Category Archives: legal

December 17, 2018 · 3:03 pm

Apple & Google: It’s Up to You to Save the Dying Smart Phone User Experience

cell phone

I loathe my iPhone.

No, let me rephrase that: I loathe the experience of owning a mobile smart phone. Mine happens to be an iPhone, and I’m calling attention to that for a reason.

Remember the iPod? The first iPod launched in 2001. It was Steve Jobs’ baby, and it literally saved Apple from oblivion. Jobs sold it as a bog-simple concept – “1000 songs in your pocket.” It was a portable digital media player – ho-hum today, but that’s because we forget its novelty in its time. But the real vision embodied by the iPod was in Jobs’ insistence that Apple own every element of the user experience, from the first moment the buyer touched that unique round controller, to the carefully choreographed opening of the package, to the downloading of songs from iTunes, and on and on for the life of the device. I still have, use and love the iPod Nano I bought in 2004.

Apple saw to it that every aspect of my experience with that little red brushed-metal-clad gadget was as pleasurable as it could be. No other tech ownership experience I’ve ever had has come close. The Harvard case study version of what happened next for Apple is that the iPod revived a floundering company and turned it into one of the most valuable brands in the history of the world.

The iPhone is the iPod’s most direct descendant. It has brushed aside competition from Android and other devices because Jobs’ successors at Apple learned from the iPod’s dominance through obsessive attention to design and user experience. And the rejuvenated Apple had the brute force of supplier dominance and market power to swamp the smart phone market.

The smart phone experience has deteriorated, from enjoyment of the utility and entertainment value of having a powerful internet endpoint in my pocket, to increasing frustration as my iPhone has become a constant, productivity-draining source of interruptions.

Smart phones are connected to mobile communications networks and the internet. The market and the device itself are affected by networks, systems and regulatory conditions that are beyond Apple’s control. But as one of the most valuable companies in history, Apple has power – market power and political power. It is big enough to influence public policy, as its documented history of (apparently legal) tax avoidance demonstrates.

A Constant Productivity Drain

Apple’s power to influence public sector policymaking is what brings me back to my experience as a smart phone user. Because that experience has deteriorated, from enjoyment of the utility and entertainment value of having a powerful internet endpoint in my pocket, to increasing frustration as my iPhone has become a constant, productivity-draining source of interruptions.

I, like a lot of people I know, am interrupted dozens of times a day by spam phone calls and text messages. These things come in waves — spammers seem to buy huge batches of numbers, from all over the USA, put robodialers on them, hammer their lists for a few weeks, and then lie low for a while. Then they return.

The Federal Trade Commission and the states have Do Not Call lists; you add your number to these lists, and then by law the spammers are supposed to leave you alone. It’s a joke. Spammers ignore those lists.

What some of us do now is download to our smart phones a call-blocking app. The one I use is called “Mr. Number,” but there are a bunch of them out there. Mr. Number monitors all my phone traffic. When I get a spam call, I add it to a block list that the app maintains for me, and report it to a database that they keep centrally, which allows me to describe the nature of the scam. There are, I imagine, hundreds of thousands of numbers in that database from all the app’s users. The app is pretty effective for a while; then the spammers buy more bulk batches of numbers and we start all over again.

As far as I can tell, phone spammers act with absolute impunity — there don’t seem to be any consequences for what they’re doing. Why? Because policymakers don’t have the will to do anything about phone spam. I imagine, in fact, that the parasitic enterprises that generate the robocalls influence legislators to avoid practical regulation, in the same way payday lenders have, through campaign contributions and lobbying. (They have had help from lobbyists for the debt collection agencies, who also robocall.)

But Apple has the kind of influence that could overwhelm that of the robocall scammers. Apple is a lobby unto itself. If Steve Jobs were alive today and running the company, I believe he would understand the potential for phone spam to so degrade the smart phone experience, for so many users, that it becomes a fundamental threat to the evolution of the mobile device market and all the apps and services that depend on it. Jobs would act – and Tim Cook could act – to save the smart phone experience.

There IS a Fix

So, beyond browbeating Apple (and, by extension, Google and Samsung), am I suggesting that there even is a practical way to rein in phone spam? Of course there is.

As I say, I use an app called Mr. Number. The block list the app allows me to compile for my own phone is somewhat useful, but the real value is in the database the vendor maintains. For each source phone number in it, the vendor has a history that includes the number of times it’s been reported as a spam source, and each individual report, explaining the nature of the intrusion.

I propose that either the Federal Trade Commission or the Federal Communications Commission establish a partnership with a vendor like Hiya, which markets Mr. Number, under which the federal agency would get access to the database. (I suppose it would be fair to pay the vendor for this; it might even make sense for the agency to fund improvements to the vendor’s infrastructure.)

The real value is in the database the vendor maintains. For each source phone number in it, the vendor has a history that includes the number of times it’s been reported as a spam source, and each individual report, explaining the nature of the intrusion.

The new regulation I envision would provide that for every number that reached a certain volume of reported complaints, the agency would identify the carrier that issued the number (e.g., Verizon or AT&T), and then trigger an order to the carrier to identify the party to whom the number was sold. That party would be notified that it was using the number illegally; the number would be suspended or terminated and the offending user assessed fines that would escalate with repeat offenses, until they genuinely hurt. There would be one class of fines for people spamming to sell basically legitimate services. For callers pushing culpable fraud, there would be fines for the calls and additional penalties for the fraud itself.

States’ Attorneys General have been agitating for action on robocalling. But since the calls are virtually always interstate, jurisdiction clearly is federal. The Federal Government routinely collaborates with the large telecommunications carriers and secures private data on individual subscribers, so there is obvious precedent for getting access to the identities of the spammers.

(Yes, I know: Often the spammer is using a feature of voice over IP technology to “spoof” the number that shows up in caller ID. There is an aboveboard market for spoofing technology, but it is exploited constantly by spammers to hide the sources of their calls. VOIP spoofed calls can be traced by law enforcement agencies with subpoenas. The interests of the handful of companies that market spoofing tools are in direct conflict with those of the hundreds of millions of us who are plagued by these calls; new regulations are needed.)

The vendor of the call blocking app (or several vendors) would love to have the federal contract. And the regulation would address a problem that everyone experiences – Democrats, Republicans, Independents, really anyone who has a phone. We ALL hate this.

Such regulation has begun to get across-the-aisle support. But regulation aimed at blocking or redirecting robocalls won’t solve the problem. Robocalling works for spammers because it costs practically nothing to send millions of calls or text messages, and enough of them will get through to make it worth the investment. Regulation will need to trace the calls to their sources – especially those hiding behind VOIP spoofing – identify those sources, and hit them with real consequences.

And let’s be realistic: New regulations like these aren’t coming from a Congress that is in the thrall of campaign donors whose interest is in preserving their right to annoy us with scam solicitations dozens of times a day. For that, the only resolution is countervailing lobbying pressure – potentially enormous pressure – from the companies whose interest is in saving the smart phone user experience.

Looking at you, Tim Cook and Sundar Pichai.

2 Comments

Filed under legal, politics

Tagged as mobile, spam

October 12, 2017 · 4:02 pm

Attorney General Sessions: Stop Scapegoating Immigrants

I try to keep politics separate from this blog and from my professional social media presence. But I’ve spent too much time and energy on the issue of asylum law in the U.S. to listen passively while Jeff Sessions conducts his ignorant, nativist campaign against asylum-seekers.

The Plight of Asylum-Seekers (Bloom Magazine)

The attorney general is pointlessly, cynically scapegoating desperate people who are in the U.S. legally, seeking safe haven from typically-violent persecution in their home countries. Until they have their hearings with the U.S. Citizenship and Immigration Services — for which they are usually made to wait two to three years — they are legally not subject to deportation, and it is grossly irresponsible for the attorney general to make statements that could prejudice USCIS against their petitions.

For at least the first six months after these people apply for asylum, they are not legally allowed to work. They are entirely reliant on their own savings or on charity. They’re certainly not taking jobs from Americans.

Even after they have their hearings, asylum-seekers typically wait years before a final decision comes down. While they are waiting, they usually are underemployed, if they are employed at all. And they are laying very low — asylum-seekers keep to the shadows, lest they attract the attention of people in their home countries who could take action against their friends or relatives.

“This is the worst part of asylum law. People talk to me, and I am 95 percent certain that they will be harmed if they go back home, but I know the government will deny them asylum.”

Christine Popp, immigration lawyer, Bloomington, Indiana

If you’re assuming that demonstrating that the applicant is likely to face violent reprisals on returning to his or her home country is enough to justify asylum…think again. Under U.S. law, the asylum-seeker has to prove that their fear is based on their membership in a persecuted group. Groups are narrowly and tortuously defined.

Most asylum applications are denied. Denials often are for arbitrary reasons, or no stated reason at all. The applicant’s chance of approval is largely based on the jurisdiction in which the hearing takes place; some offices reject more than 90% of the applications they hear. And the federal government commonly appeals asylum decisions that result in approvals.

Jeff Sessions’ rant about applicants’ gaming the asylum system is not based on any factual analysis. It’s just the latest Trump Administration attempt to make its critics feel powerless in the face of its incessant stream of irrational, antisocial, irresponsible, destructive policy pronouncements. This plays well with Trump’s extremist base, but it is immoral and impractical policy.

Kudos to Nuix

Re: My previous post regarding the Panama Papers and my offer to write a case study on the eDiscovery technology being used to analyze the content:

nuix It’s Nuix, and there’s already a press release out. The vendor is to be commended in the strongest possible terms for being willing to do the right thing regardless of the impact it might have on wealthy and connected individuals and corporations — some of whom could be potential users of Nuix’s tools. The vendor, in fact, donated its system to the reporters led by Süddeutsche Zeitung for this vital project.

I am officially an admirer.

My Data Security Preoccupation

Recent projects have drawn me into the esoteric, frequently scary world of information security. It’s probably just a coincidence; then again, sometimes a theme will capture the popular imagination and become a broader preoccupation. Certainly, high-profile data breaches at CareFirst, Anthem Inc., Target, Neiman Marcus, JPMorgan Chase, Experian, eBay, Home Depot and other household name enterprises have set certain industries on edge; 2015 is likely to see new data security regulations in the US and in Europe.

I’ve co-authored a study of CIO and CISO attitudes toward data security in Denmark (with client Trellis), where the prevailing business culture has viewed security as a distant concern and responded passively and reactively — at least up to now. New EU security regulations are likely to shake this culture out of its complacency this year as executives contemplate negative publicity, fines and sanctions in the event of a significant breach.

Complacency is one reason companies drag their feet in assessing and dealing with data vulnerabilities. Another, apparently, is the worry that it might be better not to know in advance about gaps in one’s security, because that advance knowledge itself could be discoverable and could be used against the enterprise in the event of a lawsuit. I recently ghost-wrote a blog post about a federal court ruling that could offer a way out of this dilemma, however: The retailer Genesco recently was able to avoid turning over data from its security consultants after its stores were hit with a cyberattack, because it had hired its consultants through its law firm, and therefore their work product was protected by attorney-client privilege. The ruling suggests a litigation defense strategy others could adopt.

The magazine SupportWorld has asked me for an article on security issues arising from Social Engineering — a pernicious breed of hacks that exploit weaknesses not in IT infrastructures but in the character of the humans who use them, especially our frail tendency to want to be helpful, cooperative and compliant. I’m working on the piece now, and I would like to invite your help.

Has your organization been hit by a social engineering exploit? Ever had the experience yourself? How did it happen, and what did you do about it? Your experience could be very helpful to colleagues and peers in other enterprises, and I invite you to share them with me and my audience. Contact me here to share your story — experiences don’t have to be attributed to you or your company to have value. Thanks in advance.