Category: Writing

Categories
Writing

What is the Role of Cyber Operators in Assessing Effectiveness or Shaping Cyber Policy?

An anonymous European Intelligence Official wrote an oped in July entitled, “Can lawyers lose wars by stifling cyber capabilities?” The article does a good job in laying out why a cyber operator — that is, someone who is presumably relatively close to either planning or undertaking cyber operations — is deeply frustrated by the way in which decision-making is undertaken.

While I admit to having some sympathy for the author’s plight I fundamentally disagree with much of their argument, and think that the positions they hold should be taken up and scrutinised. In this post, I’m really just pulling out quotations from the article and then providing some rebuttal or analysis — you’re best off reading it, first, if you want to more fully follow along and assess whether I’m being fair to the author and the points they are making.

With that out of the way, here we go….

Law is no longer seen as a system of checks and balances but as a way to shape state behaviour in cyberspace

Yes, this is one of the things that laws are actually supposed to do. You may (reasonably in some cases) disagree with the nature of the laws and their effects, but law isn’t a mere “check and balance.” And, especially where there is no real ability to contest interpretations of law (because they are administered by government agencies largely behind closed doors) it is particularly important for law to have a stronger guiding function in order to maintain democratic legitimacy and social trust in government operations.

Idealistic legalism causes legal debates on cyber capabilities to miss a crucial discussion point: what operational constraints are we willing to accept and what consequences does that have for our national security?

Sure, but some of this is because the USA government is so closed mouthed about its capacities. Consider if there was a more robust effort to explain practice such as in the case of some European agencies? I would note that the Dutch, as an example, are sometimes pretty explicit about their operations which is then helpful for considering their activities with respect to authorising laws and associated national and international norms.

Laws attempt to capture as many activities in cyberspace as possible. To do so, legal frameworks must oversimplify. This is ill-suited to such a complex domain

This seems to not appreciate how law tends, at least in some jurisdictions, to be broader in scope and then supplemented by regulations or policies. However, where regulations or policies have been determined as regularly insufficient there may be a decision that more detailed laws are now necessary. To an extent, this is the case post-Snowden and with very good reason, and as demonstrated in the various non-compliance reports that has been found with certain NSA (and other American intelligence community) operations over time.

The influence of practitioners slowly diminishes as lawyers increasingly take the lead in shaping senior leadership opinions on proposed cyber operations rather than merely advising.

I can appreciate the frustration of seeing the leadership move from operations practitioners to policy/legal practitioners.1 But that shift between whether organisations are being led by operations practitioners or those focused in law/policy can be a normal back and forth.

And to be entirely honest the key thing — and the implicit critique throughout this whole piece — is that the decision makers understand what the ops folks are saying.2 Those in decision making roles have a lot of responsibilities and, often, a bigger or different picture of the implications of operations.

I’m in no way saying that lawyers should be the folks to always call the shots3 but just because you’re in operations doesn’t mean that you necessarily are making the right calls broadly and, instead, may be seeing the right calls through your particular lens and mission. That lens and mission may not always be sufficient in coming to a conclusion that aligns more broadly with agency or national or international policy intents/goals.

… a law might stipulate that a (foreign) intelligence agency cannot collect information from systems owned by the citizens of its country. But what if, as Chinese and Russian cyber threat actors do, a system belonging to a citizen is being abused to route attack traffic through? Such an operational development is not foreseen, and thus not prescribed, by law. To collect information would then be illegal and require judicial overhaul – a process that can take years in a domain that can see modus operandi shift in a matter of days.

There may be cases where you have particularly risk adverse decision makers or, alternately, particularly strong legal limitations that preclude certain kinds of operations.

I would note that it is against the law to simply target civilians in conflict scenarios on grounds that doing so runs counter to the agreed-upon laws of war (recognising they are often not adhered to). Does this have the effect of impeding certain kinds of military activities? Yes. And that may still be the right decisions notwithstanding the consequences it may have on the ability to conduct some operations and/or reduce their efficacy.

In the cyber context, the complaint is that certain activities are precluded on the basis that the law doesn’t explicitly recognise and authorise them. Law routinely leaves wiggle rooms and part of the popular (and sometimes private…) problem has been how intelligence lawyers are perceived of as abusing that wiggle room — again, see the NSA and other agencies as they were denuded in some of the Snowden revelations, and openly opposite interpretations of legislation that was adopted to authorise actions that legislators had deliberately sought to preclude.4 For further reasons the mistrust may exist between operators and legislators, in Canada you can turn to the ongoing historical issues between CSIS and the Federal Court which suggests that the “secret law and practices” adopted by Canada’s IC community may counter to the actual law and legal processes, and then combine that with some NSIRA findings that CSE activities may have taken place in contravention of Canadian privacy law.

In the above context, I would say that lots of legislators (and publics) have good ground to doubt the good will or decision-making capacity of the various parties within national ICs. You don’t get to undertake the kind of activities that happened, previously, and then just pretend that “it was all in the recent past, everything’s changed, trust us guys.”

I would also note: the quoted material makes an assumption that policy makers have not, in fact, considered the scenario the author is proposing and then rejected it as a legitimate way of operating. The fact that a decision may not have gone your way is not the same as your concerns not being evaluated in the process of reaching a conclusion.

When effectiveness is seen as secondary, cyber activities may be compliant, but they are not winning the fight.

As I have been writing in various (frustrating) peer reviews I’ve been doing: evidence of this, please, as opposed to opinion and supposition. Also, “the fight” will be understood and perceived by different people in different positions in different agencies: a universal definition should not be presumed.

…constraints also incur costs due to increased bureaucratic complexity. This hampers operational flexibility and innovation – a trade-off often not adequately weighed by, or even visible to, law- and decision-makers. When appointing ex-ante oversight boards or judicial approval, preparation time for conducting cyber operations inevitably increases, even for those perfectly legal from the beginning.

So, in this case the stated problem is that legislators and decision makers aren’t getting the discrete kinds of operational detail that this particular writer thinks are needed to make the “right” trade off decisions.

In some cases….yeah. That’ll be the case. Welcome to the hell of people not briefing up properly, or people not understanding because briefing materials weren’t scoped or prepared right, and so forth. That is: welcome to the government (or any sufficiently large bureaucracy)!

But more broadly, the complaint is that the operator in question knows better than the other parties but without, again, specific and clear evidence that the trade offs are incorrect. I get that spooky things can’t be spoken aloud without them becoming de-spookified, but picture a similar kind of argument in any other sector of government and you’ll get the same kind of complaint. Ops people will regularly complain about legislators or decision makers when they don’t get their way, their sandcastles get crushed, or they have to do things in less-efficient ways in their busy days. And sometimes they’re right to complain and, in others, there is a lot more at stake than what they see operationally going on.

This is a losing game because, as Calder Walton noted, ‘Chinese and Russian services are limited only by operational effectiveness’.

I don’t want to suggest I disagree! But, at the same time, this is along the lines of “autocracies are great because they move faster than democracies and we have to recognise their efficiency” arguments that float around periodically.5

All of which is to say: autocracies and dictatorships have different internal logics to their bureaucracies that can have corresponding effects on their operations.

While it may be “the law” that impedes some Five Eyes/Western agencies’ activities, you can picture the need to advance the interests of kleptocrats or dictators’ kids, gin up enough ransomware dollars to put food on the team’s table, and so forth, as establishing some limits on the operational effectiveness of autocratic governments’ intelligence agencies.

It’s also worth noting that “effectiveness” can be a contested concept. If you’re OK blundering around and burning your tools and are identified pretty often then you may have a different approach to cyber operations, generally, as opposed to situations where being invisible is a key part of operational development. I’m not trying to suggest that the Russians, Chinese, and other adversaries just blunder about, nor that the FVEY are magical ghosts that no one sees on boxes and undertaking operations. However, how you perceive or define “effective” will have corresponding consequences for the nature and types of operations you undertake and which are perceived as achieving the mission’s goals.

Are agencies going to publicly admit they were unable to collect intelligence on certain adversary cyber actors because of legal boundaries?

This speaks to the “everything is secret and thus trust us” that is generally antithetical to democratic governance. To reverse things on the author: should there be more revelation of operations that don’t work so that they can more broadly be learned from? The complaint seems to be that the lawyers et al don’t know what they’re doing because they aren’t necessarily exposed to the important spooky stuff, or understand its significance and importance. To what extent, then, do the curtains need to open some and communicate this in effective ways and, also, the ways in which successes have previously happened.

I know: if anything is shown then it blows the whole premise of secret operations. But it’s hard to complain that people don’t get the issues if no facts are brought to the table, whereas the lawyers and such can point to the laws and at least talk to them. If you can’t talk about ops, then don’t be surprised that people will talk about what is publicly discussable…and your ops arguments won’t have weight because they don’t even really exist in the room where the substantive discussions about guardrails may be taking place.

In summary: while I tend to not agree with the author — and disagree as someone who has always been more on the policy and/or law side of the analytic space — their article was at least thought provoking. And for that alone I think that it’s worth taking the time to read their article and consider the arguments within it.

  1. I would, however, would hasten to note that the head of NSA/Cyber Command tends to be a hella lot closer to “ops” by merit of a military leadership. ↩︎
  2. And, also, what the legal and policy teams are saying… ↩︎
  3. Believe me on this point… ↩︎
  4. See, as example: “In 2006, after Congress added the requirement that Section 215 orders be “relevant to” an investigation, the DOJ acknowledged that language was intended to impose new protections. A fact sheet about the new law published by the DOJ stated: “The reauthorizing legislation’s amendments provide significant additional safeguards of Americans’ civil liberties and privacy,” in part by clarifying, “that a section 215 order cannot be issued unless the information sought is relevant to an authorized national security investigation.” Yet just months later, the DOJ convinced the FISC that “relevant to” meant “all” in the first Section 215 bulk dragnet order. In other words, the language inserted by Congress to ​limit ​the scope of what information could be gathered was used by the government to say that there were ​no limits​.” From: Section 215: A Brief History of Violations. ↩︎
  5. See, as examples, the past 2-4 years ago when there was a perception that the Chinese response to Covid-19 and the economy was superior to everyone else that was grappling with the global pandemic. ↩︎
Categories
Links Writing

TikTok and the “Problem” of Foreign Influence

This is one of the clearer assessments of the efficacy (and lack thereof) of influencing social groups and populations using propaganda communicated over social media. While a short article can’t address every dimension of propaganda and influence operations, and their potential effects, this does a good job discussing some of the weaknesses of these operations and some of the less robust arguments about why we should be concerned about them.1

Key points in the article include:

  1. Individuals are actually pretty resistant to changing their minds when exposed to new or contradictory information which can have the effect of impeding the utility of propaganda/influence operations.
  2. While policy options tend to focus on the supply side of things (how do we stop propaganda/influence?) it is the demand side (I want to read about an issue) that is a core source of the challenge.
  3. Large scale one-time pushes to shift existing attitudes are likely to be detected and, subsequently, de-legitimize any social media source that exhibits obvious propaganda/influence operations.

This said, the article operates with a presumption that people’s pre-existing views are being challenged by propaganda/influence operations and that they will naturally resist such challenges. By way of contrast, where there are new or emerging issues, where past positions have been upset, or where information is sought in response to a significant social or political change, there remains an opportunity to affect change in individuals’ perceptions of issues.2 Nevertheless, those most likely to be affected will be those who are seeking out particular kinds of information on the basis that they believe something has epistemically or ontologically changed in their belief structures and, thus, they have shifted from a closed to open position to receive new positions/update their beliefs.

  1. In the past I have raised questions about the appropriateness of focusing so heavily on TikTok as a national security threat. ↩︎
  2. This phenomenon is well documented in the agenda-setting literatures. ↩︎
Categories
Photography Writing

Sharing Photographs, and Photography, with Others and Growing as a Photographer

Great Lakes Waterfront Trail, Toronto, 2024
Great Lakes Waterfront Trail, Toronto, 2024

Like many other photographers I regularly share my images through a social media platform. I also sometimes post them on this website. And that’s fine and good. And because it’s so normalized it feels very safe; while I might get positive comments from other users it’s the not the same as sharing my work where it might be assessed or publicly reviewed by people who are far more experienced by me, and where those considerations might she shared with a very large set of viewers.

Over the past year I’ve tried to push myself out of my comfort zone. I’ve been more active in thinking about street photography and sharing it with a part of the photographic community — the Photowalk Show — and then sometimes having those thoughts shared with Neale James’ other listeners. I submitted a few photos to a competition for the first time. I described for the first time the motivations and philosophy that underlie my street photography to a (friendly) group of strangers while also sharing an associated sequence of my photographs. I’ve had one of my photos highlighted in a roundup by Glass. And so on.

The White House, Washington, DC, 2023

But the scariest thing has been associated with my postcards project. To be clear, actually printing those postcards wasn’t scary at all! But actually sending them to people — with the prospect they would look at a cohesive bit of my work and then offer commentary to potentially hundreds or thousands of people — has been intimidating because it constitutes an exposure of my amateur photography to an otherwise unknown set of publics.

Crescent & Cluny, Toronto, 2024

I’m not afraid of publicity or engaging with publics. I’ve been very involved in public life for the past 15 years, and am as comfortable speaking with leaders of government or other senior leaders as I am appearing on television and speaking to tens or hundreds of thousands of people. But the sharing of my photographic hobby is different because it isn’t a domain where I’m a well-credentialed expert: I’m very much a learning amateur when it comes to photography. While I take my hobby very seriously I don’t have the skills or experience that parallel those of a more seasoned or professional photographer.

Yonge & Dundas, Toronto, 2024

I recognize that sharing my work, be it with Neale James and his Photowalk Podcast, or with Ted Forbes and his Art of Photography YouTube channel, has been a real step for me. It represents my ever deepening appreciation for the art form and my starting to explore ways of more broadly sharing my work, as well as developing increasing confidence in what I’m making. I’ve got an long way to go in deepening my expertise in making the kinds of photos I want to make but I feel more confident in what I’m doing, today, than I did even a year ago.

Categories
Links Writing

Russian State Media Disinformation Campaign Exposed

Today, a series of Western allies — including Canada, the United States, and the Netherlands — disclosed the existence of a sophisticated Russian social media influence operation that was being operated by RT. The details of the campaign are exquisite, and include some of code used to drive the operation.

Of note, the campaign used a covert artificial intelligence (AI) enhanced software package to create fictitious online personas, representing a number of nationalities, to post content on X (formerly Twitter). Using this tool, RT affiliates disseminated disinformation to and about a number of countries, including the United States, Poland, Germany, the Netherlands, Spain, Ukraine, and Israel.

Although the tool was only identified on X, the authoring organizations’ analysis of the software used for the campaign indicated the developers intended to expand its functionality to other social media platforms. The authoring organizations’ analysis also indicated the tool is capable of the following:

  1. Creating authentic appearing social media personas en masse;
  2. Deploying content similar to typical social media users;
  3. Mirroring disinformation of other bot personas;
  4. Perpetuating the use of pre-existing false narratives to amplify malign foreign influence; and
  5. Formulating messages, to include the topic and framing, based on the specific archetype of the bot.

Mitigations to address this influence campaign include:

  1. Consider implementing processes to validate that accounts are created and operated by a human person who abides by the platform’s respective terms of use. Such processes could be similar to well-established Know Your Customer guidelines.
  2. Consider reviewing and making upgrades to authentication and verification processes based on the information provided in this advisory;
  3. Consider protocols for identifying and subsequently reviewing users with known-suspicious user agent strings;
  4. Consider making user accounts Secure by Default by using default settings such as MFA, default settings that support privacy, removing personally identifiable information shared without consent, and clear documentation of acceptable behavior.

This is a continuation of how AI tools are being (and will be) used to expand the ability of actors to undertake next-generation digital influence campaigns. And while adversaries are found using these techniques, today, we should anticipate that private companies (and others) will offer similar capabilities in the near future in democratic and non-democratic countries alike.

Categories
Photography Writing

Structured Thoughts on Social Media

College & Manning, Toronto, 2024

Neale James, host of the Photowalk, put out a call last month where he asked listeners to the podcast to offer some thoughts about social media. The episode that arose from listeners’ considerations is live and I’ve provided my (slightly edited) full response to Neale below.

By way of background, I’ve spent a lot of time thinking about social media professionally in a number of ways, used it professionally to affect political change, and have also used it personally now for over 20 years at this point.

How do you use it?

One of my many positive early memories of social media is how, over 10 years ago, I and a series of cybersecurity researchers used Twitter to coordinate an incident response that led us to realise that the government of Iran was intercepting Google traffic being delivered to residents of Iran. That led to the resolution of the issue and stopped that government from conducting surveillance of its residents using the technique in question. So a good thing! Overall, up until about a year ago I used Twitter constantly for professional purposes.

However, the implosion of Twitter under Elon Musk, combined with moving into a privacy regulator’s office, has meant that I’ve stepped back from the same professional presence. I’ve trained the LinkedIn algorithm so it surfaces valuable professional content in my current role, but I don’t really use other social media professionally at this point.

Personally, the only truly valuable social media service that I use, and participate on, is Glass. It’s a small and paid photo sharing site. The community is positive and active, and it features interesting photography from around the world. I’ve also been blogging, now, since the 2002, and continue to keep that up as another outlet.1

Do you engage more, or less, with social media than you once did?

Less than in the past. Some of this is time. Some of it is, as mentioned, due to changes in the networks (e.g., Twitter) or the scattering of the communities (see again: Twitter) and the changing of my job.

I continue to use Glass, however, with a high degree of frequency and visit once or twice a day to see new images and I post one image per day.

What is your favourite platform and why?

For photographic purposes, Glass. It’s not as interactive as some other services which is fine, really, because I can go in and see things/comments, and then leave. There isn’t an algorithm that’s trying to keep me interested in perpetuity. It’s a healthier way for me to interact with other people online.

Explain your feelings about the currency of likes…

They’re…not good? I mean, they give quite the dopamine hit! But it also interferes with why you might create work, or explore producing new kinds of work. We know that certain kinds of images will get more likes due to smaller screens and shorter attention spans as we skim images; removing likes — or at least deprioritizing them in the user interface — can have the effect of encouraging people to explore different kinds of practice and without a sense that the new isn’t less liked.

What has it done for photography?

It’s easy to say that likes have done bad things to photography. But I really don’t know that that’s fair or even necessarily correct.

There are a lot more people making photographs than ever before. And part of the process tends to be learning how other people tried to make images: how many of us spent time to figure out how to make silhouettes? And with the ‘like’ metric you can get a rough guesstimate of whether you’re getting better and better at this kind of classic image. The same is true for lots of other ‘standard’ kinds of images. I think that’s great! People are better photographers on average, today, than ever before. We should celebrate that more often than we tend to.

Where I think that likes can be harmful is that they can stunt photographic growth or exploration. Also, due to how algorithms work, ‘low like’ content might be hidden and thus prevent the artist from receiving feedback on positive areas to improve towards. And, of course, there can be mental health issues when individuals ‘bully’ one another by providing or depriving individuals of likes. All of those aren’t great outcomes.

What would the perfect platform look like?

Utopia and dystopia: both places that don’t exist in reality, and neither of which is a place that you likely ever want to end up in.

All of which is to say, I think there are different characteristics of social media sites and you can dial those characteristics up or down and you create different kinds of sites and experiences. A few ‘dials’:

  • How ‘chatty’ or conversational is the environment? Does ‘community’ involve direct messages?
  • How compressed are the images? Is it build for phone screens, tablet screens, monitors, or…?
  • How effectively are you introduced to/able to discover new photographers?
  • What is the information density — how much is on the screen at once?
  • What is/isn’t made public? And how? Do you list numbers of followers, likes, etc?
  • How much are you appealing to the masses vs dedicated photography enthusiasts?
  • Monetized by users paying money, or monetizing the users?
  • Is it a ‘hot’ medium (e.g., sound and video) or a bit ‘colder’ of a medium (e.g., photographs and text)?
  • How personalized is the experience (i.e., lots of algorithmic engagement vs just find it on your own)?
  • Is there an assertive and active safety team that blocks certain content from appearing on the site?

When you adjust just some of those dials you affect the nature of the site, the number of users that you need to be revenue neutral, and affect how people will interact with one another. What I think is better will be worse for others, and vice versa.

I actually think that there should, ideally, be a diversity of experiences. And that it’s fine if different little groups form across the Internet that enjoy their parts of the Internet differently. There’s no reason why a half-dozen different photographic social media sites cannot exist, as an example, nor is it really a problem if you aren’t engaging with all of them. Find a site that has the ‘dials’ adjusted to your tastes and you’ll have hopefully found an environment — and user base — that you can enjoy and thrive with.

Tell me about the good bits, the bad bits, and all the bits in between…

I’m sure that I could go on in more depth but won’t drag on. Suffice to say that I think — hell, I know based on my professional experiences — that social media can be powerful and important and enable lots of good things in the world. But, at the same time, it can foster anti-social behaviours, be used to fuel genocide, and just be a depressive hellscape.

This isn’t to say that technology is neutral, however: all technologies as they are designed have particular affordances. Those affordances are linked to how those dials are turned. And there are certainly some ways of turning the dials that are not particularly good for humans, even if we enjoy those sites like sugary food, and other ways that are better, which are more like a banana or apple or something that has a modicum of healthiness.

We shouldn’t demand that everything is digitally healthy — we should be able to enjoy cheeseburgers and poutine now and again!! — but the totality of our dining establishments shouldn’t be fast food and deep fried food. Because we know that it’s really not good for us.

  1. Though all those earlier blogs have long since been scrubbed from the Internet and archived in a place no-one can find in storage. Which is a relief as no-one needs to be reminded of what I was like online in the early 2000s! ↩︎
Categories
Aside Writing

2024.6.27

For the past many months I’ve had the joy of working with, and learning from, a truly terrific set of colleagues. One of the files we’ve handled has been around law reform in Ontario and specifically Bill 194, the Strengthening Cyber Security and Building Trust in the Public Sector Act.

Our organization’s submission focuses on ways to further improve the legislation by way of offering 28 recommendations that apply to Schedule 1 (concerning cybersecurity, artificial intelligence, and technologies affecting individuals under the age of 18) and Schedule 2 (amendments to FIPPA). Broadly, our recommendations concern the levels of accountability, transparency, and oversight that are needed in a rapidly changing world.

Categories
Photography Writing

WWDC 2024 What Do I (Still….) Want To See?

A couple years ago I posted what I wanted for WWDC 2022. I figured that I’d go through the past list and cross off the items that have arrived over the past two major updates to iOS.

And then I’m going to sketch out how I’d like to see Apple actually adopt more AI/ML into their operating systems.

Photos

This was a low point in iOS and remains so. I really want Apple to improve the Photos application given how regularly I use it.

  • The ability to search photos by different cameras and/or focal lengths
  • The ability to select a point on a photo to set the white point for exposure balancing when editing photos
  • Better/faster sync across devices
  • Enable ability to edit geolocation
  • Enable tags in photos

All of these are basically just aiming to have the iOS Photos app getting brought up to the same standards as Photos on MacOS.

Camera

There is so much potential that’s in the Camera application. I look at this from the perspective of a photographer, while recognizing that Apple has done a lot to really improve the state of things for videographers.

  • Set burst mode to activate by holding the shutter button; this was how things used to be and I want the option to go back to the way things were!
  • Advanced metering modes, such as the ability to set center, multi-zone, spot, and expose for highlights!
  • Set and forget auto-focus points in the frame; not focus lock, but focus zones
  • Zone focusing
  • Working (virtual) spirit level!

Maps

I actually like Maps. I use it a lot. But I definitely want things to be much more collaborative and less focused on Yelp data. I really do like the privacy aspects associated with Maps over some competing applications.1

  • Ability to collaborate on a guide
  • Option to select who’s restaurant data is running underneath the app (I never will install Yelp which is the current app linked in Maps)

Music

Music is fine on the whole. Still want to have something like multiple libraries, though.

  • Ability to collaborate on a playlist
  • Have multiple libraries: I want one ‘primary’ or ‘all albums’ and others with selected albums. I do not want to just make playlists

Reminders

While it’s getting better there’s still some things to do, though apparently the second item may be coming this WWDC which would be pretty great.

  • Speed up sync across shared reminders; this matters for things like shared grocery shopping!
  • Integrate reminders’ date/time in calendar, as well as with whom reminders are shared

Messages

These are both covered off!

  • Emoji reactions
  • Integration with Giphy!

News

I’ll be honest: I’ve given up on the RSS feed idea and just rely on Reeder. But I use News a lot and so it’d be nice to more fully block publications from coming up.

  • When I block a publication actually block it instead of giving me the option to see stories from publications I’ve blocked
  • It’d be great to see News updated so I can add my own RSS feeds

Fitness

The number one issue with Fitness is that I can’t log rest days. I’ve actually started to use Streaks to be more forgiving and stopped worrying so much about maintaining my streaks in Fitness. But it’s absurd that Apple hasn’t integrated this feature that’s widely requested by its user base.

  • Need ability to have off days; when sick or travelling or something it can be impossible to maintain streaks which is incredibly frustrating if you regularly live a semi-active life

Health

This still isn’t great. There is no good year over year data that you can compare against. I don’t understand why the UI isn’t better and I hope that it gets better soon.

  • Show long-term data (e.g. year vs year vs year) in a user friendly way; currently this requires third-party apps and should be default and native

And one more thing…

There is a lot of time and attention being paid to how Apple will show off artificial intelligence functionality in forthcoming operating systems. I tend to agree with Joe Rosensteel about what Apple shouldn’t do: no spying AI systems and instead a focus on useful AI-enabled functionalities.

For Photos I want to propose a pretty useful option for people that would leverage some existing iPhone capabilities. Imagine if you could take a photo (or use the measurement application built into Apple’s mobile OSes) to determine how large a photo would fit in a frame along with the aspect ratio and, then, prompted you to select photos for the frame. That selection could either automatically select just photos of the right aspect range or could show what an AI-determined best aspect ratio crop would look like.

If something like this were bundled up in a kickass UI I can see this being phenomenally helpful and solving a real world annoyance for anyone who wants to print photos.

We create far too many digital photos and print far too few. Physical photos are part of building longterm and vibrant memories: Apple should lean into enabling its customers to make these kinds of mementos.

  1. Rather than requesting a route from A to B, Apple Maps sends off multiple requests with multiple identifiers that masks where you’re trying to go. The app also converts your precise location to a less-exact one after 24 hours, and Apple itself doesn’t store any information about where you’ve been or what you’ve been searching for. Plus none of the information that reaches an external server is associated with your Apple ID. Source: https://www.tomsguide.com/news/google-maps-vs-apple-maps ↩︎
Categories
Writing

What Does It Mean To “Search”

Are we approaching “Google zero”, where Google searches will use generative AI systems to summarize responses to queries, thus ending the reason for people to visit website? And if that happens what is lost?

These are common questions that have been building month over month as more advanced foundational models are built, deployed, and iterated upon. But there has been relatively little assessment in public forums around the social dimensions of making a web search. Instead, the focus has tended to be on loss of traffic and subsequent economic effects of this transition.

A 2022 paper entitled “Situating Search” identifies what a search engine does, and what it is used for, in order for the authors to argue that search that only provides specific requested information (often inaccurately) fails to account for the broader range of things that people use search for.

Specifically, when people search they:

  • lookup
  • learn
  • investigate

When a ChatGPT or Gemini approach to search is applied, however, it limits the range of options before a user. Specifically, in binding search to conversational responses we may impair individuals from conducting search/learning in ways that expand domain knowledge or that rely on sensemaking of results to come to a given conclusion.

Page 227 of the paper has a helpful overview of the dimensions of Information Seeking Strategies (ISS), which explain the links between search and the kinds of activities in which individuals engage. Why, also, might chat-based (or other multimodal) search be a problem?

  • it can come across as too authoritative
  • by synthesizing data from multiple sources and masking the available range of sources, it cuts the individual’s ability to expose the broader knowledge space
  • LLMs, in synthesizing text, may provide results that are not true

All of the above issues are compounded in situations where individuals have low information literacy and, thus, are challenged in their ability to recognize deficient responses from an AI-based search system.

The authors ultimately conclude with the following:

…we should be looking to build tools that help users find and make sense of information rather than tools that purport to do it all for them. We should also acknowledge that the search systems are used and will continue to be used for tasks other than simply finding an answer to a question; that there is tremendous value in information seekers exploring, stumbling, and learning through the process of querying and discovery through these systems.

As we race to upend the systems we use, today, we should avoid moving quickly and breaking things and instead opt to enhance and improve our knowledge ecosystem. There is a place for these emerging technologies but rather than bolting them onto–and into–all of our information technologies we should determine when they are or are not fit for a given purpose.

Categories
Writing

Establishing Confidence Ratings in Policy Assessments

Few government policy analysts are trained in assessing evidence in a structured way and then assigning confidence ratings when providing formal advice to decision makers. This lack of training can be particularly problematic when certain language (“likely,” “probable,” “believe,” etc) is used in an unstructured way because these words can lead decision makers to conclude that recommended actions have a heft of evidence and assessment that, in fact, may not be present in the assessment.

Put simply: we don’t train people to clinically assess the evidence provided to them in a rigorous and structured way, and upon which they make analyses. This has the effect of potentially driving certain decisions that otherwise might not be made.

The government analysts who do have this training tend to come from the intelligence community, which has spend decades (if not centuries) attempting to divine how reliable or confident assessments are because the sources of their data are often partial or questionable.

I have to wonder just what can be done to address this kind of training gap. It doesn’t make sense to send all policy analysts to an intelligence training camp because the needs are not the same. But there should be some kind of training that’s widely and commonly available.

Robert Lee, who works in private practice these days but was formerly in intelligence, set out some high-level framings for how private threat intelligence companies might delineate between different confidence ratings in a blog he posted a few years ago. His categories (and descriptions) were:

Low Confidence: A hypothesis that is supported with available information. The information is likely single sourced and there are known collection/information gaps. However, this is a good assessment that is supported. It may not be finished intelligence though and may not be appropriate to be the only factor in making a decision.

Moderate Confidence: A hypothesis that is supported with multiple pieces of available information and collection gaps are significantly reduced. The information may still be single sourced but there’s multiple pieces of data or information supporting this hypothesis. We have accounted for the collection/information gaps even if we haven’t been able to address all of them.

High Confidence: A hypothesis is supported by a predominant amount of the available data and information, it is supported through multiple sources, and the risk of collection gaps are all but eliminated. High confidence assessments are almost never single sourced. There will likely always be a collection gap even if we do not know what it is but we have accounted for everything possible and reduced the risk of that collection gap; i.e. even if we cannot get collection/information in a certain area it’s all but certain to not change the outcome of the assessment.

While this kind of categorization helps to clarify intelligence products I’m less certain how effective it is when it comes to more general policy advice. In these situations assessments of likely behaviours may be predicated on ‘softer’ sources of data such as a policy actor’s past behaviours. The result is that predictions may sometimes be based less on specific and novel data points and, instead, on a broader psychographic or historical understanding of how an actor is likely to behave in certain situations and conditions.

Example from Kent’s Words of Estimative Probability

Lee, also, provided the estimation probability that was developed in the early 1980s for CIA assessments. And I think that I like the Kent Word approach more if only because it provides a broader kind of language around “why” a given assessment is more or less accurate.

While I understand and appreciate that threat intelligence companies are often working with specific datapoints and this is what can lead to analytic determinations, most policy work is much softer than this and consequently doesn’t (to me) clearly align with the more robust efforts to achieve confidence ratings that we see today. Nevertheless, some kind of more robust approach to providing recommendations to decision makers is needed so that executives have a strong sense of an analyst’s confidence in any recommendation, and especially when there may be competing policy options at play. While intuition drives a considerable amount of policy work at least a little more formalized structure and analysis would almost certainly benefit public policy decision making processes.

Categories
Photography Writing

Tecumseth & Niagara, Toronto, 2023

Tecumseth & Niagara, Toronto, 2023

Toronto is a city of destruction and construction: destruction of the previous era’s architecture (and often industrial buildings) and the construction of housing or glass office towers in their stead. This image by Tecumseth & Niagara shows the destruction of an abattoir that was removed to make room for condos, and the buildings in the background are new rentals in Toronto’s Liberty Village. When I landed in Toronto, in Liberty Village over a decade ago, the land those rentals are on were home to a few artist spaces where the big Toronto samba schools practiced and massive parade puppets were made. Nothing has replaced those artist spaces, to the detriment of artists across the city.

Weirdly I have very intimate memories of the abattoir. Toronto hosts an annual sunset-to-sunrise art festival, Nuit Blanche, and a couple interesting art exhibits were hosted at the abattoir over the years, and I have photos of them that I regularly return to re-experience. After the buildings were designated for destruction a number of community vegetable gardens were maintained on the outside lots. It was always a striking place to come and make images, and was a reminder of the Toronto-that-once-was and was yet-to-become.

For many street photographers, we take images and it is decades later that ‘difference’ is registered because many cities take a long time for major changes to become visible. It’s part of why the habits of the population —what people are wearing, holding, or driving — resonate so strongly with viewers; people and culture change while the built environment persists.

Toronto, by way of contrast, is in a moment of hyper-growth and so an attentive and active street photographer can document things today that may literally be different tomorrow. It turns the street photographer, almost by default, into an urban documentarian. And, also, is one of the many reasons why I think that Toronto offers a subset of street photographers a real opportunity to do novel and rapidly impactful work, as compared to those working in cities that aren’t undergoing the same tempo of destruction and re-construction.