November 02, 2013
Night of the (Obamacare) Demons
To be clear at the outset, I strongly support the objectives of the Affordable Care Act (ACA - "Obamacare") especially in terms of the goals of stopping long-standing insurance company practices of refusing to insure persons who weren't completely healthy -- and dropping them as soon as they became ill.
The lack of any kind of universal health care coverage here in the USA not only makes us essentially unique among developed countries, but a laughingstock of the planet. If you're rolling in dough, the US may have the claimed "best health care system in the world" -- but only by leaving vast numbers of persons behind and runaway costs that keep the lucky practitioners of the medical-industrial complex happily shopping at the local equivalents of Rodeo Drive in Beverly Hills.
Drug costs here are often obscenely more expensive than in the rest of the world, to a degree that seems no less than criminal. Lack of routine health care means that people don't get help until they're so sick they are often beyond help, and hospitals rake it in at emergency rooms and stick every taxpayer with the cost of uncovered persons who couldn't pull a wad of Franklins out of their pockets while being wheeled in.
The US health care and medical insurance system has become a bloated, middleman-laden nightmare.
The right way to fix this, of course, would have been with a single-payer system of some sort, as used in most of the world. Not perfect by any means, but the results speak for themselves when you see how far down the ladder the US is in terms of most health care outcomes compared with other countries (we pretty much rate as a third-world nation in key respects in this context).
But single-payer would likely cut out the insurance companies, who have paid their politicos the big bucks for many decades to make sure they remained entrenched. And naturally, single-payer would also trigger calls of SOCIALISM -- you know, like, uh, Medicare.
So we find ourselves now in the cusp of ACA -- a plan that seems to have been designed to encompass both lofty goals and the most abysmal details and implementations pretty much imaginable.
There are so many reasons for this mess, and so many people to blame, that I won't even try to get deep into this aspect.
But we know that the GOP and their masters in the "We gotta stop that uppity black Kenya guy claiming to be president" Tea Party Confederacy ("duh South will rise agin'!") did everything they could to stop, repeal, damage, thwart, and otherwise spit on ACA and all the people it could have helped. GOP governors made sure they waited until the last minute to officially proclaim that they were going to screw their own states' citizens by dumping them onto the federal insurance exchange, while related rules and regulation kept morphing and piling up until the last minute, making implementation a continuously moving target.
To be sure, we can't blame the GOP and their monstrous allies for the entire situation. Democrats -- as usual -- didn't have the backbone to push for the changes really needed -- like single payer. And their pockets have also been lined with insurance company moolah pretty much forever as well.
Federal procurement policies, seemingly written in such a way as to make the probability of any large information technology project failing horribly as lofty as possible, have done it yet again this time as well, making the federal ACA site a predictable disaster from the word go -- in terms of design, load, performance, security, and ... well, you know the drill. I've been working with IT one way or another my entire adult life. I've never seen such a godawful mess before. And I've seen some pretty impressive messes.
But even many related non-governmental sites are currently hosed. You can't get into the websites of many major insurance carriers today -- they're so badly designed and overloaded, often saturated with elementary coding and interface errors. Redirects lead nowhere. Single pages try to serve three megabytes of text, grinding browsers into the dust. It goes on and on.
And since I'm concentrating on mostly technical issues here -- which in theory can and will be fixed eventually -- I will but mention in passing the utterly confusing and panic-inducing framework of policy and fee changes associated with ACA, enough to make many individual insurance buyers who don't get insurance from employers more likely to have a stroke on the spot than anything else.
Ironically, it is possible that if all this were working right, the actual benefits of standard plans and premium subsidies would put many people in a better position than they were pre-ACA, no doubt about it. But the reality for now is that the entire system is largely in extreme disarray, and even after the reported nearly half a billion lines of code are working more or less properly, some people are still going to be royally burned by the insurance companies who managed to keep themselves firmly in the catbird seat under the new regime.
Some of the best technical minds on Earth have now converged to try get the federal ACA website working by the end of this month -- they'll likely succeed in some significant measures at least.
But the sense of utter and total confusion among persons most affected by these changes is palpable, and when you combine this with the currently mandated penalty regimes for not having insurance and all the other complicating factors, the possibility of a technical and policy implosion of a magnitude never before seen in US government history seems very real.
And here's the worst part. There's really comparatively little that can be done right now to avoid potential disaster that isn't already being done. The die is cast. Supercilious "eat the poor" monsters like Ted Cruz have performed with their usual hideousness in furtherance of their hopes that all we "little people" go splat against the wall at lightspeed.
Yet hope springs eternal, even in the face of these kinds of obstacles and odds. The websites will be fixed eventually -- to some level of practical usability anyway -- and continuing pressures may force delays and changes in a variety of associated rules and regulations.
And one thing -- a very positive aspect at that -- is utterly clear amid this Kafkaesque landscape.
There is no going back to where we were. The days of insurance companies dropping the sick and only being willing insure the healthy are gone in this country forever.
There is thankfully no return possible to that particular inner circle of hell, and even if the best we can do in the short term with ACA is push out a few notches to less punishing circles we'll still have the last laugh against the evil players who wish to drag us back into that pit.
Who knows? In the long run, we may even escape insurance hell entirely, and prove that our legislators care as much about the people of the USA as they do global geopolitics and caviar.
But don't hold your breath.
October 11, 2013
Thoughts on Google's New "Ads Shared Endorsements" Policy
In what is being widely viewed as a blow against Facebook, Google has announced a policy change (effective 11 November) permitting Google+ users' +1s, follows, shares, and other social activities to be used as "shared endorsements" on ads (name and G+ profile photo) subject to a number of important constraints (note that this particular link will not directly resolve unless you're logged into a Google+ account). Announcements of this change are already appearing to Google+ users through a variety of banners, emails, notifications, and other means.
At this time -- as I currently understand the program -- such endorsements will only appear on ads displayed on Google sites -- not third-party sites.
The scope of such endorsed ads' visibility will be limited by the scope of the original G+ user's social actions -- e.g. only to circles, or to broader audiences like public if the original actions were public.
Most importantly, G+ users can not only choose to completely opt-out of having their profile used for endorsement ads (via a setting at the page linked above), but users who already have restricted settings may already be defaulted to non-participation.
This opt-out control appears significantly broader than controls offered by Facebook (they allow opt-out from explicit ads, but apparently not from a different form of commercial endorsement postings) -- Google allows total opt-out.
Whether or not a given Google+ user may wish to participate in this program will be a personal decision, of course.
I have a quite large Google+ following, and nearly always post publicly -- so sharing is a very important part of what I find useful and attractive about Google+. That said, my personal decision (folks have already been asking me) is not to participate in this new program at this time, since I consider my social sharing activities to be more of "hey, you might find this interesting" posts rather than commercial endorsements per se (when I wish to make a commercial endorsement, I do so explicitly).
Other Google+ users are sure to have a wide range of their own views on this -- as the saying goes, your mileage may vary. I'm certain that many users will indeed choose to participate, and that's why having an explicit control as provided is such a great idea -- individual choice for the win!
In any case, it should be very interesting to see how this plays out over time. It's clear that social signals are of increasingly important significance in helping users navigate the enormous environs of the Web, and we're really very much still in the early stages of exploring the possibilities.
(Disclaimer: I'm currently a consultant to Google. My postings would be exactly the same if I weren't.)
September 07, 2013
Clicks, Hacks, and Flacks: Reflections on Hypocrisy and NSA
At some point, you've probably seen one of those "best of" compilation shows on television. "World's Funniest Commercials" -- "TV's Best Bloopers" -- "Most Hilarious Pratfalls" -- you know the drill.
One thing you can usually depend upon is that only the very first edition of such shows is actually worth watching. By the time you get to "World's Funniest Commercials 2" producers are already likely digging around through the "not so funny" stuff that they rejected the first time around. But lack of quality has never been a major detriment to getting additional rounds of such shows on the air. After all, it's the eyeballs that count, and if people will watch trash ... well, it's still money in the bank.
Oddly enough, we've been seeing a similar effect -- in a much more serious vein -- in the entire Snowden/NSA saga.
The earliest Edward Snowden documents and stories deployed by UK's "Guardian" and associated outlets were the most dramatic and compelling -- albeit heavily contaminated with out of context, hyperbolic exaggerations and outright falsehoods.
But man, did they ever put a valuable publicity spotlight on these newspapers, increasing their exposure dramatically.
Since then, we've seen a continuing dribbling out of new documents and stories, each generally somewhat less dramatic, lacking even more context, and increasingly foggy even on claimed details.
So in essence, as this entire process is dragged out for maximum eyeballs and clicks, we're already down to "Snowden's Greatest Hits 42" -- or something like that. The most interesting stuff -- however accurate or not -- was published weeks ago. Does Guardian have more purported "Snowden bombshells" salted away ready to pop out on the proverbial rainy day? Perhaps. But it seems decreasingly likely.
You've probably also noticed that the degree of attention and at least claimed outrage has been ramping down as additional Snowden docs hit the scene.
Part of this can likely be attributed to simple "revelation fatigue" -- but even starting from a fairly pathetic baseline, the quality of this stuff seems to be falling off ever more, as news outlets try to figure out how to squeeze every last click out of supposedly revelatory articles that in most cases discuss matters that have been widely known for years or even decades.
Much of what we're seeing now basically repeats concerns expressed in magazine cover stories from as far back as 1970 (e.g., "Newsweek": "Is Privacy Dead?").
In a piece a few days ago, "The New York Times" breathlessly reported on DEA access to a decades deep cache of AT&T phone call metadata -- the same program that the Times reported on in, hmm ... 2006!
So not only are we now getting the "not so best of" stories, we're actually getting reruns touted as world premieres.
The latest in the "Captain Renault" school of outrage -- "I'm shocked! Shocked to find that NSA has been cracking codes!" -- is particularly nebulous.
Related stories make general claims of NSA efforts to subvert TLS/SSL, and assert (without naming any names) that unspecified "technology companies" have been participating in this effort.
Of course there's no reasonable way for tech firms to retort such vague accusations, even if the government wasn't so intent on using national security laws to try prevent companies from demonstrating their innocence through releasing more data regarding what the government actually is demanding from them.
"So when did you stop beating your wife? Just give me the date, please."
What lends an even more bizarre air to all this is the reality that most people and a great many firms have been demonstrating for years that they don't care one nit about security anyway, forget about the NSA and foreign intelligence services of all stripes conducting much the same research and surveillance (though in cases like China and Russia, with massive domestic political targeting and explicit censorship regimes that are not in the NSA's bailiwick even on the worst of days).
The vast majority of people don't encrypt their email at all. It's too complicated, too incompatible, or they figure their messages are too mundane for anyone else to care about them. They're generally pretty much correct on points one and two, and for most of us probably on point three as well.
Short crypto keys that we knew were too weak to be useful continue to be used, even many major sites still don't provide the basic protections of SSL and STARTTLS, password files are stored in the clear or ineptly hashed and subject to mass attacks, laptops are carried around unencrypted full of sensitive personal information ... and as radio DJs used to say: "The hits just keep on coming!"
And what of the underlying security of our commonly used encryption systems?
Especially with shorter keys, it's no surprise that they're vulnerable to one extent or another -- no NSA-inspired backdoors even required. We live in a world where ever faster parallel number crunching and key math breakthroughs could potentially render most popularly used crypto comparatively useless -- in certain contexts at least.
And much like our captain friend mentioned above from "Casablanca," we've known for ages that the codebreakers of NSA and the rest of the globe's intelligence agencies have been busy trying to break codes faster than anyone else can create them. That (along with trying to design more powerful codes for their own countries' use) is a key (no pun intended) part of their charters.
It has also long been understood that these agencies have influenced crypto design in ways that might create backdoors. Remember the Data Encryption Standard (DES) S-Box controversies? I sure do!
We do have some advantages now.
Whether haters and tinfoil hat types want to believe it or not, there are firms like Twitter, Google, and others, who have been at the forefront of deploying available crypto, both between their servers and users, and increasingly now between their disparate data centers as well -- and who routinely push back against overly broad government data demands.
Also, key encryption algorithms are available now that do not rely on relatively inscrutable S-Boxes and such, but rather on well known math and open sourced code.
Does any of this mean that we should be oblivious to serious mission creep at NSA, and the associated failure of Congress and the executive branch to exercise appropriate oversight, command, and control over NSA, CIA, or any other agencies?
Of course not. There are indeed alarming aspects to this entire situation, replete as it is with dissembling politicians and a federal government apparently hellbent on blocking even a modicum of real transparency regarding these operations.
Without appropriate oversight and transparency, the risks of serious purposeful abuses (such as already confirmed illegal "leakage" of intelligence data to the criminal justice system) are a major concern indeed. And a whole array of other potential abuse vectors -- most of which we have no reason to believe have yet actually occurred -- may also come into play when oversight and transparency are matters of lip service rather than honest dedication.
But all the concerns and complaints about NSA and their doppelgangers in other nations are in reality just icing on the cake -- a cake built from a recipe of gross disinterest in basic computer security protocols and procedures -- some of which have been known since the dawn of computing.
While concentrating on dramatic NSA stories may be good for news sites' clickthrough rates, they aren't necessarily helping address the broader issues surrounding computer security and privacy -- the vast majority of which can't be reasonably blamed on NSA.
Whom to actually blame, then?
Gaze into the mirror -- and point at the answer.
Yet again, Pogo was right.