Law – Vendorprisey

Cloud Computing and vague recollections of the Anarchical Society.

Mark Zuckerberg says the world is much more divided than he ever expected https://t.co/EPPQLiMtYp #division pic.twitter.com/rxZ0iwbDu3

— World Economic Forum (@wef) April 7, 2018

elicited this magnificent response.

Study STEM, they said. It’s not like a degree in Political Science and International Relations will ever be useful for anything… https://t.co/Z3CxQGHWAw

— Eva (@evacide) April 8, 2018

Hedley Bull was a famous international political scientist, he wrote several books. They weren’t easy reading is putting it mildly. I only read Anarchical Society. At the time I read it, in 1990, everyone was talking about Francis Fukuyama’s End of History, which, at the risk of over-simplifying it, predicted that liberal western democracy was the end game of politics, and the totalitarians and the communists were history. Bull’s view of international politics saw things rather more messily.

Cloud computing architectures today have optimized for and thrived under a Pax Americana construct. The model being, American cloud providers are the benevolent but hegemonial super power, and they run the world’s data for the rest of us, in a suzerain system. Sort of like the British East India Company and the empire did with trade in the 19th Century. It is good for us all they tell us, but Amazon, Facebook and others are very much America First. There has been a relentless centralisation of processing, driven largely economies of scale, technical efficiencies and a lack of regulatory constraint. Where processing takes place in the data colonies, it is has been usually for latency factors, rather than compliance, but there are of course exceptions.

This model is under threat, from two very different political forces.

In Europe, the data colonised have, after years of inaction, passed a law with some teeth that challenges the US corporate position that data is a commodity that can be appropriated for beads and shells and consent forms that no-one understands. The GDPR will require the data colonisers to change their behaviour, while Facebook is most egregious example, it would be foolhardy to assume they are the only data pillagers. This law is likely to force the colonisers to be a bit more careful with the data from the colonies, and it will embolden other colonials to be a bit more demanding too. It is not quite the winds of change moment, but it is blowing in that direction.

International political stability in the analogue world is in its most fragile and unpredictable state, probably since the fall of the Berlin wall. Any remaining thoughts of America’s benevolent if clumsy peacekeeper role have vanished over the last year. American international politics is now capricious and erratic. Russia has become more belligerent. Just this week Russian did software equivalent of blocking the Suez Canal, they simply blocked several of the major US cloud providers. Many solutions running on AWS, for instance, were no longer accessible. Who needs a naval blockade when you can block the cloud port? The post WWII geo-political landscape is sadly filled with war by proxy, witness Vietnam, Angola, Nicaragua, Afghanistan and so on. Now we have IP proxy wars too. There is a long history of election manipulation, but it required brute force and sometimes backing coup d’ etat etc, today, that manipulation is through Facebook and Google etc. Zittrain’s powerful prediction of ‘digital gerrymandering’ has been vindicated by the Guardian’s revelations.

Software architecture decisions for the last 20 years have been made to optimise for application performance. Going forward things are going to get a lot more awkward. A while ago the Legal Scholar, Christopher Millard, wrote about the question of data sovereignty. Wise stuff.

Architectures of the future need to be designed to cope with an uncertain political and regulatory landscape. The next trade war will not just be about the price of steel, data will be constrained and choked too. Cloud vendors that want to operate effectively globally, are going to have challenge the assumptions that drove the centralisation of the last two decades. To borrow from Taleb, today’s architectures are not anti-fragile. We have moved a long way away from the initial decentralised premise of the internet. What started out as the epitome of anti-fragile, has become inherently fragile. The economic forces, aided by regulatory indifference and incompetence have led to a centralisation and proprietarisation (horrible word, I know) of computing power.

Some will argue that answer is blockchain. I suspect that it, or more likely, the next generation of distributed ledger technologies will be part of the solution, but it not the complete answer. Indeed it was a blockchain application, telegram, that drove the Russian data blockade decision.

The questions of international order and justice that occupied the minds of Hobbes, Mill, Marx, Hedley Bull and many others deserve closer revisiting in the digital world. I do wonder what Max Weber and JS Mill would have made of Facebook.

Of Cobblestones, Solomon, Paula, Gunter, Joseph and the GDPR.

I’ve been reading a fair bit of software vendor marketing and press from around the world about the GDPR. It seems to me that a lot of it misses the point. GDPR is seen as a compliance burden, an unwelcome dose of EU bureaucracy or at best a useful opportunity sell security software. It is perhaps useful to reflect on why the GDPR and its predecessors in data protection legislation came into being.

I was walking to the train station in the rain this morning, and I paused for a moment by the pair of Stolpersteine (tripping stones) on the corner of the street where we live. I’m not sure why I took the picture today, perhaps they glistened from the drizzle. I wondered what Salomon and Paula were like, what were their hobbies and their foibles, did they watch football or play tennis together, what jobs did they do, was she left handed, who were their friends, what colour was his favourite tie, did he make puns that made her smile, did she play Chopin on piano so that the notes drifted down the street on the breeze, did they hold hands as they walked beside the Neckar on that summer’s evening for the last time?

stolperstein image. two next to each other. Deutsch family.

Gunter Demnig began this art project in 1992. The first stone was laid in Salzburg, Austria, and now there are over 27,000 plaques across 22 countries, and growing. Think of it as a distributed museum. They all follow the same format, size and font. In situ, on the doorsteps of houses, for me they are more powerful and poignant than any centralised memorial or museum. They bring an uncomfortable intimacy and they force me to think about how easily such an evil could come into being. (check out more about the stones here).

The GDPR exists to protect our data (and our person) from abuse.

This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data. (Article 1 (2) GPDR)

Software has the potential for enabling goodness, yet it can also empower evil. Software can encourage democracy, but it can undermine it too. Software can level the playing field, or it can entrench privilege. The power of software to find, sort and group people is both awesome and awful. It is a mighty thing that we wield.

As an industry we need to see people’s data as something to treat with care and respect. The GPDR is a long overdue firm nudge for us to remember that.

One of the pioneers of artificial intelligence, Joseph Weizenbaum, fled Berlin for the US as a child in the 1930’s. I suspect there is a stoplerstein for his family on a street in Berlin. His book, Computer Power and Human Reason, should be required reading for all those building software.

““The computer programmer is a creator of universes for which he alone is the lawgiver. No playwright, no stage director, no emperor, however powerful, has ever exercised such absolute authority to arrange a stage or field of battle and to command such unswervingly dutiful actors or troops.”

We proclaim gleefully that software is eating the world, and data is more valuable than oil, so it is high time the software industry took its human rights responsibilities more seriously.

I, for one, welcome the GDPR.

Conferences, comedy, clouds and contracts.

Continuing my attempts to bring Shakespeare into as many posts as I can….

Let specialties be therefore drawn between us,
That covenants may be kept on either hand.

(Taming of the Shrew II. i. 127-8)

A couple of weeks ago, I presented at the HR Technology Conference in Chicago, the topic being SaaS Contracts: how not to get ripped off. I made an animation to start the presentation, as talking about contracts can be a bit dry.

If the embedded version doesn’t behave, watch it here. My goal was to show the naivete of the typical buyer when dealing with a smooth salesperson. In the space of about 2 minutes, the buyer makes at least 9 major blunders. See if you can spot them. It is supposed to be funny, but I’ll let you be the judge of that.

A week or so after the event I did a podcast on the Bill Kutik Radio Show, where I go into a bit more detail. Have a listen here. I’m not a lawyer, so this doesn’t constitute legal advice, but I’m saddened by the ignorance on the side of the buyer, and the willingness of the seller to exploit that. That is business, I guess.

Or as Camillo said in The Winter’s tale:

You pay a great deal too dear for what’s given freely.

Also we have a lot of research on how to buy cloud/SaaS solutions. Gartner clients should definitely check out Alexa Bona’s research. Whether buying or selling, getting a fair contract is best in the long run.

(I’m very impressed with the Xtranormal tool for animation. I checked with their legal folks on usage, what a pleasure to deal with them).

On Wikileaks, the Inkspots and a political philosophy ramble.

Thomas Paine, “It is error only, and not truth, that shrinks from inquiry.”

George Washington, “Truth will ultimately prevail where there is pains to bring it to light.”
Julian Assange, “The more secretive or unjust an organization is, the more leaks induce fear and paranoia in its leadership and planning coterie.”

Antonio Gramsci, “To tell the truth is revolutionary.”

Herbert Marcuse, “The need for alternative media has never been more acute."

Rosa Luxemburg, “Those who do not move, do not notice their chains.”

Julian Assange, “A man in chains knows he should have acted sooner for his ability to influence the actions of the state is near its end.”

Ronald Reagan, “Information is the oxygen of the modern age. It seeps through the walls topped by barbed wire, it wafts across the electrified borders.”

Long ago, I studied political philosophy, and this wikileaks thing has stirred some parts of my brain that have not stirred over a decades. Incoherence may follow.

I’m posting this on my personal blog, rather than the work one. These are my personal views, and should not be construed as anything other than that. Wikileaks has significant implications for enterprise software, but I’ll largely leave that to my colleagues for now.

My view

Wikileaks is one of the best things that has happened to state and corporate governance, since, gosh, Juvenal posed the Quis custodiet ipsos custodes? question. Wikileaks challenges Plato’s Nobile Lie, big time. I reckon Karl Popper would have applauded wikileaks. Hannah Arendt too, but I’m on thinner ice there.

Julian Assange and his colleagues have firmly established the concept of a safe place for whistleblowers to dump information. They deserve lauding, not opprobrium. Some Americans think wikileaks is picking on the US, but if you look at the previous leaks, there were many that were dealing with other countries and issues. Look at the cases of toxic dumping in Africa, Swiss Bank tax evasion, Oil pollution in South America. Wikilinks didn’t hack the system, or steal a password. Someone, probably Manning, gave them the information.

Assange’s paper here is well worth reading, it would be good if he wrote more, as he writes well. See also Zunguzungu’s post, where I found the link.

Check out Ginandtacos too.

Nuclear codes are a matter of national security. This crap isn’t. The "secrets" betrayed by this diplomatic cable dump range from the gossipy ("Prime Minister so-and-so has too much plastic surgery and a drinking problem!") to the "Are you kidding? Everyone already knows that!" variety. The Russian mafia is intertwined with the government? My word! That is simply shocking. The effect of the most recent information dump is not, as Obama and Hillary have so idiotically warned, that "lives will be lost." This isn’t blowing the cover of any double agents in the Kremlin. This is just making the government look stupid. If you think "We don’t want to be embarrassed" is a sufficient reason for the government to withhold information about its activities from the public, you have a very curious understanding of how this country is supposed to work.

…

And so in an era in which people get their real news from a comedian and their comedy from the real news, a non-state actor like Wikileaks represents our best hope for a more democratic state.

A more diplomatic view

I rather liked this piece on the Harvard blog, from a former diplomat.

Governments are no doubt rushing to secure their data and hold it more tightly than ever, but the horse has bolted. If a government as professional, technically sophisticated, and well-protected as the U.S. can suffer a breach of this magnitude, no government is safe. Politicians can roar their demands for the prosecution of Julian Assange or — absurdly — that Wikileaks be designated as a terrorist organization, but the rage is in truth a tacit admission that government’s monopoly on its own information is now a thing of the past.

The call by some of the American right to treat wikileaks as a terrorist organization smacks of paranoia. Palin’s call to treat Assange like the Taliban is beyond despicable. Rule of law, please.

My position mirrors that of the ACLU

We’re deeply skeptical that prosecuting WikiLeaks would be constitutional, or a good idea. The courts have made clear that the First Amendment protects independent third parties who publish classified information. Prosecuting WikiLeaks would be no different from prosecuting the media outlets that also published classified documents. If newspapers could be held criminally liable for publishing leaked information about government practices, we might never have found out about the CIA’s secret prisons or the government spying on innocent Americans. Prosecuting publishers of classified information threatens investigative journalism that is necessary to an informed public debate about government conduct, and that is an unthinkable outcome.

The broader lesson of the WikiLeaks phenomenon is that President Obama should recommit to the ideals of transparency he invoked at the beginning of his presidency. The American public should not have to depend on leaks to the news media and on whistleblowers to know what the government is up to.

This morning’s report that Amazon has ditched hosting wikileaks raises questions about censorship and coercion. This is definitely not cloud computing’s finest hour. It reeks of hypocrisy. We expect Google and Yahoo to stand up to China, but Amazon seems to fold at the first mumble from a senator. Which T&C did Wikileaks not follow? I will not be shopping at Amazon this Christmas.

Think for a moment of the alternative scenario, the disgruntled operative handing it over to a foreign power, as per Gordievsky, Blunt or Ames. Instead, it is exposed to us all, we can make up our own minds. Rather than lashing out at wikileaks consider where the data would have gone in its absence.

Shout out to the Guardian, Spiegel and the NYT.

Many have predicted the end of journalism. This week the Guardian in particular has done much to dispel that in my mind. Its coverage of the wikileaks story has been thorough, careful, and brave. Also the NYT nailed it here.

News organizations are in the business of publishing news. They can exercise their judgment with regard to whether, in exceptional circumstances — usually those regarding potential loss of life — news might be redacted, delayed or, on extremely rare occasions, permanently withheld. But the likely embarrassment to individuals, or inconvenience to U.S. diplomats, does not even begin to approach this bar.

When 250,000 documents can be placed on a zip drive smaller than a popsicle stick, and thousands of citizen journalists are working to make it available to the public, then the guarantee of secrecy for any powerful institution is only a comforting fiction.

Process and a bit about the software angle

There will be a lot of organizations rethinking security policies, systems and practices, in the wake of this incident, and rightly so. A junior level staffer should not have been able to download what he did without some sort of alarm bell ringing.

Software vendors are going to view this as the next Sarbanes-Oxley. Cry havoc and let slip the dogs of marketing. Do make sure you have a good supply of anti-hype pills.

I hope though, that it also makes organizations, whether government or otherwise, realise that they are being watched by broader society. Behave ethically, conspire less and you have little to fear from wikileaks.

Perhaps wikileaks will continue to thrive with Assange at its head, but if not, an alternative leader or offering will emerge, as with Napster. Targeting Assange will not make this go away. I believe Assange should answer to the Swedish charges that he faces, but only through due process in a court of law.

A Musical coda

I’ll end this with one of my favourite songs. Whispering Grass. From the Ink Spots. This was a hit in 1940. listen here if you like. Perhaps it should be the theme tune for wikileaks the movie.

Why do you whisper, green grass
Why tell the tress what ain’t so
Whispering grass
The trees don’t have to know, no-no
Why tell them all your secrets
Who kissed there long ago

Whispering grass
The trees don’t need to know
Don’t you tell it to the breeze
For she will tell the birds and bees
And everyone will know
Because you told the blabbering trees
Yes, you told them once before
It’s no secret anymore-ore
Why tell them all the old things
They’re buried under the snow

Whispering grass, don’t tell the trees
‘Cause the trees don’t need to know-ow

For the Brits reading this there is the Ain’t half Mum cover too.

O’er lawyers’ fingers, who straight dream on fees

Shylock:
Most learned judge, a sentence! Come prepare!

Portia:
Tarry a little, there is something else.
This bond doth give thee here no jot of blood;
The words expressly are "a pound of flesh."

The Merchant of Venice

(painting by Alexandre Canbanel. The Merchant of Venice)

The jury has decided. SAP owes Oracle 1.3 Billion dollars. I’ll leave others to speculate on whether SAP appeals, if is a fair sum, or whether there will be other legal ramifications.

Watching it all has been fun. Good theatre, with some dramatic performance and and even more dramatic absence. Tabloid stuff.

The amount, while breaking records for copyright infringement, will not impact SAP’s ability to do business. It has plenty of cash, and there is a serendipitous symmetry with the recent 1,5 billion dollar credit facility. While it could slow down share buybacks, I doubt that it will have a real impact on its development or marketing spend. It would be wrong for SAP to shrink into cost cutting mode to fund this, but I don’t think they will anyway.
The case illustrates the hyper-competitive and ruthless nature of the industry. Neither firm emerges Persil white from the process. I’m not sure that it will really make a difference to how CIO’s view SAP or Oracle. Most CIO’s know that this is a pretty ruthless and aggressive business. Oracle’s field will have a bit of fun in the sales cycle with this, but I doubt it will really impact business.
Most software executives and developers have minimal understanding of copyright law and its implications. Coming out of this, I’d hope that software developers think a little bit more about intellectual property and IT law generally. This would be a good thing. I’d like to see software companies funding more IT law research and studies, but then I’m biased.
Software companies using intellectual property to beat each other up in court isn’t new, but this judgment will encourage more of the same.
The judgment was not about the legality of third party maintenance. The SAP-Oracle case and Rimini Street –Oracle case will be quite different. I don’t think we should conflate them. The SAP-Oracle case was good entertainment, but it was just about damages. In the long run the Rimini Street case is more important for the whole industry. I ‘m not assuming that just because SAP admitted that TomorrowNow was toxic, all third party maintenance is somehow tainted.

These are my musings, rather than a formal Gartner position.

(Okay, the heading was from Romeo and Juliet, and the quote from Merchant of Venice)

Industrial action impacts high tech companies too

Thinking of strikes, it is easy to imagine coal miners, railway workers and automobile assemblers with shop stewards quoting Trotsky, Gramsci and Marcuse, and brandishing a well worn copy of the Ragged Trousered Philanthropists. This is a naive and foolish stereotype. As this example from Yahoo! shows, industrial action is alive and well in the high tech industry. Valleywag reported on a strike at Yahoo in France.

[YOUTUBE=http://www.youtube.com/watch?v=kulOZowv0Qc]

(watch the video here if you dont see the embedded player)

Carol Bartz‘s lacerating eccentricity may captivate Silicon Valley, where she’s cutting costs left and right. Not so in Europe: When Yahoo tried to shut down operations in France, workers made this surreal, defiant video. And went on strike, naturally.Their point: Yahoo made about 1 million euros per worker from Yahoo France alone last year, and used to hype how “it’s important to have [locally] concentrated engineering activities… to innovate” in France, where it would base “one of [its] most important centers in Europe.” Yahoo France’s engineers will now stop working until Yahoo agrees that they shouldn’t have to stop working. At least they’re fact checking the internet company’s hype along the way.

(thanks Valleywag).

There is a lesson for all “global” high tech companies. HR practices that work in the US don’t necessarily travel well. I have quite a bit of research in the pipeline on a related topic. I have seen global HR projects derailed because of worker and union opposition, forcing system redesigns and huge delays.

I’ll predict that the software industry will face increasing collective and industrial action. Social software makes it easier to organize and motivate around an issue, and create a strong collective even without the presence of a union. It makes it easy to reach the broader public too. We have seen the power of the disgruntled customer using social media to mobilise support and opinion. Employees have access to the same tools and media. Executives of global software companies will need to get a lot more savvy about global HR issues. Gosh, that degree I did in Industrial Relations might actually be useful one day.

A Flock of Seagulls

Don’t ever give your heart to a stranger
Don’t tell your secrets to a friend
Don’t put your heart in mortal danger –
They all desert you in the end.
The more you live
the more you love.
Or so they say: The more you love
the more you throw it away.
They say that nothing lasts forever

(photo mine use under cc with attribution)

In 1985, while on hockey tour from South Africa, I visited my cousin in Nottingham. He had an excellent music collection, and he introduced me to all sorts of bands I’d not really heard much of back home in South Africa. I copied several albums with his rather fancy double cassette deck system, including the Flock of Seagulls’ albums. I clearly remember using brand new TDK D-90 cassettes, and carefully copying out the track names. Telecommunication, The More You Live, The More You Love, Remember David, Wishing. Using a new cassette was a sign of respect back then.

A decade or so later I replaced the tapes by buying AFOS on CD, and I have since bought a few tracks online too.

Last night, in Weinheim, I saw them live in a cosy venue called Cafe Central. I paid 18 euros at the door. The place wasn’t packed, but a number of folks turned out dressed in 80’s garb, hair and all. There were even a couple of punks. The band looked older, as we all do, and the famous hairdo was pinned back under a baseball cap. The sound was a bit more guitar, base and drums than it was in the 1980’s, but it was fun. Some of the line up had changed, but for about 90 minutes the place rocked. They played the hits and a couple of newer tracks, it was a fine evening. I would have even bought the t-shirt if they’d had one for sale.

(photo mine use under cc with attribution)

I’m sure that many of us have similar experiences with music, so as parliamentarians in various countries consider draconian 3 strikes and you are out type legislation for file sharing, perhaps they should look at their own musical collections. You could argue that I should have bought the AFOS albums in 1985, but if I remember correctly I had already spent my pocket money on Howard Jones’s Dream into Action.

I’m wishing that the parliamentarians would read JP’s post.

Most people are law-abiding. Most people want to make sure that artists are rewarded. Sometimes laws are out of date and need changing. Sometimes business models are out of date and need changing.

I ‘ll leave you with a stanza from Telecommunication, AFOS’ hit song from 1981.

Video screen,
Silver page,
With a new calibration
For the nuclear age.

Sunlight, process, systems, moats, tennis courts, flipping, heatmaps, mashups and flat screen TVs.

From the cc flickrstream of sludgegulper Thanks!

I have been watching and reading about the goings on with the UK parliamentarian expenses with a mixture of incredulousness, dismay, horror, and anger. This is a grave insult to the UK tax payers, and a blow to global democracy. Corrupt politicians around the world can sleep easy. One man’s moat is another man’s Wabenzi.

Other than all the information about moat cleaners, tennis courts, duck shelters, large screen TVs, iPhones for husbands, 200 mile taxi rides, tax advisors, and mortgage payments on mortgages that no longer existed, I was struck by the absolute lack of process and systems to manage the expenses. The inefficiencies and the lack of control are astounding.

The problems are bigger than technology, The whole process needs a complete overall, but essentially we are talking about some basic compliance procedures. Workflow approvals, automated routing of claims out of policy, electronic receipt management,and SOD (separation of duties). Even simple expense management system would go a long way to stopping this sort of abuse happening again. Rules can be easily automated and enforced, and with a bit of configuration, even issues such as flipping and claiming for trivia could be managed.

Driven out of a good process system, the data could also be easily mashed up with consumer analytics tools such as Google maps, and a simple query tool, allowing concerned citizens the right to audit.

Indeed, there has been a wave of excellent mashups and analytic reports based on the data that has been released and collated.

Charles Arthur over at the Guardian has a closer look. Tony Hirst’s blog gives an excellent account on the technical efforts needed to do this. Looking at what he has done with essentially free software. It is interesting to see how various technologies and techniques have been deployed. more here. It is a fascinating study for anyone interested in analytics and data visualization. It does make the analytics offerings of many of the software vendors I cover seem rather dowdy, but that story is for another day.

Shining a bit of sunshine on the issue by opening up the data is the best remedy. After all, when I last looked, parliamentarians work for the citizens.

The Database state

I would have blogged on this myself, but day job deadlines mean I can’t give it the attention I would like to. This makes grim reading.

Instead I will lift Intrepid Ian’s post.

The Joseph Rowntree Reform Trust has this morning published our report on the UK Database State, which finds that:

A quarter of all major public sector databases are fundamentally flawed and almost certainly illegal. These should be scrapped or redesigned immediately;
The database state is victimising minority groups and vulnerable people, from single mothers to young black men and schoolchildren;
Children are amongst the ‘most at risk’ from Britain’s Database State, with three of the largest databases set up to support and protect children failing to achieve their aims;
Data sharing is a barrier to socially responsible activities. It is deterring teenagers from accessing health advice and undermining goodwill towards law enforcement;
Only 15% of major public sector databases are effective, proportionate and necessary;
We spend £16 billion a year on public sector IT and a further £105bn spending is planned for the next five years – but only 30% of public-sector IT projects succeed.

The runaway growth of public sector databases was surprising even to those of us that follow them closely. They have taken six months to catalogue.
You can see coverage of the report in the Guardian, Telegraph, Times, Independent, BBC News, Daily Mail, Metro and from Reuters.