The Scale of Victims

(This column is posted at www.StevenSavage.com, Steve’s Tumblr, and Pillowfort.  Find out more at my newsletter, and all my social media at my linktr.ee)

It sure seems there’s a lot of IT security breaches lately. In fact, it’s to the point where I can’t remember which one inspired this column. It’s probably just as well, since you can map whatever horrific violation of privacy you heard of this week onto this column. There, I’ve sort of written something relatively timeless because people are dumb.

One of the things I wonder about is why more CTOs, CIOs, and so forth aren’t being taken to court, followed by reporters, and in general held freaking responsible for their companies having lousy security. Yes there’s all sorts of shielding from accountability, but you think we’d see some effort, but I think one thing protecting them is that the company is seen mostly as a victim.

I’d argue that’s technically right, the companies were attacked by some external force. But treating companies as equivalent of people ignores their responsibilities. People, individual moral agents, can be victims, but corporations are not people and not moral agents, and treating them as victims like people lets them out of responsibilities. Sorry, Mitt Romney.

Think about a person who is a victim of a crime. Though people often try to blame victims, those blamers are usually both wrong and assholes (and sometimes justifying their own crimes). A person who is victim of a crime is a victim in that someone else chose to behave criminally.. Even if said victim enhanced their own danger it doesn’t remove the culpability of the criminal, who violated social and legal norms that people are expected to follow.

When I watch people shrug as corporation after corporation has customer records placed on the dark web, I see comments about how crappy their security is, but it doesn’t seem particularly judgmental. This impresses me as an echo of the don’t-blame-the-victim mentality.

But corporations are groups of people – organizations. That organization makes certain agreements and promises in order to exist. Security of data is, obviously, part of them. If one’s data is breached, despite the criminals actions, you also take responsibility as you are responsible. If you’re leadership, you should be on the line because you made a promise that this probably won’t happen.

Organizations are about promises and responsibility. Screw that up, and no matter why, someone has to pay as your failure hurt the organization and the people involved. You don’t have to restrain yourself on going after the people who did the actual crime, but corporations have made promises. If you can’t keep them, you’ve got a problem.

In fact, I’d say a corporation that suffers a data breach or similar failure must be investigated to see if it violated social norms. If the corporation made guarantees it could not and did not keep, if good faith effort was not made, the corporation was responsible. There is a failure of the company that echoes the action of the criminal, it too violated norms.

Of course we all know that if we at all ask this we’ll find a lot of corporations have done terrible at security. It’s all cost cutting, half-assed integration, and big bonuses. A lot of companies, if they were really investigated for security problems, would be locked down and sold off for being terrible.

(And yes, I work in Healthcare, which has insanely strict rules, but everyone should for everything, and we remember that these rules protect people.)

We don’t need to act like corporations are victims like people. If they can’t keep their promises, if security violations reveal they’ve done a poor job of protecting people, they’re part of the problem. Some of them should pay. Some shouldn’t exist.

Steven Savage

Into The Nothing That’s Everywhere

I observed a discussion of AI art online, and someone made a chillingly accurate comment. They said people were using AI art to get clicks on message boards. Using a tool to make “art” that you didn’t make, to post to a board of people you don’t know, so they click on the post so you feel good. Nothing actually happens or means anything. It’s just automation wearing the clothes of human interaction.

I began asking just how much of modern interaction, infused by market-driven technology, is just meaningless clicks. How much is nothing.

Not much later, I was listening to a podcast on game and game development, and how some people courted controversy. You could make an utterly crappy game, but get the right people to scream about how great it is, cite culture war B.S. and you’d sell your game. You’d get “reviews” yes, but the reviews wouldn’t be about the game you made, just who you annoyed. The tools to make a game, the social media to discuss it, the ways to distribute it, but the game itself means nothing.

Doing something to get something else to happen over something else, while everyone pretends something meaningful is going on. Human interaction as a Mousetrap-style game to get clicks, sell adds, or just annoy someone you’ll never meet. Meaningless. Nothing.

These experiences helped me get a feel for the profound alienation that seems to have settled on many in our high-tech supposedly connected world. The system of clicks, views, reviews, etc. means something else than it says it is, if it’s about anything else anymore. Yes, some – a great deal – is about ad revenue, but that’s you doing something so someone else pays you to shill an unrelated product. Even then it’s still so abstract from what you say is going on.

The Enshittification of human interaction. People can’t even hate each other properly without worrying about follower count and ad revenue.

The thing is we expected the Internet to connect us – it can and it has. Yes, it lets you build a bubble, but humans always do that. As I look over this phenomena of human abstraction and clicks and numbers, I think a way to look at it is that we’ve added middlemen.

Ad revenue companies, many big tech companies, etc. Even crypto is really a kind of middleman, an unregulated stock market of the imagination that you eventually have to cash in for real money. All of it is inserting yourself into the human experience to charge a toll and getting people to click, maybe paying them in a cut or just giving them a number to watch go up.

And now, nothing means anything except clicks and who’s getting paid. Sometimes no one is getting anything but is hoping to or doing it out of habit. Worse, so much started pretty good.

Now I wonder how sustainable it all is – and I honestly don’t know. We’re in unexplored territory at scale while the climate changes and the world careens forward. But wherever we are now, I don’t think it’s going to solve our problems. You can’t solve anything with nothing, and there’s a whole lot of nothing right now – a complicated nothing.

We need less of this nothing.

Steven Savage

How I Went In Search Of The IT Gap

 

OK, we all know the story, or at least those of us trying to hire people with IT skills do – there’s not enough people out there to hire! We can’t find anyone. Dogs and cats living together, mass hysteria, and those empty desks that should be filled with busy geeks.

If you haven’t heard this complaint you’re A) lucky, B) ignorant, C) a liar, or D) better at hiring than a lot of people – a whole lot of people.

For over a year I’ve been hearing that there’s some kind of IT hiring gap. This isn’t new of course, complaint about some kind of “skills gap” goes back for years in many fields.  I think I’ve been hearing about this for about four years, even when unemployment was higher.

However among these claims I’d occasionally hear a dissenting voice. That there’s not a gap, or that these claims were ways to get in cheap H1B visa employees, or someone had no trouble in hiring and just thought this was BS.  It made me wonder if this is for real.

Let’s face it, it’s important to know what the heck is actually going on in IT.  IT is vital to the economy.  It’s  close to we geeks who are so tied to technology industries and areas. Some of us want a damn job and we’d like to know what’s going ob.  Some of us are trying to hire people and want to know why it isn’t working.  If this gap is BS then people claiming there is one are ignorant, deceptive, or both and we’ like to know.

So is there an IT Gap, where we don’t have enough people to do the IT jobs of today?

Read more