Blog Ipsa Loquitur

Last week, at a House Oversight and Government Reform Committee hearing, the director of the Office of Personnel Management said that their network breach was so complete, that encryption wouldn’t have helped. This wasn’t just peeking into one corner of the network; the attackers had free run of every bit of information, apparently.

Also, some of the systems are so old that they don’t support meaningful encryption schemes, or two factor authentication, or really any security: much of the code is written in COBOL, a computer language first developed in the 1950s.

Between this and the failure to launch, it’s becoming apparent that the federal government lacks the IT capability to do its job in the digital age. But remember that wasn’t done in-house, it was done by contractors. And when agencies attempt to outsource their work, it doesn’t exactly go well:

Until recently, Federal agents carried out background investigations for OPM. Then Congress cut the budget for investigations, and they were outsourced to USIS, which consisted, as one person familiar with OPM’s investigation process told Ars, essentially was a company made up of “some OPM people who quit the agency and started up USIS on a shoestring.”

When USIS was breached and most of its data (if not all of it) was stolen, the company lost its government contracts, and was replaced by KeyPoint—”a bunch of people on an even thinner shoestring. Now if you get investigated it’s by a person with a personal Gmail account, because the company that does the investigation literally has no IT infrastructure. And this Gmail account is not one of those where a company contracts with Google for business services. It is a personal Gmail account.”

Well, at least a personal Gmail account offers better support for two factor authentication than COBOL mainframes do.

But, uh, yeah. Government IT is broken, and government IT procurement is broken. Government (like any modern institution) needs nerds. The UK has a good template for solving this problem. Our own implementation is a couple years behind, but we’re throwing a lot more bodies into it. Colossal screwups like this can only emphasize the need for IT reform. I’m actually optimistic about the future of government IT – just not the extremely near-future.

Published on under Gov 2 Dot 0

Cliff Kuang at Fast Co Design, on How Google Finally Got Design:

Google has come so far, despite years of self-defeating battles over what constitutes good design. “When we brought up design at Google, people used to scoff,” says John Wiley, a designer who, in nine years at Google, has seen the company transform. “It made it hard for us to hire great design talent because it didn’t seem like we had the full measure of respect for design.” Here’s how an organization that once crowed about testing 42 shades of blue and called that design created a user-savvy organization that even Apple could learn from.

Fascinating story about a bunch of engineers and the designers who know how to make their products as usable as they are useful. Kuang argues – rather persuasively – that Google in fact is making the best-designed mobile software today, and Apple could learn a lot from Google.

The whole thing is great, but the penultimate paragraph almost undercuts the premise of the article. Kuang mentions that there are still some obstacles for Google:

For one, the company still has a broad, structural challenge in getting its best designs in front of its users. In fact, less than 10% of all Android devices actually have Lollipop, the first operating system to use Material Design—even though it was first released last fall. The countless devices and operating system flavors that exist out in the wild prevent Google from being able to push out updates to all its mobile uses, en masse. Perhaps in time, Google will solve this problem, by forcing greater adherence to standards in its ecosystems.

On an unrelated note: three days after Kuang’s article was published, Google announced an even newer version of Android that 10% of their customers will be using in another year. If design happens in the woods, and there’s no one around to appreciate it, it’s probably still good, right?

Published on under The Digital Age

I liked this piece by Ryan Knutson and Josh Dawsey in the Wall Street Journal, on New York City’s audit of Verizon’s stalled rollout of its fiber optic internet service. The situation is a little ridiculous: 75% of the 40,000 people on the waiting list for fiber optic service have been waiting for more than a year. (Although that’s a little misleading. I’ve been waiting for four.)

The city plans to release the audit on Thursday. It examines Verizon’s compliance with the franchise agreement that the company signed with the city in 2008, allowing it to deploy its fiber network FiOS. As part of the deal, Verizon agreed to string fiber wires past all city dwellings by 2014. Verizon says it has held up its end of the deal. The primary reason many buildings still don’t have service, the company said, is because it is struggling to get access from landlords.

Wow. The evil landlords in this city are keeping Verizon out of their buildings, in keeping with that tradition of underdeveloped real estate in New York City. For example, most of Staten Island’s homes didn’t have running water until the 1980s. It’s shameful, really. Why, I think the mayor should-

The audit says Verizon isn’t connecting some buildings because the carrier is holding out for an exclusive agreement with building owners to be the sole network provider. [A Verizon spokesperson] said the carrier does ask for exclusive agreements in some cases, but that isn’t not why [sic] buildings don’t have service.

Oh, I see. So Verizon says they’ve actually wired all the homes in New York City for FiOS, but Verizon won’t actually let anyone purchase that service until landlords help Verizon hold customers hostage. Verizon wants to be the only game in town, or they won’t play.

But again, note that they’ve already spent the money to play the game; the homes are ready for FiOS. Verizon’s problem is that, if they offer service in my building, Time Warner could theoretically lower its prices for service in my building. And then Verizon would have to lower its prices in turn, to attract customers.

This, of course, would quickly bankrupt both Verizon and Time Warner, which is why economists refer to this phenomenon as a “death spiral.”

Published on under This Doesn't Add Up

Ethan Smith in the Wall Street Journal on where the money comes from (and goes) at Spotify:

Even though free users outnumber paying subscribers by about three to one, the free tier generated only 9% of Spotify’s $1 billion-plus revenue last year; the rest came from subscription fees, according to a financial disclosure Spotify filed last month in Luxembourg.

The two tiers generate roughly the same amount of total listening in any given month, according to data shared with publishers. (Subscribers—who presumably want to get their money’s worth—tend to listen to a lot more music than free users.) In March, that amounted to over 4 billion streams each on Spotify Free and Spotify Premium in the U.S. alone, where online music companies have to share certain usage and royalty data with music publishers.

There’s quite a bit of fascinating math in the article, but it really boils down to those two paragraphs. Half of the songs played on Spotify result in just 9% of the revenue. That might sound a little crazy to you. This is the world’s most successful streaming music platform? Almost all the money comes from the streaming activity of a small number of users.

Well, compared to freemium games, that’s nothing. Last year, a report on monetization in mobile games found that the average freemium game makes half its revenue from 0.15% of all players. That’s not a typo. That’s a fraction of one percent providing half the revenue. Re/code’s Eric Johnson noted:

At a conference I attended last year, a representative of a gaming company — who declined to be named or interviewed for a story — claimed that his firm had worked with a Japanese game company with one player who spent about $10,000 per month on in-app purchases. The company, he said, had assigned an employee to cater just to that whale, to ensure that she was always satisfied with the game and therefore likely to keep coming back.

I’ve got it! Spotify just needs to introduce a $10,000 per month plan, for crazy rich folks. Bam. Problem solved. The world is saved, and Taylor Swift puts her music back on Spotify.

Published on under The Digital Age

You know what’s lousy about the male gaze? Everything. This article in Aeon explores a fun new twist on conventional masculinity; the Captain America body:

But who is doing the fetishising? Not women. In 2000, The American Journal of Psychiatry published a telling experiment led by Pope at Harvard. College-aged men in Austria, France and the US were asked to choose both their ideal male body and the body they believed women preferred. In all three countries, men picked an ideal on average 28 lb (12.7 kg) more muscular than their own – and they believed that women wanted a male body 30 lb (13.6 kg) more muscular. The men consistently overestimated the appeal of brawn, while women, when asked, preferred an ‘ordinary’ body without the added muscle.

Published on under It's a Man's World

Via Big Think, drug companies apparently illegally hide unfavorable results for their new drugs during clinical trials:

Shocking as it may seem, it is currently fairly standard practice for drugs companies to withhold clinical trials with negative results, allowing doctors to blindly prescribe drugs that don’t work or are even dangerous. In the United States, failing to publish clinical trials is punishable by a fine of $10,000 per day, but shockingly the fine has never actually been issued as Dr. Ben Goldacre explains in his editorial in PloS Medicine.

This is particularly unbelievable given that a recent study found that more than half of the clinical trials registered on within a given time period were never actually published (within the time period allowed by law). An earlier study, which found similar results, also demonstrated that even when the results are published, negative side effects and even serious adverse events are routinely missed out of the published version.

That’s pretty lousy. Also, if I’m a pharmaceutical company lawyer, I’m upping my medication if everyone else’s medication might be extra dangerous. That’s a lawsuit waiting to happen.

For an example of lawsuits that do happen when organizations don’t regulate and/or enforce misbehavior, look at my new favorite punching bag: police!

They get sued. A lot. They use fancy analytics to track and predict crime, and all the big data money can buy. But they apparently don’t turn their crystal ball inwards. Their own problems are a complete mystery to them:

For one study, Schwartz asked 140 law-enforcement agencies — including 70 of the biggest ones —  for information about police-misconduct cases. A common answer: We don’t know.

So, she asked the law departments, everybody. Which didn’t always help.

“Eighteen of the largest cities and counties,” she says, “and these are cities that include San Diego, New Orleans – counties like Harris County, Baltimore County – they reported that they had no records in any government agency or office reflecting how much they spent in lawsuits involving the police.”

Be sure to click through to the study for the explanation of how just a few cops get sued over and over but face no discipline despite costing taxpayers millions of dollars in civil lawsuit settlements. Thrilling!

Which in turn reminds me of the lack of institutional awareness around medical malpractice; the doctors who get repeatedly sued for malpractice completely misapprehend the reasons that they get sued.

The refrain in all three of those links is that you cannot manage what you cannot measure. The Food and Drug Administration is apparently not managing the mass abuse of clinical drug trials, which suggests they don’t keep track of companies. The police (and their attorneys) are not measuring how often they get sued, and so lawsuits about. Physicians aren’t managing their risks of malpractice because they don’t know why they get sued, which suggests a failure to … write it down and measure it.

Oh, and here’s a fourth one that deals with poor kids if you really want your heartstrings tugged upon.

Published on under We Can't Have Nice Things