The Scale of Victims

(This column is posted at www.StevenSavage.com, Steve’s Tumblr, and Pillowfort.  Find out more at my newsletter, and all my social media at my linktr.ee)

It sure seems there’s a lot of IT security breaches lately. In fact, it’s to the point where I can’t remember which one inspired this column. It’s probably just as well, since you can map whatever horrific violation of privacy you heard of this week onto this column. There, I’ve sort of written something relatively timeless because people are dumb.

One of the things I wonder about is why more CTOs, CIOs, and so forth aren’t being taken to court, followed by reporters, and in general held freaking responsible for their companies having lousy security. Yes there’s all sorts of shielding from accountability, but you think we’d see some effort, but I think one thing protecting them is that the company is seen mostly as a victim.

I’d argue that’s technically right, the companies were attacked by some external force. But treating companies as equivalent of people ignores their responsibilities. People, individual moral agents, can be victims, but corporations are not people and not moral agents, and treating them as victims like people lets them out of responsibilities. Sorry, Mitt Romney.

Think about a person who is a victim of a crime. Though people often try to blame victims, those blamers are usually both wrong and assholes (and sometimes justifying their own crimes). A person who is victim of a crime is a victim in that someone else chose to behave criminally.. Even if said victim enhanced their own danger it doesn’t remove the culpability of the criminal, who violated social and legal norms that people are expected to follow.

When I watch people shrug as corporation after corporation has customer records placed on the dark web, I see comments about how crappy their security is, but it doesn’t seem particularly judgmental. This impresses me as an echo of the don’t-blame-the-victim mentality.

But corporations are groups of people – organizations. That organization makes certain agreements and promises in order to exist. Security of data is, obviously, part of them. If one’s data is breached, despite the criminals actions, you also take responsibility as you are responsible. If you’re leadership, you should be on the line because you made a promise that this probably won’t happen.

Organizations are about promises and responsibility. Screw that up, and no matter why, someone has to pay as your failure hurt the organization and the people involved. You don’t have to restrain yourself on going after the people who did the actual crime, but corporations have made promises. If you can’t keep them, you’ve got a problem.

In fact, I’d say a corporation that suffers a data breach or similar failure must be investigated to see if it violated social norms. If the corporation made guarantees it could not and did not keep, if good faith effort was not made, the corporation was responsible. There is a failure of the company that echoes the action of the criminal, it too violated norms.

Of course we all know that if we at all ask this we’ll find a lot of corporations have done terrible at security. It’s all cost cutting, half-assed integration, and big bonuses. A lot of companies, if they were really investigated for security problems, would be locked down and sold off for being terrible.

(And yes, I work in Healthcare, which has insanely strict rules, but everyone should for everything, and we remember that these rules protect people.)

We don’t need to act like corporations are victims like people. If they can’t keep their promises, if security violations reveal they’ve done a poor job of protecting people, they’re part of the problem. Some of them should pay. Some shouldn’t exist.

Steven Savage

The Bullshit Waste Cascade

(This column is posted at www.StevenSavage.com, Steve’s Tumblr, and Pillowfort.  Find out more at my newsletter, and all my social media at my linktr.ee)

Watching once sort-of-reputable Rasmussen fall into the fever swamps of anti-vax bullshit is sad, but not surprising. I understand from some people I know that they’ve had weird biases for some time, if only for “marketing” purposes. Still, now their once good-ish name is now pretty much going to be used for whatever fantasies or con-jobs their leadership wants.

This has made me reflect on the damaging nature of Bullshit writ broad (in which I include disinformation and propaganda for “writ large.”). See, when we have people spewing things with no concern – or outright enmity towards – truth, it cascades downward. Having worked in many an organization as a Project Manager, you get very familiar with “cascade” effects of bad things, where one pebble starts an avalanche.

We’ve got a pretty bad Bullshit cascade going on in the world.

The basic Bullshit machine we see in assorted PR firms, hack pollsters, and what seems to be over half of political consultants is damaging enough. We have people buying dangerous products, getting wrong information, voting for grifters, authoritarian government manipulation, and more. But that’s the initial damage from Bullshit – the start of even worse.

As Bullshit spreads (and it certainly seems we’re good at spreading it these days) it worms it’s way into peoples minds. Truth fractures, lies become regarded as sacred, and people believe. The damage of Bullshit is long-term, and that may or may not be intentional, but it has to be kept in mind. In fact the unintentional Enduring Bullshit is probably even more damaging as we might not notice it – as I often see in various medical scams.

(For that matter, think of Bullshit as a kind of cultural equivalent of long COVID, if you want to get more depressed.)

Bullshit that endures seems to mate with other Bullshit. When you’re busy avoiding facts and truth after all, why not double up – weather you’re a propagandist or someone trying not to admit they’re wrong. Bullshit is used to justify or cross-fertilize Bullshit, like viruses combining. Soon you’re wondering how people merged 5G conspiracy theories with anti-vax conspiracy theories and aliens (something I’ve seen myself).

The systemic damage is bad, but remember that Bullshit consumes resources. The people who are busy creating Bullshit could be doing something more productive. The people fighting Bullshit would probably like to not have to, thank you. People bamboozled by Bullshit proceed to do bad things, wasting their time, hurting others, and creating more work for cleanup. The damage spreads throughout societies – and the planet.

Finally there is something that I think gets ignored about Bullshit but really needs our attention in these times – that Bullshit machines get people interested in doing more Bullshit. The people who pivot from Yoga to conspiracy theories to sell supplements. The folks who yes-and conspiracy theorists to sell their books or just get clicks (who are also crossbreeding Bullshit). It seems the more Bullshitters out there the more people see it as a life and career option.

If you ever felt like the age of the internet crossed with mass media is a lot of people lying to themselves and each other, yeah, you understand what I mean. Some bad things and bad people cascade throughout media, culture, and keep setting off more and more problems. Plenty of people look at them and think “I want a piece of that.”

Meanwhile humanity has a lot of crises to deal with, and the Great Bullshit Engine keeps going and maybe even expanding. Things are indeed more messed up than we may think because of these Bullshit effects.

If we’re going to try to dig out from the world’s problems, we’ll have to confront Bullshit, correct the damage, prevent Bullshit, and discourage it. It may help to realize just how bad the damage it causes is.

Steven Savage

Living In The Future We Were Sold

(This column is posted at www.StevenSavage.com, Steve’s Tumblr, and Pillowfort.  Find out more at my newsletter, and all my social media at my linktr.ee)

We’re living in the future, and it’s lousy.

So-called AI is just Ultra-Clippy being shoehorned into everything that will temporarily goose stock prices. We’ve got computerized cars that allow us to bluescreen while driving, and universal automated cars are many dreams and lawsuits away. Phones gave us something like Star Trek gadgets, but we’re using them to become depressed by doomscrolling. I could make a comment on the Cybertruck, but honestly, that seems pointless.

We’ve got a lot of things that we think are futuristic, and a lot of them are lame, terrible, pointless, or have side effects. Plus you know, we’ve got climate change, Nazis, and pandemics as well.

The future isn’t what it used to be? No, the problem is we’re living in the future we were sold.

A lot of our futuristic ideas derive from popular culture, but that popular culture has nothing to do with what we can, should, or even may want to do. A lot of or popular culture is what people could sell us or what worked in media of the time. It has nothing to do with the possible or the necessary.

AI? It’s easier to just have Hunky Space Captain talk to the computer, because no one wants to watch someone scroll on a monitor. Besides, it sounds cool. Also if you’re bored eventually the computer can try to murder people as part of the plot, a real horror film twist. But do we need it?

Automated cars are a dream, especially if you’ve ever driven . . . well, anywhere. It’s a dream that’s cool and convenient and doesn’t have messy people, and looks awesome in films. It doesn’t deal with the reality that driving needs a moral actor to make decisions, even if you’re paying them by the mile. Also it doesn’t deal with outages, software updates, and crashes.

Then there’s our phones, our pocket computers. This is a totally understandable dream of course, going back to hand-held sci-fi gizmos and communicators. It’s just we never asked how we’d misuse them, as if people won’t find some weird use for technology five seconds after inventing it.

All of these are things we’ve seen in pop culture media since the 60’s (and I’d argue a lot of what we’re living in is very 80’s). But it’s not stuff from speculative fiction or deep analysis or asking hard questions of what we want and need in the future. It’s stuff that was fun to put into movies, tv, and comics.

That’s it. For many of us, the future we envision is something that was marketable.

So of course all the backfire we’re experiencing is a surprise. We weren’t buying a warning, we were buying a cool experience.

“A good science fiction story should be able to predict not the automobile but the traffic jam,” said Fredrick Pohl. Indeed it should. It’s just sometimes the warnings don’t sell – and other times people think the warning is cool (see many a stylish dystopia with lots of leather for no reason).

So much of the future that people want – or are trying to sell us at least – seems to just be whatever was laying around in pop culture for a while. It doesn’t have anything to do with speculation, or possibility, or what we need. It’s what many of us assume the future is supposed to be because we bought it.

But what is the future we really want and need? The struggle is to find that, and perhaps in this time where the future we bought is failing us, we have a chance to find it.

Steven Savage