All Posts in Strategy and Tactics

|In: Industry Commentary|Last Updated:

We need reliable bot detectors.

The irresistible subject is Facebook, about which you’ve probably read more than enough to make your eyes glaze. Nonetheless, bear with me, because, as pointed out in this space not long ago, the central problem isn’t data privacy or policy enforcement failures.

No, bots, not Facebook’s data usage policies and violations thereof, are the central problem here. The reason it’s the central problem is that bots scale. Human beings don’t.

And just as Twitter’s failure to implement and deploy bot detectors directly led to zillions of bot-amplified tweet-storms during the 2016 election, so bots are the reason 50 million Facebook subscribers were caught up in the latest fiasco.

Bots and their detection and prevention are the big under-reported issue here, because until it’s addressed, even the most ingenious terms-of-use policies will have all the impact of an eye dropper in a forest fire.

Even if you don’t use Facebook, you and the business you support might nonetheless be on the front lines of the war against the bot apocalypse.

Bots scale. Humans don’t. That’s at the core of Facebook’s data breach. That’s because the initial breach wasn’t a breach at all. A researcher paid a group of Facebook users to take a personality test and to share personal information … a perfectly legal transaction.

Then came the bots, in the form of a crawler that, starting with this list of identified Facebook users, navigated their networks so as to harvest information from 50 million users who hadn’t given their permissions.

This is the nature of social networks: They are networks, which means that from any node you can navigate to any other node.

If the aforementioned researcher were to personally try to harvest data from 50 million connected Facebook subscribers, my back-of-the-envelope calculations say Facebook would have ceased to exist centuries before he finished the job.

But add bots to the mix and you get a very different result. They can crawl the nodes of a network orders of magnitude more quickly than a human can. That’s how they’re able to harvest personal information from millions after only receiving permission from a relative handful. Facebook purportedly disabled the ability to harvest friend data from its API in 2015. All this means is that instead of invoking the API, bots have to screen-scrape instead, which in turn means the bot is impersonating a human being.

Add this: Like it or not, we’re rapidly mastering the discipline predicted in Isaac Asimov’s Foundation Trilogy. He called it “psychohistory,” and its practitioners knew so much about human psychology that they could manipulate people to do just about anything. Asimov optimistically made psychohistorians a secret, benevolent group. Unsurprisingly, our actual psychohistorians are using their techniques to create robotic human impersonators that manipulate actual humans more for power and profit than the greater good.

Why would we expect anything else?

If you’re wearing your business/IT priority-setter hat right now, my best advice is, sadly enough, don’t unilaterally disarm. Your competitors are, or soon will take advantage of these techniques and technologies to sell more products and services. From this perspective you’re in an arms race. If you aren’t actively monitoring developments in these area and working with the business strategy team to see how you can profit from them, it won’t be long before you’re replaced by someone who understands these matters.

But if you’re wearing your human-who-doesn’t-want-the-bot-apocalypse hat, you might why Facebook, which is investing heavily in artificial intelligence research and development, doesn’t devote more of its R&D budget to bot detection … like, for example, any of it?

My guess: Facebook is investing heavily in human impersonation. It’s in the bot business … chatbot technology, for example … so why would it also develop bot detection technology?

Especially when its customers … businesses … see direct financial benefits from being able to deploy convincing chatbots and other human impersonations and no obvious profit from detecting such things.

Because make no mistake about it, you might be a Facebook user, but you aren’t a Facebook customer. Facebook follows the standard media business model. As pointed out in this space back in 2002 in the context of newpapers and television, when it comes to most media, you aren’t the customer. You’re the product. And in the world of business, it’s the customer who’s always right.

Products like us enjoy no such privileges.

Comments

|In: Business Ethics|Last Updated:

I know I’m going to regret this … and I promise, I will connect it to practical business concerns.

Last week’s possibly satirical discussion of non-human entities we’ve created and given power over us to (“Who needs Skynet,” 2/12/2018) led to a lively discussion in the Comments section, including a controversy in juridical circles as to whether, when the First Amendment mentions “the press,” the protections are supposed to apply to the technology and its use or to the institutions commonly referred to as “the press.”

Or both.

My own conclusion: Failing to recognize the press-as-institution puts us at serious risk. Imagine politicians or lobbyists who don’t like what a member of the press-as-institution publishes. Without imposing any restriction on any individual’s use of press technology to disseminate information or opinions, those politicians could pass laws that drive that press organization into bankruptcy in retaliation.

But, if we do want to recognize the press-as-institution and protect it from governmental retaliation we’re faced with the fascination challenge of defining it.

Strict originalists face an even more challenging issue: As written, the First Amendment only protects speech and publication. It doesn’t even mention the activities needed to discover and gather the information the news media publishes.

Dumbass opinions, in this view, would enjoy constitutional protections. The careful research needed to publish accurate information would not.

Which got me thinking about The Post, its recounting of how the Pentagon Papers were brought to light, and how, in the end, revealing how the American public was misled into the Vietnam War arguably strengthened our government in the long term.

Which gets me to a point I’d like you to entertain even if you disagree with the above conclusion.

Unlike our government, there’s nothing in how corporations are chartered, organized, and run that provides any protections that would allowing employees to play a press-like role in their management.

I’m not talking about whistleblowers and the discovery of corporate wrongdoing. I’m talking about something far more mundane and potentially useful.

Imagine you discover a function within the company you work for is guilty of chronic but concealed idiocy. Nothing illegal or immoral, mind you. Just stupid.

Speaking of stupid, now imagine you try to bring the issue to the attention of a member of the ELT (Executive Leadership Team for those of you who haven’t heard the term before). Think they’ll thank you for your trouble?

Not most business executives, who largely rely on their chain of command for most of their information about What’s Going On Out There, supplemented by management dashboards and computer-generated reports.

Which often means they know much more about unimportant matters than about, for example, the stupidity factory you uncovered.

As I’ve mentioned from time to time, one of the most important skills for any business leader to develop is organizational listening. In the past I’ve suggested developing a variety of mechanisms, ranging from formal metrics to informal internal networking to accomplish this.

But this whole conversation about what constitutes the press leads me to wonder if a business would benefit by establishing the internal equivalent of the press-as-institution.

I’m not talking about adding a First-Amendment-like policy to the manual. While the results might be fun to watch, the most likely result would be a very poor signal-to-noise ratio.

I’m talking about establishing a formal internal news-gathering function, focused on discovering what managers don’t want the ELT to know and that ELT members might not want to know.

One of the most important (and most easily abused) functions performed by the press-as-institution is deciding what information is worthy of publication. Whether you get your information from newspapers or broadcast or cable news, you rely on them not only for the information they provide itself, but also to let you know what subjects you should be paying attention to.

A corporate internal news-gathering function would play a similar role. It would be a known place for employees at all levels to report what they’re aware of and think the ELT should be aware of, without incurring personal risk. It would also be responsible for sorting through it all, deciding what matters, and, when the situation calls for it, researching an issue in more depth.

It would have a regular slot on the ELT agenda — it wouldn’t need to fight for air time.

The ELT would be responsible for paying attention — for reading its metaphorical newspaper. And for instituting and enforcing the one rule critical for this organization’s success:

Don’t shoot the messenger.

###

This isn’t something I’ve tried with a client and can attest to. I know of no business that’s tried this. If you do, please post a Comment to tell the rest of us about it. If you don’t, post a Comment anyway.

Comments