Sweet Baby Jesus!!!!!
I spent the last few hours reading the 2015 Jamaican Cybercrime Act.
Though it is a relatively easy (36-page) read, let me spare you the trouble of wading through the legalese and mis-spellings.
The Cybercrime Act of 2015 seeks to address:
Additionally, the Act specifies legislation related to protected computers (Section 11), rules on inciting cybercrime (Section 12), and guidance on hindering or prejudicing cybercrime investigations (Section 13).
In an effort to include everyone in the fun, Section 14 addresses offences by corporate bodies. Further, the Act outlines actions that someone that is harmed by cybercrime (corporate body or individual) can take to get compensation from their "victimizer" or "offender" (Section 15).
At this point, you are saying to yourself "Sounds good to me. What is your problem, Ty?"
As usual, the devil is in the details.
I won't spend this post providing a sentence-by-sentence review of the Act (like I did two years ago when the Cybercrime Act of 2010 was under review. Those details are here).
For that detailed review, I am available for consulting via my security firm.
In this blog, I will only highlight the most glaring and mind-boggling concerns.
Lack of Awareness of the IT Security Profession and Education
Let me start off with the basics.
Sections 5 and 6 demonstrate a marked lack of understanding of the field of computer security and the fundamentals of training computer security professionals.
System administrators who install patches for zero-day exploits are normally warned that the patches may have unforeseen and untested impact on the rest of their ecosystem, which is typical of the field. Under these sections of the Jamaican Cybercrime Act of 2015, any system administrator who performs a security update is potentially in breach of the Act.
Another example is that of a system administrator, security professional or academic who needs to listen to and gather network traffic to detect security attacks; in order to spot and respond to these attacks and secure their systems. Under the current legislation, they could face prosecution.
Not to mention the fact that teaching the next generation of security experts becomes untenable in Jamaica under this Act; for fear of prosecution.
All in all, a bone-headed move if one wants to foster secure and private systems in Jamaica.
Or maybe I got this all wrong and these exceptions will be covered under an amendment of the Interception of Communications Act?
Nuh Run Nuh More Joke Roun Ya
The next point is so frustrating that I have to quote directly from the Act.
A person commits an offence if that person -
(a) uses a computer to send to another person any data (whether
in the form of a message or otherwise) that is obscene, constitutes a threat, or is menacing in nature; and
(b) intends to cause, or is reckless as to whether the sending of the data causes, annoyance, inconvenience, distress, or anxiety, to that person or any other person.
An offence is committed under subsection ( 1) regardless of whether the actual recipient of the data is or is not the person to whom the offender intended the data to be sent.
So, you are telling me that any politician or (rich) Jamaican who receives a text, email or other commnicae that they can interpret as threatening, obscene or menacing, may sue under this new Act (whether the message was intended for them or not).
Goodbye freedom of expression.
Goodbye, joking around (or ramping) with a friend in what may be subjectively interpreted as negative.
I am hoping that the intent of the Law, possibly cyberbullying or spam of online porn, etc, is different from the letter of the Law.
Right now, a lot of people are going to be in trouble.
This could also be a very effective way of shutting down a rival, whether political, business-related or other.
Everyone Knows What a Protected Computer Is
Section 11 mentions a "protected computer" and assumes that a reasonable person should know what a protected computer is.
Unfortunately, this is a highly subjective call that requires a judge to know the thoughts and mindset of an alleged offender.
Without having computers clearly defined and labelled as protected computers, this section is open to manipulation from the owners of computer systems that may argue (and defend) the "protected computer" status of their systems.
Overall, a horrible way to craft Law.
Where are the 'agreed upon" standards?
What is universally understood?
Is there a definition of "Protected" that is clear to everyone?
Is there a "Data Protection Act"?
From section 10 onwards, it gets progressively worse, because the rules build upon the previous sections, which we have already gone through and declared as bone-headed.
Section 12 states that if you and your friend are running a joke on another friend and it mistakenly gets to the wrong person, then that person can charge both of you under this Act.
We all know what happens when you build a house on sand.
*Shaking my head*
Protect The Lawyers
Section 13 is the only section where there is an explicit call-out for what it means to "not commit an offence". Of course, it stipulates the cases where lawyers are not liable or covered under this Act.
Why wasn't there a call-out for IT security professionals and academics in previous sections?
All a Unnu is Fi Wi
This final point is what infuriates me most.
From the Act:
22.-( 1) This Act applies in respect of conduct occurring
(a) wholly or partly in Jamaica;
(b) wholly or partly on board a Jamaican ship or Jamaican aircraft;
(c) wholly outside of Jamaica and attributable to a Jamaican national; or
(d) wholly outside of Jamaica, if the conduct affects a computer or data-
(i) wholly or partly in Jamaica; or
(ii) wholly or partly on board a Jamaican ship or Jamaican aircraft.
Translation: If you are Jamaican or if you are accessing "stuff" in Jamaica, it does not matter where in the world you are, you are governed by this Cybercrime Act.
I leave you to think through the impact of this.
Spoiler Alert: All Jamaicans wherever you are, you are screwed.
I am extremely disappointed in Minister Paulwell and his team.
You can do better.
The Jamaican people deserve better.
All you have to do is to include a Computer Science professional in the drafting of Acts like these to advice you on the feasibility of these rules.
Or maybe you want this Act exactly as it is.
Readers, what are your thoughts?
The National Day of Civic Hacking (NDCH) started in 2013. Its mission is to engage the community in solving civic issues.
The event brings together urbanists, civic hackers, government staff, developers, designers, community organizers and anyone with the passion to make their city better.
They will collaboratively build new solutions using publicly-released data, technology, and design processes to improve our communities and the governments that serve them.
Anyone can participate; you don’t have to be an expert in technology, you just have to care about your neighborhood and community.
On June 6, 2015, thousands of people from across the United States will come together for National Day of Civic Hacking.
The U.S. Census Bureau, U.S. Small Business Administration, BusinessUSA and the U.S. Department of Labor have joined forces to host an event in support of the National Day of Civic Hacking in Washington DC.
The goal is to make open data more useful to small business leaders in your local community.
This Saturday, stop by and help support the backbone to the American economy. More details here.
Source: O*NET Team. May 4th, 2015
O*NET (Occupational Information Network) is the definitive list of occupations in the world.
It is common folklore, that "on average, O*NET updates only around 100 occupation codes annually". The innate researcher in me was always curious about this. Luckily, this was clarified for me early last week in a meeting with the O*NET team.
It turns out that this misconception is a product of horribly-handled communication and the need to simplify what is a complex issue.
The team produced the chart above, which documents the updates to O*NET occupations since 2003.
Light blue represents the number of occupations "comprehensively" updated by the O*NET survey. "Comprehensive" means that all the main components of the occupational profile were updated.
Dark blue represents the number of occupations that had some element of their O*NET information updated. These changes come from sources other than the survey, e.g. analyst ratings, customer & professional association input, government programs, transactional data, and Web research.
In 2010, 123 occupations were updated via surveys, while the remaining 874 occupational profiles of that year's total (997) had profile elements updated via non-survey methods.
So, all the occupation descriptions are updated every year.
What are your thoughts?
Many, many years ago, I read The Tools - by Phil Stutz and Barry Michels - and ever so often I reflect on the concepts they presented.
One of the principles they presented that stuck with me is that of Jeopardy.
Not the well-known American game show; but going back to the word's traditional interpretation.
If you look in any dictionary, jeopardy is defined in one form or the other as "the danger of loss, harm, or failure".
Your job is in jeopardy.
Your life is in jeopardy.
Your freedom is in jeopardy.
We should all be familiar with this.
Phil and Barry framed the idea of jeopardy in an interesting context.
Imagine that you are looking at yourself as you lie peacefully in a bed as you take your last remaining breaths on Earth.
Are there things that you wished you would have done? Skills that you have not used? Passions you have not let surface?
If so, then use this as motivation - to ensure that you maximize every single second - to be the most authentic version of YOU possible.
The idea is that when you are take your last breath, you want to have no regrets. You want to feel complete.
The reality is that we all have a limited another of time in this form; and a lot of gifts and talents.
Jeopardy forces us to look carefully at ourselves and ask "Am I using my gifts and talents effectively?"
Use this feeling of jeopardy to appreciate the urgency of life - the urgency of your decisions, the urgency of what you are doing now, the urgency of what you could be doing.
Use this feeling of jeopardy to ensure that you are doing the best thing possible - right now - that maximizes you and that makes you happy.
The next second could be your last.
What will you tell the YOU standing over yourself as you go?
How many regrets will you have?
On Jeopardy day ......
Jeffrey Chen, a fellow Presidential Innovation Fellow, R expert, and all-round amazing human being, took a few hours out of his spare time and created a cool visualization of the diversity data of the CENSUS.
Is anyone surprised that?
Yes, I am aware that the Census has an interactive map.
However, this very focused visualization tells a specific story and highlights what most are afraid to confront.
What is your take on the data?
I am going to make this short, because Robert Reich has already said what needs to be said in this space (here).
My role here is to punctuate the obvious.
Let's start with what people believe.
The "Free Market"
The formal definition of a free market goes something like this:
A market system in which the prices for goods and services are set freely by consent between sellers and consumers, in which the laws and forces of supply and demand are free from any intervention by a government, price-setting monopoly, or other authority.
A free market economy is a market-based economy in which prices (for goods and services) are set freely by the forces of supply and demand and gravitate to their point of equilibrium without intervention by government policy. It typically entails support for highly competitive markets and private ownership of productive enterprises.
Free markets are also often associated with capitalism. However, the concept has been championed by anarchists, advocates of cooperatives and socialists.
Sounds Good To Me. (What is Your Problem, Buddy?)
I agree. It sounds wonderful and fanciful. And it is exactly that.
Apart from the assumptions that are made in the definition of free market, which do not exist in any country on Earth, people in societies that embrace free market capitalism also assume that the "free market" is natural, not man-made, inevitable and not influenced by the government.
This means that the outcomes of the "free market", i.e. inequality, poverty, insecurity, famine, war, etc, is beyond our control.
This is all fiction.
At the core, the “free market” is a set of rules that specify:
The rules defined above are a mere subset of the complete set that go into creating a "free market".
These rules do not exist in nature. They are creations of the minds of men (and women).
Markets are not “free” of rules. The rules define them.
As citizens of a democratic society, we have a say in the "free market".
We help define the rules in a number of ways, including voting governments into power,
Government help to organize and maintain the rules that create the "free market".
Let me repeat this for emphasis: Governments don’t “intrude” on free markets. They facilitate free markets.
But? But? But?
Ask yourself why there is no longer a (public) market for African slaves, why young children are not delicacies at your favorite restaurant, why urine-inspired beverages are not all the rage at your local watering spot or why your water supply is not filled with faeces and bacteria.
Now, own your part in creating and evolving our "free market".
Now, realize that you are responsible for the consequences of the "free market" (as it exists today). Yes, you share responsibility for inequality, poverty, crime, homelessness, etc.
Let that sink in.
Now, do something positive about it.
Over the last few weeks, I had the pleasure of chatting with Aneesh Chopra - the first Chief Technology Officer of the United States of America - on a number of topics related to Skills, Workforce and Innovation.
One of our earlier conversations included the state of job postings online. Aneesh energetically (and nonchalantly) observed that it was all a house of lies - where job matching and or job scraping company after company would forage for as many job postings as possible, ingest them into their own (proprietary) systems, and create business value from them.
This got me thinking. Are companies who are advertising jobs in their firms aware that:
In 2011, Citi estimated the online recruitment market size to be $3 billion globally.
In November of 2013, Staffing Industry predicted the global staffing market to exceed $422 billion by the end of 2013, with 30 percent ($12.6 billion) coming from the U.S.
So, I am guessing that a lot of companies are either unaware of (or unable to do anything about) the widespread theft and misappropriation of job listing data.
Because for a market of that size, firms that are aware of this would be constantly in litigation to maintain their data ownership rights and keep their IP.
What I find even more fascinating is the slippery slope (of admitting that data ownership matters).
Once firms start taking this seriously, will they then have to admit that they are stewards for the data they receive from their clients/users (and not data owners in that context)?
What do you think?
I had the pleasure of meeting FCC Commissioner Ajit Pai at a dinner reception a few weeks ago at the Residence of the Swedish Ambassador.
He struck me as a personable, funny, intelligent, and kind (family) man, who recognized the need for innovation and was not afraid to leverage other people with expertise in areas that complement his own expertise.
He mentioned the impending vote on Net Neutrality and mentioned the raised levels of interest from everyone about the topic.
He seemed excited, eager and earnest about voting on the issue and doing the right thing.
When You Assume
Now imagine my shock when the decision came down and I learned that he voted against the measure. (You can read his full dissent here and a summary of it here).
I thought to myself: "What could have led him to this decision?" I read his full dissent statement (and the summary) multiple times to try to figure out how someone so smart could come to a No on this initiative.
Were there details, i.e. fine-print, in the proposal that I (and the public) were not being told about?
I struggled with this for a long while and debated if I should say anything at all.
Unfortunately, my curiosity could not let me rest.
Just to ensure that everyone is on the same page and that we are all talking the same language, let me start with the basics.
Back to Basics
What is net neutrality? It is the principle that Internet service providers, specifically cable companies, should enable access to all content and applications regardless of the source, and without favoring or blocking particular products or websites.
But? But? But? Isn't this how the Internet has always been? Yes, you are correct. We always had net neutrality ....... until some companies decided that it would be more profitable to have different levels of service that they could charge for; where some traffic would be fast and others not-so-fast. I won't re-hash the entire story in this blog. The interested reader can get more here.
But? How could companies do this? Legally, there was no one to stop them. Broadband was not regulated under the same rules as the telephone lines (which the Federal Communications Commission (FCC) deemed had to remain open).
What Does the FCC decision mean?
The gist of what the FCC did in the last week of February 2015 was to finally side with the American people. (The story is more complicated, as all current relationships, with the FCC being against Net Neutrality before they were for it)
The FCC said "America you can continue to have net neutrality". However, they said it in a way that killed all the legal ambiguity surrounding the issue.
Now, companies know that if they try to play favorites or to monetize the Internet wires that there will be penalties to pay.
So now you are all caught up.
So how could anyone disagree with this?
Ajit's dissent starts off with a single true sentence and then immediately pivots:
For twenty years, there’s been a bipartisan consensus in favor of a free and open Internet—one unfettered by government regulation. So why is the FCC turning its back on Internet freedom? It is flip-flopping for one reason and one reason alone. President Obama told it to do so
It is true that a free and open Internet has been a bipartisan issue (or rather a non-issue). It is true that it has been unfettered by regulation.
It is also true that until recently, the broadband providers did not realize the transformative nature of the Internet and were not innovative enough to capitalize on the ecosystem that grew on top of their infrastructure.
After the success of a few Internet companies, like Google and Facebook, broadband company executives sought a way to get a piece of their revenues. After all, these companies were using their wires for very little money (relatively) and making huge profits. Where was their piece?
This led to "The Great Flexing" (trademark pending) - the golden age where broadband companies throttled service and started shaking down Internet companies. The lack of regulation on broadband played to their favor.
So, the FCC decision is not turning their back on Internet freedom, but turning their back on greedy cable executives.
Ajit's dissent goes on to say:
The Commission’s decision to adopt President Obama’s plan marks a monumental shift toward government control of the Internet. It gives the FCC the power to micromanage virtually every aspect of how the Internet works. It’s an overreach that will let a Washington bureaucracy, and not the American people, decide the future of the online world.
The decision gives the FCC the authority to treat broadband as it does the telephone wires.
If Ajit is arguing that this translates into giving the government the ability to control every aspect of the Internet, then he should provide evidence of how the government has manipulated every single aspect of the telephone industry.
Again, the FCC is saying treat broadband like the telephone. So, there should be plenty of evidence of the government micromanaging the telephone market (if the dissent is correct).
His dissent goes on:
One facet of that control is rate regulation. For the first time, the FCC will regulate the rates that Internet service providers may charge and will set a price of zero for certain commercial agreements.
The Commission can also outlaw pro-consumer service plans. If you like your current service plan, you should be able to keep your current service plan. The FCC shouldn’t take it away from you.
Consumers should expect their broadband bills to go up. The plan explicitly opens the door to billions of dollars in new taxes on broadband. One estimate puts the total at $11 billion a year.
Consumers’ broadband speeds will be slower. Compare the broadband market in the U.S.to that in Europe, where broadband is generally regulated as a public utility. Today, 82% of Americans have access to 25 Mbps broadband speeds. Only 54% of Europeans do. Moreover, in the U.S., average mobile speeds are 30% faster than they are in Western Europe.
This plan will reduce competition and drive smaller broadband providers out of business. That’s why the plan is opposed by the country’s smallest private competitors and many municipal broadband providers. Monopoly rules from a monopoly era will move us toward a monopoly
Unfortunately, there has been a living lab (of sorts) for well over a decade, where some countries have opened up their Internet (with similar legislative tools just used by the FCC) and American, which has remain closed.
The results for those other countries: lower broadband rates, improved service and service options, lower bills (compared to the US) for better service, faster broadband speeds, and more competition in the Internet Service Provider business.
All of which are the complete opposite of what Commissioner Pai's dissent claims. The evidence shows that the dissent's assertions are not grounded in reality.
Larry Lessig's talk (in 2010) about American's broadband problem (below) outlines the approaches taken by the American government and the European Union and the impact they have in each environment. You have to watch it.
Broadband is cheaper, faster and better in Europe than in the United States. All because Europe did what the FCC just recently did decades ago.
Ajit's dissent continues:
The Internet is not broken. We do not need President Obama’s plan to “fix it.”
The plan in front of us today was not formulated at the FCC through a transparent notice-and-comment rulemaking process. As The Wall Street Journal reports, it was developed through “an unusual, secretive effort inside the White House.” Indeed, White House officials, according to the Journal, functioned as a “parallel version of the FCC.” Their work led to the President’s announcement in November of his plan for Internet regulation, a plan which “blindsided” the FCC and “swept aside. . . months of work by [Chairman] Wheeler toward a compromise.”
The plan has glaring legal flaws that are sure to keep the Commission mired in litigation for a long, long time.
I agree that the Internet is not broken. However, the ecosystem required for its continued growth was and that is what the FCC addressed.
I have no insight on the rulemaking process, so I cannot comment on that part of the dissent.
I also agree that the current set of cable companies will continue to sue in order to get their way.
However, I think their time will be better spent finding new ways to partner and collaborate to create additional revenue streams; rather than trying to tax the existing successful players and increase the barrier to entry for emerging startups.
All that being said, I am not a lawyer nor claim to be one.
However, I do know technology. I am an expert and a student.
In my mind, I want to think that Ajit had excellent technical guidance when forming his position on this issue.
However, I am reminded that different generations have different views and levels of understanding on the issue.
Hey! Old-school civil rights organizations got it wrong too. More here.
What do you think?
Let me just say upfront that I personally think that the term sharing economy is a bunch of marketing and PR bullshit.
My more diplomatic self would say that the sharing economy (as the media tells it) is a bastard misrepresentation and it will have consequences that will be written off as unintended in the future, but that are presently known by the current architects of this economy.
The sharing economy (aka the peer-to-peer, mesh, or collaborative economy; also called collaborative consumption) is formally described as a socioeconomic system built around the sharing of human and physical resources. It includes the shared creation, production, distribution, trade and consumption of goods and services by different people and organizations.
These systems seek to empower individuals, corporations, non-profits and government with information that enables distribution, sharing and reuse of excess capacity in goods and services. A common premise is that when information about goods is shared, the value of those goods may increase, for the business, for individuals, and for the community.
Unfortunately, this vision of a sharing economy and the current companies that are sold as embodying this economy are at odds with each other.
Businesses, like AirBNB, TaskRabbit and Uber, are often touted as the success stories of the sharing economy - unleashing the potential of the ordinary citizen to help his or her fellow citizen (for financial gain).
However, the motives of these businesses are very clear - how to capitalize on cheap (if not free) resources, i.e. humans, their time and their possessions, to make a profit by decentralizing (or deregulating or disrupting) an existing sub-optimal industry or industry sector.
The idea is simple and brilliant.
I call this a Gig Economy.
Everyone has a gig.
It is a new class of service industry where workers are expected to operate like micro-businesses with full risk, no union representation and very little safeguards.
The Gig Economy (or the Share-The-Scraps economy, as Robert Reich calls it) is far different from the Sharing Economy and it is evident to me that one is playing off the goodwill and promise of the other to move itself forward.
If I can see it, then others can too.
The first interesting phenomena is that this economy is projected to be at least twenty times bigger than it currently is within the next decade; settling in at revenue growth around $355 billion dollars.
And though there is discrimination in this gig-gy environment (see here), minorities are still drawn to it for several reasons.
They are drawn to it as service consumers, because it offers a higher level of service that they were receiving in the industry before.
Ask a black man having a night out in Washington DC to compare his "taxi" experience now versus when he did the same thing in 2007. I guarantee you that the majority of responses would indicate that the presence of Uber and Lyft has given him a lot of freedom and reduced his stress level.
Minorities are drawn to this Gig economy as service providers, because it is an avenue that offers less institutional roadblocks to entry.
A hispanic woman from the projects with few options and lots of ambition can easily find a well-paying gig that would help her tremendously in getting a better life.
Is this good or bad?
I leave that up to you to decide.
I just want us to all be fully aware of what is happening.
Eyes Wide Open.
What are your thoughts?
When the Employment and Training Administration’s CareerOneStop team set out to redesign portions of the site (namely, career, training, and job resources), they didn’t immediately begin rewriting code. Instead, they embraced a user-centered approach that focused on the user experience (UX). In a general sense, focusing on UX means taking a step back to learn about users’ core needs and preferences before making changes to a product or service. Before the CareerOneStop team completed their site redesign, they asked users the following questions:
“Who’s using CareerOneStop resources?”
This was the first question the team asked the people they interviewed. The answer? Just about everybody. CareerOneStop users include job seekers, businesses, students, current workers, laid-off workers, veterans, workers with disabilities, workers with criminal records, career counselors and other workforce professionals, and just about every other member of the public. Researchers were pleased to learn that such diverse audiences use CareerOneStop, and they talked to a varied group of users to answer the next questions.
“Can users find what they need at CareerOneStop?”
CareerOneStop offers such a large volume of information that some users weren’t able to quickly find the best resources for their unique needs. The research team talked to users and watched them use the system to find out what each type of user needs most (and most quickly), where they expect to find it, and what language is most meaningful to them. The researchers’ goal was to identify the clearest labels and determine the best way to organize the site’s information to help users connect with the most relevant information. CareerOneStop now offers streamlined access to targeted resources for each audience.
“Are CareerOneStop’s tools easy to use?”
CareerOneStop’s resources can’t only be easy to find—they also need to be easy-to-use and effective at helping users meet their career, training, and employment goals. The CareerOneStop team conducted usability testing on key tools and websites, during which they watched users interact with the site and learned how to improve functionality, organization, and language in order to better meet users’ needs.
“How are users accessing CareerOneStop resources?”
While some people are smartphone-wired 24/7 (one recent survey found that 83 percent of people use smartphones or tablets to job search), others may lack dependable Internet service on a daily basis. CareerOneStop’s goal is to make its resources valuable for all users. That’s why both the redesigned CareerOneStop.org site and the newly launched Credentials Center are mobile-friendly—that is, they automatically adjust to a user’s smartphone, tablet, or desktop screen, providing on-the-go employment, training, and job search help. Six key CareerOneStop tools—including Job Search, Training Finder, and Salary Finder—are also available as mobile web apps.
While making its resources accessible to mobile-equipped users, CareerOneStop didn’t want to leave behind those with limited Internet access or low computer literacy skills. For those who may access the Web at a public library or American Job Center, CareerOneStop provides printable guides, along with the ability to easily download and print key information and tool results. And for those who are less comfortable with technology, printed and video help materials provide step-by-step guidance through many tools.
What’s next for CareerOneStop?
The recently redesigned CareerOneStop and the new Credentials Center offer a wealth of assistance to anyone with career, training, or employment needs. Read more about key features in the press release or watch What can CareerOneStop do for you? But user-centered development doesn’t end with the launch of new products. The CareerOneStop team will continue collecting and learning from user feedback to continually improve its resources. Send us your feedback at info@CareerOneStop.org.
This is the first draft of this Department of Labor blog post
Dr Tyrone Grandison
Executive. Technologist. Change Agent. Computer Scientist. Data Nerd. Privacy and Security Geek.