FAA Software: Good Enough?
January 11, 2023
Is today’s software good enough. For many, the answer is, “Absolutely.” I read “The FAA Grounded Every Single Domestic Flight in the U.S. While It Fixed Its Computers.” The article states what many people in affected airports knows:
The FAA alerted the public to a problem with the system at 6:29 a.m. ET on Twitter and announced that it had grounded flights at 7:19 a.m. ET. While the agency didn’t provide details on what had gone wrong with the system, known as NOTAM, Reuters reported that it had apparently stopped processing updated information. As explained by the FAA, pilots use the NOTAM system before they take off to learn about “closed runways, equipment outages, and other potential hazards along a flight route or at a location that could affect the flight.” As of 8:05 a.m. ET, there were 3,578 delays within, out, and into the U.S., according to flight-tracking website FlightAware.
NOTAM, for those not into government speak, means “Notice to Air Missions.”
Let’s go back in history. In the 1990s I think I was on the Board of the National Technical Information Service. One of our meetings was in a facility shared with the FAA. I wanted to move my rental car from the direct sunlight to a portion of the parking lot which would be shaded. I left the NTIS meeting, moved my vehicle, and entered through a side door. Guess what? I still remember my surprise when I was not asked for my admission key card. The door just opened and I was in an area which housed some FAA computer systems. I opened one of those doors and poked my nose in and saw no one. I shut the door, made sure it was locked, and returned to the NTIS meeting.
I recall thinking, “I hope these folks do software better than they do security.”
Today’s (January 11, 2023) FAA story reminded me that security procedures provide a glimpse to such technical aspects of a government agency as software. I had an engagement for the blue chip consulting firm for which I worked in the 1970s and early 1980s to observe air traffic control procedures and systems at one of the busy US airports. I noticed that incoming aircraft were monitored by printing out tail numbers and details of the flight, using a rubber band to affix these data to wooden blocks which were stacked in a holder on the air traffic control tower’s wall. A controlled knew the next flight to handle by taking the bottom most block, using the data, and putting the unused block back in a box on a table near the bowl of antacid tablets.
I recall that discussions were held about upgrading certain US government systems; for example, the IRS and the FAA computer systems. I am not sure if these systems were upgraded. My hunch is that legacy machines are still chugging along in facilities which hopefully are more secure than the door to the building referenced above.
My point is that “good enough” or “close enough for government work” is not a new concept. Many administrations have tried to address legacy systems and their propensity to [a] fail like the Social Security Agency’s mainframe to Web system, [b] not work as advertised; that is, output data that just doesn’t jibe with other records of certain activities (sorry, I am not comfortable naming that agency), or [c] are unstable because either funds for training staff, money for qualified contractors, or investments in infrastructure to keep the as is systems working in an acceptable manner.
I think someone other than a 78 year old should be thinking about the issue of technology infrastructure that, like Southwest Airlines’ systems, or the FAA’s system does not fail.
Why are these core systems failing? Here’s my list of thoughts. Note: Some of these will make anyone between 45 and 23 unhappy. Here goes:
- The people running agencies and their technology units don’t know what to do
- The consultants hired to do the work agency personnel should do don’t deliver top quality work. The objective may be a scope change or a new contract, not a healthy system
- The programmers don’t know what to do with IBM-type mainframe systems or other legacy hardware. These are not zippy mobile phones which run apps. These are specialized systems whose quirks and characteristics often have to be learned with hands on interaction. YouTube videos or a TikTok instructional video won’t do the job.
Net net: Failures are baked into commercial and government systems. The simultaneous of several core systems will generate more than annoyed airline passengers. Time to shift from “good enough” to “do the job right the first time”. See. I told you I would annoy some people with my observations. Well, reality is different from thinking about smart software will write itself.
Stephen E Arnold, January 11, 2023
The EU Has the Google in Targeting Range for 2023
January 10, 2023
Unlike the United States, the European Union does not allow Google to collect user data. The EU has passed several laws to protect its citizens’ privacy, however, Google can still deploy tools like Google Analytics with stipulations. Tutanota explains how Google operates inside the EU laws in, “Is Google Analytics Illegal In The EU? Yes And No, But Mostly Yes.”
Max Schrems is a lawyer who successfully sued Facebook for violating the privacy of Europeans. He won again, this time against Google. France and Austria decided that Google Analytics is illegal to use in Europe, but Denmark’s and Norway’s data protection authorities developed legally compliant ways to use the analytics service.
Organizations were using Google Analytics to collect user information, but that violated Europeans’ privacy rights because it exposed them to American surveillance. The tech industry did not listen to the ruling, so Schrems sued:
“However, the Silicon Valley tech industry largely ignored the ruling. This has now led to the ruling that Google Analytics is banned in Europe. NOYB says:
‘While this (=invalidation of Privacy Shield) sent shock waves through the tech industry, US providers and EU data exporters have largely ignored the case. Just like Microsoft, Facebook or Amazon, Google has relied on so-called ‘standard Contract Clauses’ to continue data transfers and calm its European business partners.’
Now, the Austrian Data Protection Authority strikes the same chord as the European court when declaring Privacy Shield as invalid: It has decided that the use of Google Analytics is illegal as it violates the General Data Protection Regulation (GDPR). Google is “subject to surveillance by US intelligence services and can be ordered to disclose data of European citizens to them’. Therefore, the data of European citizens may not be transferred across the Atlantic.”
There are alternatives to Google services, including Gmail and Google Analytics based in Europe, Canada, and the United States. This appears to be one more example of the EU lining up financial missiles to strike the Google.
Whitney Grace, January 10, 2023
UK Focused on Apple and Google in 2023
January 6, 2023
While there continues to be some market competition with big tech companies, each has their own monopoly in the technology industry. The United Statuses slow to address these industry monopolies, but the United Kingdom wants to end Google and Apples’ control says Mac Rumors in the article: “UK Begins Market Investigation Into Apple and Google’s Mobile Dominance.”
The UK Competition and Markets Authority (CMA) will investigate how Apple and Google dominate the mobile market as well as Apple’s restrictions on cloud gaming through its App Store. Smaller technology and gaming companies stated that Google and Apple are harming their bottom lines and holding back innovation:
“The consultation found 86% of respondents support taking a closer look at Apple and Google’s market dominance. Browser vendors, web developers, and cloud gaming service providers said the tech giants’ mobile ecosystems are harming their businesses, holding back innovation, and adding unnecessary costs.
The feedback effectively justifies the findings of a year-long study by the CMA into Apple and Google’s mobile ecosystems, which the regulatory body called an “effective duopoly” that allows the companies to “exercise a stranglehold over these markets.” According to the CMA, 97% of all mobile web browsing in the UK in 2021 happened on browsers powered by either Apple’s or Google’s browser engine, so any restrictions can have a major impact on users’ experiences.”
The CMA will conduct an eighteen-month-long investigation and will require Apple to share information about its business products. After the investigation, the CMA could legally force Apple to make changes to its business practices. Apple, of course, denies its current practices promote innovation and competition as well as protect users’ privacy and security.
Whitney Grace, January 6, 2023
Clearing the Clouds in the EU
January 5, 2023
For many companies, computing in the cloud so someone else can worry about all that infrastructure seems like a no-brainer. But there is one big problem. The cloud services market is dominated by just three players: Amazon, Google, and Microsoft. The Next Web argues that “Dependence on Cloud’s ‘Big Three’ Is Hurting EU Startup Growth—It’s Time for a New Approach.” Writer Marris Adikwu informs us tech firms in Europe are suffering losses, cutting payroll, and struggling to attract investors. Several related factors contribute to the problem, like the war in Ukraine, the energy crisis, and rising inflation. However, Adikwu asserts, a lack of cloudy competition also plays a role. Yep, it is time to gear up for more pressure on some high profile tech giants. We are told:
“While founders are reviewing budgets up and down looking to trim as much as possible in order to stay afloat, one major spend has been left largely untouched: cloud services. While the shift to the cloud was intended to reduce computing costs, many companies that have adopted these services are facing a surge in spending. Contract lock-ins and egress fees are making it impossible to leave. In fact, some argue that the cloud could be costing many businesses more than it’s actually saving.”
Yes, one must pay to leave but often not to enter. That can make the contract seem like a great deal at first. But once a cloud service is holding a firm’s data, the company is stuck if it cannot afford the fees to move it out. Held hostage are little items like office software, payroll systems, and customer websites. We learn:
“Currently, AWS charges between $0.08 to $0.12 per GB in egress fees, meanwhile Google Cloud and Microsoft Azure charge $0.08 and $0.05 per GB respectively for inter-continental data transfers from North America to Europe. According to Yann Lechelle, CEO of EU-based cloud provider Scaleway, startups often accept six-figure cloud credits from AWS, GCP, and Azure and take on products and services that they don’t always need, because they seem free.”
EU regulators address the issue in the European Data Act, but that legislation is still under discussion and, some feel, does not go far enough to protect against unfair contractual terms anyway. Adikwu recommends startups protect themselves by carefully considering their needs, spreading services across multiple cloud vendors, seeking out reserved instances and other discounts, and tapping into cost-saving technology. See the write-up for more details on these suggestions.
Cynthia Murrell, January 5, 2023
Google and Its View of Copy and Paste: Not Okay, No, No, No!
January 4, 2023
Another day, another hoot. Today (January 4, 2023) I read a “real” news story from the trust outfit Thomson Reuters titled “Google Alleges India Antitrust Body Copied Parts of EU Order on Android Abuse.” Yes, that’s the title. Google. Copying. India. Abuse.
I ran through my mind a few instances of allegations of the Google doing the copying. First, there was the online advertising dust up. My belief is that most people are not aware that Google paid Yahoo to make a dispute about online advertising technology go away. This was in 2004, and the Saul Hansell (who?) story is online at this link. To make a long story short, for me the deal allowed the Google to become an alleged monopoly in online advertising. It also made clear to me that innovation at Google meant copying. Interesting? I think so.
Then there were the hassles with newspapers and publishers about Google News. Wikipedia has a summary of the jousting. You can find the “Controversies with Publishers” thumbnail at this link. I would summarize the history of Google News this way: Others create timely information and Google copies it. Google emphasizes its service to users; publishers talk about copying without payment. The dismal copy paste drama began in 2002 and continues to this day.
I would be remiss if I did not mention Google’s scanning of books. I think of book scanning as similar to my photocopying a journal article when I was in college. I preferred to mark up the copy and create my University of Chicago style manual approved footnotes sitting in a cheap donut shop miles from the university library. After a decade of insisting that copying books was okay, the courts agreed. Google could copy. How are those clicks on Google Books and Google Scholar going in 2023. You can read about this copying decision in “After 10 Years, Google Books Is Legal.”
Copying is good, true, high value, and important to users and obviously to the Google.
Now what did the Reuters’ article tell me today? Let’s take a look:
Google has told a tribunal in India that the country’s antitrust investigators copied parts of a European ruling against the U.S. firm for abusing the market dominance of its Android operating system, arguing the decision be quashed, legal papers show.
Google is objecting to a nation state’s use of legal language copied from a European Union document.
Yep, copied.
Does Google care about copying and the role it has played at Google? In my opinion, no. What Google cares about is the rising tide of litigation and the deafening sound of cash registers ringing as a result of Google’s behavior.
Yep, copying. That’s a hoot. How does Google think laws, regulations, and bills are made? In my experience, it’s control C and control V.
Stephen E Arnold, January 4, 2022
Hey, TikTok, You Are the Problem
January 4, 2023
Chinese-owned TikTok has taken the world by storm, and the US is no exception. Especially among the youngest cohorts. That is a problem for several reasons, but it is the risk to privacy and data security that has officials finally taking action. First to move were several states, as CNN‘s Brian Fung reports in “Why a Growing Number of States Are Cracking Down on TikTok.” We learn:
“At least seven states have said they will bar public employees from using the app on government devices, including Alabama, Maryland, Oklahoma, South Carolina, South Dakota, Utah and Texas. (Another state, Nebraska, banned TikTok from state devices in 2020.) Last week, the state of Indiana announced two lawsuits against TikTok accusing the Chinese-owned platform of misrepresenting its approach to age-appropriate content and data security.”
We note this quote by the Berkeley Research Group’s Harry Broadman:
“I’m a little bit mystified why it’s taking so long for CFIUS [the Committee on Foreign Investment in the United States] to deal with this problem. There must be some issue that’s going on.”
The Arnold IT team is mystified as well. Maybe lobbying and political contributions are the issue? Or cluelessness about the immense value of children’s and young people’s data? These overdue actions on the state level were followed by proposed federal legislation. Fung discusses the bipartisan effort in, “US Lawmakers Introduce Bill to Ban TikTok:”
“The proposed legislation would ‘block and prohibit all transactions’ in the United States by social media companies with at least one million monthly users that are based in, or under the ‘substantial influence’ of, countries that are considered foreign adversaries, including China, Russia, Iran, North Korea, Cuba and Venezuela. The bill specifically names TikTok and its parent, ByteDance, as social media companies for the purposes of the legislation. … TikTok has previously said it doesn’t share information with the Chinese government and that a US-based security team decides who can access US user data from China. TikTok has also previously acknowledged that employees based in China can currently access user data.”
But we should totally trust them with it, right? Not willing to take ByteDance at its word, the US military, State Department, Department of Homeland Security, and other security-conscious federal agencies long since banned the app on devices under their control. Will the prohibition soon extend to the rest of the country, to both public and private entities? If so, prepare for the rage of Gen Z.
Cynthia Murrell, January 4, 2023
Google: Do Small Sites Need Anti Terrorism Help or Is the Issue Better Addressed Elsewhere?
January 3, 2023
Are “little sites” really in need of Google’s anti-terrorism tool? Oh, let me be clear. Google is — according to “Google Develops Free Terrorism-Moderation Tool for Smaller Websites” — in the process of creating Googley software. This software will be:
a free moderation tool that smaller websites can use to identify and remove terrorist material, as new legislation in the UK and the EU compels Internet companies to do more to tackle illegal content.
And what institutions are working with Google on this future software? The article reports:
The software is being developed in partnership with the search giant’s research and development unit Jigsaw and Tech Against Terrorism, a UN-backed initiative that helps tech companies police online terrorism.
What’s interesting to me is that the motivation for this to-be software or filtering system is in development. The software, it seems, does not exist.
Why would Google issue statements about vaporware?
The article provides a clue:
The move comes as Internet companies will be forced to remove extremist content from their platforms or face fines and other penalties under laws such as the Digital Services Act in the EU, which came into force in November, and the UK’s Online Safety bill, which is expected to become law this year.
I understand. Google’s management understands that regulation and fines are not going away in 2023. It is logical, therefore, to get in front of the problem. How does Google propose to do this?
Yep, vaporware. (I have a hunch there is a demonstration available.) Nevertheless, the genuine article is not available to small Web sites, who need help in coping with terrorism-related content.
How will the tool work? The article states:
Jigsaw’s tool aims to tackle the next step of the process and help human moderators make decisions on content flagged as dangerous and illegal. It will begin testing with two unnamed sites at the beginning of this year.
Everything sounds good when viewed the top of Mount Public Relations, where the vistas are clear and the horizons are unlimited.
I want to make one modest observation: Small Web sites run on hosting services. These hosting services are, in my opinion, more suitable locations for filtering software. The problem is that hosting providers comprise a complex and diverse group of enterprises. In fact, I have yet to receive from my research team a count of service providers that is accurate and comprehensive.
Pushing the responsibility to the operator of a single Web site strikes me as a non-functional approach. Would it make sense for Google’s tool to be implemented in service providers. The content residing on the service providers equipment or co-located hardware and in the stream of data for virtual private systems or virtual private servers. The terrorism related content would be easier to block.
Let’s take a reasonable hosting service; for example, Hertzner in Germany or OVHCloud in France. The European Union could focus on these enabling nodes and implement either the Google system if and when it becomes available and actually works or an alternative filtering method devised by a European team. (I would suggest that Europol or similar entities can develop the needed filters, test them, and maintain them.) Google has a tendency to create or talk about solutions and then walk away after a period of time. Remember Google’s Web Accelerator?)
Based on our research for an upcoming presentation to a group of investigators focused on cyber crime, service providers (what I call enablers) should be the point of attention in an anti-terrorism action. Furthermore, these enablers are also pivotal in facilitating certain types of online crime. Examples abound. These range from right-wing climate activists using services in Romania to child pornography hosted on what we call “shadow ISPs.” These shadow enablers operate specialized services specifically to facilitate illegal activities within specialized software like The Onion Router and other obfuscation methods.
For 2023, I advocate ignoring PR motivated “to be” software. I think the efforts of national and international law enforcement should be directed at the largely unregulated and often reluctant “enablers.” I agree that some small Web site operators could do more. But I think it is time to take a closer look at enablers operating from vacant lots in the Seychelles or service providers running cyber fraud operations to be held responsible.
Fixing the Internet requires consequences. Putting the focus on small Web sites is a useful idea. But turning up the enforcement and regulatory heat on the big outfits will deliver more heat where being “chill” has allowed criminal activity to flourish. I have not mentioned the US and Canada. I have not forgotten that there are enablers operating in plain sight in such places as Detroit and Québec City. Google’s PR play is a way to avoid further legal and financial hassles.
It is time to move from “to be” software to “taking purposeful, intentional action.”
Stephen E Arnold, January 3, 2023
Need a Human for Special Work? Just Buy One Maybe?
December 29, 2022
Is it possible to purchase a person? Judging from the rumors I have heard in rural Romania, outside the airport in Khartoum, and in a tavern in Tirana — I would suggest that the answer is “possibly.” The Times of London is not into possibilities if the information in “Maids Trafficked and Sold to Wealthy Saudis on Black Market” is accurate. Keep in mind that I am mindful of what I call open source information blindspots. Shaped, faked, and weaponized information is now rampant.
The article focuses on an ecommerce site called Haraj.sa. The article explains:
[The site] Saudi Arabia’s largest online marketplace, through which a Times investigation shows that hundreds of domestic workers are being illegally trafficked and sold to the highest bidders.
Furthermore, the Times adds:
The app, which had 2.5 million visits last year — more than Amazon or AliExpress within the kingdom — is still available on the Apple and Google Play stores despite being criticised by the UN’s Special Rapporteurs in 2020 for facilitating modern slavery.
If true, the article is likely to make for some uncomfortable days as the world swings into 2023; specifically:
- The Saudi government
- Apple
- Assorted law enforcement professionals.
If the information in the write up is accurate, several of the newspaper’s solicitors will be engaged in conversations with other parties’ solicitors. I assume that there will be some conversations in Mayfair and Riyadh about the article. Will Interpol become curious? Probably.
Let’s step back and ask some different questions. I am assuming that some of the information in the article is “correct”; that is, one can verify screenshots or chase down the source of the information. Maybe the lead journalist will consent to an interview on a true crime podcast. Whatever.
Consider these questions:
- Why release the story at the peak of some countries’ holiday season? Is the timing designed to minimize or emphasize the sensitive topic of alleged slavery, the Kingdom’s conventions, or the apparent slipshod app review process at controversial US high technology companies?
- What exactly did or does Apple and Google know about the app for the Haraj marketplace? If the Times’ story is accurate, what management issue exists at each of these large, but essential to some, companies?
- Is the ecommerce site operating within the Kingdom’s cultural norms or is the site itself breaking outside legal guidelines? What does Saudi Arabia say about this site?
To sum up, human trafficking is a concern for many individuals, government entities, and non-governmental organizations. I keep coming back to the question “Why now?” The article states:
Apple said: “We strictly prohibit the solicitation or promotion of illegal behaviour, including human trafficking and child exploitation, in the App Store and across every part of our business. We take any accusations or claims around this behaviour very seriously.” Google declined to comment. Haraj, Saudi Arabia’s human rights commission and the government have been contacted for a response.
Perhaps taking more time to obtain comments would have been useful? What’s the political backstory for the disclosure of the allegedly accurate information during the holiday season? Note that the story is behind a paywall which further limits its diffusion.
Net net: Many questions have I.
Stephen E Arnold, December 29, 2022
How Regulation Works: Irritate Taylor Swift and Find Out
December 29, 2022
Ticketmaster and its parent company Live Nation have been scamming consumers for decades. There was a lawsuit in the 2010s about inflated service fees that Ticketmaster lost. Plaintiffs were awarded gift certificates with minuscule amounts that could not be combined and had expiration dates. The bigger question, Engadget asks, is why did it take a poster to force the federal government into action: “Ticketmaster’s Taylor Swift Fiasco Sparks Senate Antitrust Hearing.”
Ticketmaster screwed up tickets for Taylor Swift’s first tour in five years. The ticket seller’s systems were overwhelmed by fourteen million people, including bots, when tickers went up for sale. Ticketmaster’s Web site was hit with 3.5 million system requests.
Ticketmaster informed Swift they could handle the mass of fans, but she was “pissed off” when they failed.
“Sens. Amy Klobuchar (D-MN) and Mike Lee (R-UT), the chair and ranking member of the Senate Judiciary Subcommittee on Competition Policy, Antitrust and Consumer Rights, have announced a hearing to gather evidence on competition in the ticketing industry. They have yet to confirm when the hearing will take place or the witnesses that the committee will call upon.”
New York Representative Alexandria Ocasio-Cortez stated Live Nation should be broken up. The US government has been investigating Live Nation’s monopoly for several months, but the Swift fiasco has garnered the issue more public attention.
Ticketmaster was sued in the past for similar issues and the company lost. Why is Live Nation allowed to continue its poor business practices?
Whitney Grace, December 29, 2022
Surprise: TikTok Reveals Its Employees Can View European User Data
December 28, 2022
What a surprise. The Tech Times reports, “TikTok Says Chinese Employees Can Access Data from European Users.” This includes workers not just within China, but also in Brazil, Canada, Israel, Japan, Malaysia, Philippines, Singapore, South Korea, and the United States. According to The Guardian, TikTok revealed the detail in an update to its privacy policy. We are to believe it is all in the interest of improving the users’ experience. Writer Joseph Henry states:
“According to ByteDance, TikTok’s parent firm, accessing the user data can help in improving the algorithm performance on the platform. This would mean that it could help the app to detect bots and malicious accounts. Additionally, this could also give recommendations for content that users want to consume online. Back in July, Shou Zi Chew, a TikTok chief executive clarified via a letter that the data being accessed by foreign staff is a ‘narrow set of non-sensitive’ user data. In short, if the TikTok security team in the US gives a green light for data access, then there’s no problem viewing the data coming from American users. Chew added that the Chinese government officials do not have access to these data so it won’t be a big deal to every consumer.”
Sure they don’t. Despite assurances, some are skeptical. For example, we learn:
“US FCC Commissioner Brendan Carr told Reuters that TikTok should be immediately banned in the US. He added that he was suspicious as to how ByteDance handles all of the US-based data on the app.”
Now just why might he doubt ByteDance’s sincerity? What about consequences? As some Sillycon Valley experts say, “No big deal. Move on.” Dismissive naïveté is helpful, even charming.
Cynthia Murrell, December 28, 2022