Why Colluding With Foreign Governments Is Bad

When incoming – but not yet seated – national security advisor Michael Flynn opened separate negotiations with the Russians in late 2016, he was not the first American to interfere in American diplomacy. That dubious distinction falls to none other than Thomas Jefferson, who nearly landed America in a war with his interference. As vice president, he had no more of a role in government than vice presidents do today.

In the late 1790s, France was once again at war with England. President George Washington and later President John Adams sought to maintain neutrality between these two great European powers, if for no other reason, to avoid having one of them turn their guns on the young American country. With the passage of the Jay Treaty, America resolved a number of conflicts with England, to the great displeasure of the French Directorate. In retaliation, France started harassing American shipping, confiscating ships and detaining sailors. In the Spring of 1797, President Adams sent John Marshall, Charles Cotesworth Pinckney, and Elbridge Gerry to resolve the conflict.

Before they could leave, however, the French envoy Joseph Létombe met with then Vice President Thomas Jefferson. Jefferson served in that capacity because he was the runner-up to Adams in the presidential election. His views were diametrically opposed to those of Adams, who he viewed as sympathetic to England, whereas Jefferson himself as the former ambassador to France was partial to France. In his conversations with Létombe, Jefferson suggested that by dragging their feet in the negotiations, the French government would find more amenable negotiating partners in his own anti-federalist party.

Newly appointed French Foreign Minister Charles Maurice de Talleyrand took this advice to heart, refusing to officially receive any of them until they had paid a bribe and backed loans to the French to support their war against England. This became known as The XYZ Affair, so named for the code names of the three individuals who the corrupt Talleyrand sent to effect the extortion. Marshall’s report of the attempts at bribery inflamed Americans, and Telleyrand and the French were forced to end the attacks and seizures.

Around this time, one Doctor George Logan sailed as a private citizen to Paris and, while making clear that he did not represent the United States, attempted to negotiate directly with the French. The sly foreign minister saw this as an opportunity to get back at President Adams, and timed the resolution of the dispute between the two countries with Logan’s departure.

Jefferson’s earlier meddling and Logan’s naive approaches led Congress to enact what became known as the Logan Act of 1799, which says that no private citizen may engage in direct negotiations with agents of other governments in controversies between them and the United States. Two people have been prosecuted under this act, and nobody has been convicted. Arguably the act itself is unconstitutional because it would impinge on one’s right to free speech. Nevertheless, the interference was unwise, because it could have landed an unprepared America in a war with both England and France.

Vladimir Putin is every bit as sly and corrupt as Talleyrand was. It was foolish for Flynn to engage Putin’s emissaries to subvert the policy of the United States, and it was greedy and foolish of the Trump campaign to allow Putin to interfere with American democratic processes. Our Democracy is more important than any campaign. With President Trump arguing that Americans should not mail in ballots for fear of voter fraud, the larger offense is seeking foreign assistance to win an election. It has come at a steep cost. Americans drubbed out those in Congress who supported France. We should do the same with Republicans today.

Internet Balkanization is here already, Mr. Schmidt.

In the technical community we like to say that the Internet is a network of networks, and that each network is independently operated and controlled. That may be true in some technical sense, but it far from the pragmatic truth.

Today’s New York Times contains an editorial that supports former Google CEO Eric Schmidt’s view that the Internet will balkanize into two – one centered around US/Western values and one around values of China, and indeed it goes farther, to state that there will be three large Internets, where Europe has its own center.

The fact is that this is the world in which we already live. It is well known that China already has its own Internet, in which all applications can be spied by the government. With the advent of the GDPR, those of us in Europe have been cut off from a number of non-European web sites because they refuse to comply with Europe’s privacy regulations. For example, I cannot read the Los Angeles Times from Switzerland. I get this lovely message:

Unfortunately, our website is currently unavailable in most European countries. We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market. We continue to identify technical compliance solutions that will provide all readers with our award-winning journalism.

And then there are other mini-Internets, such as that of Iran, in which they have attempted to establish their own borders, not only to preserve their culture, but also their security, at least in their view, thanks to such attacks as Stuxnet.

If China can make its own rules, and Europe can establish its own rules, and the U.S. has its own rules, and Iran has its own rules, can we really say that there is a single Internet today? And how many more Internets will there be tomorrow?

The trend is troubling.

We Internet geeks also like to highlight The Network Effect, in which the value of the network to each individual increases based on the number of network participants, an effect first observed with telephone networks. There is a risk that it can operate in reverse: each time the network bifurcates, its value to each participant decreases because of the loss of the participants who are now on separate networks.

Ironically, the capabilities found in China’s network may be very appealing to other countries such as Iran and Saudi Arabia, just as shared values around the needs of law enforcement had previously meant that a single set of lawful intercept capabilities exists in most telecommunications equipment. This latter example reflected shared societal values of the time.

If you believe that the Internet is a good thing on the whole, then a single Internet is therefore preferable to many bifurcated Internets. But that value is, at least for the moment, losing to the divergent views that we see reflected in the isolationist policies of the United States, the unilateral policies of Europe, BREXIT, and of course China. Unless and until the economic effects of the Reverse Network Effect are felt, there is no economic incentive for governments to change their direction.

But be careful. A new consensus may be forming that some might not like: a number of countries seemingly led by Australia are seeking ways to gain access to personal devices such as iPhones for purposes of law enforcement, with or without strong technical protections. Do you want to be on that Internet, and perhaps as importantly, will you have a choice? Perhaps there will eventually be one Internet, and we may not like it.

One thing is certain: At least for a while, won’t be reading the LA Times.

My views do not necessarily represent those of my employer.

* Artwork: By ProjectManhattan, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=39714913

Secret sauce and sentencing? Say it isn’t so!

Could you spend a long time in prison due to a software bug and not have the right to examine the software? Possibly.

One of the things that we in technology understand is that we make mistakes, a truth we don’t like to admit to customers. What happens, however, when a mistake can lead to tragic consequences?

Yesterday’s New York Times reports about a case that the U.S. Supreme Court may soon hear, involving a man who received a six year jail sentence, in part due to a computer program. The software known as Compas was supposedly developed by Northpointe Inc. (although a search seems to redirect to a Equivant) to provide a risk assessment of a person’s reentry into society. Such a data-driven analysis is vaguely reminiscent of the movie, Minority Report. In this case, the defendant Eric L. Loomis was not allowed to examine the software that assessed that he was a significant risk to the community, even though at least one analysis showed that the software may be programmed with some form of racial bias. The company argues that the algorithm used to make the sentencing recommendation is proprietary, and so should not be subject to review, and that if they release their algorithm to scrutiny they will essentially be giving away their business model, and they may have a point. Patents on such technology may be flimsy, and they eventually do come to a halt. To protect themselves, they make use of another legal tool, the trade secret, which has no fixed term of protection.

One can’t say that a mistake is being made in the case of Mr. Loomis, nor can one authoritatively state that the program is formally correct. The Wisconsin Supreme Court argued creatively that much like college admissions, so long as the software is one input combined with others, the software can be used. Is it, therefore, any different from a potentially flawed witness giving evidence? The question here is whether those who wrote the software can be cross-examined, to what extent they may be questioned, and whether the software itself can be examined. Mr. Loomis argues that to deny his legal team access to the source is a violation of his 14^th Amendment right to due process.

We know from recent experience that blind trust in technology, and more precisely, those who create and maintain it, can lead to bad outcomes. Take for instance the over 20,000 people whose convictions were overturned because a chemist falsified hair analysis results, or other examples where the FBI Crime Lab just flat got it wrong. Even Brad D. Schimel, the Wisconsin attorney general, conceded before the appeals court that, “The use of risk assessments by sentencing courts is a novel issue, which needs time for further percolation.” But what about Mr. Loomis and those who may suffer tainted results if there is a software problem?

While the Supreme Court could rule soon on the matter, they will only have very limited avenues, such as permitting or prohibiting its use. Congress may need to get involved in order to provide other alternatives. One possibility would be to provide the company some new intellectual property protection, such as an extended patent with additional means of enforcement (e.g., higher penalties against infringement or lower thresholds for discovery) in exchange for releasing the source. Even if they do, one question would be whether or not defendants could then game the system so as to score better on sentencing. How great a risk that is we can’t know without knowing what the inputs to the algorithm are.

It is probably not sufficient for the defendant and his legal teams to have access to the source, precisely because more research is needed in this field to validate the models that software like Compas uses. That can’t happen unless researchers have that access.

Removal of privacy protections harms service providers

Removing privacy protections harms consumer security AND service provider business prospects.

As the media is reporting, the administration has removed privacy protections for American consumers, the idea being that service providers would sell a consumer’s browsing history to those who are interested. Over time, service providers have looked for new and novel (if not ethical) ways to make money, and this has included such annoyances as so-called “supercookies”.

Why, then, would I claim that removing consumer privacy protections will harm not only consumers, but telecommunications companies as well?

In the new world that is coming at us, our laptops, cell phones, and tablets will be a minority of the devices that make use of our home Internet connection. The Internet of Things is coming, and will include garage door openers, security systems, baby monitors, stereos, refrigerators, hot water heaters, washing machines, dishwashers, light bulbs, and lots of other devices. Many of these systems have been shown to have vulnerabilities, and the consumer does not have the expertise to protect these devices. The natural organization to protect the consumer is the telco. They have the know-how and ability to scale to vast quantities of consumers, and they are in the path of many of communications, meaning that they are in a position to block unwanted traffic and malware.

The consumer, on the other hand, has to be willing to allow the service provider to protect them. Why would would consumers do that if they view the service provider as constantly wanting to invade their privacy? Rather it is important the these companies enjoy the confidence of consumers. Degrading that confidence in service providers, therefore, is to degrade security.

Some people say to me that consumers should have some choice to use service providers who afford privacy protections. Unfortunately, such contractual choices have thus far not materialized because of all the small print that such contracts always entail.

What is needed is a common understanding of how consumer information will be used, when it will be exposed, and what is protected. The protections that were in place went a long way in that direction. The latest moves reverse that direction and harm security.

Trump and Ryan’s healthcare failure doesn’t mean they will fail in the future

Just because President Trump and and Speaker Ryan lost the Healthcare battle doesn’t mean they’ll lose the coming tax overhaul battle.

Over the last twenty-four hours many people have been talking about who should take the “blame” for the failure of the Republican healthcare bill. Some say it is President Trump, others say it is Speaker Ryan, others say it is the so-called Freedom Caucus and yet others astonishingly others blame Democrats. They are all wrong.

It is the American people who did not want the Republican healthcare plan. According to at least one poll, only 18% of Americans wanted the bill to pass. Many of the rest of us were vocal in our opposition on the Internet, in town halls, writing letters, and calling our Congresspeople because the bill would directly affect us and those who we love.

The pundits are saying that the failure President Trump’s and Speaker Ryan’s plan will complicate their agenda, moving forward. They say this because the healthcare plan was supposed to pay for the massive tax overhaul that the president has in mind. These people who say these things are underestimating both the president and the speaker, and in particular Steve Bannon.

There are two forces in play. Speaker Ryan and many Republicans want to see the tax system overhauled. While Speaker Ryan would like to see overhaul come in revenue neutral, when push comes to shove, he will be willing to deficit spend in the short term, and make cuts later, with the logic being that the government has swam in red ink before, and a little more for a bit longer won’t hurt; and that Republicans will eventually stem the bleeding by simply forcing the issue.

Steve Bannon has a different logic. He would just assume see the government bleed to death. If destruction of the federal government is brought about faster due to the tax overhaul, that would be more than fine with him. Those same Republicans in Congress who nearly caused the government to default might play this game.

The reason this is likely to work is that the tax overhaul will be a gigantic give-away, and everyone will make money in the short term. Nobody will be screaming at Congressmen in town halls. Nobody will be worried about how this will hurt them personally.

It will be our children and theirs who pay for this policy.