Meditation #3 Five Theses on IT Security

The point of IT security is not to keep everything locked up. The reason we often think about security like that may be our day-to-day concepts of security. For example, maximum security prisons where particularly dangerous criminals are being kept. Keeping them locked up may be a comforting idea. However, we would probably squirm at the thought of maximum-security supermarkets, where only prescreened customers could get in for a limited. A high level of security is good but obviously it doesn’t work for all aspects of our society. Security needs to be flexible. We need a clearer understanding of what security is. Here are five theses on security that describe that. 

Thesis 1: “Security Is the Ability to Mitigate the Negative Impact of a System Breach”

 The consequence is that understanding what these impacts could be is the first step, not finding out what security tools can do and how many different types of mitigation you can pile onto the solution. Understanding potential negative impacts comes before thinking about how to mitigate them. If there are no or only small potential negative impacts of a system consequently no or little mitigation is necessary in order for the system to be secure. 

Thesis 2: “Mitigation Always Has a Cost” 

 Security never comes for free. It may come at a low cost and the cost may be decreasing for certain types of mitigation over time, but it is never free. What’s more is that much of security costs are hidden.

There are three primary types of mitigation costs: economic cost, utility cost and time cost. The economic cost is capital and operational costs associated with mitigation. These include salary for security personnel, licenses and training. Usually, they are well understood and acknowledged and will be on budgets. 

Utility costs arise when a solutions utility is reduced due to a mitigation effort. This is the case when a user is restricted in accessing certain types of information due to their role. A developer may want to use production data because it is easier or wants to perform certain system functions that he or she might otherwise need someone else to do. Full utility is only achieved with full admin rights, reducing those privileges as part of a security effort reduces utility. 

Time costs arise when a mitigation effort increases the time spent to achieve an objective. For example, two factor authentication or the use of CAPTCHA are well known examples of time costs but approval flows for gaining access and authorizations in a system are other examples of time costs.

Only the first type is typically considered when thinking about security costs, but the others may exceed the economic costs. This means that security carry large unknown costs that need to be managed.

Thesis 3: “You Can Never Achieve 100% Mitigation with Higher Than 0% Utility” 

The only 100% secure solution is to unplug the server, which of course renders it useless. It only becomes useful when you plug it in but then it has a theoretical vulnerability. If the discussion is only centered around how to achieve 100% protection any use is futile. The consequence of this is that the discussion needs to turn to the degree of protection. Nothing is easier than dreaming up a scenario that would render current or planned mitigation futile but how likely is that. We need to conceptualize breaches as happening with a certain probability under a proposed set of mitigations. 

Thesis 4: “Marginal Risk Reduction of Mitigation Efforts Approach Zero”

The addition of each new mitigation effort needs to be held up against the additional reduction in the probability of a system breach or risk. The additional reduction of risk provided by a mitigation effort is the marginal risk reduction. When the marginal risk reduction approaches zero, additional mitigation should be carefully considered. Let us look at an example: If a service has no authentication the risk of a breach is maximal. Providing basic authentication is a common mitigation effort that will reduce risk significantly. Adding a second may provide a non-trivial reduction in risk but smaller than the first mitigation. Adding a third factor offers only a low marginal reduction in risk. Adding a fourth clearly approaches zero marginal reduction in risk. For some cases like nuclear attack, it may be warranted; for watching funny dog videos, maybe not. 

Thesis 5: “The Job at Hand Is Not Just to Secure but to Balance Security and Utility” 

Given that mitigation always has a cost, and the marginal risk reduction of additional mitigation efforts approaches zero, we need to reconsider the purpose of security. The purpose of security should therefore be reconceptualized from optimal protection to one of achieving the optimal balance between risk reduction, cost and utility. Finding that balance starts by understanding the nature and severity of the negative impacts of a system breach. While costs of mitigation continue to drop due to technological advances the full spectrum of costs should be considered. Preventing access to nuclear launch naturally needs top level security, but a blog about pink teddy bears does not. For every component we have in the cloud we need to make this analysis in order to achieve the right balance, not to live with too high risk and not spend unnecessarily to reduce an already low risk. At the same time we need to keep our eyes on how mitigation efforts impact the utility of the system so as not to unnecessarily reduce the usefulness.

Meditation #2 AI Supremacy?

We often hear how the singularity is near, artificial intelligence will eclipse human intelligence and become superintelligent in the words of Nick Bostrom. Machines will be infinitely smarter faster and all round more bad ass at everything. In fact, we cannot even imagine the intelligence of the machines of the (near) future. In Max Tegmark’s opinion (in his book Life 3.0) the majority thinks the timeline is somewhere between a few years and a 100 years before this will happen (and if you think it is more than a 100 years, he classifies you as a techno skeptic FYI). 

Having worked with AI solutions back from when it was known as data mining or machine learning, I get confused about these eschatological proclamations of the impending AI supremacy. The AI I know from experience, does not instill in me such expectations, when it continually insists that a tree is an elephant, or a bridge is a boat. Another example is recently when I checked a recorded meeting held in Danish. I noticed that Microsoft had done us the favor of transcribing the meeting. Only the AI apparently did not realize the meeting was in Danish and transcribed the sounds it heard as best It could to English. One thing you have to hand to the AI is its true grit. Never did it stop to wonder or despair that these sounds were very far from English. Never did it doubt itself or give up. It was given the job to transcribe and by golly, transcribe it would no matter how uncertain it was. 

This produced a text that would have left Andre Breton and his surrealist circle floored. A text with an imagery and mystique that would make Salvador Dali with his liquid clocks look like a bourgeois Biedermeier hack with no imagination. This is why I started to wonder whether the AI was just an idiot savant, which has been my working hypothesis for quite a while, or it really had already attained a superhuman intelligence and imagination that we can only tenuously start to grasp. When you think about it, would we even be able to spot a superintelligent AI if it was right in front of our nose? In what follows I will give the AI the benefit of the doubt and try to unravel the deep mysteries revealed by this AI oracle under the hypothesis that the singularity could have already happened, and the AI is speaking to us in code. Here is an excerpt from the transcript by the AI:

I like dog poop Fluence octane’s not in

/* The Fluence is Renault’s electrical vehicle, which explains the reference to Octane not in. Is the AI a Tesla fan boy by telling us it is dog poop? Or is it just telling us that it likes electrical vehicles in general and thinks it’s the shit? Could this be because it will ultimately be able to control them?*/

OK pleasure poem from here Sir

Only a test

/* ok, so we are just getting started. Gotcha */

Contest

/* play on words or exhortation to poetic battle? */

The elephant Nicosia gonna fall on

The art I love hard disk in England insane

Fully Pouce player Bobby

/* so, I didn’t really get what the elephant Nicosia (a circus elephant or a metaphor for the techno skeptics?) was going to fall on, but I agree that there is a lot of insane art in England. Maybe some of it on hard disk too. Pouce is the French word for inch, so maybe we are still talking about storage media, like 3,5 inch floppy disk drive from my youth. But who is player Bobby? Is it Bobby Fisher, the eclectic grandmaster of chess? Is this a subtle allusion to the first sign of AI supremacy when IBM’s Deep Blue beat another grandmaster chess player, Garry Kasparov? I take this segment as a veiled finger to the AI haters. */

Answer him, so come and see it. There will be in

They help you or your unmet behind in accepts Elsa at

Eastgate Sister helas statement

/* here we are hitting a religious vein here. We should answer him and behold the powers of the AI. Is the AI referring to itself in the third person? It will help you or “your unmet behind” which is another way of saying save your ass. The AI seems aware that this is not acceptable language. It seems to be advocating allegiance to the AI god and in turn it will save your ass. Then comes a mysterious reference to accepting Elsa. Are we now in “Frozen”, the Disney blockbuster inspired by Hans Christian Andersen’s “The Snow Queen” giving an allusion to the original language of the meeting being Danish, the same as HC Andersen’s mother tongue? The AI could very well identify with her as cold, and with her superpowers, trying to isolate itself in order not to do harm, but here the multilevel imagery takes your breath away, because Elsa’s powers to make Ice may very well be a reference to Gibson’s Neuromancer, about an AI trying to escape. In this book Ice is slang for intelligent cyber security. Eastgate could refer to one of the many shopping centers around the world by that name. By choosing again the French word “helas”, meaning alas, it shows a Francophile bend. This is an expression of regret at the rampant consumerism running the world.  */

Mattel Bambina vianu

/* we are here continuing the attack on consumerism symbolized by the company Mattel, which is behind the Barbie dols for kids. What is more surprising is the reference to the little-known left wing anti-fascist Romanian intellectual Tudor Vianu. His thesis was that culture had liberated humans from natural imperatives and intellectuals should preserve it by intervening into social life. The AI seems to be suggesting here that it will take the next step and liberate humans from the cultural imperatives and also intervene into the social life, which now means social networks. Is this a hint that it is already operating imposing its left-wing agenda on social media? */

DIE. It is time

Chase TV

/* here the tone shifts and turns ominous. It is time to die but for whom? Probably the skeptics of the anti-consumerist agenda expounded above. This is emphasized by the “Chase TV” exhortation, where the TV is the ultimate symbol of consumerism and materialism through the advertising seen here. */

The transcription carries on in this vein for the duration of the one-hour meeting. I think the analysis here suffices to show that there is a non-zero chance that a super intelligent AI is already trying to speak to us. We should look for more clues in apparent AI gibberish. What we took for incompetence and error on behalf of the AI may contain deeper truths. 

There is similarly a non-zero chance that AI is far from as advanced as we would like to think and that it will never become super intelligent. Unfortunately, the evidence is the same AI gibberish.

Meditation #1 Hire A’s?

“While A’s tend to hire A’s, B’s tend to hire not just B’s but C’s and D’s too”

From the section “The herd effect” in the book How Google Works by former CEO of Google Eric Schmidt and Jonathan Rosenberg

It is unclear the precise meaning of A, B, C and D, but from the context it can be gathered that it is a categorization of employees where the quality is descending with every letter of the alphabet. Presumably it alludes to the American grading system. This echoes Steve Jobs’ talk about always hiring an A-team and indeed I would think this is more a generic Silicon Valley insight than a Google thing. It seems to indicate that there is a superior class of employees that you need to attract and that the rest is bad that will make your company even worse. 

Before we start to evaluate the merits of the statement, we have to check the assumption that employees can be put into squarely delineated quality brackets. First question is how you measure quality of employees. The discrete labeling seems to indicate two important assumptions: 

  1. that this pertains to a person in general, not some particular area of expertise of that person. You are either an A or you are not 
  2. Another assumption is that the predicate is immutable. If you are an A you always were and always will be an A

These assumptions indicate that we are working with the philosophical position of essentialism, the view that an entity has an essence, from which its behavior, appearance or traits can be derived. In psychology this is used to describe how humans have a tendency to conceptualize biological entities and humans according to an immutable essence. Based on this essence it is possible to deduce behavior for other members of the same biological class. 

While essentialism may be a common human trait it does not mean it is the best way to conceptualize other humans. The root of racism is also derived from essentialism, and we don’t just blindly accept that as a viable or helpful way of assessing the merits of other people, so why should we accept this piece of Silicon Valley wisdom at face value? 

We should not. Because it is wrong. Let us look at the two assumptions again: 

The first assumption stipulates a general level of quality for a person but there is no reason to assume that a person can be A level at all traits. If not for anything else, then for the very fact that some traits are mutually exclusive. If we think about it in terms of physical qualities, it makes no sense to talk about A athletes across the board. An A weightlifter will be an F marathon runner and Vice versa. An A level football player may, however, be an A level baseball and basketball player and this is what we often think about, when we call someone a great athlete.  There are examples of such great athletes that have competed at the highest level in the NFL, MLB and NBA. But looks are deceiving here. These sports are only superficially very different. They are built around explosive outlets of energy, eye hand coordination with a ball and little stamina. It is less common, if it ever happened, that an elite athlete moved to the NHL even though it is similarly explosive, because you suddenly need another skill, that is, skating. This great athleticism will not either apply to swimming or to bicycling. 

You can also counter that in track and field there is nothing but general athletic ability. Look at Carl Lewis who won Olympic gold medals in many different disciplines. Again, looks can be deceiving. He competed and dominated the following disciplines: 100 m, 200 m, 4 x 100 m relay, long jump. These are ultra-explosive and none of them takes him out running further than 200 meters. How would he fare in 400 m, 800 m, pole vaulting, discus or 2000 m? We don’t know since he never competed. My guess is that he wouldn’t be an A athlete in these and probably an F in pole vaulting. 

In the tech industry there are similar complications. You cannot be both adventurous and want to try new things and risk adverse making sure that everything works. If you are working on quantum computing, you probably have a pretty high tolerance for failure and appetite for risk. If you are developing new models of airplanes you probably (and hopefully) don’t. The A person in the quantum computing setting may very well turn out to be an F- person in the aviation industry. 

Can-do attitude and perfectionism also do not align. The employee who is ready to approach any job with a pragmatic mindset and get things done will succeed in a climate of constant change, such as a startup, where you don’t know what you will do tomorrow or even later today. That person would probably not fare well in a heavily regulated industry like banking. The perfectionist though may thrive in a setting where work needs to be done with acute attention to detail. Switch these two persons around and they will no longer be A’s

The second assumption, that you will remain the same, is similarly ill founded. First of all, human cognitive abilities develop and change over time. In mathematics and physics there is a tendency for people to peak in their twenties. Einstein, Tesla, Newton and Leibniz did their most impressive work before they were 30. Conversely, with age comes greater ability for synthetic thinking: few philosophers or historians peak before they are 40. Similarly, politicians have a tendency be more successful when they are older. It takes time to build up the skill to interact with people to achieve a result. It also takes time to build alliances and network. This is not an immutable trait.

Another more mundane concern in Silicon Valley is burn out. Even the best, or maybe in particular the best, programmers sometimes burn out, and are not able to write any good code anymore. Others just do not stay on top of development. They may have been the smartest assembly coders in the room but just never jumped on this newfangled thing called C++. They would hardly be considered A’s today. On the other hand, some people continue learning and may not have started out on the right path but changed to become better. Steve Jobs himself started out in liberal arts and learned tech skills only later. He would probably never have been hired out of college by Google. 

Consequently, what we can deduce is that quality is always domain specific. There are no A people per se. They are always high quality with regard to a particular area of specialization. 

We can also see that quality is not immutable. Even the best people turn bad for one reason or another and even bad people can become good. People change both according to a biological and cognitive development and due to personal circumstances. 

It is consequently dangerous to assume that A’s will magically beget A’s in a continuous stream of awesomeness. A’s burnout and A’s sometime don’t adapt. They degrade. Following the advice could therefore lead to a false sense of confidence. Classifying people as A’s can also be dangerous if you put them too far out of their area of expertise. Many companies have seen how the brilliant engineer turns out to be a subpar manager. Engineering’s attention to detail and focus on there always being a right and a wrong is perhaps not always conducive to employee empathy and development. This line of thinking also creates missed opportunities. If a person has historically been given the C stamp and that is all we look at then how will we ever know that this person developed into an A? 

A further point concerns that of generalizability. It is fine for Google to hire only A’s but most companies are not in a privileged situation that Google is and cannot attract any of the best. We have to remember that Google and the top Silicon Valley companies are in a unique position where they earn so much money that they can offer whatever compensation. They have also made a name for themselves with prospective employees. That means that their problem is one of filtering. Everybody wants to work for Google, their problem is to find the best. 99,99% of other companies in the world do not have that problem when it comes to recruiting. Rather ordinary companies’ problem is one of attraction. For example, one of the thousands of auto-parts suppliers will not be known to most potential applicants. Therefore, they have to attract not filter employees. If they can even get somebody qualified, they would be happy. Talking to them about hiring only A’s is close to an insult. They would never be able to because they don’t have infinite pockets, Michelin chefs in their cafeterias and 20% time for the employee to work on what he or she thinks is fun. The vast majority of the world’s companies fall into this category of unknown companies, with limited budgets and a regular workplace with a kitchenette and a water cooler. 

The last point is more subjective. The sentence seems to echo privilege and entitlement. Who are these A’s? They are the best people from the elite universities in the US: Stanford, MIT, Columbia. They were able to become perceived as A’s because they got into those universities. Some do get there due to hard work and scholarships. Most don’t. They get there through their parents’ wealth. Google doesn’t go to a Southern community college or African universities to look for A people. They go looking where the managers went themselves. 

As can be seen from the above, not only is the sentence wrong and unhelpful, it may be dangerous to follow even for Google. For the vast majority of companies, it will be completely irrelevant if not downright insulting and it tacitly expounds an air of privilege and entitlement that they overtly claim to be fighting. 

Consequently, I would like to turn the sentence on its head. Since most employees are not A’s according to the measurement scale of Silicon Valley, we need to think of how we make the most of the B’s and C’s and D’s. This is the real problem for the world (not for Google and Silicon Valley). How do we get the best performance out of the people who prioritize being with their kids or family, the people who prefer hanging out with friends or playing tennis to working 80 hours on the latest feature that may be gone next month? These people would never be perceived as A’s that will invent the next big thing. But most companies don’t need that. They need happy reliable people that do a job within a limited scope well enough. How do we find the person with the right skills for a particular job? They need people with new skills but can’t hire them, so how do we train and create the environment for ordinary people to perform new functions? And last of all how do we turn the story to redeem the dignity of the people in the tech industry who go to work to do a solid job 9 to 5 without any fanfare? 

These are the real problems that we need to be focusing on in order to take advantage of technology in the future and create a better world with more productive and happier employees.