Why Books, CDs, and DVDs are STILL Better

I get some grief from some friends about why I still prefer books and DVDs to subscription and streaming services.

In my inbox I got another reminder why this is the case.

I bought a movie through Target’s streaming service a couple of years ago, to try them out. And now I have a notification that they’re canceling the service.

They’re semi-helpfully providing the option of migrating your purchases to another service when they’re available. But it’s not guaranteed that they’ll have what you bought. In which case, you’ll get a credit (for the full amount you paid, I wonder?).

This highlights why I like books over e-books in particular. E-anything can go away for good. And unless you have your own copy (like I do my digital music library), you’re at the mercy of someone else who may, or may not be there tomorrow.

It’s why I have my own copies of all my digital pictures too.

This relates to security and privacy because this is really about trust and control if your information. And being a good security person I have low levels of trust.

Vint Cert recently highlighted another very real concern with e-everything. The real possibility of a dark age where all information and knowledge is lost in one fell swoop. Likely? Not necessarily. But not impossible. And security is always about thinking in worst case scenarios.

Someone put out what amounts to a handbook on how to rebuild civilization recently: The Knowledge: How to Rebuild Our World from Scratch. Ironically, though, there’s a Kindle version of the book, which would seem to totally defeat the purpose.

A Trip to the Doctor

Or, more accurately, the local urgent care clinic.

I had to make a trip there today to get looked at for the latest crud that I’ve been battling for the last week.

My check-in was a good example of how you have to be assertive to protect your security and privacy these days. Sometimes, very uncomfortably so.

While I was doing the usual check-in paperwork, the admissions clerk asked me, “Can I get your driver’s license to scan please?”

I asked, “why do you need that?”

She replied, “Because the copy we have is expired.”

I looked puzzled and she rotated her monitor for me to see the black and white scanned copy of my old, expired license.

It’s been years since I’ve been here, but I don’t remember them ever telling me they were taking a scan of my driver’s license on check-in. Probably one time when I was sick I wasn’t paying enough attention to ask my usual “Why do you need it, what are you going to do with it” questions.

I explained to her that I wasn’t comfortable with her taking a scan. I was happy, I said, to show it to them, but not to retain a copy.

She then said that the point was to protect my identity. I said, I understand but holding that information is itself a threat to my identity. I said, when this clinic’s information is stolen like Anthem’s was it will be harder to steal my identity since they won’t have my drivers’ license.

She said she understood and we moved on in the check-in process.

Later, I was chatting about identity theft to try and lighten things after having to say “no”. While we were talking she told me how she was herself the victim of identity theft. Someone stole mail out of her mailbox and was able to steal her identity. She said it was finally cleared up but it took years and included a knock at the door at 3AM from a sheriff looking to serve a warrant on her meant for the identity thief.

It was a good exercise in real world security and privacy protection. It underscores how you have to be active and sometimes push back, even to the point of seeming like you’re being difficult. It underscores too how you have to always be paying attention since I can’t recall how they got my old driver’s license into the system in the first place. And it also shows that identity theft is very real, very prevalent, very hard to untangle, and has nasty consequences. Finally, it reminds me that we can’t just focus on the digital side of things. Physical mail theft and phone scams are old but still delivering; so they’re still active threats.

It really reinforces the fact that I think real-time identity theft monitoring and monthly checking of accounts and records are critical for all of us.

It really is dangerous out there. It really is hard to do the right thing, even when you know what it is.

At least some of us have job security.

Ten Years After Bill Gates’ Trustworthy Computing Memo

Ten years ago yesterday, Bill Gates sent out his Trustworthy Computing memo that marked a significant change in the culture at Microsoft and put security, privacy and reliability at the center of the company as ideals.

I was at Microsoft as part of the Microsoft Security Response Center when that came out. And until I left Microsoft in December 2010, I was involved in security and privacy. So I have a former insider’s long-term view of what that was all like.

As my former colleagues are marking the occasion I’m sharing my own thoughts on what it meant then and what it means for the future.

Here are my comments in Robert X. Cringly’s article “PC security: We’ve come a long way, baby“. And a longer write-up by me over at Betanews “10 years after Bill Gates’ Trustworthy Computing memo: What it meant for Microsoft and why every tech company needs one“.

It was something to be a part of, but the world is different today. Part of my take on it is how this is still relevant in this different world.

How we deal with death is at least as important as how we deal with life.

This is a much more personal post than most. But ultimately it relates to social media in a way that I think is appropriate for my work blog.

In the past ten months, I have learned about the deaths of three people that I know through Facebook. Two of them were “friends”, one was a “friend of a friend”, actually of several friends. One of them, a former co-worker, died after a bout with cancer. The other two were former high school classmates, both of whom died of suicide.

In all three cases, I learned about this through Facebook wall postings. Over time, the walls became a place where people exchanged information, memories, paid respects, expressed grief and loss, and in some cases supported one another.

Today, just now, I was on Facebook and the one person I wasn’t friends with was just presented to me as “Someone you may know”.

I’ve said that “social networking is truly social” meaning that it is a true extension of ourselves as social creatures: we have embraced it and extended our social behaviors, both good and bad, to that medium. And nothing drives home that point more than death on Facebook.

The suggestion that I “friend” someone who is now dead, and my other recent experiences around the deaths of people on Facebook led me today to realize that Facebook’s use and importance as part of our social interactions has outstripped some of its capabilities. Put simply, Facebook (or any other social networking site) lacks mechanisms to deal gracefully and thoughtfully with death. From the question of “how do you take control of the Facebook account of a loved one who has died” to keeping the profile alive (pun somewhat intended) but reflecting the fact that the person is deceased, there’s no graceful, easy way to deal with death on Facebook.

It’s not just a technology problem: there are questions around etiquette and customs as well that we as a society have to work out.

But at this point, it’s certainly clear to me that as social networking becomes ever more truly social, it needs to be able to handle not just the good of our social lives, but also the hard things.

Kirk asked in Star Trek II: The Wrath of Khan: “[H]ow we deal with death is at least as important as how we deal with life, wouldn’t you say?”

As regards social networking, I believe the answer is an unequivocal “Yes”.


After a bit of a sabbatical and vacation I’m starting to get back into my work.

I may write about what it’s like to leave Microsoft after nearly eleven years to strike off and do my own thing, but that’s for later.

Today as I’m getting back into work, I’ve got people losing their jobs on my mind. Specifically, how in the world of the Twittersphere, you can find yourself out of a job after a mere 140 characters (or at least by shooting off your mouth in 140 character blocks).

In the past two weeks there have been two examples of people spectacularly flaming out on Twitter. First, last week there was Nir Rosen’s amazingly insensitive comments about the Lara Logan situation that led to his immediate resignation from NYU . Then this week Indiana deputy attorney general Jeff Cox was fired after tweeting that police should use live ammunition on pro-union protesters in Wisconsin.

There’s a good write-up on the Rosen situation and how NYU handled it (or didn’t) over at The Answer Sheet. And a quick rundown of Jeff Cox’s professional death-by-Twitter over at USA Today.

While the world is rightly marveling at how Twitter and Facebook have played major roles in enabling the uprisings in the Middle East, it’s good to remember that social media is really a force of nature. It can be a force for good or bad, depending on how one uses it. And in understanding how it can be a force for bad, it’s important to remember those wise words of H. R. Haldeman from Watergate days: You can’t put the toothpaste back in the tube.

So, think before you hit “Tweet”.

Don’t worry, the Internet is on it

If you follow social media trends, the odds are that you now have heard of Cooks Source Magazine, a formerly not-very-well known local cooking magazine based in New England. If you haven’t been following this there’s plenty of virtual ink spilled on the matter but the Economist, as always, has a great summary of the story. The short version is that Cooks Source allegedly used a writer’s article without permission, the writer blogged about it, the story went viral, and within twenty-four hours Cooks Source was on the receiving end of swift Internet justice, eventually earning their own Downfall video parody.

On the face of it, it would look like another case of understandable Internet mob justice motiviated by righteous indignation, similar to the tidal wave that came down three years ago on Lori Drew, the mother whose alleged harrasment of Megan Meier on MySpace led to her suicide.

There is one thing that’s very different and important to understand about the Cooks Source situation. Cooks Source will likely go out of business. But that outcome seems to have less to do with the white hot outrage that can fade quickly, and more to do with how angry people used Cooks Source’s own Facebook page to coordinate actions effectively targeting Cooks Source on a business level. Users quickly began to use the Cooks Source Facebook page to coordinate actions, contacting advertisers to urge them to pull support from the magazine, and finding numerous other instances of articles taken without proper permission and/or attribution that could potentially be used by the harmed parties to file lawsuits.

Less than twenty-four hours after the issue broke, the List of Cooks Source Advertisers discussion group appeared on the Cooks Source Facebook page. People with copies of the print magazine systematically combed through through the current issue and posted names of advertisers to the group, in part because Cooks Source isn’t available online. With that information posted in a collaborative forum, people began working together to obtain information on Cooks Source advertisers and contact them to urge them to pull their advertising from the magazine. Some people even used the discussion group to remind those contacting advertisers to temper their tone and be polite. Those who had contacted advertisers and gotten agreement to pull their advertising reported back to the group, urging others to no longer contact those advertisers. Later, the Reward those who do right: Buy something from Cooks Source ex-advertisers group sprang up to actively encourage people to support those advertisers who pulled their support for Cooks Source.

Meanwhile, the List of Cooks Source article sources. Please add more group also sprang up. While some people were busy targeting advertisers in a coordinated way, people here were systematically looking at (and in some cases posting scanned copies) of articles and then trying to find instances where the text and/or images of the articles appeared to possibly be taken from other sources and providing links to both for comparison. In what is potentially an even more serious attack on Cooks Source as a business, people found, at last count, nearly 160 articles and images that they believe could have issues around permission and attribution. As a precautionary measure, the work was moved off of the Cooks Source facebook page into a Google doc, where people continue to collaborate. As major corporations such as Disney, Food Network and NPR are potentially included in this list, the risks to Cooks Source as a business in terms of possible lawsuits now is quite serious.

Unlike other instances of Internet justice, in this case, the mob got smart. Rather than simply bluster, they started taking real steps that could hurt Cooks Source as a business. The fact that these actions were enabled by Cooks Source’s own Facebook page is ironic but also points to a real risk that any organization with a clear, central online social media presence faces: that the social media capabilities that help your organization can be turned against you quickly. Regardless of one’s stance on the merits of the case, from a social media issues management point of view, the single greatest mistake Cooks Source made was failing to immediately lock down the collaborative features on their Facebook page (i.e. their Wall and Discussions).

At one point, a user posted a question in the Discussions, asking if advertisers were being contacted. Another person immediately replied “Don’t worry, the Internet is on it”. The questioner then replied “I ❤ [love] the Internet”. The Cooks Source episode shows that “the Internet” is indeed on it, and it’s learning how to be smarter in bringing its huge, collaborative power to do more than simply rant. Cooks Source is an important episode for everyone who handles social media outlets to understand, particularly from the standpoint of issues management. Your sites can and will be used against you in times of crisis: make sure you plan for that.