TrustBlog

http://mix.chimpfeedr.com/5ccc0-TrustBlog TrustBlog 2017-12-02T10:50:00+00:00 http://www.chimpfeedr.com/ tag:blogger.com,1999:blog-6106782.post-4211686998343088253 UK Retail Data Breaches Richard Veryard http://www.blogger.com/profile/04499123397533975655 noreply@blogger.com 2017-12-02T10:50:00+00:00

Morrisons (2014)

The High Court has just found Morrisons to be liable for a leak of employee data by a disaffected employee in 2014. (The perpetrator got eight years in jail.)

http://www.theregister.co.uk/2017/12/01/morrisons_data_leak_ruling/
http://www.bbc.co.uk/news/uk-england-42193502

Sports Direct (2016)

A hacker obtained employee details in September 2016, but Sports Direct failed to communicate the breach to the affected employees.

https://www.theregister.co.uk/2017/02/08/sports_direct_fails_to_inform_staff_over_hack_and_data_breach/

CEX (2017)

Second-hand gadget and video games retailer Cex has said up to two million customers have had their data stolen in an online breach

http://www.bbc.co.uk/news/technology-41095162
https://uk.webuy.com/guidance/

Zomato (2017)

Up to 17 million users affected by data breach at restaurant search platform Zomato

https://www.infosecurity-magazine.com/news/zomato-breach-exposes-17-million/
https://www.zomato.com/blog/security-notice

Tesco Bank (2016)

Cyber thieves steal £2.5m

https://www.theguardian.com/business/2016/nov/08/tesco-bank-cyber-thieves-25m
https://www.theregister.co.uk/2016/11/10/tesco_bank_breach_analysis/
https://www.itproportal.com/features/lessons-from-the-tesco-bank-hack/

The Smell of Data (December 2017)

]]>

Morrisons (2014)

Sports Direct (2016)

CEX (2017)

Zomato (2017)

Tesco Bank (2016)

The Smell of Data (December 2017)

]]> tag:blogger.com,1999:blog-7415430.post-1489562092694840492 Pax Technica - On Risk and Security Richard Veryard http://www.blogger.com/profile/04499123397533975655 noreply@blogger.com 2017-11-25T13:22:00+00:00

#paxtechnica Some further thoughts arising from the @CRASSHlive conference in Cambridge on The Implications of the Internet of Things. (For a comprehensive account, see @LaurieJ's livenotes.)

Many people are worried about the security implications of the Internet of Things. The world is being swamped with cheap internet-enabled devices. As the manufacturing costs, size and power consumption of these devices are being driven down, most producers have neither the expertise not the capacity to build any kind of security into them.

One of the reasons why this problem is increasing is that it is cheaper to use a general-purpose chip than to design a special purpose chip. So most IoT devices have far more processing power and functionality than they strictly need. This extra functionality can be then coopted for covert or malicious purposes. IoT devices may easily be recruited into a global botnet, and devices from some sources may even have been covertly designed for this purpose.

Sensors are bad enough - baby monitors and sex toys. Additional concerns apply to IoT actuators - devices that can produce physical effects. For example, lightbulbs that can flash (triggering epileptic fits), thermostats that can switch on simultaneously across a city (melting the grid), centrifuges that can spin out of control (attempting to sabotage Iran's nuclear capability).

Jon Crowcroft proposed that some of this could be addressed in terms of safety and liability. Safety is a useful driver for increased regulation, and insurance companies will be looking for ways to protect themselves and their corporate customers. While driverless cars generate much discussion, similar questions of safety and liability arise from any cars containing significant quantities of new technology. What if the brake algorithm fails? And given the recent history of cheat software by car manufacturers, can we trust the car not to alter the driver logs in order to evade liability for an accident?

In many cases, the consumer can be persuaded that there are benefits from internet-enabled devices, and these benefits may depend on some level of interoperability between multiple devices. But we aren't equipped to reason about the trade-off between accessibility/usability and security/privacy.

For comparison's sake, consider a retailer who has to decide whether to place the merchandise in locked glass cases or on open shelves. Open shelves will result in more sales, but also more shoplifting. So the retailer locks up the jewelry but not the pencils or the furniture, and this is based on a common-sense balance of value and risk.

But with the Internet of Things, people generally don't have a good enough understanding of value and risk to be able to reason intelligently about this kind of trade-off. Philip Howard advises users to appreciate that devices "have an immediate function that is useful to you and an indirect function that is useful to others" (p255). But just knowing this is not enough. True security will only arise when we have the kind of transparency (or visibility or unconcealment) that I referenced in my previous post.

Related Posts

Defeating the Device Paradigm (October 2015)
Pax Technica - The Book (November 2017)
Pax Technica - The Conference (November 2017)
The Smell of Data (December 2017)

References

Cory Doctorow, The Coming War on General Computation (2011)

Carl Herberger, How hackers will exploit the Internet of Things in 2017 (HelpNet Security, 14 November 2016)

Philip Howard, Pax Technica: How The Internet of Things May Set Us Free or Lock Us Up (Yale 2015)

Laura James, Pax Technica Notes (Session 1, Session 2, Session 3, Session 4)

Holly Robbins, The Path for Transparency for IoT Technologies (ThingsCon, June 2017)

Jack Wallen, Five nightmarish attacks that show the risks of IoT security (ZDNet, 1 June 2017)]]>

The presentation refers to two milestones. The second milestone is 25th May 2018, the date that companies will need to comply fully with the new data protection regulations. The first milestone is the agreement of a clear and costed plan to reach the second milestone. Some organizations are now getting close to the first milestone, while others still don't have much idea how much effort and resource will be required, or how this could affect their business. Good luck with that. Let me know if I can help.

Digital Disruption and Consumer Trust - Resolving the Challenge of GDPR from Richard Veryard

]]>

Digital Disruption and Consumer Trust - Resolving the Challenge of GDPR from Richard Veryard

]]> tag:blogger.com,1999:blog-6106782.post-1464060225198569437 The Price of Everything Richard Veryard http://www.blogger.com/profile/04499123397533975655 noreply@blogger.com 2017-05-05T18:33:00+00:00

#PowerSwitch The relationship between the retailer and the customer can be beset by calculation on both sides. The retailer is trying to extract enough data about the customer to calculate the next best action, while the customer is trying to extract the best deal.

There is nothing new about customers comparing products and prices between neighbouring shops, and merchants selling similar goods can often be found in close proximity in order to attract more customers. (This is especially true for specialist and occasional purchases: in large cities, whole streets or districts may be associated with specific types of shop. London has Denmark Street for musical instruments, Hatton Garden for jewellery, Saville Row for made-to-measure suits, and so on.)

But nowadays the villain, apparently, is eCommerce. As a significant share of the retail business migrates from the high street to the Internet, many retailers are concerned about so-called showrooming. It may seem unfair that a customer can spend loads of time in the high street, wasting the time of the shop assistants and shop-soiling the goods, before purchasing the same goods online at a better price. To add insult to injury, some people not only practice showrooming, but then blog about how guilty it makes them feel.

The assumption here is that the Internet can generally undercut the High Street, and there are several reasons why this assumption is plausible.

Internet businesses compete on price rather than service, so the prices must be good.
An internet store can provide economies of scale - serving the whole country or region from a single warehouse, instead of needing an outlet in each town.
An internet store can offer a much larger range of goods without increasing the cost of inventory - the so-called Long Tail phenomenon
An internet store typically has lower overheads - cheaper premises and fewer staff
An internet business may be run as a start-up, with less "dead wood". So it is more agile and less bureaucratic.

However, there are some counterbalancing concerns.

The economic and logistical costs of delivery and return can be significant, especially for low-ticket items. With clothing in particular, customers may order the same item in three different sizes, and then return the ones that don't fit.
Investors previously poured money into internet businesses, and the early strategic focus was on growth rather than profit. As internet business become more mature, investors will be looking to see some decent returns on their investment, and margins will be pushed up.
And then there is differential pricing ...

One of the key differences between traditional stores and online stores is in pricing. Although high street retailers often drop prices to clear stock - for example, supermarkets have elaborate relabelling systems to mark-down groceries before their sell-by date - they do not yet have sophisticated mechanisms for dynamic pricing. Whereas an online retailer can change the prices as often as it wishes, and therefore charge you whatever it thinks you will pay. According to Jerry Useem,

"The price of the headphones Google recommends may depend on how budget-conscious your web history shows you to be."

I heard Ariel Ezrachi talking about this phenomenon at the PowerSwitch conference in Cambridge a few weeks ago. (I have not yet read his new book.)

"There is an assumption is that the internet is a blessing when it comes to competition. Endless choice. Ability to reduce costs to close to zero. etc ... What you see online has very little to do with the ideas we have of market power, market dynamics, etc. everything is artificial. It looks like a regular market, with apples or fish. But because it’s all monitored, it’s not like that at all. What you see online is not a reflection of the market. You see “the Truman Show” — a reality designed just for you, a controlled ecosystem." (via Laura James's liveblog)

In his play Lady Windermere's Fan, Wilde offered the following contrast between the cynic and the sentimentalist.

Lord Darlington: What cynics you fellows are!
Cecil Graham: What is a cynic?
Lord Darlington: A man who knows the price of everything and the value of nothing.
Cecil Graham: And a sentimentalist, my dear Darlington, is a man who sees an absurd value in everything, and doesn’t know the market price of any single thing.

According to one of the participants at the PowerSwitch conference, some eCommerce sites quote higher prices for Apple users, based on the idea that they are less price-sensitive and can afford to pay more. In other words, the cynical Internet regards Apple users as sentimentalists.

If there is an alternative to this calculative thinking, it comes down to reestablishing trust. Perhaps then retailers and consumers alike can avoid an artificial choice between cynicism and sentimentalism.

Emma Brockes, I found something I like in a store. Is it wrong to buy it online for less? (Guardian, 3 May 2017)

Ariel Ezrachi and Maurice Stucke, Virtual Competition: The Promise and Perils of the Algorithm-Driven Economy (Harvard University Press, 2016) - more links via publisher's page

Laura James, Power Switch - Conference Report (31 March 2017)

Joshua Kopstein, Is Amazon Price-Gouging You? (Vocativ, 4 May 2017) via @charlesarthur

Jerry Useem, How Online Shopping Makes Suckers of Us All (Atlantic, May 2017)

Price-bots can collude against consumers (Economist, 6 May 2017)

The Dilemma of Showrooming, (Daniels Fund Ethics Initiative, University of New Mexico)

Internet businesses compete on price rather than service, so the prices must be good.
An internet store can provide economies of scale - serving the whole country or region from a single warehouse, instead of needing an outlet in each town.
An internet store can offer a much larger range of goods without increasing the cost of inventory - the so-called Long Tail phenomenon
An internet store typically has lower overheads - cheaper premises and fewer staff
An internet business may be run as a start-up, with less "dead wood". So it is more agile and less bureaucratic.

However, there are some counterbalancing concerns.

The economic and logistical costs of delivery and return can be significant, especially for low-ticket items. With clothing in particular, customers may order the same item in three different sizes, and then return the ones that don't fit.
Investors previously poured money into internet businesses, and the early strategic focus was on growth rather than profit. As internet business become more mature, investors will be looking to see some decent returns on their investment, and margins will be pushed up.
And then there is differential pricing ...

"The price of the headphones Google recommends may depend on how budget-conscious your web history shows you to be."

I heard Ariel Ezrachi talking about this phenomenon at the PowerSwitch conference in Cambridge a few weeks ago. (I have not yet read his new book.)

"There is an assumption is that the internet is a blessing when it comes to competition. Endless choice. Ability to reduce costs to close to zero. etc ... What you see online has very little to do with the ideas we have of market power, market dynamics, etc. everything is artificial. It looks like a regular market, with apples or fish. But because it’s all monitored, it’s not like that at all. What you see online is not a reflection of the market. You see “the Truman Show” — a reality designed just for you, a controlled ecosystem." (via Laura James's liveblog)

In his play Lady Windermere's Fan, Wilde offered the following contrast between the cynic and the sentimentalist.

Lord Darlington: What cynics you fellows are!
Cecil Graham: What is a cynic?
Lord Darlington: A man who knows the price of everything and the value of nothing.
Cecil Graham: And a sentimentalist, my dear Darlington, is a man who sees an absurd value in everything, and doesn’t know the market price of any single thing.

Related posts: Online pricing practices to be regulated? (October 2009), Predictive Showrooming (December 2012), Showrooming and Multi-Sided Markets (December 2012), Showrooming in the Knowledge Economy (December 2012).]]> tag:blogger.com,1999:blog-6106782.post-3063130259919994642 Inspector Sands to Platform Nine and Three Quarters Richard Veryard http://www.blogger.com/profile/04499123397533975655 noreply@blogger.com 2017-03-09T22:21:00+00:00

Uber's Defeat Device and Denial of Service (March 2017). And on Tuesday, a fat-fingered system admin at AWS managed to take out a significant chunk of the largest platform on the planet, seriously degrading online retail in the Northern Virginia (US-EAST-1) Region. According to one estimate, performance at over half of the top internet retailers was hit by 20 percent or more, and some websites were completely down.

What have we learned from this? Yahoo Finance tells us not to worry.

"The good news: Amazon has addressed the issue, and is working to ensure nothing similar happens again. ... Let’s just hope ... that Amazon doesn’t experience any further issues in the near future."

Other commentators are not so optimistic. For Computer Weekly, this incident

"highlights the risk of running critical systems in the public cloud. Even the most sophisticated cloud IT infrastructure is not infallible."

So perhaps one lesson is not to trust platforms. Or at least not to practice wilful blindness when your chosen platform or cloud provider represents a single point of failure.

One of the myths of cloud, according to Aidan Finn,

"is that you get disaster recovery by default from your cloud vendor (such as Microsoft and Amazon). Everything in the cloud is a utility, and every utility has a price. If you want it, you need to pay for it and deploy it, and this includes a scenario in which a data center burns down and you need to recover. If you didn’t design in and deploy a disaster recovery solution, you’re as cooked as the servers in the smoky data center."

Interestingly, Amazon itself was relatively unaffected by Tuesday's problem. This may have been because they split their deployment across multiple geographical zones. However, as Brian Guy points out, there are significant costs involved in multi-region deployment, as well as data protection issues. He also notes that this question is not (yet) addressed by Amazon's architectural guidelines for AWS users, known as the Well-Architected Framework.

Amazon recently added another pillar to the Well-Architected Framework, namely operational excellence. This includes such practices as performing operations with code: in other words, automating operations as much as possible. Did someone say Fat Finger?

Abel Avram, The AWS Well-Architected Framework Adds Operational Excellence (InfoQ, 25 Nov 2016)

Julie Bort, The massive AWS outage hurt 54 of the top 100 internet retailers — but not Amazon (Business Insider, 1 March 2017)

Aidan Finn, How to Avoid an AWS-Style Outage in Azure (Petri, 6 March 2017)

Brian Guy, Analysis: Rethinking cloud architecture after the outage of Amazon Web Services (GeekWire, 5 March 2017)

Daniel Howley, Why you should still trust Amazon Web Services even though it took down the internet (Yahoo Finance, 6 March 2017)

Chris Mellor, Tuesday's AWS S3-izure exposes Amazon-sized internet bottleneck (The Register, 1 March 2017)

Shaun Nichols, Amazon S3-izure cause: Half the web vanished because an AWS bod fat-fingered a command (The Register, 2 March 2017)

Cliff Saran, AWS outage shows vulnerability of cloud disaster recovery (Computer Weekly, 6 March 2017)]]>

"The good news: Amazon has addressed the issue, and is working to ensure nothing similar happens again. ... Let’s just hope ... that Amazon doesn’t experience any further issues in the near future."

Other commentators are not so optimistic. For Computer Weekly, this incident

"highlights the risk of running critical systems in the public cloud. Even the most sophisticated cloud IT infrastructure is not infallible."

"is that you get disaster recovery by default from your cloud vendor (such as Microsoft and Amazon). Everything in the cloud is a utility, and every utility has a price. If you want it, you need to pay for it and deploy it, and this includes a scenario in which a data center burns down and you need to recover. If you didn’t design in and deploy a disaster recovery solution, you’re as cooked as the servers in the smoky data center."

In 2008, Chris Martins, then Marketing Director for CEP firm Apama, suggested considering CEP as a prospective "dog whisperer" that can help manage the risk of the technology "dog" biting its master.

But "dog bites master" works in both directions. In the case of Eliot Spitzer, the dog that bit its master was the anti money-laundering software that he had used against others.

And in the case of algorithmic trading, it seems we can no longer be sure who is master - whether black swan events are the inevitable and emergent result of excessive complexity, or whether hostile agents are engaged in a black swan breeding programme. One of the first CEP insiders to raise this concern was John Bates, first as CTO at Apama and subsequently with Software AG. (He now works for a subsidiary of SAP.)

from Dark Pools by Scott Patterson

And in 2015, Bates wrote that "high-speed trading algorithms are an alluring target for cyber thieves".

So if technology is capable of both generating unexpected events and amplifying hostile attacks, are we being naive to imagine we use the same technology to protect ourselves?

Perhaps, but I believe there are some productive lines of development, as I've discussed previously on this blog and elsewhere.

1. Organizational intelligence - not relying either on human intelligence alone or on artificial intelligence alone, but looking for establishing sociotechnical systems that allow people and algorithms to collaborate effectively.

2. Algorithmic biodiversity - maintaining multiple algorithms, developed by different teams using different datasets, in order to detect additional weak signals and generate "second opinions".

John Bates, Algorithmic Terrorism (Apama, 4 August 2010). To Catch an Algo Thief (Huffington Post, 26 Feb 2015)

John Borland, The Technology That Toppled Eliot Spitzer (MIT Technology Review, 19 March 2008) via Adam Shostack, Algorithms for the War on the Unexpected (19 March 2008)

Vamsi Chemitiganti, Why the Insurance Industry Needs to Learn from Banking’s Risk Management Nightmares.. (10 September 2016)

Theo Hildyard, Pillar #6 of Market Surveillance 2.0: Known and unknown threats (Trading Mesh, 2 April 2015)

Neil Johnson et al, Financial black swans driven by ultrafast machine ecology (arXiv:1202.1448 [physics.soc-ph], 7 Feb 2012)

Chris Martins, CEP and Real-Time Risk – “The Dog Whisperer” (Apama, 21 March 2008)

Scott Patterson, Dark Pools - The Rise of A. I. Trading Machines and the Looming Threat to Wall Street (Random House, 2013). See review by David Leinweber, Are Algorithmic Monsters Threatening The Global Financial System? (Forbes, 11 July 2012)

Richard Veryard, Building Organizational Intelligence (LeanPub, 2012)

Related Posts

The Shelf-Life of Algorithms (October 2016)]]>

from Dark Pools by Scott Patterson

mrkwpalmer (TIBCO) invites us to take what he calls a Hyper-Darwinian approach to analytics. He observes that "many algorithms, once discovered, have a remarkably short shelf-life" and argues that one must be as good at "killing off weak or vanquished algorithms" as creating new ones.

As I've pointed out elsewhere (Arguments from Nature, December 2010), the non-survival of the unfit (as implied by his phrase) is not logically equivalent to the survival of the fittest, and Darwinian analogies always need to be taken with a pinch of salt. However, Mark raises an important point about the limitations of algorithms, and the need for constant review and adaptation, to maintain what he calls algorithmic efficacy.

His examples fall into three types. Firstly there are algorithms designed to anticipate and outwit human and social processes, from financial trading to fraud. Clearly these need to be constantly modified, otherwise the humans will learn to outwit the algorithms. And secondly there are algorithms designed to compete with other algorithms. In both cases, these algorithms need to keep ahead of the competition and to avoid themselves becoming predictable. Following an evolutionary analogy, the mutual adaptation of fraud and anti-fraud tactics resembles the co-evolution of predator and prey.

Mark also mentions a third type of algorithm, where the element of competition and the need for constant change is less obvious. His main example of this type is in the area of predictive maintenance, where the algorithm is trying to predict the behaviour of devices and networks that may fail in surprising and often inconvenient ways. It is a common human tendency to imagine that these devices are inhabited by demons -- as if a printer or photocopier deliberately jams or runs out of toner because it somehow knows when one is in a real hurry -- but most of us don't take this idea too seriously.

Where does surprise come from? Bateson suggests that it comes from an interaction between two contrary variables: probability and stability --

"There would be no surprises in a universe governed either by probability alone or by stability alone."

-- and points out that because adaptations in Nature are always based on a finite range of circumstances (data points), Nature can always present new circumstances (data) which undermine these adaptations. He calls this the caprice of Nature.

"This is, in a sense, most unfair. ... But in another sense, or looked at in a wider perspective, this unfairness is the recurrent condition for evolutionary creativity."

The problem with adaptation being based solely on past experience also arises with machine learning, which generally uses a large but finite dataset to perform inductive reasoning, in a way that is non-transparent to the human. This probably works okay for preventative maintenance on relatively simple and isolated devices, but as devices and their interconnections get more complex, we shouldn't be too surprised if algorithms, whether based on human mathematics or machine learning, sometimes get caught out by the caprice of Nature. Or by so-called Black Swans.

This potential unreliability is particularly problematic in two cases. Firstly, when the algorithms are used to make critical decisions affecting human lives - as in justice or recruitment systems. (See for example, Zeynap Tufekci's recent TED talk.) And secondly, when preventative maintenance has safety implications - from aeroengineering to medical implants.

One way of mitigating this risk might be to maintain multiple algorithms, developed by different teams using different datasets, in order to detect additional weak signals and generate "second opinions". And get human experts to look at the cases where the algorithms strongly disagree.

This would suggest that we maybe shouldn't be too hasty to kill off algorithms with poor efficacy, but sometimes keep them in the interests of algorithmic biodiversity. (There - now I'm using the evolutionary metaphor.)

Gregory Bateson, "The New Conceptual Frames for Behavioural Research". Proceedings of the Sixth Annual Psychiatric Institute (Princeton NJ: New Jersey Neuro-Psychiatric Institute, September 17, 1958). Reprinted in G. Bateson, A Sacred Unity: Further Steps to an Ecology of Mind (edited R.E. Donaldson, New York: Harper Collins, 1991) pp 93-110

Mark Palmer, The emerging Darwinian approach to analytics and augmented intelligence (TechCrunch, 4 September 2016)

Zeynap Tufekci, Machine intelligence makes human morals more important (TED Talks, Filmed June 2016)

Related Posts
The Transparency of Algorithms (October 2016)]]>

"There would be no surprises in a universe governed either by probability alone or by stability alone."

"This is, in a sense, most unfair. ... But in another sense, or looked at in a wider perspective, this unfairness is the recurrent condition for evolutionary creativity."

Now you might think I'm just making a snarky political point. Obviously the back door metaphor has a different meaning in the two contexts. But there is an important connection here, so please bear with me.

The European Data Protection Supervisor is dead against encryption back doors. By mandating encryption back doors, the UK therefore appears to place itself outside the European circle of trust. The proposed legislation would mean that any UK company or UK-based facility might be subject to an equipment interference warrant (aka back door), and would not be permitted to reveal whether it did or not. Aside from the competitive disadvantage that might follow from this potential vulnerability, UK companies and UK-based services would be challenged to demonstrate compliance with the European Data Protection Regulation, and might therefore be prevented from holding data on any European citizen. There is going to be a single market for data, and we wouldn't have access to it. Another blow for the UK service industry.

So evidently Mrs May is right. Backdoor membership of the EU is not on the table.

Anushka Asthana, No staying in the EU by the back door, says Theresa May (Guardian, 31 August 2016)

Jennifer Baker, Encryption backdoors appear on EU data chief’s ban wishlist (Ars Technica, 25 July 2016)

Lucy Mair, Supreme court strikes down Home Office's back-door changes to immigration rules (Guardian, 18 July 2012)

John Naughton, Theresa May’s surveillance plans should worry us all (Guardian, 12 June 2016)

Iain Thomson, FBI Director wants 'adult conversation' about backdooring encryption (The Register, 31 August 2016)

@TheRegister backdoors are like hookers they do what you pay them for but never have them exclusively!
— Frank Koster (@bluegoaindian) September 2, 2016

]]>

@TheRegister backdoors are like hookers they do what you pay them for but never have them exclusively!
— Frank Koster (@bluegoaindian) September 2, 2016

]]> tag:blogger.com,1999:blog-6106782.post-7794810704259587309 Why does my bank need more personal data? Richard Veryard http://www.blogger.com/profile/04499123397533975655 noreply@blogger.com 2016-08-07T13:33:00+00:00

At the end, the cashier asked me for my nationality. British, as it happens. Why do you want to know? The cashier explained that this enabled a security control: if I ever bring my passport into a branch as a form of identification, the system can check that my passport matches my declared nationality.

Really? Really? If this is really a security measure, it's a pretty feeble one. Does my bank imagine I'm going to say I'm British and then produce a North Korean passport? Like a James Bond film?

After she had explained how the bank would use my nationality data, she then asked for my National Insurance number. I declined, choosing not to quiz her any further, and left the branch planning to write a stiff letter to the head of data protection at the bank's head office.

As a data expert, I am always a little suspicious of corporate motives for data collection. So the thought did occur to me that my bank might be planning to use my personal data for some purpose other than that stated.

Of course, my bank is perfectly entitled to collect data for marketing purposes, with my consent. But in this case, I was explicitly told that the data were being collected for a very narrowly defined security purpose.

So there are two possibilities. Either my bank doesn't understand security, or it doesn't understand data protection. (Of course there will be individuals who understand these things, but the bank as an organization appears to have failed to embed this understanding into its systems and working practices.) I shall be happy to provide advice and guidance on these topics.

]]>

The simplest version of the concept varies your insurance premium according to the quantity of driving - Pay As How Much You Drive. But for obvious reasons, insurance companies are also interested in the quality of driving - Pay As How Well You Drive - and several companies now offer a discount for "safe" driving, based on avoiding events such as hard braking, sudden swerves, and speed violations.

Researchers at the University of Washington argue that each driver has a unique style of driving, including steering, acceleration and braking, which they call a "driver fingerprint". They claim that drivers can be quickly and reliably identified from the braking event stream alone.

Bruce Schneier posted a brief summary of this research on his blog without further comment, but a range of comments were posted by his readers. Some expressed scepticism about the reliability of the algorithm, while others pointed out that driver behaviour varies according to context - people drive differently when they have their children in the car, or when they are driving home from the pub.

"Drunk me drives really differently too. Sober me doesn't expect trees to get out of the way when I honk."

Although the algorithm produced by the researchers may not allow for this kind of complexity, there is no reason in principle why a more sophisticated algorithm couldn't allow for it. I have long argued that JOHN-SOBER and JOHN-DRUNK should be understood as two different identities, with recognizably different patterns of behaviour and risk. (See my post on Identity Differentiation.)

However, the researchers are primarily interested in the opportunities and threats created by the possibility of using the "driver fingerprint" as a reliable identification mechanism.

Insurance companies and car rental companies could use "driver fingerprint" data to detect unauthorized drivers.
When a driver denies being involved in an incident, "driver fingerprint" data could provide relevant evidence.
The police could remotely identify the driver of a vehicle during an incident.
"Driver fingerprint" data could be used to enforce safety regulations, such as the maximum number of hours driven by any driver in a given period.

While some of these use cases might be justifiable, the researchers outline various scenarios where this kind of "fingerprinting" would represent an unjustified invasion of privacy, observe how easy it is for a third party to obtain and abuse driver-related data, and call for a permission-based system for controlling data access between multiple devices and applications connected to the CAN bus within a vehicle. (CAN is a low-level protocol, and does not support any security features intrinsically.)

Sources

Miro Enev, Alex Takakuwa, Karl Koscher, and Tadayoshi Kohno, Automobile Driver Fingerprinting Proceedings on Privacy Enhancing Technologies; 2016 (1):34–51

Andy Greenberg, A Car’s Computer Can ‘Fingerprint’ You in Minutes Based on How You Drive (Wired, 25 May 2016)

Bruce Schneier, Identifying People from their Driving Patterns (30 May 2016)

See also John H.L. Hansen, Pinar Boyraz, Kazuya Takeda, Hüseyin Abut, Digital Signal Processing for In-Vehicle Systems and Safety. Springer Science and Business Media, 21 Dec 2011

Wikipedia: CAN bus, Vehicle bus

Related Posts

Identity Differentiation (May 2006)

Pay As You Drive (October 2006) (June 2008) (June 2009)]]>

"Drunk me drives really differently too. Sober me doesn't expect trees to get out of the way when I honk."

Insurance companies and car rental companies could use "driver fingerprint" data to detect unauthorized drivers.
When a driver denies being involved in an incident, "driver fingerprint" data could provide relevant evidence.
The police could remotely identify the driver of a vehicle during an incident.
"Driver fingerprint" data could be used to enforce safety regulations, such as the maximum number of hours driven by any driver in a given period.

Related Posts

Identity Differentiation (May 2006)

Pay As You Drive (October 2006) (June 2008) (June 2009)]]> tag:blogger.com,1999:blog-7415430.post-1878011747516839443 How Soon Might Humans Be Replaced At Work? Richard Veryard http://www.blogger.com/profile/04499123397533975655 noreply@blogger.com 2015-11-08T00:50:00+00:00

CIPAai An interesting debate on Artificial Intelligence took place at the Science Museum this week, sponsored by the Chartered Institute of Patent Agents. When will humans be replaced by computers in any given job?

As this was the professional body for Patent Agents, they decided to pick an example close to their hearts. The specific motion being debated was that a patent would be filed and granted without human intervention within the next 25 years. The motion was passed roughly 80-60.

At first sight, this debate appeared to be an exercise in technological forecasting. When would AI be capable of creating new inventions and correctly drafting the patent application? And when would AI be capable of evaluating a patent application, carrying out the necessary searches, and granting a patent. Is this the kind of thing we should expect when the much vaunted Singularity (predicted from around 2040 onwards) occurs?

Speaking for the motion, Calum Chase and Chrissie Lightfoot were enthusiastic about the technological opportunities of AI. They pointed out the incredible feats that were already achieved as a result of machine learning, including some surprisingly creative solutions to technical problems.

Speaking against the motion, Nigel Hanley and Ilya Kazi acknowledged the great contribution of computer intelligence to support the patent agent and patent examiner, but were sceptical that anyone would trust a computer with such an important task as filing and granting patents. Nigel Hanley pointed out the limitations of internet search, which is of course designed to find things that other people have already found. (As A.A. Milne put it, Thinking With The Majority.)

The motion only required that a single patent be filed and granted without human intervention. It didn't need to be a particularly complicated one. But even to grant a single patent without human intervention would require a change in the law, presumably agreed internationally. (As it happens, my late father Kenneth Veryard was involved in the development of European Patent Law around 25 years ago, so I am aware of the time and painstaking effort required to achieve such international agreements.)

But this reframes the debate: from a technological one about the future capability of computers, to a sociopolitical one about the possibility of institutional change. Even if some algorithm were good enough to compete with humans, at least for some routine patent matters, the question is whether politicians would be willing to entrust these matters to an algorithm.

There are also strange questions of ownership and rights. Examples of computer intelligence always seem to come back to the usual suspects - Google, IBM Watson, and their ilk. If the creativity comes from the large computer networks run by these companies, then the patents will belong to these corporations. When Thomas Watson said, "I think there is a world market for maybe five computers", he wasn't talking about billions of laptops or trillions of internet-enabled things, but the very much smaller number of major computer networks capable of controlling everything else.

Can we realistically expect AI to take over one small area of patent law without taking over the much larger challenge of cleaning up legislation? After all, a genuine superintelligence might well come up with a much better basis for promoting innovation and protecting the interests of inventors than a few ancient principles of patent law.

But perhaps here's the killer argument. As the volume of patent applications increases, the cost of processing them all by hand becomes prohibitive. So governments could be tempted by the cost-savings offered by a clever algorithm. Even though governments have a very bad track record at realising cost savings from IT projects, politicians can often be persuaded to think it will be different this time.

So even if AI patent activity turns out not to be as good as when humans do it, and even if it subsequently results in a lot of seriously expensive litigation, it could seem a lot cheaper in the short-term.

References

http://www.cipadebate.org.uk/

Steven Johnson, Superintelligence Now (How We Get To Next, 28 October 2015)

James Nurton, Could a computer do your job (Managing IP, 3 November 2015)

Wikipedia: Technological Singularity

Related Posts

The End of Google (June 2006)

Update

For the potential ramifications of robotic legal assistants, see Remus, Dana and Levy, Frank S., Can Robots Be Lawyers? Computers, Lawyers, and the Practice of Law (December 30, 2015). Available at SSRN: http://ssrn.com/abstract=2701092 or http://dx.doi.org/10.2139/ssrn.2701092. Reported by Aviva Rutkin, Artificial intelligence could make lawyers more risk averse (New Scientist 27 January 2016).

See also Ryan Abbott, I Think, Therefore I Invent: Creative Computers and the Future of Patent Law (Boston College Law Review, Vol 57 Issue 4, September 2016). Reported in Iain Thompson, AI software should be able to register its own patents, law prof argues (The Register, 17 October 2016)

updated 19 October 2016]]>

IBA Group.

Peter cites an Ovum survey showing that Customer Satisfaction is now the number one concern of management, and argues for what Ovum calls Intelligent CRM. (CA announced something under this label back in October 2000. Other products are available.)

Mark says that CRM and Big Data are widely misunderstood, which is certainly true. My own opinion is the first misunderstanding is to think CRM is about managing THE relationship with THE customer, and I completely agree with Clayton Christensen (via Sloan) that this isn't enough. What we really need to focus on is the job the customers are trying to get done when they use your product or service.

Who is good at CRM? Peter cites an example of a professor of marketing who got a personalized service at a certain chain of hotels and has been talking about it ever since. (That's a pretty good coup for the hotel, if we take the story at face value.) Mark cites the video game market, where both the console manufacturers and the large game publishers are able to collect and analyse huge quantities of consumer behaviour.

Is CRM with Big Data merely a new way of taking advantage of customers? Although most people seem oblivious to the privacy and trust risks, the Wall Street Journal this week suggested that the consumer is becoming more savvy and less susceptible to exploitative loyalty schemes and promotions. This might help to explain why Tesco, once a master of the science of retail, now seems to be faltering.

If there is a sustainable business model based on CRM and Big Data, it must surely involve using these technologies to engage intelligently, authentically and ethically with customers, rather than imagining that these technologies can provide a quick fix for stupid organizations to take advantage of compliant customers.

Related Blogs

Customer Orientation (May 2009)

The Science of Retail (April 2012)

Other Articles

Martha Mangelsdorf, Understanding your customer isn't enough (Sloan Review May 2009)

Shelly Banjo and Sara Germano, The End of the Impulse Shopper (Wall Street Journal 25 November 2014)

Intelligent CRM

AI-CRM "An intelligent CRM system with atuo-learning-tunning engine (sic), Aichain offers the most widely used open source business intelligence software in the world." Last updated March 2013

CA rolling out customer relationship management software (ComputerWorld October 2000)

IBA Group "maintains its focus on IT outsourcing that has become a strategy for many organizations seeking to improve their business processes"

]]>

For example, if someone grabbed your gun and tried to point it at you. If it was a smart gun you'd be perfectly safe because there is a fool-proof mechanism that prevents its use by an unauthorized person.

As with any technological advance, some people are sceptical. How much do you trust new technology? Suppose the gun doesn't work when you need it. Maybe an electromagnetic pulse (triggered by terrorists or natural solar activity) might take out all weapons in the area. Or maybe the bad guys (or the FBI) can hack into this mechanism and disable your gun before they attack you.

Meanwhile, like many technological advances, there are political implications. In the USA, the key question is whether such a mechanism might help reduce gun violence. Some gun control activists think such a mechanism would be pretty irrelevant.

But that doesn't stop the gun rights activists freaking out at the prospect of any damn technology on their precious weaponry. A shop owner in the US claims to have received death threats from pro-gun lobbyists for offering to sell the weapons. Meanwhile, as Joseph Steinberg suggests, an obsession with smart guns may inhibit other technological innovations that could make guns and gun-owning safer.

Because once these smart guns are available, by a process of technological determinism, they become irresistible to legislators. Before long, you won't be able to buy regular guns.

Obviously that's a cause worth killing for.

David Kopel, Brady Center lawsuit to use “smart” gun mandate to trigger handgun ban in New Jersey (Washington Post 22 May 2014)

Karen McVeigh, Gun control groups accuse New Jersey of ignoring 'smart gun' law (Guardian 21 May 2014)

Michael S. Rosenwald, Maryland dealer, under pressure from gun-rights activists, drops plan to sell smart gun (Washington Post, 1 May 2014)

Joseph Steinberg, Why You Should Be Concerned About The New 'Smart Guns' (Whether You Love Or Hate Guns) (Forbes 4 May 2014)

Nicholas Tufnell, Smart guns: How smart are they? (BBC News, 23 May 2014)

Eugene Volokh, Smart guns, electromagnetic pulse, and planning for unknown-probability dangers (Washington Post 23 May 2014)

See also Batman/Catwoman: Trail of the Gun (hat tip @ChBrain).
]]>

dougnewdick points out the risk of a company becoming over-dependent on Google. His particular example is prompted by Google's announcement that Google Reader will be discontinued.

I have previously commented on the subject of Creeping Business Dependency, the fact that many companies have allowed themselves to become dependent on a particular company, product or technology. Especially Google. If Google decides your website offends against some search engine rules, it is perfectly capable of making your website disappear from searches. (BMW disappeared from Google for three days in 2006 - see my post BMW Search Requests.) A company might well go bust before it could sort the problem out.

Of course, you can't avoid some dependencies, but I think it is important that any significant dependency should be clearly visible in the business architecture. (In general, business architects usually neglect this kind of dependency until I point out specific examples to them.)

When looking at this kind of dependency, it is important to remember the principles of asymmetry - the Product is not the Technology, and the Company is not the Product. There have been a few popular products and platforms whose owners lost interest - these included Bloglines (formerly owned by Ask) and Delicious (formerly owned by Yahoo) - but were revived under new ownership. Users of a popular platform may feel that a large user base provides grounds for optimism that someone will want to keep it going, even if the original owner doesn't wish to. However, there are many products and platforms that have not survived.

More fundamental is the question of the underlying technology. A few years ago, there was considerable confidence and investment in RSS and Atom feeds, and a number of products and platforms were developed to exploit this technology. If there is a healthy ecosystem of different products and platforms, with relatively low switching costs, it doesn't matter much if one product drops out. But if Google and others are losing interest in this technology, that's a much more fundamental problem for anyone who is heavily committed to it.

If Google stops providing a free service, those who really want it may have to pay to get a decent service elsewhere. But this alters the economics of the service ecosystem, with unpredictable consequences. Clearly there is a risk that the service you want (or the service you need your customers to use) is increasingly expensive, inconvenient and ultimately unavailable.

Doug Newdick, Cloud and Continuity of Supply Risk (March 2013)]]>

Doug Newdick, Cloud and Continuity of Supply Risk (March 2013)]]> tag:blogger.com,1999:blog-1254315679163990153.post-4692265927912454988 The Price of Fish Richard Veryard http://www.blogger.com/profile/04499123397533975655 noreply@blogger.com 2013-01-21T11:19:00+00:00

One of the themes running through the book is that the price of fish bears no relation to the value of fish, especially if we are concerned about long-term value and the sustainability of fish stocks.

Oscar Wilde famously defined a cynic as one who knows the price of everything and the value of nothing. This definition has also been applied to accountants and economists. Michael and Ian are leaders of the Long Finance initiative, a movement within the City of London that aims to overcome this kind of short-term financial cynicism.

Michael and Ian describe the price of fish as a wicked problem - a problem that lacks easy definition as well as easy answers. "Sustaining the supply of edible fish is a wicked problem that presents global risks." (p 301) And yet they suggest that the system might possibly sort itself out. "As fish run out and have to be sustainably fished, the historic underpricing of fish ceases." (293)

But this is no time for naive optimism, and the system will undoubtedly need some intervention. "When the price is the same as the value, there are opportunities for sustainable financing. So far, price has not equaled value for fish. This is the biggest, wicked decision-making problem of all: knowing how to set a price that equals the value." (p 295)

In other words, the problem is not just the alarming dwindling of fish stocks but the collective cynicism that not only led to this problem but also amplifies it and resists dealing with it effectively. The key word in the problem statement is the word "set" - even if a few clever people can agree what the right price of fish should be, the real challenge is to set this price into global trading and consumption systems.

Read more »]]>

DouglasMerrill of @ZestFinance (via @dhinchcliffe) tells us A Practical Approach to Reading Signals in Data (HBR Blogs November 2012)

If we think of data in tabular form, there are two obvious ways of increasing the size of the table - increasing the number of rows (greater volume of cases) or increasing the number of columns (greater volume of signals). This can either involve a greater variety of variables, as Merrill advocates, or a higher frequency of the same variable. I have talked in the past about the impact of increased granularity on Big Data.

As I understand it, Merrill's company sells Big Data solutions to the insurance underwriting industry, and its algorithms use thousands of different indicators to calculate risk.

The first question I always have in regard to such sophisticated decision-support technologies is what the feedback and monitoring loop looks like. If the decision is fully automated, then it would be good to have some mechanism to monitor the accuracy of the algorithm's predictions. Difficulty here is that there is usually no experimental control, so there is no direct way of learning whether the algorithm is being over-cautious. I call this one-sided learning,

Where the decision involves some human intervention, this gives us some further things to think about in evaluating the effectiveness of the decision-support. What are the statistical patterns of human intervention, and how do these relate to the way the decision-support software presents its recommendations?

Suppose that statistical analysis shows that the humans are basing their decisions on a much smaller subset of indicators, and that much of the data being presented to the human decision-makers is being systematically ignored. This could mean either that the software is too complicated (over-engineered) or that the humans are too simple-minded (under-trained). I have asked many CIOs whether they carry out this kind of statistical analysis, but most of them seem to think their responsibility for information management ends when they have provided the users with the requested information or service, therefore how this information or service is used is not their problem.

Meanwhile, the users may well have alternative sources of information, such as social media. One of the challenges Dion Hinchcliffe raises is how these richer sources of information can be integrated with the tabular data on which the traditional decision-support tools are based. I think this is what Dion means by "closing the clue gap".

Dion Hinchcliffe, The enterprise opportunity of Big Data: Closing the "clue gap" (ZDNet August 2011)

Dion Hinchcliffe, How social data is changing the way we do business (ZDNet Nov 2012)

Douglas Merrill, A Practical Approach to Reading Signals in Data (HBR Blogs November 2012)

Places are still available on my forthcoming workshops Business Awareness (Jan 28), Business Architecture (Jan 29-31), Organizational Intelligence (Feb 1).

]]>

Places are still available on my forthcoming workshops Business Awareness (Jan 28), Business Architecture (Jan 29-31), Organizational Intelligence (Feb 1).

]]> tag:blogger.com,1999:blog-1254315679163990153.post-1904653942679931724 Whose target is it anyway? Richard Veryard http://www.blogger.com/profile/04499123397533975655 noreply@blogger.com 2012-10-09T15:47:00+00:00

JJ_159 via @Spectator_CH. @EmmaLangman suggests (sadly) that that it is 'our' debt target by association. "What Chancellor chooses, the country lives through."

So let me consider perhaps the most famous target of all time - the apple which the Swiss tyrant Gessler required William Tell to shoot from his son Walter's head. Gessler sets the target, William Tell hits the target, the son survives, Tell subsequently assassinates Gessler, and the Swiss people achieve their freedom.

Wikipedia: William Tell

Altogether now: dadadum dadadum dadadumdumdum ...
]]>

Wikipedia: William Tell

Altogether now: dadadum dadadum dadadumdumdum ...
]]> tag:blogger.com,1999:blog-1254315679163990153.post-554734602155646128 Convergence - Symbolic, Imaginary or Real? Richard Veryard http://www.blogger.com/profile/04499123397533975655 noreply@blogger.com 2012-09-28T15:30:00+00:00

Christian_BB responded to my post Does Rigour Matter? with a comment "Rigour matters when building. It matters less when trying to get people converging." I replied, "Rigour matters when building consensus. Unless you just want people to have a warm feeling of convergence."

Roughly speaking, there are three modes of convergence and consensus.

1. Symbolic. We have a formal agreement, and maybe set up some formal structures that perpetuate this agreement, but there is enough loophole and exception and wriggle-room that we don't need take it seriously.

2. Imaginary. We have a warm impression that we are all in agreement about something, and a vague hope that all the details will sort themselves out somehow.

3. Real. We have a tough negotiation around the details, and acknowledge the practical trade-offs and compromises that are required to implement the agreement.

Christian may be perfectly correct that a warm feeling (imaginary convergence) may be a useful and motivating step towards real convergence. But I have seen the converse too many times - when a meeting or workshop evades or fudges the details of some plan, leaves the details to be sorted out later, and then fails to follow through. This is a common feature of Management-by-Powerpoint, as notoriously practised by the Pentagon before the US invasion of Iraq.

And where there is a lot of mutual hostility and mistrust, it is probably unrealistic to expect warm feelings to emerge until long after a real agreement has been forged and implemented.

So an imaginary agreement is neither necessary not sufficient as a precondition for a real agreement.]]>

markhillary asks "When you follow company Twitter accounts, do you like being able to see who runs the account, like a named person on the profile?"

I think that depends how gullible you are. When I get a letter signed by an Important Person, I generally assume it was written by his staff and signed in his absence. And when I get a mass-produced "personal letter" from an Important Person, I assume it was generated by a computer and signed by a programmer.

I got an email recently, which claimed to be a "A Personal Message from Dr. Richard Soley, Chairman and CEO, OMG and Keith Steele, CEO, PrismTech and OMG Board Member". I wrote back and thanked Richard personally - not to the address on the email (which was omg_marketing@omg.org) but to his real email address. For some reason, he ignored this. I hope he's not ill or anything.

And corporate communications sometimes use a fictional identity. Gerald Kaufman MP once tried to phone a person in the Prime Minister's office who had responded to a letter, only to discover that "Mrs E Adams" didn't actually exist. [Source: John Walsh: Beware letters from fictional civil servants (Independent May 2011)] This kind of thing is convenient for bureaucracies, because it allows incoming communications to be sorted by topic and redirected to whoever happens to be on duty that day. I'm sure the same thing often happens with Twitter, to prevent a corporate spokesperson ever being confused with a private individual.

As for company bosses, politicians and other celebrities, it would be naive to imagine that they always write their own tweets. "Of course they don't", tweets @markhillary, "but allowing helpers to do broadcast stuff is surely OK if the conversational is genuine?" Well, that depends on your idea of a genuine conversation.

It seems to me that there are some serious sociological and ethical problems here - of public/private identity, authenticity and trust - and we are only just learning how to operate in this new world.

@markhillary goes on to ask another question. "If you were interacting with a brand like Virgin Media, are you happy conversing with the brand?"

My answer to that question invokes Freud's concept of transference. Our psychological state (happiness, frustration) may depend on what we project onto a given brand or persona that we are conversing with. I generally try to separate my feelings about the company/brand from my feelings about the human being who is standing between me and the company/brand - but I don't always succeed. When we are really angry about something, it is difficult to avoid being rude or sarcastic to the junior employee that picks up the phone, even when we know it's not really their fault. Conversely, if the sales assistant is charming enough, it is tempting to buy something we don't really need.

Of course the CEO never picks up the phone herself. Funny that. When I'm conversing with the Virgin brand, I may fondly imagine that I'm getting Richard Branson's personal attention, but there is a little voice inside my head saying that's unlikely.

There is of course one thing that is likely to make me very unhappy indeed. Suppose I am naive enough to imagine I am having a personal conversation with Richard Branson or Richard Soley. Then the screen falls over and I see it is just some little functionary and not the Wizard of Oz at all. Isn't that just going to annoy me? Isn't it Richard, isn't it? #OMG.]]>

Magic Quadrant or Sorting Hat, I compared Gartner's Magic Quadrant (used to classify software vendors and products) with the Hogwarts Sorting Hat (used to classify young witches and wizards).

Leaders: Gryffindor
Challengers: Slytherin
Visionaries: Ravenclaw
Niche Players: Hufflepuff

Gartner's Magic Quadrant is a 2x2 matrix, whose two dimensions are Vision and Ability-to-Execute.

Following my previous post on Sharing Trust, I was thinking about a contrast between two key Hogwarts characters - Hagrid and Snape - based on the two dimensions of Trustworthiness and Ability-to-Execute.

Hagrid is regarded as extremely trustworthy. In the very first chapter of the first Harry Potter book, Dumbledore says he would trust Hagrid with his life. Professor McGonagall agrees, but points out that Hagrid can be a little unreliable. Later in the book, he is tricked by Voldemort into revealing a key vulnerability in the security arrangements protecting the Philosopher's Stone - security experts would call this "social engineering". So he doesn't score so well on ability-to-execute.

Snape, on the other hand, is a very accomplished and creative wizard, who scores extremely high on ability-to-execute. As we progress through the series, it becomes clear that he is successfully deceiving either Dumbledore or Voldemort - or possibly both. But this of course raises serious questions about his trustworthiness.

Trustworthiness - but for whom? Dumbledore trusts both Hagrid and Snape absolutely; other characters trust them with reservations, and only because Dumbledore does. And J.K. Rowling is careful not to present Dumbledore as omniscient - he is hoodwinked on several occasions, most notably by a clever impersonation in the Goblet of Fire.

So there are two ways of trusting people. We can regard them as trustworthy but fallible. Like Hagrid, or for that matter Dumbledore himself. Or we can regard them as reliable but remain suspicious of their true motivation and allegiance. Like Snape, or for that matter Voldemort. Ultimately, this is a question of authenticity.]]>

Magic Quadrant or Sorting Hat, I compared Gartner's Magic Quadrant (used to classify software vendors and products) with the Hogwarts Sorting Hat (used to classify young witches and wizards).

Leaders: Gryffindor
Challengers: Slytherin
Visionaries: Ravenclaw
Niche Players: Hufflepuff

CoCreatr (Bernd Nurnberger) via @VenessaMiemis blogs about #trust.

"Being in business is basically about trust. Establishing and verifying trust, documenting it, so it can be shared, swiftly, without every business partner having to redo what led to the trust."

What I am slightly wary about here is the implication that trust can be passed around, like a parcel. I often find myself questioning the related notion that knowledge (content) can be passed around like a parcel, and I am wondering whether the same fallacy can be found in each of the five dimensions of VPEC-T.

Bernd also repeats some trust-builders and trust-destroyers that appear to originate in A Survey of Trust in the Workplace (pdf), carried out by Paul Bernthal of DDI.

Trust building behaviours:

Communicates with me openly and honestly, without distorting any information.
Shows confidence in my abilities by treating me as a skilled, competent associate.
Keeps promises and commitments.
Listens to and values what I say, even though he or she might not agree.
Cooperates with me and looks for ways in which we can help each other.

Trust reducing behaviours:

Acts more concerned about his or her own welfare than anything else.
Sends mixed messages so that I never know where he or she stands.
Avoids taking responsibility for action (“passes the buck” or “drops the ball”).
Jumps to conclusions without checking the facts first.
Makes excuses or blames others when things don’t work out (“finger-pointing”).

A commentary on this survey on the Challenge Network Forum (presumably by Oliver Sparrow) observes that fear appears to be a common factor of the trust destroyers.

"When you look over the trust-destroyers, that list sounds like the actions of people who are scared - scared of what might happen to them if they make mistakes in a company where mistakes are punished, rather than regarded as the occasional result of encouraging employees to take some initiative."

Again, I am wondering whether the same pattern of xxx-building and xxx-reducing behaviours applies to the other dimensions of VPEC-T.

There is another set of popular theories about trust, involving certain social activities (such as team-building exercises) that are supposed to promote trust. A quick internet search for "trust-building" will yield a large number of these exercises, together with companies that will happily take your money for running these exercises with you and your colleagues. Alternatively, why not just drip oxytocin into the air-conditioning?

See also Two Dimensions of Trust

CoCreatr (Bernd Nurnberger) via @VenessaMiemis blogs about #trust.

"Being in business is basically about trust. Establishing and verifying trust, documenting it, so it can be shared, swiftly, without every business partner having to redo what led to the trust."

Communicates with me openly and honestly, without distorting any information.
Shows confidence in my abilities by treating me as a skilled, competent associate.
Keeps promises and commitments.
Listens to and values what I say, even though he or she might not agree.
Cooperates with me and looks for ways in which we can help each other.

Trust reducing behaviours:

Acts more concerned about his or her own welfare than anything else.
Sends mixed messages so that I never know where he or she stands.
Avoids taking responsibility for action (“passes the buck” or “drops the ball”).
Jumps to conclusions without checking the facts first.
Makes excuses or blames others when things don’t work out (“finger-pointing”).

A commentary on this survey on the Challenge Network Forum (presumably by Oliver Sparrow) observes that fear appears to be a common factor of the trust destroyers.

"When you look over the trust-destroyers, that list sounds like the actions of people who are scared - scared of what might happen to them if they make mistakes in a company where mistakes are punished, rather than regarded as the occasional result of encouraging employees to take some initiative."

Again, I am wondering whether the same pattern of xxx-building and xxx-reducing behaviours applies to the other dimensions of VPEC-T.

Paul Bernthal, A Survey of Trust in the Workplace (pdf) (DDI, 1998)

Randy Borum, The Science of Interpersonal Trust (Mitre, 2010). Also available via Scribd.

Bernd Nurnberger, Community of practice and trust building (Feb 2012) - reposted by Venessa Miemis, 5 Trust Builders and 5 Trust Destroyers (March 2012)

Oliver Sparrow (?), Whom do we trust? (Challenge Network Forum, undated)]]> tag:blogger.com,1999:blog-6106782.post-6071457676664244286 BYOD - Bring Your Own Device Richard Veryard http://www.blogger.com/profile/04499123397533975655 noreply@blogger.com 2012-02-18T15:09:00+00:00

There are many aspects to this trend.

1. Culture. Talented recruits may see this kind of choice as a desirable feature of a future employer. Some of them may have a strong personal commitment to a particular device; others may ask about BYOD policy as a quick way of getting a general impression of company culture and its attitude towards employees.

(Even if BYOD is a common request at interview, this doesn't mean it is a genuine requirement. In some cases, the BYOD request could be similar to the apparently crazy riders that performers may add to contracts as a way of testing the diligence and attention to detail of the organizers. The best-known example of such a contract rider is Van Halen's insistence on a bowl of MnMs with the brown ones removed. See "Brown out" at snopes.com.)

2. Interoperability. There is a need for interoperability within the enterprise (endo-interoperability) as well as interoperability with external platforms (exo-interoperability). Within the enterprise, people expect to be able to use common services (email, communications, content management, and so on) regardless of device. When I'm in the office, I want to be able to connect my device to office devices such as printers and projectors, as well as using the office network and servers. When I'm working at home, I want to be able to connect my device into the office systems, and use my device for web conferences and other events. But I also want to be able to connect my device into public platforms such as Facebook.

3. Innovation. Early adopters like to carry the latest and most fashionable device, even if this doesn't yet support all the required corporate services in a robust manner.

4. Business continuity and risk. A person's productivity can be seriously impaired if the device is lost or develops a fault. Conversely, a company's security can be seriously impaired if an employee uses an unverified emergency device such as her teenage son's phone. Does BYOD imply the rapid availability of backup devices of every conceivable brand, or does the company provide a limited range of standard devices for emergency use?

5. Support. Does the device deliver all the required corporate services correctly, efficiently and securely? Whose responsibility is it to verify and test these services on the given device, and to sort out the (inevitable) configuration problems? What knowledge and expertise is needed to provide adequate support across the full range of devices?

6. Economics. Device provision within large organizations was traditionally based on the economics of scale. We purchase thousands of identical devices, install the same software and services on each one, and issue these to our employees. We can obtain good discounts from the hardware and software suppliers, and we can train our support staff to provide efficient support across a narrow range of products. But this approach fails to deal with the complexities of the modern business organization where each employee has different needs, often calling for additional non-standard software and services, or even newer devices. So most modern organizations shift to provision of devices based on the economics of scope - giving everyone a flexible device platform to which additional software and services can be easily added. Then the move to BYOD takes us into the economics of alignment - optimizing the lifetime cost of device provision against the lifetime benefits to the organization and the individual within the context of use.

7. BYOD represents a shift in the balance between two kinds of device vendor - the ones who sell thousands of devices at a time by schmoozing the CIO and the ones who sell devices to individuals via consumer channels. (As a result, some stakeholders may be cynical and unsympathetic to any objection to BYOD from the CIO quarter.)

8. More fundamentally, BYOD represents a shift in the balance of power between two kinds of knowledge. The corporate IT folk supposedly know more about the corporate services and about quality attributes such as reliability and security. However, the individual employee knows more about the context of use. The architectural question here is aligning the device selection, configuration and use with the emerging requirements of the individual in the job. This is ultimately a question of governance, which needs to be guided by appropriate BYOD policies.

A lot of architectural issues then.

Fiona Graham, BYOC: Should employees buy their own computers? (BBC News 14 January 2011)

Fiona Graham, BYOD: Bring your own device could spell end for work PC (BBC News 14 February 2012)

Eric Vanderburg, Four Keys to Successful BYOD (CIO 14 February 2012)

Related posts:

Bring your own expectations (May 2014)]]> tag:blogger.com,1999:blog-6106782.post-1919876212180464916 Unruly Google and VPEC-T Richard Veryard http://www.blogger.com/profile/04499123397533975655 noreply@blogger.com 2012-01-05T11:04:00+00:00

BMW Search Requests.

A number of offending posts were discovered because they contained the magic words "This post was sponsored by Google", and the Google search engine dutifully delivered a list of webpages containing these words. (This kind of transparency was foreseen by Isaac Asimov in a story called "All the troubles of the world", in which the computer Multivac was unable to conceal its own self-destructive behaviour.)

As a number of search engine analysts have pointed out, there are two problems with the sponsored pages. Besides containing the offending links, they are also pretty thin in terms of content. (Google has recently developed a search filter code-named Panda, which is intended to demote such low-value content, but this filter is extremely costly in computing power and is apparently only run sporadically.) Many of these pages credit Google Chrome for having helped a company in Vermont over the past five years, despite the fact that Google Chrome hasn't been available for that long. None of them explain why Google Chrome might be better than other browsers.

So here we have an interesting interaction between the elements of VPEC-T.

Value	How is commercial sponsorship reconciled with high-value content? Does this incident expose a conflict of interest inside Google?
Policy	How does Google apply its strict rules to itself?
Events	How was this situation detected (with the aid of Google itself)? Will any future incidents be as easy to detect?
Content	What is the net effect on the content, on which Google's market position depends?
Trust	What kinds of trust have been eroded in this situation? How can trust be restored, and how long will it take?

Sources

Value	How is commercial sponsorship reconciled with high-value content? Does this incident expose a conflict of interest inside Google?
Policy	How does Google apply its strict rules to itself?
Events	How was this situation detected (with the aid of Google itself)? Will any future incidents be as easy to detect?
Content	What is the net effect on the content, on which Google's market position depends?
Trust	What kinds of trust have been eroded in this situation? How can trust be restored, and how long will it take?

Sources

Aaron Wall, Google caught buying paid links yet again (SEO Book 2 Jan 2012)

Danny Sullivan, Google’s Jaw-Dropping Sponsored Post Campaign For Chrome (SearchEngineLand 2 Jan 2012)

Charles Arthur, Will Google be forced to ban its own browser from its index? (Guardian 3 Jan 2012) Google shoves Chrome down search rankings after sponsored blog mixup (Guardian 4 Jan 2012)]]> tag:blogger.com,1999:blog-6106782.post-8687559421916117665 Risk and Responsibility in Self-Service Richard Veryard http://www.blogger.com/profile/04499123397533975655 noreply@blogger.com 2011-11-29T10:27:00+00:00

jkuramot to enter his destination into the GPS. @dahowlett suggests this is because he didn't speak good English. @jkuramot confirms that the driver didn't speak English very well but adds that "this was his go-to move".

The reason we are talking about this fragment of service design is that it is unusual in this context: we normally expect the driver to enter the destination into his navigation device. But the normal procedure is prone to error; the passenger may not speak clearly, the driver may not understand correctly, there may be a lot of background noise: the passenger arrives at the wrong destination and it's the driver's fault.

However, if the passenger enters the destination directly into the navigation device, then any error is the passenger's fault. Many service providers in other areas now follow this pattern; shifting responsibility onto the customer may help to reduce administration costs, but more importantly reduces the service provider's liability. But if the customer is not able to perform these tasks easily and accurately, this kind of shift adds more to the cost and risk for the customer than it reduces for the supplier, and therefore diminishes total value. See my review of The Support Economy.

Asking the customer to do the work makes an assumption about the customer's capability. I don't know Jake personally, but he looks from his photo and his Twitter profile like someone who would know how to operate this kind of device. The driver may have had the same impression; it is conceivable that he would have treated Jake's grandmother differently. Whereas if the device (belonging to the driver) is unusual and difficult to use, we would always insist that the driver should operate it. Self-service only works if the interface design offers a reasonable level of usability.

The other difference between the passenger and the driver is the question of which is more familiar with the destination. When I get a cab home from the airport, obviously I know my address better than the driver does. But when I arrive in a strange city, I expect the cab drivers to be more familiar with the hotels than I am: if I get the name of the hotel slightly wrong, the driver should ask if I really meant something else, rather than drive for an hour to a hotel in the next city whose name exactly matches what I said.

By the way, Google has been correcting our searches for a long time now, but has now chosen to issue a series of advertisements in which this correction (and the collection of vast amounts of data to make this correction possible) is highlighted as a service enhancement feature. See my note Towards a VPEC-T analysis of Google. This kind of service enhancement is unavailable if the driver takes himself out of the loop, and regards his job as merely enacting a specification agreed between the customer and an electronic device.]]>

Mattathias Schwartz, LRB 6 October 2011.

The beginnings of the Deepwater Horizon disaster, Bergin argues, can be found in the reorganisation Browne undertook, applying to BP the leaner management principles he learned at Stanford. The company was divided into ‘strategic business units’, independent companies within the company, each of which could allocate its capital and manage projects as it saw fit. Managers were held to short-term ‘performance contracts’ focusing on high production and low cost. Those who could extract the most oil while spending the least money were rewarded with promotions and bonuses. Promising junior executives were shuffled between posts all over the world, rarely staying anywhere long enough to bother replacing outdated equipment or rusting pipelines. ‘Go to the limit,’ Browne told his managers. ‘If we go too far, we can always pull back later.’

Bergin argues persuasively that such practices amounted to ‘moral hazard’, with BP not quite consciously rewarding the senior employees who engaged in the riskiest behaviour. The cost-cutting continued under Hayward, who trimmed BP of drillers, geologists and other specialists, outsourcing technical tasks to contractors and filling the company’s top ranks with traders who knew how to allocate capital and whip subordinates into meeting the next quarter’s targets. The demands for rapid production and low cost grew even more intense as Hayward instituted ‘stretch targets’ whereby the results achieved by one outperforming business unit were touted as company-wide goals.

Much the same sort of thing has been going on elsewhere, in manufacturing and retail in particular, since the late 1990s, when a new wave of Taylorism swept through management theory. Under the banner of euphemisms like ‘accountability’, workers’ earnings and job security were linked to ever rising performance goals. For a retailer like Wal-Mart, there were few upper limits on efficiency targets – impossible goals could be passed down the chain of command until ambitious managers felt compelled to lock their minimum-wage employees in stores overnight. But oil and gas extraction were a special case. At the bottom of the production chain were the implacable realities of geology, whose limits could not safely be breached. ‘Thus began a continuous effort to go beyond what BP’s own engineers considered physically possible,’ Bergin says of the stretch targets. One of the most important measurements was raw speed – how fast project leaders could get a hole drilled – calculated in ‘days per 10,000 feet of drilling’. It was as though BP’s senior executives in London had sent their workers into a room full of flammable gasoline vapours with a box of matches and a live chicken, offered prizes to whoever could produce a cooked chicken fastest, then handed the workers safety manuals, closed the door and turned their backs.

Mattathias Schwartz, LRB 6 October 2011
reviewing

Spills and Spin: The Inside Story of BP by Tom Bergin
A Hole at the Bottom of the Sea: The Race to Kill the BP Oil Gusher by Joel Achenbach

See also my post Black Swans and Complex System Failure.]]>

Mattathias Schwartz, LRB 6 October 2011.

The beginnings of the Deepwater Horizon disaster, Bergin argues, can be found in the reorganisation Browne undertook, applying to BP the leaner management principles he learned at Stanford. The company was divided into ‘strategic business units’, independent companies within the company, each of which could allocate its capital and manage projects as it saw fit. Managers were held to short-term ‘performance contracts’ focusing on high production and low cost. Those who could extract the most oil while spending the least money were rewarded with promotions and bonuses. Promising junior executives were shuffled between posts all over the world, rarely staying anywhere long enough to bother replacing outdated equipment or rusting pipelines. ‘Go to the limit,’ Browne told his managers. ‘If we go too far, we can always pull back later.’

Bergin argues persuasively that such practices amounted to ‘moral hazard’, with BP not quite consciously rewarding the senior employees who engaged in the riskiest behaviour. The cost-cutting continued under Hayward, who trimmed BP of drillers, geologists and other specialists, outsourcing technical tasks to contractors and filling the company’s top ranks with traders who knew how to allocate capital and whip subordinates into meeting the next quarter’s targets. The demands for rapid production and low cost grew even more intense as Hayward instituted ‘stretch targets’ whereby the results achieved by one outperforming business unit were touted as company-wide goals.

Much the same sort of thing has been going on elsewhere, in manufacturing and retail in particular, since the late 1990s, when a new wave of Taylorism swept through management theory. Under the banner of euphemisms like ‘accountability’, workers’ earnings and job security were linked to ever rising performance goals. For a retailer like Wal-Mart, there were few upper limits on efficiency targets – impossible goals could be passed down the chain of command until ambitious managers felt compelled to lock their minimum-wage employees in stores overnight. But oil and gas extraction were a special case. At the bottom of the production chain were the implacable realities of geology, whose limits could not safely be breached. ‘Thus began a continuous effort to go beyond what BP’s own engineers considered physically possible,’ Bergin says of the stretch targets. One of the most important measurements was raw speed – how fast project leaders could get a hole drilled – calculated in ‘days per 10,000 feet of drilling’. It was as though BP’s senior executives in London had sent their workers into a room full of flammable gasoline vapours with a box of matches and a live chicken, offered prizes to whoever could produce a cooked chicken fastest, then handed the workers safety manuals, closed the door and turned their backs.

Mattathias Schwartz, LRB 6 October 2011
reviewing

Spills and Spin: The Inside Story of BP by Tom Bergin
A Hole at the Bottom of the Sea: The Race to Kill the BP Oil Gusher by Joel Achenbach

See also my post Black Swans and Complex System Failure.]]> tag:blogger.com,1999:blog-1254315679163990153.post-7685988519220884888 There is always another story Richard Veryard http://www.blogger.com/profile/04499123397533975655 noreply@blogger.com 2011-10-15T14:36:00+00:00

Steve Jobs talks about death

"About a year ago I was diagnosed with cancer. ... It turned out to be a very rare form of pancreatic cancer that is curable with surgery. I had the surgery and I'm fine now." [Stanford University, June 2005]

But according to some sources, there is a critical omission from the story. The diagnosis was in October 2003. Jobs spent several months trying alternative medicine before agreeing to the surgery, which took place in July 2004. Some cancer experts believe this delay may have shortened his life.

Polarity

Jobs himself judges the world in binary terms. Products, in his view, are "insanely great" or "shit." One is facing death from cancer or "cured." Subordinates are geniuses or "bozos," indispensable or no longer relevant. People in his orbit regularly flip, at a second's notice, from one category to another, in what early Apple colleagues came to call his "hero-shithead roller coaster." (Fortune Magazine 2008)

Some might think that this was at odds with his Buddhist beliefs: Polarity is an Illusion, Oneness is a Reality.

Risk

It is important to understand the ways in which Jobs' attempts to manipulate his world pose risks for Apple - and thus its investors. They are evident in his difficult partnerships with music and television companies, which chafe at his insistence on setting uniform prices for their songs and videos on iTunes; in the real story of his battle with cancer; and in his deployment of stock options at Apple and Pixar, which exposed both companies to backdating scandals. (Fortune Magazine 2008)

The risks here come not only from the attempts to control everything, but from the polarity, delay and denial, which emerges from the way he tackled his cancer as well as in the way he ran Apple.

Storytelling

Writing in the Guardian, in the week Jobs died, Charlie Kaufman reveals something important about story-telling. He wasn't talking explicitly about Jobs, but as Matthew Creamer points out, he might as well have been.

Storytelling is inherently dangerous. Consider a traumatic event in your life. Think about how you experienced it. Now think about how you told it to someone a year later. Now think about how you told it for the hundredth time. It's not the same thing. Most people think perspective is a good thing: you can figure out characters arcs, you can apply a moral, you can tell it with understanding and context. But this perspective is a misrepresentation: it's a reconstruction with meaning, and as such bears little resemblance to the event.

The other thing that happens is adjustment. You find out which part of the story works, which part to embellish, which to jettison. You fashion it. Your goal is to be entertaining. This is true for a story told at a dinner party, and it's true for stories told through movies. Don't let anyone tell you what a story is, what it needs to include. As an experiment, write a non-story. It will have a chance of being different.

Meanwhile, some reviewers of Walter Isaacson's authorised biography of Steve Jobs are questioning whether it is a true representation of the man - see revew roundup by Clare Spencer.

Is a single true representation possible - of anyone, let alone Jobs? Brent Shlender writes

"Most of us who wrote in depth about the brilliant career of Steve Jobs sooner or later came to realize that we were complicit in the making of a modern myth. ... Nevertheless, Steve was merely mortal. And his storied life was one of dissonances and contradictions."

Polarity

Jobs himself judges the world in binary terms. Products, in his view, are "insanely great" or "shit." One is facing death from cancer or "cured." Subordinates are geniuses or "bozos," indispensable or no longer relevant. People in his orbit regularly flip, at a second's notice, from one category to another, in what early Apple colleagues came to call his "hero-shithead roller coaster." (Fortune Magazine 2008)

Some might think that this was at odds with his Buddhist beliefs: Polarity is an Illusion, Oneness is a Reality.

Risk

It is important to understand the ways in which Jobs' attempts to manipulate his world pose risks for Apple - and thus its investors. They are evident in his difficult partnerships with music and television companies, which chafe at his insistence on setting uniform prices for their songs and videos on iTunes; in the real story of his battle with cancer; and in his deployment of stock options at Apple and Pixar, which exposed both companies to backdating scandals. (Fortune Magazine 2008)

The risks here come not only from the attempts to control everything, but from the polarity, delay and denial, which emerges from the way he tackled his cancer as well as in the way he ran Apple.

Storytelling

Storytelling is inherently dangerous. Consider a traumatic event in your life. Think about how you experienced it. Now think about how you told it to someone a year later. Now think about how you told it for the hundredth time. It's not the same thing. Most people think perspective is a good thing: you can figure out characters arcs, you can apply a moral, you can tell it with understanding and context. But this perspective is a misrepresentation: it's a reconstruction with meaning, and as such bears little resemblance to the event.

The other thing that happens is adjustment. You find out which part of the story works, which part to embellish, which to jettison. You fashion it. Your goal is to be entertaining. This is true for a story told at a dinner party, and it's true for stories told through movies. Don't let anyone tell you what a story is, what it needs to include. As an experiment, write a non-story. It will have a chance of being different.

"Most of us who wrote in depth about the brilliant career of Steve Jobs sooner or later came to realize that we were complicit in the making of a modern myth. ... Nevertheless, Steve was merely mortal. And his storied life was one of dissonances and contradictions."

Read more »]]> tag:blogger.com,1999:blog-7415430.post-7063135315744458902 Black Swan Blindness Richard Veryard http://www.blogger.com/profile/04499123397533975655 noreply@blogger.com 2011-09-01T00:22:00+00:00

Black Swans and Complex System Failure, I talked about the architectural implications of some recent disasters, including the Gulf of Mexico oil spillage in 2010 and the partial melt-down in Japanese nuclear reactors following the tsunami in 2011. Both of these disasters involved something that isn't supposed to happen: the simultaneous failure of multiple fail-safe mechanisms.

A new study by Oxford University and McKinsey finds a similar phenomenon in technology investment, where large IT projects may experience spiralling costs as a result of multiple problems occurring simultaneously. According to the researchers, this is up to twenty times more frequent than traditional risk modelling techniques would expect, with one in six large IT projects going over budget by an average of over 200%. Researchers refer to the tendency to disregard rare but high-impact problems/risks as black swan blindness.

As an example, Professor Bent Flyvbjerg cites the collapse of Auto Windscreens, which went into administration in February following a disastrous attempt to implement a new IT system. "Black swans often start as purely software issues. But then several things can happen at the same time - economic downturn, financial difficulties - which compound the risk," he explained.

Professor Flyvbjerg has coined the term Black Swan Management, which currently merits its own Wikipedia page. Simon Moore (author of Strategic Project Portfolio Management) questions whether it is appropriate to use the term "black swan" for something that occurs with a one in six probability, but supports Flyvbjerg's conclusion that when projects go wrong they can go extremely wrong.

Flyvbjerg makes five fairly bland recommendations for avoiding IT project failure, including recruiting a "master builder". Some people may interpret this as an endorsement of the large IT service firms, but these firms have been responsible for some of the most extravagent failures. Is there any evidence that master builders are any more immune from "black swan blindness" than anyone else? Indeed, as a Scandinavian, Flyvbjerg will hardly need reminding of Ibsen's portrayal of madness in the play of the same name.

'Black swans' busting IT budgets (BBC News, 26 August 2011)

Bent Flyvbjerg and Alexander Budzier, Why Your IT Project May Be Riskier than You Think (Harvard Business Review, September 2011, pp. 601-603)

Natasha Lomas, Five ways to stop your IT projects spiralling out of control and overbudget (Silicon.com, 22 August 2011) (pdf)

Brenda Michelson, Complexity, Outliers and the Truth on IT Project Failure (HP Input-Output, 31 Aug 2011)

Simon Moore, Black Swans In Project Management (August 25, 2011)]]>

tonyrcollins via @glynmoody and @Mark_Antony asks Should winning bidders tell if they suspect a new contract is undeliverable? (8 June 2011) and raises some excellent ethical points about public sector procurement.

One of the functions of good journalism is to hold people and organizations to account. Tony fishes out a speech given in 2004 by Sir Christopher Bland, then chairman of BT, in which he acknowledged incomplete success in previous ventures, and admitted the extraordinary challenges involved in the NPfIT, for which BT had just won three contracts then valued at over £2bn.

There is obviously a difference between something's being extremely difficult and its being impossible. BT executives can fairly claim that they were always open about the chance that it was going to be difficult, and that they didn't know for sure that it was going to be impossible. But at the same time, there is an asymmetry of information here - the supplier is presumably in a better position to assess certain classes of risk than the customer. (Meanwhile, there may be other classes of risk that the customer should know more about than the supplier.)

In my opinion, the ethical issues here are not to do with deliberate concealment of known facts, but of misleading or inadequate assessment of shared risk. The key word in Tony's headline is the word "suspect". So what are the ethics of doubt?]]>

CJFDillow on the externalities of superinjunctions.

"People can allege that Jemima Khan is shagging Jeremy Clarkson and say that the press isn’t reporting this because of a superinjunction. ... In this way, Ms Khan’s reputation is damaged by the existence of super injunctions (though the social cost of this is mitigated by the fact that Mr Clarkson‘s reputation is enhanced)."

Ms Khan attracted a lot of publicity to herself when she chose to protest about various allegations about her and Mr Clarkson that had been circulated on Twitter. Most people looked at the allegations and dismissed them as highly unlikely. The story, repeated with glamorous pictures in all newspapers, has merely served to remind us about her wealth and beauty, and has probably only enhanced her reputation. Perhaps the real purpose of her protest was to deflect attention and credibility from some other allegations. (See my post on Google-spinning.)

Chris assumes that Ms Khan's reputation would be sullied if she were discovered to have had a relationship with anyone outside the usual round of actors and sportsmen and other good looking airheads. Although I'm not a fan of Mr Clarkson, I imagine that a wealthy and bored woman might find a discreet relationship with him to be quite interesting, and I can't see that her reputation would be particularly damaged. It's not as if she were caught attending one of Mr Berlusconi's or Mr Mosley's parties, or spilling out of nightclubs in a dishevelled state.

Meanwhile, Chris assumes that Mr Clarkson's reputation is enhanced by these allegations. Again, I can't see that a popular and happily married journalist wants to be associated with bored heiresses, let alone by their indignant denials.]]>

CJFDillow on the externalities of superinjunctions.

"People can allege that Jemima Khan is shagging Jeremy Clarkson and say that the press isn’t reporting this because of a superinjunction. ... In this way, Ms Khan’s reputation is damaged by the existence of super injunctions (though the social cost of this is mitigated by the fact that Mr Clarkson‘s reputation is enhanced)."

Wikipedia) tells us among other things that people tend to underestimate the probability of extremely rare events.

A corollary of this theory that is of particular interest to architects and complex system engineers concerns the design of fail-safe mechanisms. Nuclear power and oil extraction are examples of environmentally critical operations; they are therefore subject to detailed risk assessment, and designed with multiple fail-safe mechanisms. And yet both the oil spillage last year in the Gulf of Mexico and the partial melt-down in Japanese nuclear reactors following the recent tsunami involved the simultaneous failure of multiple fail-safe mechanisms. Obviously that's not supposed to happen.

Simultaneous failure of supposedly independent mechanisms is a Black Swan event.

Update (August 2011)

A recent study by Oxford University and McKinsey has blamed rare but high-impact problems, dubbed "black swans", for the increasingly common phenomenon of large IT project whose cost spirals out of control. The study finds this phenomenon to be three times as common in IT than in other domains [BBC News, 26 August 2011]. See my post on Black Swan Blindness.

Update (October 2011)

Reviewing a couple of recent books about BP and the oil spill in the Gulf of Mexico, Mattathias Schwartz makes a number of relevant points.

When crucial pieces of our infrastructure fail, they do so gracelessly, without much warning and in ways that are difficult to anticipate. ... The failure to grasp the possibility of system-wide failure might be one in an accelerating series, bookended by the 2008 financial crisis and the Fukushima nuclear meltdown last spring.

One reason for the oil and gas industry’s quick comeback in the US was the successful packaging of the blowout as a ‘black swan’, an event of such low probability that it couldn’t have been anticipated. This certainly helped excuse the fact that no one – not BP, Chevron, Exxon or Shell – had a working plan for plugging a blowout as deep as Macondo .

BP ... claimed, in its own report on the blowout, that the event had eight causes, of which BP was partly responsible for one. The president’s commission concluded that the disaster had nine causes, and that BP was responsible for six or seven. And yet BP stands by what it said at the start.

The size of the system and the complexity of the data make it possible to argue for a maddeningly wide range of positions, especially when it comes to vague legal notions like ‘negligence’ or ‘responsibility’. Both concepts hinge on proving that one linear narrative is the right one.

Mattathias Schwartz, LRB 6 October 2011
reviewing

Spills and Spin: The Inside Story of BP by Tom Bergin
A Hole at the Bottom of the Sea: The Race to Kill the BP Oil Gusher by Joel Achenbach

]]>

Update (October 2011)

Reviewing a couple of recent books about BP and the oil spill in the Gulf of Mexico, Mattathias Schwartz makes a number of relevant points.

When crucial pieces of our infrastructure fail, they do so gracelessly, without much warning and in ways that are difficult to anticipate. ... The failure to grasp the possibility of system-wide failure might be one in an accelerating series, bookended by the 2008 financial crisis and the Fukushima nuclear meltdown last spring.

One reason for the oil and gas industry’s quick comeback in the US was the successful packaging of the blowout as a ‘black swan’, an event of such low probability that it couldn’t have been anticipated. This certainly helped excuse the fact that no one – not BP, Chevron, Exxon or Shell – had a working plan for plugging a blowout as deep as Macondo .

BP ... claimed, in its own report on the blowout, that the event had eight causes, of which BP was partly responsible for one. The president’s commission concluded that the disaster had nine causes, and that BP was responsible for six or seven. And yet BP stands by what it said at the start.

The size of the system and the complexity of the data make it possible to argue for a maddeningly wide range of positions, especially when it comes to vague legal notions like ‘negligence’ or ‘responsibility’. Both concepts hinge on proving that one linear narrative is the right one.

Mattathias Schwartz, LRB 6 October 2011
reviewing

Spills and Spin: The Inside Story of BP by Tom Bergin
A Hole at the Bottom of the Sea: The Race to Kill the BP Oil Gusher by Joel Achenbach

]]> tag:blogger.com,1999:blog-6106782.post-7210386679445769098 Creeping Business Dependency Richard Veryard http://www.blogger.com/profile/04499123397533975655 noreply@blogger.com 2011-03-08T10:38:00+00:00

Daily Mail 8 March 2011) to solar flares (Daily Mail 21 Sept 2010).

Those with long memories may recall the millennium bug scare, which postulated that widespread computer error might result in total economic collapse when the date went from 99 to 00. Many companies took the opportunity to carry out a long overdue inventory of their software programs, and decommissioned a fair amount of obsolete code, as well as reviewing their disaster recovery procedures; even though the scare was probably exaggerated, some useful work was done. (I myself picked up some contract work in this area, so I can't complain.)

The Royal Academy of Engineering has just issued a report on Global Navigation Space Systems, which takes a more balanced view of the subject than the Daily Mail, but still warns of the danger of over-reliance on satellite navigation [Report (pdf), Press Release ].

Chairman of the RAoE working group, Dr Martyn Thomas, told the BBC:

"We're not saying that the sky is about to fall in; we're not saying there's a calamity around the corner. What we're saying is that there is a growing interdependence between systems that people think are backing each other up. And it might well be that if a number these systems fail simultaneously, it will cause commercial damage or just conceivably loss of life. This is wholly avoidable." [BBC News 8 March 2011]

Maybe this does sound pretty speculative (as @martinjmurray complains). Nonetheless it may be a good idea for any business that has gradually become dependent on this or any other technology to check out the possible risks.

From an architectural point of view, what I find most interesting about this situation is the tendency for critical business dependencies (and the associated risks) to emerge, as a particular technology migrates unobtrusively from marginal use to core business use.

Another example of a creeping business dependency is the extent to which Google has now inserted itself into the relationship between any business and its customers. If a business offends Google in some way, and consequently disappears from Google search, this will have serious business consequences. (BMW disappeared from Google for three days in 2006 - see my post BMW Search Requests). And yet it's still rare to see Google shown as a business-critical service partner in business architecture or business process diagrams.

If we think of an architecture in terms of a set of dependencies, we can distinguish between a centrally planned architecture, in which the dependencies and their implications are understood from the outset, and an emergent defacto architecture, in which unanticipated dependencies and risks can be created by a quantity of uncontrolled activity. In a planned world, all innovation must be controlled to prevent emergent risk; in an evolving world, innovation (such as the use of Google or GPS) can be encouraged provided that there is a robust mechanism to detect and manage emerging risks.

book now Workshop: Managing Complexity Using Enterprise Architecture (April 13th, 2011)]]>

"We're not saying that the sky is about to fall in; we're not saying there's a calamity around the corner. What we're saying is that there is a growing interdependence between systems that people think are backing each other up. And it might well be that if a number these systems fail simultaneously, it will cause commercial damage or just conceivably loss of life. This is wholly avoidable." [BBC News 8 March 2011]

book now Workshop: Managing Complexity Using Enterprise Architecture (April 13th, 2011)]]> tag:blogger.com,1999:blog-7415430.post-1542933636748317059 IT analysis and trust Richard Veryard http://www.blogger.com/profile/04499123397533975655 noreply@blogger.com 2011-03-04T11:03:00+00:00

mkrigsman asks "Trust is the currency that matters most. How many analysts / bloggers deserve it?"

@markhillary replies "surely in the same way as a journalist is trusted, by earning it"

@mkrigsman is particularly concerned about those who write about IT failure. (I'm not sure why he singles out that topic, but I note that the concern arose during a conversation with @benioff, boss of Salesforce.) "When someone writes on IT failures ask "What's their angle?". Usually sensationalism, currying favor, or threatening a vendor." When challenged about his own angle by @njames, @mkrigsman replies "I want to expose *why* projects fail, so we understand magnitude of the problem and can improve."

Trust is clearly a difficult issue for software industry analysts. Unfortunately, Michael's answer to Nigel's challenge cannot prove that he doesn't have a hidden agenda, because the untrustworthy are often just as able as the trustworthy to produce a plausible cover story. If we trust Michael it's not because he can answer the challenge but because of his track record.

We also need to ask - trusted by whom. Software companies might prefer industry analysts to be compliant and predictable, but intelligent software users might regard such analysts as being insufficiently independent. Who would you trust to tell you about Microsoft's new platform - someone who is always pro-Microsoft, someone who is always anti-Microsoft, or someone who has a track record of making both positive and negative comments about Microsoft and its competitors?

Of course, this comment doesn't only apply to industry analysts. Robert Scoble, when he worked for Microsoft, made a point of distancing himself from the party line, and he therefore commanded a different kind of attention and respect than did Bill Gates or Steve Ballmer.

From a simplistic software industry perspective, an analyst who talks about IT success might be regarded as a friend, whereas an analyst who talks about IT failure is potentially an enemy. (This might explain Marc Benioff's wish to challenge the hidden agenda of the latter.) While many software and service companies might adopt the from-failure-to-success rhetoric - "the best way to avoid the risk of failure is to buy our software and hire our consultants" - this is not ideal from a sales perspective.

Mark Hillary appeals to a journalistic ethic, which would presumably include things like balance and transparency. But balance is not always appreciated by those with most at stake. In the past, I have written technology reports on new products, which I regarded as generally positive with a few small caveats. (I don't generally waste my time writing about products that are no good.) But the vendors concerned have often regarded my remarks as highly critical. (Fortunately, this over-sensitivity on the part of software companies is now changing, thanks in part to social media, and companies now understand that a robust debate can be just as beneficial as a highly controlled one-way marketing exercise.)

From a narrow software industry perspective, a trustworthy industry analyst is one who satisfies Simon Cameron's definition of an honest politician - "one who, when he is bought, will stay bought". But from a broader perspective, we should surely prefer to trust those industry analysts with independently critical mind, unafraid to ask awkward questions and publish the answers.

With the large industry analysis firms, the question of trust shifts from personal integrity to corporate integrity. The sales pitch for these firms depends not just on isolated flashes of insight from individual analysts, but on the collaborative intelligence of a community of analysts. Corporate integrity depends not just on transparency about the relationship between the work paid for by software vendors and the independent research consumed by CIOs, but also on a coherent and robust research methodology adopted consistently across the firm, typically supported by an apparatus of surveys and structured questionnaires and checklists and spreadsheets. However, there is a potential disconnect between the routine processing of supposedly objective raw data (this product with this market share in this geography in this time period) and the generation of useful interpretation and opinion, which is where the analytical magic and subjectivity comes in. One example of this magic, Gartner's Magic Quadrant, has been challenged in the courts; Gartner's defence has been that MQ represented opinion rather than fact. (See my post The Magic Sorting Hat is Innocent, Okay?) And the complicated relationship between fact and opinion, and the transparency of reasoning and evidence, is surely relevant to the level of trust that can be invested by different stakeholders in such analyses.

By the way, why am I writing about software industry analysis? Obviously, because I want to expose *why* analysis fails, so we understand magnitude of the problem and can improve. How can software industry analysis deliver greater levels of intelligence and value to the software industry as a whole?]]>

How Can You Capitalize On This In Risk And Fraud Management?

In his short blogpost, Cser doesn't offer an answer to this question. He merely makes one assertion and one prediction.

Firstly he asserts an easy and superficial connection between the game of Jeopardy and the profession of security, based on "the complexity, amount of unstructured background information, and the real-time need to make decisions." Based on this connection, he makes a bold prediction on behalf of Forrester.

"Forrester predicts that the same levels of Watson's sophistication will appear in pattern recognition in fraud management and data protection. If Watson can answer a Jeopardy riddle in real time, it will certainly be able to find patterns of data loss, clustering security incidents, and events, and find root causes of them. Mitigation and/or removal of those root causes will be easy, compared to identifying them."

As this is presented as a corporate prediction rather than merely a personal opinion, I'm assuming that this has gone through some kind of internal peer review, and is based on an analytical reasoning process supported by detailed discussions with the IBM team responsible for Watson. I'm assuming Forrester has a robust model of decision-making that justifies Cser's confidence that the Jeopardy victory can be easily translated into the fraud management and data protection domain within the current generation of technology. (Note that the prediction refers to what Watson will be able to do, not what some future computer might be able to do.)

For my part, I have not yet had the opportunity to talk with the IBM team and congratulate them on their victory, but there are some important questions to explore. I think one of the most interesting elements of the Watson victory is not the complexity - which other commentators such as Paul Miller of Engadget have downplayed - but the apparent ability to outwit the other competitors. This ability may well be relevant to a more agile and intelligent approach to security, but that's a long way from the simplistic connection identified by Cser. Meanwhile, I look forward to seeing the evidence that Watson is capable of analysing root causes, which would be a lot harder than winning at Jeopardy.

Paul Miller, Watson wins it all, humans still can do some other cool things (Engadget 16 Feb 2011)
IBM's Watson supercomputer crowned Jeopardy king (BBC News 17 Feb 2011)
]]>

"Forrester predicts that the same levels of Watson's sophistication will appear in pattern recognition in fraud management and data protection. If Watson can answer a Jeopardy riddle in real time, it will certainly be able to find patterns of data loss, clustering security incidents, and events, and find root causes of them. Mitigation and/or removal of those root causes will be easy, compared to identifying them."

Paul Miller, Watson wins it all, humans still can do some other cool things (Engadget 16 Feb 2011)
IBM's Watson supercomputer crowned Jeopardy king (BBC News 17 Feb 2011)
]]> tag:blogger.com,1999:blog-1254315679163990153.post-3407834363913964570 Bureaucracy and Risk Richard Veryard http://www.blogger.com/profile/04499123397533975655 noreply@blogger.com 2011-01-31T18:27:00+00:00

jasongorman Bureaucracy doesn't reduce the risk of making mistakes, it reduces the risk of making decisions.

retweeted by @ashalynd @barendgarvelink @carloslemes @claussni @fabiogasparro @fabio_nb @fpaiano @jerrygulla @jonmholt @keesvandieren @KevlinHenney @mfeathers @MrAlanCooper @Richardgab @rmHeise @rpepato and others.

As a general rule of thumb, I hold that when one makes statements about risk one should specify whose risk you are talking about.

Bureaucracies typically evolve procedures for making decisions, which may help to eliminate certain types of error, but may make other types of error more likely. Bureaucracies also evolve responsibility structures that reinforce certain modes of decision-making and action, and inhibit others. At least in the short term, employees take less personal risk when they conform to these procedures and structures, even when the decisions have bad consequences for other stakeholders, and may create longer term problems for the organization itself.

@richardveryard When a person makes a decision within the rules of a bureaucratic system, the system protects the person from risk.

@ashalynd True, but then the success of the whole organization depends on how good are its rules.

There are various ways of viewing the short-term or long-term success of an organization. Again, we need to ask - success for whom, from which perspective. Inflexible organizations may appear to be successful in the short term, but if they lack requisite variety, they will fail to respond adequately to changes in their environment, and may ultimately become non-viable.

For a rule-driven organization, the flexibility (requisite variety) depends on the degree of agility and intelligence that is embedded in the rules and their interpretation. I guess this is what @ashalynd means by the quality of the rules. It is not impossible for a bureaucracy to have some degree of agility, but rules usually leave a lot to be desired.

@richardveryard The success of the whole organization depends on the fit between the structure of rules and the structure of demand.

@jasongorman What does that mean - "the structure of rules" and "the structure of demand"?

The ability of the organization to behave in an agile and intelligent way depends on whether the flexibility (degrees of freedom) built into the rules and other working practices is aligned with the kinds of direct and indirect value (demand) which the organization needs to deliver. The question of alignment is ultimately a structural question.]]>

Long Finance conference yesterday, in which he deployed a few apparently simple ideas about risk management to mount an eloquent and powerful critique of the Basel 3 regulatory regime.

Here is a crude summary of some of the key points of Persaud's argument

1. Regulation should be counter-cyclical. Credit mistakes are made during the boom and exposed during the downturn. Regulation therefore needs to be stricter during the boom and relaxed during the downturn.

2. Basel 3 attempts to regulate risk in terms of risk sensitivity. This concept has several flaws.

It focuses on the private risks to banks and their shareholders, rather than the public risks to system and society.
It is based on the market price of risk, which is cyclical and therefore cannot support counter-cyclical regulation.
It assumes that all risk is homogeneous.

3. Financial risk is not homogeneous. There are different types of risk, which call for different kinds of hedging over different timescales. Persaud identified three types.

Credit risk denotes the risk that a given creditor will be unable to pay. This risk is mitigated by having a portfolio of uncorrelated creditors, and assuming that the failure of each creditor is a statistically independent event.
Liquidity risk denotes the risk that a given asset cannot be sold at short notice for the desired amount. This risk is mitigated by a preparedness to hold assets for long periods.
Market risk is a combination of credit risk and liquidity risk.

3. Banks are good at dealing with credit risk and bad at dealing with liquidity risk. Insurance companies and pension funds should be good at dealing with liquidity risk, provided they are not forced into inappropriate measures by stupid regulation.

4. Sustainable long-term investment entails liquidity risk. A regulatory regime that supports credit risk and fails to support liquidity risk tends to militate against sustainable long-term investment. But this is exactly the outcome of the Basel 3 regulations, according to Persaud. Instead, he argues, we need a regulatory regime that encourages firms to take appropriate long-term risk, according to their risk absorptive capacity.

5. The Basel 3 regulations force risk to be misallocated, because of a failure to appreciate time and its effect on risk. The goal of regulation should not be on reducing risk sensitivity but on increasing risk absorptive capacity.

6. The Basel 3 regulations therefore represent a missed opportunity for financing sustainable activities and longterm finance.

Note: In our risk management work, we use the term Bearing Limit, which roughly corresponds to what Persaud calls Risk Absorptive Capacity.

Papers by Avinash Persaud:

Liquidity Black Holes (pdf) April 2003
Regulation, valuation and systemic liquidity (pdf) October 2008
How risk sensitivity led to the greatest financial crisis of modern times. VOX, 7 October 2008.
The Empire strikes back. VOX, 14 September 2010

]]>

It focuses on the private risks to banks and their shareholders, rather than the public risks to system and society.
It is based on the market price of risk, which is cyclical and therefore cannot support counter-cyclical regulation.
It assumes that all risk is homogeneous.

3. Financial risk is not homogeneous. There are different types of risk, which call for different kinds of hedging over different timescales. Persaud identified three types.

Credit risk denotes the risk that a given creditor will be unable to pay. This risk is mitigated by having a portfolio of uncorrelated creditors, and assuming that the failure of each creditor is a statistically independent event.
Liquidity risk denotes the risk that a given asset cannot be sold at short notice for the desired amount. This risk is mitigated by a preparedness to hold assets for long periods.
Market risk is a combination of credit risk and liquidity risk.

Note: In our risk management work, we use the term Bearing Limit, which roughly corresponds to what Persaud calls Risk Absorptive Capacity.

Papers by Avinash Persaud:

Liquidity Black Holes (pdf) April 2003
Regulation, valuation and systemic liquidity (pdf) October 2008
How risk sensitivity led to the greatest financial crisis of modern times. VOX, 7 October 2008.
The Empire strikes back. VOX, 14 September 2010

]]> tag:blogger.com,1999:blog-6138624.post-2452270217555079599 Purpose of Denial 3 Richard Veryard http://www.blogger.com/profile/04499123397533975655 noreply@blogger.com 2010-08-28T21:22:00+00:00

Apparently this belief is more prevalent among college-educated Republicans than the rest of the population. How Republicans Learn That Obama Is Muslim (New Republic, 27 August 2010) This raises some intriguing questions about the relationship between education and knowledge.

Jeff Poor suggests that the media are to blame. "By consistently using questions about Obama's faith and his citizenship as fodder to demean conservatives, specifically the Tea Party movement and thereby creating a general mistrust by saying vile things, have the mainstream media perpetuated the very allegations they are abhorred by (sic)?" (Newsbusters, 19 August 2010) At least on this point, Charlie Brooker seems to agree. "Seriously, broadcasters, journalists: just give up now. Because either you're making things worse, or no one's paying attention anyway." 'Ground Zero mosque'? The reality is less provocative (Guardian 23 August 2010). Brooker complains that the terms of the debate are grossly misleading, and grudgingly admires right-wingers for their ability to create snappy-but-misleading nicknames – like fun-size chocolate bars and the Ground Zero mosque. Buzzwords for blowhards (Guardian 30 August 2010).

Jeff Poor quotes CNN political analyst James Carville, who describes himself as "flummoxed" by this result, and claims that "the quality of information to people today is exponentially higher than it was in 19th century England". Now I wouldn't necessarily expect a political journalist to know what the word "exponential" meant, but I wonder whether the quality is higher at all.

Once upon a time, some people were bothered whether Disraeli was Christian or Jew, and some people were uncomfortable about electing Kennedy as a Catholic president. But they are now mainly remembered for what they achieved while in office, not their religious affiliation. Meanwhile, Mrs Thatcher's legacy is not feminism but Thatcherism. Obama will not be remembered for his birthplace, or the religion of his forefathers, nor even for being the first black president; he will be remembered for the successes and failures of his presidency. And perhaps one day, people will wonder why anyone cared whether he was a Moslem or not, and moderate Moslems will be as accepted in mainstream American politics as Catholics are now. (Let it not be forgotten that large sums of money were once raised from American Catholics to support Irish terrorism.)

John T. McGreevy and R. Scott Appleby Catholics, Muslims, and the Mosque Controversy (New York Review, 27 August 2010)

Adam Serwer, Build More Mosques (American Prospect, August 26, 2010)]]>

John T. McGreevy and R. Scott Appleby Catholics, Muslims, and the Mosque Controversy (New York Review, 27 August 2010)

Adam Serwer, Build More Mosques (American Prospect, August 26, 2010)]]> tag:blogger.com,1999:blog-6138624.post-5771219826684276248 Does Basel want bigger banks? Richard Veryard http://www.blogger.com/profile/04499123397533975655 noreply@blogger.com 2010-08-27T17:11:00+00:00

Peston via @diane1859 "Basel tilts playing field further towards big banks. It wasn't supposed to be this way."

Here's the dilemma. The official purpose of banking regulation is to protect the whole system from risk. But the actual effect of controlling each bank separately (whether in terms of capital ratios or any other measure) is to encourage the concentration of risk, which makes the whole system more risky.

Counter-productive regulation is an extremely common phenomenon. Stafford Beer's POSIWID principle tells us that the de facto purpose of a complex system is often at odds with the official purpose.

True systems thinking on the part of legislators and regulators might lead us to more effective and appropriate ways of regulating the whole system than simply imposing controls on the individual players within the system. But what's the chance of that happening?

Big banks winners from new contingent capital move (Reuters, 27 August 2010)
See my earlier post Does Britain need smaller banks? (April 2009)]]>

Big banks winners from new contingent capital move (Reuters, 27 August 2010)
See my earlier post Does Britain need smaller banks? (April 2009)]]> tag:blogger.com,1999:blog-1254315679163990153.post-5406368610553339301 VPEC-T and pluralism Richard Veryard http://www.blogger.com/profile/04499123397533975655 noreply@blogger.com 2010-06-11T11:40:00+00:00

#vpect is a deceptively simple systems thinking lens developed by a couple of friends of mine (Carl Bate and Nigel Green), and described in their book Lost in Translation. The letters stand for Values, Policies, Events, Content and Trust. For a good brief description, see VPEC-T the 5D lens by @RoyGrubb.

VPEC-T is based on a profoundly radical philosophy of plurality. Instead of a single centralized value system (as found in top-down command-and-control organizations), we expect to find a range of different (overlapping, conflicting) value systems. Instead of a single coherent set of policies, we expect to find complex interaction between different kinds of policies (commercial, security, safety, corporate responsibility, and so on). Instead of a simple set of routine events, the post-modern organization is faced with a dynamic set of emerging events. Instead of a rigid set of database records, systems content is rich and evolving. And finally, the whole human activity system is underpinned by a complex set of trust relationships between people and organizations.

If you’ve spent any time working and thinking in business and systems, these statements will probably seem like common sense. However, many twentieth century systems methodologies were based on simplistic assumptions – for example, that there should be a single ordered set of goals and objectives, completely and consistently driving all system activity; that there should be a single ordered set of policies, rationally decided by management according to best-practice strategic principles, and so on.

And in our working lives and elsewhere we are surrounded by systems that have been designed according to these simplifying assumptions – systems that are inflexible, that serve a narrow set of stakeholders and to hell with everyone else. Not just software systems (for example, badly designed websites) but all sorts of human activity systems. Think of the hours of passenger time that are wasted because airline and airport procedures are designed for the convenience of their own operations rather than for the passengers. Think of the huge inefficiency of healthcare and other public services. Think of organizations whose attention is almost exclusively focused on internal squabbling rather than building external relationships, and which only survive because their competitors are no better. Think of counter-productive targets and expensive white elephants and all the other trappings of bureaucracy. These are the products of a certain way of thinking about business organizations and systems, which VPEC-T regards as obsolete and obscene.

So VPEC-T starts from the opposite assumption and expects trouble – there will be tension, there will be contradictions, and so on. Some people might think this is a pessimistic position. After all, wouldn’t it be wonderful if the world was as consistent and orderly and predictable as the 20th century methodologies assumed?

Actually I don’t think so – I think that kind of mechanical uniformity takes us towards the utopian nightmare described by countless science fiction writers. The plurality and richness which I find in VPEC-T is not only more realistic but also more human.

VPEC-T is not just a tool for making sense of complex human activity systems, but also a tool for communicating and telling stories about these systems. This is important for three reasons

Firstly, because any single view of a complex system is necessarily unreliable and incomplete. We need multiple lenses and multiple voices to give us greater coverage of the issues, and greater confidence in the analysis.

Secondly, because the philosophy of plurality makes it necessary for us to work collaboratively with other people, not only with different perspectives but with different value systems. So we need a language for collaboration.

And thirdly, because of the reflexive nature of trust, which requires transparency of the models and assumptions on which the system is based. Ultimately, VPEC-T cannot be a private matter for a closed elite group of system designers without compromising trust principles.

Therefore ... risk management as one area likely to see spending increasing

Aleri October 2008

Oh yeah? Any evidence of this?]]>

#soa #risk In this post, I identify some contrasting views on the relationship between SOA and risk.

SOA involves innovation, and innovation always introduces new risk

SOA Benefits, Challenges and Risk Mitigation (Eric Roch, 7 March 2006)
How SOA increases your security risk (Gartner via ComputerWorld, March 2007)
SOA Benefits outweigh risks (IBM via SearchSOA, April 2008)
SOA adds risk to an activity that is already “success challenged” (CIO Update, August 2008)

SOA helps reduce risk

SOA Reduces Risk and Cost in Shared Services Projects (Merrill Douglas, Public CIO Magazine, 7 May 2008)
SOA Helps Cadbury Schweppes Reduce Risk and Increase Flexibility (CapGemini case study)
SOA may be taking the risk out of cloud computing (EDS via ZDNet, April 2009)

SOA providing visibility and control of aggregate risk and unexpected behaviour

CEP and real-time risk (Chris Martins, Progress Apama, March 2008)
Exclusive Interview With Nick Leeson: An Inside Look at Rogue Trading (Advanced Trading, March 2008) (via Aleri)

SOA complicating visibility and control of aggregate risk

Can a Service-oriented Architecture Hinder Sarbanes-Oxley Compliance Efforts? (Internal Auditor, undated)

Therefore ... risk management as one area likely to see spending increasing

Aleri October 2008

Oh yeah? Any evidence of this?]]> tag:blogger.com,1999:blog-6106782.post-5334407188323930507 Architect Certification and Trust Richard Veryard http://www.blogger.com/profile/04499123397533975655 noreply@blogger.com 2010-04-23T12:36:00+00:00

@mattdeacon @wendydevolder @karianna @flowchainsensei @gojkoadzic @unclebobmartin .

Lots of good comments on Twitter and elsewhere about certification, in various contexts (enterprise architecture, agile, ...).

The purpose of a certificate is to enable you to trust the bearer with something. So we need to understand the nature of trust. In their book Trust and Mistrust, my friends Aidan Ward and John Smith identify four types of trust ...

authority
network
commodity
authentic

... and we can apply these four types to the different styles of certification that might be available.

In his attack on the World Agile Qualifications Board, @gojkoadzic quotes the Agile Alliance position on certification: employers should have confidence only in certifications that are skill-based and difficult to achieve. Yet, as Gojko continues, "most of the certificates issued today are very easy to achieve and take only a day or two of work, or even just attending the course".

If a certificate is issued by a reputable professional organization, then the value of the certificate is underwritten by the reputation of the issuing organization, so this counts as authority trust. In my post Is Enterprise Architecture a Profession? I have already stated my view that claims for professional status for enterprise architecture are at best premature, so there is no organization today that has sufficient authority to issue certificates of professional competence. However, if you can acquire a certificate simply by attending a short course and/or memorizing some document (such as TOGAF), then this is a commodity-based form of trust. Basically, such certificates will only be regarded as valuable if just enough people have them. (Which seems to be why some large consultancies have put all their practitioners through TOGAF training.)

Bob Marshall (@flowchainsensei) prefers vouching

Just found http://wevouchfor.org - Should keep me busy vouching (why oh why "certifying???") for capable folks for some time.

which is a form of network trust. If someone receives a lot of vouchers from his friends, that could either mean he is very popular or that he is involved in a lot of reciprocal back-scratching. (This kind of mutual recommendation is easily visible on Linked-In, where the list of incoming recommendations often exactly matches the list of outgoing recommendations.)

The trouble with all these mechanisms is that they are both one-sided and lacking context. The certificate purports to tell us about a person's strengths (but not weaknesses), in some unspecified or generic arena. This can only go so far in supporting a judgement about a person's qualifications (strengths and weaknesses) for a specific task in a specific context. What if anything would serve as an authentic token of trust?

Aidan Ward and John Smith, Trust and Mistrust - Radical Risk Strategies in Business Relationships. John Wiley, 2003]]>

@mattdeacon @wendydevolder @karianna @flowchainsensei @gojkoadzic @unclebobmartin .

authority
network
commodity
authentic

Just found http://wevouchfor.org - Should keep me busy vouching (why oh why "certifying???") for capable folks for some time.

Aidan Ward and John Smith, Trust and Mistrust - Radical Risk Strategies in Business Relationships. John Wiley, 2003]]> tag:blogger.com,1999:blog-7415430.post-7958838734314151076 Enterprise 2.0 inside the firewall? Richard Veryard http://www.blogger.com/profile/04499123397533975655 noreply@blogger.com 2010-04-14T11:28:00+00:00

infovark 's Dean blogs why he thinks Enterprise 2.0 will fail, and claims that the case for E2.0 inside the firewall is considerably more difficult.

I think the main problem with the case for “E2.0 inside the firewall” is the word “firewall”, which represents an outdated but still common attitude towards maintaining organizational boundaries. I wouldn’t be at all surprised if an organization that relies on firewalls struggles to get the benefits from open distributed business and technology, including Enterprise 2.0.

Dean replies

"It’s true that many forward-thinking organizations are becoming more transparent, and the borders between them are becoming less distinct. Still, eliminating the firewall altogether would require a lot of infrastructure changes. ... An even bigger challenge is the political one. Changing the Internet from a 'network of networks' paradigm to a 'unified network' approach would require far more coordination than most companies — and countries — would be willing to undertake."

I agree that shifting away from firewall-based security is a significant strategic move for an organization, not just infrastructure but also political. There are some political issues that would have to be tackled, if the organization is to achieve any potential benefits from Enterprise 2.0.

But the shift away from firewall (sometimes called Deperimeterization) doesn't necessarily entail the second shift Dean mentions, from a 'network of networks' paradigm to a 'unified network' approach, and I am not advocating this. There will perhaps always be limits to interoperability, and there will always be some structure to the network of networks, but this structure will be more open and innovative, and not driven primarily by an obsolete security architecture.]]>

"It’s true that many forward-thinking organizations are becoming more transparent, and the borders between them are becoming less distinct. Still, eliminating the firewall altogether would require a lot of infrastructure changes. ... An even bigger challenge is the political one. Changing the Internet from a 'network of networks' paradigm to a 'unified network' approach would require far more coordination than most companies — and countries — would be willing to undertake."

flowchainsensei (Bob Marshall) argues that All Executives are Unethical (pdf).

More precisely, he argues that it is unethical to believe things without proper evidence. (He is particularly interested in beliefs about product and software development, but the argument applies more generally.)

As far as I can see, there are three steps in this argument.

1. People are ethically responsible for their beliefs. (According to Bob, this was the basis for a controversial paper presented to the Metaphysical Society by William Kingdon Clifford in 1876.)

2. An unfounded belief is unethical.

3. A person who holds unfounded beliefs is unethical.

Let's look at step 1 first. This appears to entail an ethical obligation to subject one's beliefs to some kind of "due diligence". However, most of our beliefs are based, not on evidence that we have personally collected and analysed, but at least partly on evidence that has been filtered through other sources. We may have reasons to trust certain sources more than others, but if it is unethical to believe things without proper evidence, it would also surely be unethical to trust things without proper evidence. We may accept an ethical obligation to subject our beliefs to "due diligence", but this is normally a collective obligation rather than an individual obligation.

Step 2 asserts that any failure to ground beliefs in proper evidence is an ethical failure. People are rightly held accountable for failing to act in certain circumstances (for example failing to save someone from drowning), but ethical censure generally assumes both awareness (knowing that someone needed rescue) and capability (being able to swim). So the problem with Step 2 is that the more complex the beliefs are, the greater the intellectual power (intelligence) that is required to appreciate and thoroughly investigate these beliefs. If the management team isn't individually or collectively intelligent enough to understand what proper evidence would look like, then believing things without proper evidence is a consequence of insufficient intelligence.

Does being stupid count as an ethical failure? (Being deliberately or avoidably stupid might, but most instances of stupidity are not deliberate.) Appointing people and teams who don't have enough intelligence might be unethical, but only if the appointment was deliberate or avoidable, and so on along the responsibility chain until we can find someone who should have known better.

Step 3 assumes that we can categorize people as ethical or unethical based on incidence of ethical or unethical behaviour. Once we have a hard-and-fast concept of sin, then we can define a sinner as a person who has committed (and not yet purged) at least one sin. The trouble with this is that if we are all sinners, the category of "sinner" ceases to have much value except for the purposes of hellfire rhetoric. Labelling all executives as unethical (and why stop at executives, by the way) becomes merely a rhetorical gesture.

So where does this leave the virtues of diligence, responsibility and probity? Firstly, I hold that these are collective virtues - executives display moral character in a particular organizational setting, and we may not know how their ethics would stand up in a different setting.

Secondly, I think character and intelligence are distinct virtues. We should not automatically suppose that intelligent people are more ethical than less intelligent people, and therefore we should not define "ethical" to mean something that only especially intelligent people can comply with.

Thirdly, there is a widespread belief (especially among consultants) in the value of knowledge (although I don't know exactly what would count as proper evidence for this belief - if executives are unethical, I dread to think where this leaves consultants). If we define knowledge as justified true belief, then knowledge is degraded to the extent that it is unjustified or untrue, or for that matter disbelieved. If it is unethical to believe something without proper evidence, it may sometimes also be unethical to disbelieve something. Sometimes excessive scepticism shades into cynicism and negativity, and maybe this can be just as unethical as unjustified optimism.]]>

Big EA, Little EA and Personal EA., based loosely on Patti Ancram's classification of knowledge management.

Big KM is about top-down, structured and organizationally distinct “knowledge management”
Little KM is about safe-fail experiments embedded in the organizational structure
Personal KM is about access to tools and methods to ensure that knowledge, context, bits, fragments, thoughts, ideas are harvestable

As I see it, this classification identifies different styles that may possibly coexist, or perhaps different kinds of knowledge claim that may interact in interesting ways. (I don't like the word "layers" for this kind of classification, because it implies a particular structural pattern, which isn't appropriate here.)

I've used a slightly different division in the trust sphere, which might make sense here as well.

Authority EA - this is a kind of top-down command-and-control EA, representing the will-to-power of the enterprise as a whole, and ultimately answerable to the CEO. This is what Tom calls Big EA.

Commodity EA - this is where the EA is based on some kind of external product source - such as when the enterprise models are imported wholesale from IBM or SAP. This often resembles Big EA, but has some important differences.

Network EA - this is where EA is based on informal and emergent collaboration between people and organizations. Tom calls it Little EA, but the collaborations can be very extended indeed - just think about some of the mashup ecosystems around Google or Twitter.

Authentic EA - this is a personally engaged practice - what Tom calls Personal EA.

Big EA, Little EA and Personal EA., based loosely on Patti Ancram's classification of knowledge management.

Big KM is about top-down, structured and organizationally distinct “knowledge management”
Little KM is about safe-fail experiments embedded in the organizational structure
Personal KM is about access to tools and methods to ensure that knowledge, context, bits, fragments, thoughts, ideas are harvestable

Authority EA - this is a kind of top-down command-and-control EA, representing the will-to-power of the enterprise as a whole, and ultimately answerable to the CEO. This is what Tom calls Big EA.

Commodity EA - this is where the EA is based on some kind of external product source - such as when the enterprise models are imported wholesale from IBM or SAP. This often resembles Big EA, but has some important differences.

Network EA - this is where EA is based on informal and emergent collaboration between people and organizations. Tom calls it Little EA, but the collaborations can be very extended indeed - just think about some of the mashup ecosystems around Google or Twitter.

Authentic EA - this is a personally engaged practice - what Tom calls Personal EA.

Once we have agreed that there are different styles, the really interesting question is not identifying and naming the styles, nor even saying that one style is somehow "better" than another style", but talking about how the different styles interact, and what are the implications for governance.]]> tag:blogger.com,1999:blog-1254315679163990153.post-1311195734195092648 Social Proximity and Trust Richard Veryard http://www.blogger.com/profile/04499123397533975655 noreply@blogger.com 2010-03-09T08:24:00+00:00

Enterprise 2.0 Bullseye (November 2007), drawing on the sociologist Mark Granovetter’s theory of the 'strength of weak ties' (pdf). McAfee's topography, which he acknowledges to be a drastic simplification of a large and complex set of phenomena, is drawn as concentric circles with the strongest ties in the centre (presumably this is the "bullseye"). For a discussion of McAfee's topography, see my post From Weak Ties to Weak Signals.

The circles of social proximity may relate to circles of trust. We preferentially share information and ideas with people we trust.

because we expect to be recognized and rewarded - either by benefiting directly from the use of our knowledge (e.g. as a member of the same team or organization) or by getting some favour in return
because we expect to be informed about the use of our knowledge, allowing us to intervene if the knowledge is used inappropriately or out of context (this is particularly important if the knowledge is complex, uncertain or volatile, or we are unsure about the ability of our friend or colleague to appreciate its full implications)
or conversely, because we expect them to get on with it without pestering us with follow-up questions

And we seek information and ideas from people we trust

because we believe that the information and ideas will be good
because we expect to be trusted with their information and ideas
because we expect to be allowed to use the information and ideas without excessive constraint or tedious negotiation

There are several alternative reasons for trusting people. One reason for trusting people is because we know them personally. Another reason is that they work for the same organization - therefore there is some management hierarchy that can resolve any competing claims or other issues. A third reason is that they have some kind of public reputation to maintain. We tend to trust public figures either because we have a fancy of knowing them personally, or because we imagine they have little to gain and much to lose from tricking their fans.

What are the relative strengths of these reasons for trusting people? In some organizations, people trust outsiders (such as consultants) more than they trust their own colleagues - either because they believe that the consultants have access to superior knowledge and techniques, or because they believe that the consultants are disinterested observers of internal company politics rather than active players.]]>

because we expect to be recognized and rewarded - either by benefiting directly from the use of our knowledge (e.g. as a member of the same team or organization) or by getting some favour in return
because we expect to be informed about the use of our knowledge, allowing us to intervene if the knowledge is used inappropriately or out of context (this is particularly important if the knowledge is complex, uncertain or volatile, or we are unsure about the ability of our friend or colleague to appreciate its full implications)
or conversely, because we expect them to get on with it without pestering us with follow-up questions

And we seek information and ideas from people we trust

because we believe that the information and ideas will be good
because we expect to be trusted with their information and ideas
because we expect to be allowed to use the information and ideas without excessive constraint or tedious negotiation

bmichelson reports, rockstar Dave Lee Roth used to demand a bowl of M&Ms in his dressing room, with all the brown ones removed. Why? Because he wanted to test the venue's attention to detail. If they couldn't even get the sweets right, how could he trust them to correctly install the complex wiring and lighting required for the gig? If the test failed, what that triggered wasn't a childish tantrum but righteous anger and a thorough test of everything else before the band would go on the stage. [Business Advice from Van Halen, Fast Company March 2010 via Elemental Links] As @bmichelson points out, this can be regarded as a form of instrumentation.

I have seen a similar trick described somewhere else, possibly in one of Mark McCormack's books. When discussing a major event with a large hotel, casually ask for orange juice for all participants, freshly squeezed on the premises that morning. If hotel management appears to regard this requirement as trivial, then this is a warning that it may not take the other requirements seriously either.

Obviously these tricks only work when they are secret. As soon as people realise that these tricks are being used as tests or predictors of performance or quality, then they will alter (distort) their behaviour accordingly. (I'm imagining a scene from a Spinal Tap remake in which a rival rock band sends its roadies to tip off the venue and disrupt proceedings, so that the M&Ms are perfect, but the wiring electrocutes the guitarist and wreaks the concert.)

So if you are going to use these kinds of trick as a shortcut to detect what's going on, you need four things.

to design a test that is a good indicator of incompetence, laziness or inattention
to behave congruently as if the test really mattered
to act appropriately when the test fails (e.g. test the wiring, look for an alternative venue)
to watch out for signs that the test has been rumbled

to design a test that is a good indicator of incompetence, laziness or inattention
to behave congruently as if the test really mattered
to act appropriately when the test fails (e.g. test the wiring, look for an alternative venue)
to watch out for signs that the test has been rumbled

And if you suspect that these kinds of tricks are being used against you, to test your competence and attention to detail, then you are probably already paying enough attention to detail to be able to do an all-round competent job. Maybe next time they'll trust you a bit more, okay?]]> tag:blogger.com,1999:blog-1254315679163990153.post-2944024277132920475 Ice Nine Richard Veryard http://www.blogger.com/profile/04499123397533975655 noreply@blogger.com 2010-01-08T12:40:00+00:00

by Richard and Aidan

Earlier this week, Rachel was on her way to New Zealand via Heathrow. Here's how the interaction of several systems failed her.

1. Thanks to the latest security scare, it now takes two and a half hours to search all the handbaggage and get all the passengers onto the plane.

2. By which time the plane has frozen, and needs de-icing again. That takes another hour.

3. By which time the pilot and co-pilot have already spent so much time sitting on the plane that they no longer have enough flying hours remaining in this shift to take the plane to its destination. So the flight is cancelled.

4. The passengers are asked to return to the baggage hall, collect their checked-in baggage and start the process all over again. But there are many other flights that have been cancelled for similar reasons, and the baggage hall is already full-to-bursting with unloaded bags and frustrated passengers, so Rachel has to wait several hours before her unloaded bags appear on the carousel.

5. Then she has to queue to get onto the next available flight, and the process starts all over again.

By a happy fluke, the next plane Rachel boarded actually managed to take off, and she was on her way to New Zealand, but not before a last-minute search to find enough qualifying aircrew ...

Why does this kind of mess occur? Anyone can look at the whole system and see what could have been done differently. But each system is operated by a different organization, and there is a lack of trust and overall systems leadership.

As readers of Kurt Vonnegut's novel Cat's Cradle will recognize, Ice Nine was the name of a fictional crystal that was capable of bringing the whole world to a complete stand-still. Quite an apt metaphor for failed systems then.]]>

by Richard and Aidan

johnccr asks me to give a look to the new OWASP Top Ten 2010 RC1 (pdf), saying "it would be interesting to know if it changed your perception". So here are a few quick comments.

I'm certainly happy to acknowledge that this version makes the limitations of the Top Ten approach much clearer than previous versions, and explicitly encourages organizations to "think beyond the ten risks here". The document is careful not to claim the Top Ten as a full application security program, and warns readers not to stop at ten, because "there are hundreds of issues that could affect the overall security of a web application". But then surely this implies we shouldn't be wasting time reading this document at all; we should be reading the OWASP Developer’s Guide, "which is essential reading for anyone developing web applications today".

The status of the top ten items as risks (rather than, say, weaknesses or vulnerabilities or threats) is also a bit clearer, and the ranking of risks is based on the scale of the risk, not just the frequency of the attack. However, the document also refers to "relatively simple security problems like those in the OWASP Top 10" - which makes it seem that they may be the most obvious rather than the most problematic. Making people aware of simple problems doesn't necessarily promote awareness of more complex problems.

To my mind, the trouble with this kind of list is that it encourages bad thinking. Not only are some risks regarded as more attention-worthy than others (based on a generalized model of risk that may not be relevant to your organization or application portfolio), but each risk is considered in isolation. But a holistic understanding of security and risk needs to look at the composition of risk - how can several apparently small risks sometimes be multiplied into a very large risk.

I'm also concerned about limiting the analysis of risks to application security itself. Presumably a full security risk analysis would need to look at social attacks as well as technical attacks, but the Top Ten are all drawn from the technical side. I looked for this technical focus to be stated and explained somewhere, perhaps in a statement of scope, but couldn't find anything to this effect.

By the way, when I have raised issues about OWASP in the past, I have been challenged to fix them myself. But I'm not a normal member of OWASP, I'm an independent industry analyst who has been asked by a few OWASP members to provide coverage of OWASP. I am happy to enter into further discussions with OWASP members, but if you want me to build stuff then I am going to have to find a way of funding my time.]]> tag:blogger.com,1999:blog-7415430.post-1023739243521007358 Should we take OWASP seriously? Richard Veryard http://www.blogger.com/profile/04499123397533975655 noreply@blogger.com 2010-01-07T16:25:00+00:00

mcgoverntheory (James McGovern) about the ongoing OWASP project to identify the Top Ten Security Risks. I see no reason to change my previous opinion , which is that such lists are fundamentally misconceived.

As I've explained before (in this blog and elsewhere), I think the objectives of the list are muddled; I regard the methodology for producing the list as insufficiently rigorous; and I think it highly likely that the list will be widely used not as a precursor to a serious threat analysis but as a lazy substitute for it; so I just can't see that a Top Ten list is a good idea for anyone.

@mcgoverntheory replies "Many contributors to the top ten agreed that top ten lists as a concept are flawed. Its all about helping others move needle." Yes, but does it actually achieve any positive outcome? Show me.

@mcgoverntheory adds "Flawed concepts are propagated all the time. It's called marketing". But is it really the role of OWASP to be a marketing organization?

@mcgoverntheory continues "Everyone knows that Top X lists aren't meant to be complete nor necessarily measurable. Its about simple understanding". Well maybe everyone knows, but what matters is whether and how they act upon that knowledge.

@mcgoverntheory admits that "Sadly, most enterprises start and stop with awareness". Maybe so, but why should OWASP pander to this tendency?

And if OWASP is focusing its efforts on publicizing material that many contributors agree to be flawed, why on earth should industry analysts take OWASP seriously? Does OWASP want to be taken seriously?

Maybe it doesn't. @mcgoverntheory asks "What lift would analysts provide to OWASP? No products to sell and therefore we won't show up in quadrants or hype docs."

Of course, that depends what kind of industry analysis we are talking about. Some so-called industry analysis firms seem to do little more than reprocess and amplify the efforts of the software industry marketing departments, putting favoured products and vendors into a Magic Sorting Hat. Or they write like a theatre critic who gets invited to the previews, always finds something positive to say about the latest production, which can then be quoted on the play's website.

But I hope OWASP isn't the kind of organization that only wants analysis on its own terms, and understands that the value of industry analysis comes from the different perspective an analyst should be able to offer. In which case, I am happy to talk.]]>

tonyrcollins reports on the implications for large IT contracts of the Centrica v Accenture dispute (Computer Weekly, 9 December 2009). The dispute concerns a "best-of-breed" replacement billing system for the entire British Gas business, which Centrica ordered from Accenture in 2002.

Centrica is invoking a clause in the contract that refers to "fundamental defects", and a lot of the legal activity has been trying to determine what this phrase actually means. Although Accenture argues that the various problems experienced with the system have been unconnected and therefore don't count as fundamental, the High Court has accepted Centrica's interpretation that the cumulative effect of these defects may indeed be regarded as fundamental.

The article quotes Peter Clough, head of disputes at law firm Osborne Clarke:

"One of the important points to note about this case is that IT suppliers can be liable for claims for fundamental breach arising from the cumulative effect of a series of faults, each of which could look relatively minor in isolation. The majority of systems will of course be inter-linked so that a defect in part of the process could affect another part, snowballing into a more serious issue."

So this is about architecture and risk. From a risk management perspective, a critical responsibility of the architect is to make sure that a lot of small problems don't add up to a big problem.

And it is also about procurement and risk. If this judgement stands, it appears to shift certain kinds of risk from the customer to the supplier. Obviously one solution to this would be to redraft procurement contracts. But another solution may be that large IT suppliers may be required to engage much more proactively with the broader architectural context for the systems they are building.

So can we expect all the major IT suppliers to look at architecture and risk from a new perspective?]]>

"One of the important points to note about this case is that IT suppliers can be liable for claims for fundamental breach arising from the cumulative effect of a series of faults, each of which could look relatively minor in isolation. The majority of systems will of course be inter-linked so that a defect in part of the process could affect another part, snowballing into a more serious issue."