TWIT 793: The J to J Protocol

Beep boop - this is a robot. A new show has been posted to TWiT…

What are your thoughts about today’s show? We’d love to hear from you!

Sorry, @Leo, but who gives a flying fig about the new iPhone. This is why I listen to twit. Great show this week, taking about things that really matter.

I come here to waldorf-and-statler sometimes - and I shall come here to applaud: excellent show this week! Amy and Cory were very well matched, open-minded, insightful, and the discussion dove in at the very deep end. Each on their own can be a bit overwhelming - but together, it works very well. This put Leo at the position of the proxy to the listener to guide the discussion by his interest. Very well done!

He didn’t seem to care much about it either. I think he was mocking the new iPhone. Not that it’s bad, but just that it seems to be all about 5G when 5G isn’t even a thing yet.

Agreed - I so love this episode! We all know how smart Cory and Amy are, but I’m even more impressed every time I see them!

+1 to Cory for the multiple wrestling references

Only 38 minutes in so far, and this is oh so good!
I love that the non-news of the iphone was skipped over since there is nothing new to talk about as it is just a point update with 5G.
Lots of good discussion about important and relevant issues.

I really wish Fr. Robert was a part of this episode. When you start dealing with issues of morality, then you need some framework to discuss as a frame of reference.

And what I think wasn’t discussed is the fact that a lack of morality is itself a moral framework. The morality of the tech industry has been shaped by the morality of those who have led. Uber’s morality, such as it was, was shaped by Travis Kalanack - which is why you saw things like Grayball. Facebook’s morality is shaped by Mark Zuckerberg.

The problem is that we’re trying to codify a moral standard that is seemingly independent of ways moral standards were created - which is by religion. Many of our laws have their root in religion, like ’ thou shalt not kill’, ‘don’t lie’, ‘don’t commit adultery’, etc.

The crux of the matter is that technology is a tool. The things it is used for are determined by those who know such tools. So if the person using the tool is amoral, then the things built with the tool will reflect amorality. I don’t have an answer - but I do know that if we want technology (and the businesses that use it) to reflect a positive moral framework, then those who build the technology have to likewise at least an understanding of that same positive moral framework.

Oh, and I thought this was one of the best episodes in several weeks. The issues were substantive and Amy and Cory were incredible panelists and perfect for the subject matter. Well done!!

I was absolutely floored of the accusation the president was unabashedly racist, including being anti-Semitic. During a tech show.

The president moved the embassy to Jerusalem. Moving the embassy has been law since 1995 yet the three previous administrations did not do it.

The US has brokered peace between Israel and Bahrain, and Israel and UAE.

Like the president or not, these three things are pro-Israel and are making peace in the middle east more likely. These things are not something an anti-Semite would do.

@vernonlvincent Just to be pedantic, morality comes from society. Religion influences the culture of the society, but it is not the source of morality. The code of Hammurabi is the oldest recorded laws against murder and theft and are not religious in origin.

Religion also has lots of immoral laws included with it. The prohibition against murder you cite, according to the text was originally interpreted to apply to fellow followers of the same faith. Outsiders are fine to be murdered and encouraged.

I agree with you 100%.

On a past forum post here, a few months ago… Leo said he would never have any people who are pro Trump on any of his shows… So, how can any of us be surprised?

Apparently his opinion of anyone that is pro Trump is negative. Why? Because so many people have listened to the 99% negative coverage said about Trump… Some of the largest opinion topics that make people hate Trump are not even true… But you’d never know that listening to the news…

So, what do you expect would be said about Trump when someone on one of the podcasts ventures into the topic of politics? There are no valid comments of opposition or a different point of view to be offered… It becomes group think…

Here is the quote:

I don’t expect other folks to believe what I believe. We’re all adults. But I do expect a modicum of professionalism in all our interactions. You just can’t call someone something because you don’t like them.

I don’t care to label folks anything. I may not care for Bezos, or Mark Zuckerberg, but I can’t they are the anti-Christ or the best thing ever.

I love most of what I get to learn and laugh about on TWiT. But when you start having bents for/against certain political/religious beliefs, why bring them up?

Being anti-semitic is actually one of the very few things that not even Mr T’s staunchest critics can hold up for long. Noticed that, too.

Let’s concede that the President is not overtly anti-Semitic and treat his statement that ‘The only kind of people I want counting my money are short guys that wear yarmulkes every day’ as a compliment. This does not mean he is not racist. His comments about Mexicans and Moslems sound racist to most people and have been repeated often enough that the charge of racism stands.

The treaties between Israel and Bahrain and Israel and the UAE are not peace treaties, they are trade treaties, and the US did not broker them.

What’s the company that assassinated all the witnesses in the lawsuit? Can someone link to an article about this?

Commerce can continue without excess profiteering of data aggregation: ban its gatherance, ban its transferrence. This was the one thing Zuboff had right. Aggressively minimize its creation with encryption and robust decentralization and anonymization. The prospect of greater profit through future-casting and/or manipulation/influence upon behavior is a delusion inthat its destabilizing effect will dismantle the means for enterprise itself other than to the extent it facilitates authoritarianism as the proxy for “accepted” behavior suitably controllable. Neither morality nor religion do anything but muddy the waters with mythos: ethics and humanitarianism suffice.

I was gratified that Doctorow IMO demolished Webb’s transparently self-interested defence of her clientele’s interests and designs upon data markets and rationalizations against “threat modeling” (those threats being to profit) by hilighting how in vivo data is inextricable from its context which yields information beyond any given party making “ownership” a non-sequitur and having the clarity of mind to assert that penalties must be sufficient to countermand corporate myopia (I don’t necessarily fault Webb personally as she demonstrates with her private behavior as decribed on past shows a firm grasp of the gravity and severity of the threats both tech and its force-agents reperesent, and I see her as attempting to shepherd them against their propensities toward self-destruction and its attendant unspeakable collateral damage, but that doesn’t give me any less dim a view on her rhetoric; I certainly credit her subsequent gravitation toward that reframe).

I really appreciated Webb’s push-back against Leo’s misguided/misframed grasping for religion and/or morality, but she failed to reject corporate access to personal data (beyond the unavoidable to serve consumers) and so IMO failed the minimum ethics standard required for society to cohere. Her assertion of privacy’s contemporary infeasibility for most users against Doctorow’s condemnation of serfdom was dastardly cynicism masquerading as pragmatism, though the silver lining was her groping toward a non-corporate repository of personal info, which is exactly what private encryption and anonymization would provide on an individual basis if done right. The way to facilitate that is abolishing the formation, possession, and transfer of such information by 3rd parties other than unavoidable for the actual commerce directly fulfilling a consumer’s explicitly expressed demand, as aforementioned. I have confidence Webb can find a line of work in such an environment not handmaiden to authoritarian oligarchy.

On the subject of apathy, protestations against and/or denouncements of privacy concerns as ostensibly overbearing IMO cannot be read as Webb would have them to be a vouchsafe for their abandonment/violation’s endorsement not merely as Doctorow holds on speculative grounds but because such reactions are in my view borne of resentment of consumers’ own ignorance, which is to say the need to grapple with any of it at all beyond their own prerogatives, a yearning IMO for precisely the caliber of solution I propose: far from an endorsement of corporate coreography, it is a yearning for private discretion!

How best to facilitate commerce under conditions of maximal anonymization is a project best undertaken, I think, by the free software community, but by no means do open standards preclude participation by profiteers. On the Internet of tomorrow, no corporation can feel any more than an ear or a snout or a hoof at once, and none of them can ever know whether or not you were likelier to have been an elephant, a giraffe, or even a gnat their malfunctioning sensory faculties and presumptive inferrences mistook to have such features.

Webb’s “quantitative” seems tone-deaf to the vital critiques of inherent bias to data formation, gatherance, etc., though again I would add her heart seems to be in the right place and her focus on it seems to be as a nearest proxy cognizable to the force-agents of tech/capital she’s made her clientele for roughly admirable reasons, but I just have to cringe when I hear her championing her legitimately laudable publication of her source data as any 1st necessary step on a path leading toward insight: questioning what data there is and reflecting on what cannot be captured and why could easily prove far more productive, enlightening, and beneficial, IMO (not that she would disagree with that, but I sure didn’t get the sense she held such perspective to be of comparable relevance).

One thing that keeps getting me with @Leo is the constant “I don’t understand GDPR, except that I keep getting the cookie warning.”

The cookie “warning” has been thrown out for about 2 years. It isn’t sufficient to state that the site uses cookies. They must offer an opt-in on cookies and tracking. Allowed cookies are first party cookies that keep track of where you are on a site, shopping basket etc. You have to opt into 1st party analytics, 3rd party analytics, 1st and 3rd party tracking etc.

A few companies tried to make it the other way round (everything opted-in on the selection form and you had to manually disable the 70 odd trackers they listed), but that is illegal. What a lot are now doing is defaulting to off, but showing the “accept selection” in pale text on a pale background, whilst “accept all and continue” is highlighted with a bold colour combination. A lot of people see the continue and click on that by mistake.

But, to what GDPR really is and says: It says that you:

• collect the absolute minimum of data in order to be able to do perform the transaction with the customer
• hold the data for the minimum amount of time required to fulfil the customer relationship (3 months, I STR, is considered enough)
• collected data has to be deleted upon request
• collected data must be automatically deleted after the time in 2 is reacherd
• you cannot use the data for any purpose other than for what it was collected
• you cannot sell the data or share it with a third party (including government agencies) without getting the written permission of the identifiable persons or a valid EU warrant

That is very simplified and there are, obviously, exceptions. For instance tax relevant information, including financial transactions, are covered by tax laws and generally the information has to be held for 10 years. Likewise, purchase information, for the purposes of guarantees have to be held until the guarantee runs out (generally a minimum of 2 years in Europe)

Examples of things that should/have to be done:

• sever log files must be anonymised (IP the last 2 octets of IP addresses have to be removed from a log file). There are exceptions, if you are actively investigating an attack or misuse of a site, you may keep them for the duration of the investigation, but generally, the logs should be anonymized when they are rotated.
• A company of more than 25 employees (German implementation) needs to assign a Data Protection Officer, they must see that the company conforms to the law. They cannot be a manager or director, they report directly to the board and they cannot be fired during their term as a DPO - this is similar to positions like a Health & Safety Officer, they are independent and cannot be fired for pointing out the failings of the company to the board and ensuring that remedial action is taken.
• The DPO must be included in all IT projects from inception, to ensure they conform to GDPR. A project that waits until testing or go-live to get DPO involvement is not compliant with GDPR.
• Data breaches or misuse have to be reported to the local GDPR regulator within 72 hours of discovery
• Affected identifiable persons must be informed without delay, if their data is part of a breach or misuse.
• Access to data has to be restricted to a need-to-know basis - you cannot leave all data open to all employees (somebody on the production line doesn’t need access to the customer list, somebody in sales doesn’t need access to the suppliers list and vice versa, directors, generally, don’t need unrestricted access to customer, supplier and personnel information in order to be able to perform their jobs).

Even IT administrators should have only restricted access to data and should not access data outside their remit. For instance, at work none of us admins work with administrator privileges during day-to-day operations. We explicitly log onto a service with administrator rights, when we need to. Our standard users have no access to data outside of organising the day-to-day running of the systems.

If we need access to additional areas, we have to get permission of the data owners and we have to remove access once the task has been completed.

That we have access to administrator privilege accounts is a double edged sword, we are explicitly not allowed to use them as standard and we are not allowed to use them to view data not relevant to our job function, but an administrator account can see most data, which is in a grey zone. Ideally, such operations requiring the administrator account should only be performed with oversight, or have restricted access to data, in practice, you can’t have someone watching over your shoulder every time you have to recover a file for a user etc. Therefore a certain amount of trust has to be there. But our DPO is very strict and checks regularly that there is no misuse of data.

It is possible to exclude the administrator from certain data (and in our ERP and DMS systems, for example, we can perform administrative tasks, but don’t have unfeterred access to all data), but Windows is less practical in that respect, you can exclude the administrator from certain folders, but it is a pain to manage and they can add themselves back in, or they could use the backup account, which needs read access to everything in order to backup a system).

That is a brief and not 100% accurate (there are more exceptions and minor rules), but that is the jist of how it all works.

One of the biggest problems for us at the moment is the Privacy Shield being declared null and void. That makes using any cloud service with ties to the USA somewhere between dodgy to illegal. We use Microsoft 365, for example, but we cannot store data in OneDrive or SharePoint Online and we don’t use Exchange Online.

I beg to differ on this: Hammurabi was the first one to write laws and use religion to influence people to follow his laws. Hammurabi used the fear of religion to enforce and justify his rules. Hammurabi also used religion and the gods to explain why he was king.

Apparently you didn’t see the iPhone presentation or specs