilities are acknowledged and appreciated.