PIN Numbers and Passwords

Did you realise that the inventor of the ATM was Scottish? It was a new one to me too. Actually, there’s some debate around who gets the credit, but both of the front-runners are Scottish so it’s a pretty safe statement to make. I only found that out a couple of days ago when one of them, Jim Goodfellow, received an honorary doctorate.

However, Mr Goodfellow’s inventiveness was not just restricted to the ATM. His second significant claim to fame was that he invented the Personal Identification Number (PIN). It’s a system that’s still being used 48 years later in 2.7 million ATM’s worldwide as well as in point of sale (Chip & Pin) terminals that handle 1 billion transactions daily.

There’s only 10,000 possible combinations when it comes to a 4-digit PIN code. And around 11% of us are still using 1234, with another 6% using 1111. Of course with the rise of Bitcoin, its easy to see that a robust replacement is now starting to gain traction.

But as fallible as our existing PIN numbers might be, the passwords we choose are little better. The simple act of replacing four numerals with a collection of any number of letters, numerals and symbols of our own choice provides us with the opportunity for far greater creativity. And, as a fascinating article by Ian Urbina in the New York Times earlier this week showed, the passwords that we choose can reveal a huge amount about the individuals that we actually are.

I loved this piece. From the heartbreaking stories of one man’s attempts to get Cantor Fitzgerald back up and running in the aftermath of the 911 attacks (658 workers killed in one day, necessitating difficult conversations with family members during those first 48 hours in order to guess critical passwords) to the more mundane explanations by everyday people in which they reveal the reasons behind their password choices, one thing becomes clear. However strong a security system we build, it is always undermined by the fallibility of humans who inevitably remain the weakest chain in the link of internet security. For example, many use the word “incorrect” as a password – simply so that when they get the password wrong, their own computer will prompt them, i.e. “Your password is incorrect”.

It turns out that many passwords are essentially keepsakes we use as memorials to remind us of significant turning points in life, often of a painful nature. When a huge database of hacked passwords was made available a few years ago, analysis showed an above average usage of words relating to ‘love’. And some people use the password process as a way to reinforce a personal message that they want to be reminded of during the course of the many log-in’s required in an average day – eat more fruit, phone mum, that sort of thing.

It’s clear that we all hate passwords. The average number that we need and use on a regular basis increases almost by the day. And there’s some great advice out there for how to create truly memorable secure ones of course. But the reality is that for most people, perhaps we just need a little more humanity in the process than we would otherwise admit to.

Yes it weakens the security. But perhaps for that one brief second when you assume that you’re on your own, when it’s simply you at the temporary doorway that’s popped up on your screen, as it does every day in life, maybe we all just want to be reminded of something that’s means something real to us – and not just a line of numbers and symbols.

Farm2050 Collective & The Coming Global Food Shortage

Some predictions state that the world will have a global population of somewhere between 9.6 and 9.7 billion by 2050, with maybe 10 – 11 billion people on the planet by the end of the century. Any way you look at it, that’s a huge increase in the numbers of mouths to feed.

For some, the solution can partly be found in enforcing a move to vegetarianism. It is significantly less water-intensive to produce animal-based sustenance than a vegetarian diet and it’s the lack of water that even more serious. I didn’t choose to become a vegetarian because of this sort of data but I can honestly say that as I get older and learn more about the issues, it becomes an increasingly significant reason why I continue down that path.

When you actually sit down and think about population growth, it’s a huge challenge that we’re collectively facing in the future. It’s great fun to work out how many humans have walked the earth before the day you were born using the BBC interactive graph from a couple of years ago when we hit 7 billion on earth. But once you start to look at the population curve, the acceleration in population growth is staggering. To quote Wikipedia:-

“It is estimated that the population of the world reached one billion for the first time in 1804. It would be another 123 years before it reached two billion in 1927, but it took only 33 years to rise by another billion people, reaching three billion in 1960. Thereafter, the global population reached four billion in 1974, five billion in 1987, six billion in 1999 and, by some estimates, seven billion in October 2011 with other estimates being in March 2012. It is projected to reach eight billion by 2024–2030.”

It’s blindingly obvious we need both more food and water but also a rethink about the way that we’re currently producing and distributing natural resources. Some believe that food shortages could be the single most critical world issue by the middle of this century.

So it’s great to see the launch of Eric Schmidt’s Farm2050 Collective to focus on this global food challenge. In short, this group will support the development of agriculture startups, innovators and entrepreneurs that are seeking the answers to a question that’s only going to become more critical with every year that passes.

Whilst it may not be the sexiest part of the tech industry, AgTech involves a farming market that’s currently worth $120 billion a year. Whilst it may be an area that few of us think of regularly, there’s some fascinating innovations taking place in the industry, whereby farming is tapping into the true potential of big data and using a combination of robotics and artificial intelligence in order to make production far more efficient.

If you’re a young tech entrepreneur looking to get into a growth market, maybe that shiny high-grossing iPhone app isn’t the way forward. Maybe instead you need to be looking into ideas that also deal with those very real fundamental issues lurking at the bottom of Maslow’s Hierarchy of Needs that are crying out to be solved for the benefit of us all.

Food for thought indeed.

 

Why We Should Be Supporting Let’s Encrypt

In this post-Snowden world, two words that have seeped into the public consciousness are encryption and surveillance. I wrote about James Bridle’s interesting surveillance project just a couple of days ago so now let’s take a quick look at encryption.

As you’ve probably heard, there’s currently a fight brewing between the big tech companies who are starting to issue hardware which contains higher levels of encryption by default and the national intelligence services  Even if you somehow agreed with the FBI’s assessment that the recent decision by both Apple and Google to encrypt phone data by default sets a dangerous precedent, few would agree that what appears to be a concerted effort by the security services to apply pressure on the tech giants overreached the mark when the Deputy Attorney General recently told a room full of Apple excutives last month that the new iOS encryption would cause a child to die…

The point is that encryption of data is in general a hugely positive development for us all. Anything that reduces the potential number of attack vectors that others can use to hack in and steal your personal information as it get exchanged online has to be valuable. Of course, the intelligence services can still effectively access our data as required but making it harder for those others with malicious intent is crucial.

Along these lines, the creation of a new certificate authority has just been announced that will go live in 2015 called Let’s Encrypt. It’s being developed by a consortium of organisations (including Mozilla, Ciscoa and the Electronic Frontier Foundation plus researchers at the University of Michigan amongst others). The goal of the project (announced in various places, including here and here) is to provide a simple way for every website to move from HTTP to HTTPS.

No-one’s claiming that HTTPS is the answer to all issues (it’s only been a few months since Heartbleed after all). But the point is that by using it, you can be far more comfortable that the information that you’re exchanging whilst visiting a website is actually going where you expect it to and it’s far less likely to be stolen or changed maliciously en route.

Some companies such as Google already use HTTPS by default and the company has also indicated that will use the existence of a site’s HTTPS as a positive search ranking factor. Cue the stampede towards general adoption as part of the ongoing battle for Page 1 search ranking visibility.

But historically the problem has always been that it’s far more effort to set up HTTPS on a website – it costs more and it’s easy for people to make mistakes setting it up. The initiative by Let’s Encrypt will basically let people deploy HTTPS with one click. That has to be valuable.

If you have responsibility for a website, it’s definitely one to watch out for over the next few months.

 

Bitcoin Chat on Sand Hill Road

Since I started posting on a daily basis here, the reality is that daily life sometimes gets in the way of my writing time that I try to put aside. Today was one of those days. But rather than stopping that daily habit, I’ve decided that those days are a great chance to post a video that I’ve watched recently that’s worth sharing.

Given that I had a blast giving another Bitcoin 101 talk this morning (at Young and Partners lawyers), it seemed apt to stay on theme and share a video from the recent Academic Roundtable 2014 organised by Andreessen Horowitz. Of course, given the high pedigree of commentary from the firm on Bitcoin’s potential to date (two essential posts to read here and here if you haven’t come across them yet), it’s not surprising that there are some great points from a combination of Chris DixonMatthew Green (co-author of ZeroCoin, the truly anonymous extension to the Bitcoin protocol) and Ed Felten from Princeton.

 

As an aside, it’s great to see tipping suddenly really take off across social platforms over the past few weeks. Not only are my favourites ChangeTip making it ridiculously simply to send bitcoin to pretty much anyone with a social account (in most cases, people who have no clue about Bitcoin – yet), but Coinbase have just introduced a simple tip button to help content creators monetise content for blog posts and the like.

Not because I’m expecting any, but just to show you how easy it is I’ve added the ChangeTip version below. Because it’s easy. And everyone should do it. What have you got to lose?

Wearable Data in Court

I read with a mix of amusement and concern the story yesterday about the novel way that a Canadian law firm is trying to lead evidence to prove a personal trainer’s claims of injury following a car accident.

The individual’s lawyers have had the bright idea to use Fitbit data as evidence in court (via Vivametrica, an interesting company that analyses data from wearable devices) in order to support their claims that the woman’s injuries have had an negative and enduring effect on her lifestyle.

Hmmm. A notoriously inaccurate early-generation consumer wearable device providing evidence for litigation. It’s up there with hearsay in the reliability stakes, I’d say. Full points for trying but surely one way to game the system in order to ‘prove’ significant impairment of activity if such stringent standards are to be met might be to, I don’t know, leave your Fitbit off for a while? Go out for a jog and leave the bracelet on the bedside table?

This is in no way an attack on Fitbit. I wore one myself for a long time – until the inevitable (for me at least) happened and I lost it when it fell off my arm unnoticed. Of course, we have no reason to believe that the individual isn’t telling the truth in this case but still, I’m not sure it’s the most solid evidence that court will ever have had presented before it.

Of course, that’s not to say that this type of data will be a far more powerful source of proof in the future. I have no doubt that it will be. It just feels a little bit early with the technology that’s out there at the moment.

And amusing whilst this might be, it’s hard to ignore the fact that this is simply the far less serious side of a much more significant issue for us all as our every move is surveilled for a range of reasons, noble or otherwise. We’re rapidly moving into the stage when the personal data that we continue to leave in our trail on a daily basis will increasingly be mined by third parties in order to make decisions that affect us directly, perhaps providing assumptions about your lifestyle and health expectancy for life insurance purposes for example.

We already have companies tracking every move you make via your mobile of course. When the capture and subsequent release of data regarding your vital functions becomes both attractive to others organisations and compellable in a court of law however, we’re into a whole different world.

 

The Six Walls of Surveillance

I came across a fascinating article recently by writer/artist/technologist James Bridle in which he details his attempts to photograph each of the (visible) surveillance cameras within the London Congestion Charge Zone. It’s part of a project that’s “an investigation into paranoia, electromagnetism and infrastructure” which he’s calling The Nor.

Now there’s a project scope that you don’t come across every day.

I’m not going to attempt to summarise the post here as he’s a great writer and you really should just read it for yourself. But in amongst the tales of being restrained by both private and public security interests during his meander around the City, there’s a fascinating comparison of how physical walls have been used for security (in order to keep enemies out) with intangible walls that are increasingly being relied upon as the years progress (in order to surveil those already inside).

To explain, he describes the six ages of the London wall in that area as follows:-

  • The First Wall: built late 2nd century by Romans, ultimately it forced everyone to access the city via seven narrow gates.
  • The Second Wall: slightly wider in scope, the Ring of Steel was built 1800 years later in response to the Baltic Exchange and Bishopsgate bombings.
  • The Third Wall: with the Congestion Charge Zone in 2003, the wall lost most of its physical constraints as the boundary expanded from the Square Mile to include the West End, powered in part by the introduction of Automated Number Plate Recognition (with records being captured and held without expiry date outside the protection of personal data legislation).
  • The Fourth Wall: to be brought in electronically via transponders carried in cars themselves (similar to this in Stockholm).
  • The Fifth Wall: the tracking of people via mobile phones (via ‘spy bins’ and shopping centres).
  • The Sixth Wall: the round-the-clock tracking of personal data brought by the wearables revolution.

As James himself comments:

“…education and freedom of choice are central to the issue. My wider concern here is that there is little education on this issue and few good ideas about how to educate. Without a deeper understanding of such systems, there is no meaningful choice (or consent) available to most people”

Privacy, security and surveillance continue to shape up to be one of the most important issues for us all moving forwards and, as ever, the UK capital continues to lead the way, for better or worse.

So it seems somewhat apt to finish with a video from one of my favourite artists here, Anais Mitchell, with a song from her ridiculously good Hadestown LP.

What’s it called? Yup, you guessed it: “The Wall”.

Why Science Fiction Shapes The Future

Given recent headlines, both good and bad, I suspect I’ve not been alone in daydreaming about what the future might bring for science. On top of that, and no doubt in no small part due to my choice of recent reading material, that’s also led me to think more about the impact that science fiction has on life – or at least on the possible futures that are being explored by those interrogating the edge of mankind’s knowledge as they focus relentlessly on innovation.

An article in Vox today hypothesises that if we can get over the slightly sniffy view that so many have towards this genre of fiction but instead actively promote its existence to the youth of today, we might just be in a position to change the world. Rather than simply being assumed to be the sole preserve of unsociable geeks throughout the decades, the argument goes that the genre in fact enables individuals of any circumstance to hold a mirror up to modern society and extrapolate either the ultimate demise or potential development of our species over a varying timescale.

Hence within the same section of a book shop, we can go from the burned-out dystopian badlands of an Earth ravaged by global conflict to the more utopian view of life lived within a landscape that (until publication at least) remains tethered to the author’s imagination alone. We can choose to lose ourselves in a society governed by the iron fist of the few, a world in which our current values of liberty and freedom have been eroded – or one united in its common defence against an enemy from lands far away.

To use author Gareth Powell’s words:-

“In this respect, science fiction is useful as a tool, not for predicting the future, but for instead modeling a vast range of possible futures. As our society develops and changes, science fiction is there to show us what will happen if we continue along our current path”

There have been many famous innovators over the years who have taken their inspiration from science fiction of course. But if fiction can in turn act as the gateway drug to bring more people into the STEM fields (Science, Technology, Engineering, Mathematics) that are so vital to our collective progress going forwards, surely this is something that in fact we should be increasingly supporting as a society that is hurtling towards a massive skills gap in these areas?

The topic is on the agenda in some areas. It’s certainly on Neal Stephenson’s radar in any event if you read his essay “Innovation Starvation”. You might have heard of his Project Hieroglyph which he pulled together with the Arizona State University and other top authors in order to build collaboration to provide, “the missing element that scientists, mathematicians, engineers and entrepreneurs need in order to take the first real steps towards realising some novel idea”. A book of short stories was published earlier this year if you’re interested.

I remember Cory Doctorow (who also took part in Hieroglyph) making a really interesting comment on a similar subject a while back (can’t find a link, sorry). From working in a software production environment previously, his point was that, given the fact that it’s crucial for anybody who designs new products to really understand the experience of its users in order to improve it,  story-telling is a vital tool in the toolbox to ensure that this essential level of awareness is possible.

Of course, we’ve all heard the stories about how Star Trek inspired the invention of many new products. As Neal Stephenson said in an NYT interview on its release:

“There’s definitely some kind of a feedback loop between science fiction and technological fact”

If you’re interested in hearing more about the Hieroglyph project, here’s a talk from Neal Stephenson, Cory Doctorow and Ed Finn from an event called ‘Reigniting Society’s Ambition with Science Fiction’ in Seattle on 26th October.

Net Neutrality and the Battle Ahead

Net neutrality is one topic that I’ve not written about before on the blog. There’s been no particular reason to avoid it given how important I view the issue being. But given the wealth of information out there, I do feel that there is so much intelligent and informed commentary already that I’m not convinced I can add a significant amount to the debate. However, given the current battle that continues to rage in the US, it’s as good a time as any to mention it.

The principle of net neutrality in simple terms is the principle that all traffic on the internet should be treated equally. The concern is that without such a principle, internet service providers could (and would) block certain content and applications by virtue of their ownership of the last mile to consumers – think of throttling of resources for data-hungry services, so that video services such as Netflix become unwatchable, for example.

If you’re looking for a simple explanation, I like Tim Berners-Lee’s description of net neutrality:

“If I pay to connect to the Net with a certain quality of service, and you pay to connect with that or greater quality of service, then we can communicate at that level”.

The internet has proved to be such a powerful engine of growth, innovation and creativity precisely because of one decision: to make it an open system. It is crucial that the networks have no power to pick winners for adoption in terms of new technologies and services because the reality is, without a crystal ball, the facts are that in most situations, they would pick the wrong ones.

Distributed and permissionless innovation is a far more powerful foundation for entrepreneurial endeavours that create both jobs and wealth for millions than the alternative, the creation of a closed system controlled by a few gatekeepers. And that’s before we even mention some of the more fundamental rights that are provided by having an open system – free speech and democratic engagement being two that immediately spring to mind.

As Seth Godin wrote earlier this week.

“the core issue here is not whether a big corporation ought to have the freedom to maximise profit by choosing what to feature. No, the key issue is: what happens when users are unable to choose a different middleman?”

It’s been interesting to watch America, who are in a far worse position than the UK around this issue, respond to Obama’s strongly worded statement on keeping the internet open and free a few days ago:-

Unsurprisingly, the big telecoms and communications companies have had a heart attack. Bizarrely, it’s been interpreted as a political left/right argument by some who just don’t seem to get it. Thankfully, many people who do know what they’re talking about in this area continue to blog about it in simple and straightforward terms.

The battle’s far from over after Obama’s intervention last week. But it’s important that we all consider the very real consequences that are on the horizon if the decision goes the wrong way. To quote Julius Genachowski then Chair of the FCC in the US said in 2009, there’s a very real reason why net neutrality is so important:-

“It ís to make sure that, in the 21st century, the garage, the basement, and the dorm room remain places where innovators can not only dream but bring their dreams to life. And no one should be neutral about that.”

 

Dunbar’s Magic Number 150

I came across this tweet from Nick Szabo earlier a few days ago which intrigued me:-

So a bit of digging later and I find out that Dunbar’s number is a suggested limit to the number of people with whom a person can maintain stable social relationships. The concept was developed by British anthropologist Robin Dunbar and, somewhat fittingly, christened by someone on Facebook (according to his TEDx talk).

In essence, you’re unlikely to be able to maintain a social group of more than 150 people. That’s people with whom you have a relationship that involves some element of trust and obligation (as opposed to simply people whose names and faces you’re aware of). Out of that figure, you’ll still only have maybe 3 to 10 ‘close’ friends that you can call up in the middle of the night for help. But the total number of friends is supposedly related to brain size and appears to be a restraint imposed as part of our shared evolutionary inheritance.

Dunbar points out that you need to put in effort (interestingly, that predominantly takes the form of conversation in the case of women but shared activities in the case of men) in order to cultivate those close friendships, with any relationship requiring the passage of time to become stronger.

Anyway, the point here really relates to the development of social networks which we all now use to overlay our physical, face-to-face daily relationships. The theory goes that as humans we’ve been able to cultivate larger groups of friends than primates because of our development of speech which enabled us to communicate with far more widespread collections of people away from our close ‘tribes’.

As you would expect, Dunbar’s research has been looked at very closely by the modern networking giants, such as Facebook. Indeed, Path (the social network that is currently struggling to grow despite significant investment) which has always sought to differentiate itself from Facebook has always been structured on the basis that a user has a fixed limit of 150 friends that he or she can befriend with his or her account as a result of exactly the same principle.

To me, 150 seems a high figure. To many, it will seem too few. I suspect that that’s always going to be the case with an arbitrary figure as an output from research. But to me, it’s particularly interesting to see how this figure has actually been adopted for use elsewhere. Take a look at W.L Gore for example. A company that’s often lauded for its innovation and fantastic employee working environment, they’ve had a rule from the start that requires teams to never grow to a size that’s much greater than the magic 150 that Dunbar’s research suggests is optimal.

For all the technology that we surround ourselves with, and the increasingly efficient tools which we choose to communicate instantaneously, it appears that face-to-face, direct discussion still rules the roost.

 

LinkedIn “Not Good For Bad Employees” Shocker

I was reading today that LinkedIn are facing a lawsuit from a few individuals who claim that the site has done the opposite of what is was created to do – namely hampered their job prospects.

The proposed class-action lawsuit has been brought by four individuals who claim that the site’s ‘Reference Search’ facility – an option open to paid users which lets them identify individuals who might have worked with someone at a business during a certain time – had resulted in them being turned down for jobs. The implication is that there was some less-than-complimentary feedback about the individuals that was uncovered as part of the research.

Their case is based on a old piece of US legislation from 1970 known as the Fair Credit Reporting Act. This basically says that if you give information about individuals to third parties so that they can carry out pre-employment checks, you have a legal obligation to ensure that the information is accurate – plus the third party has to inform the individual is being denied a job because of such information.

Now, in the absence of a DeLorean, I don’t think anyone’s claiming that the legislators could have reasonably foreseen the internet, let alone the growth of social media platforms when they drafted the Act. But even ignoring that, it seems to me that the plaintiffs’ premise is flawed on a number of fronts – not least, because all of the information about their old work colleagues is freely available on LinkedIn already. All that the ‘Reference Search’ facility does is simplify the search process, by matching up companies and dates of employment with others, as a perk of subscription.

As I understand it, anyone with the same motivation could, if they chose, just sit down and dig into the data to find individuals who were potentially ex-colleagues of job applicants before then making direct approaches with InMail to seek unsolicited references.

Reputation’s an interesting area – and one’s that continues to evolve with the growth of our digital world. Each of us subconsciously reveals a slightly different side to ourselves according to the environment that we find ourselves in during different parts of the same day. But when you gift all of your professional information (and more) somewhere like LinkedIn, surely you should be taking the rough with the smooth. It makes it infinitely much easier for others to find you (and, by extension, to employ you) – but at the same time, the importance of leaving a high-quality trail of experiences in your wake increases also. There’s not many cupboards left for those skeletons to hide in these days.

Part of the issue here I suspect is that people start to believe that as the so-called ‘professional’ platform, LinkedIn is just a virtual land within which you have complete control of the publicity that surrounds your working life. And most of the time, of course, it is exactly that, with its unbalanced  endorsement mechanisms for example. But the reality is that the technology itself is neutral. If you’ve left a wake of bad work experiences in your wake, then you’re probably not in the best position to start complaining.

But what about the malicious ex-colleague who you never got on with? Well, that’s where things do start to get more complicated admittedly. But whether LinkedIn is the method by which someone finds these people or not, it’s hardly the company’s fault that they exist.

Whilst I’m on the topic of identity and reputation, if you’re interested in the topic at all, I recommend you take a listen to great episode of the LetsTalkBitcoin podcast earlier this week. Titled ‘The Philosophy of Identity’, it’s another great discussion on topic on the back of Chris Ellis’ latest project, the ‘World Citizenship Passport’.