Algorithms for Enforcement or for Data-Driven Introspection?

Many organizations (official or grassroots) have objectives which exceed their capacity, i.e., they have fewer resources than they think they need. In order to either better place limited resources, or to improve processes generally, some of these organizations have taken to collecting data about their objectives and use of resources. For a drought management agency in the Horn of Africa, this might have to do with the location of agripastoral communities and their access to water. For a school district in Michigan, this might be test scores or (better yet) teacher attendance. By documenting historical data and changes linked to actions taken, an understanding of whether or not a goal (equal representation, access to resources, etc) is being reached is more grounded in reality. Data, like all things, is political. What data is collected, how it is collected, where it is stored, to whom it is visible, and who gets to act on it can re-centralize power or become mechanisms of accountability and community empowerment.

This post explores how police departments have been collecting data about the location and types of arrests made as a way to track how much crime is happening in a certain place, as a way of placing their limited resources (cops and their weapons) more accurately (to their eyes). But of course their data has to do with arrests, not crime, and their definition of crime is still based on enforcement of law. This use of force, already untenable, can be seen by some as “unbiased” when based on data. Here we explore why this is not only inaccurate but will further embed systemic racial bias, while maintaining that data collection and subsequent action can be a useful thing when led by the communities themselves. Here, we specifically address questions of large sets of data against which algorithms can be run, and how we can make choices to maximize benefit and mitigate damage of these operations while transitioning from the world we’re in to the world we want.

I anticipate the audience for this blog is more acutely aware of things like state-sponsored surveillance, malware used by abusers to further control others, or circumvention tools than the usual crowd. But there is more to the technology and abilities of networks than just these components. Let’s talk about the data that networks generate, the algorithms by which that data is navigated, and how data is acted upon. One end of the arbitrary spectrum of action is enforcement – an external party exerting force in order to maintain the rule of law. The other end is data-driven introspection – an individual or group of people generating data for tracking changes within their own control. This article explores how to understand and increase the likelihood of just actions taken based on data and algorithms. Continue reading

Interfaces between formal and informal crisis response

I’ve long been interested in the question of how formal and informal groups interact in crisis. It is my proverbial jam, as no one ever says.

Basically, it boils down to this: official agencies are resourced and have predictable structures, but are slow and lack visibility to an affected population’s needs. Emergent groups in an affected region are by definition beyond their capacity to respond and are not trained in response, yet they have acute knowledge of their neighbors’ needs and can adapt to dynamic environments. While I’m still working on the long-form expression of these ideas, an opportunity to prototype an interface came up recently through the Naval Postgraduate School, Georgia Tech Research Institute, and a place called Camp Roberts.

Camp Roberts

There’s this decommissioned Air Force base near Paso Robles called Camp Roberts, where interoperability experiments are conducted quarterly. Only the engineers/implementers are invited to attend – no C-level folk, no sales. Each year, one of those four is focused on what the military calls “Humanitarian Assistance & Disaster Response” (HA/DR). I have some deeply mixed Feelings about the military being involved in this space. I respect my friends and cohorts who refuse outright to work with them. I see the military as an inevitable force to be reckoned with, and I’d rather take them into account and understand what they’re likely to be up to. Finding this place to plug different pieces of a response together without the sales folk or directors present, to actually test and play and fail is a glorious opportunity.

A Game

I’ve been working on the opportunity to build a game around a formal/informal interface for years as a way to explore how collaboration would fill gaps for these different actors. This project is called “Emergent Needs, Collaborative Assessment, & Plan Enactment,” or ENCAPE. The idea is this: both sides to that equation lack understanding of, and trust in, the other. A game could externalize some of the machinations and assumptions of each side, meaning a demystification; and creating things together often leads to trust building (that’s a reason why I’ve invested so much in makerspaces and hackathons over the years).

My informal friends were into it. So were my formal friends. But in order to know we could have any impact at all on organizational change, support had to be official from the formal sector. This took years (the formal sector is resourced but slow, yeah), but the pieces fell into place a couple months ago and the chance to build a game was born.

The People

It was of course vital that a wide range of viewpoints be represented, so the call was broad, but still to folk I knew would bring their whole Selves, be able to trust each other, and would be interested in the results of the game research. Folk from informal response, official agencies, nonprofits, and private sector were all invited. In the end, were were joined by Joe, Galit, Drew, Katie, Wafaa, John, Seamus, and Conor. Thank you all for taking time for this.

What We Did

We actually ended up meeting in San Francisco for our 3-day workshop for hilarious reasons I’ll disclose in private sometime.
On Sunday night, some of us got together to get to know each other over beverages and stories.
On Monday, we went through a Universe of Topics and visualized the workflows for our various user types. I did one for the Digital Humanitarian Network, Wafaa did one for Meedan’s translation and verification services, Katie covered a concerned citizen, etc. What were our pain points? Could we solve them for each other? We overlapped those workflows and talked about common factors across them. Different personas have access to different levels of trust, finances, and attention. They use those to build capacity, connections, and decision-making power. How could we use these common factors to build a game? How could we explore the value of collaboration between different personas?

Participants broke down workflows into one component per sticky note, laid out in linear fashion. Wafaa and Willow stand at the board while others talk through potential overlaps.

Drew took this

On Tuesday, we reconvened and started the day off with a game: Pandemic. This got us thinking about game mechanics, emergent complexity based on simple rules, and how to streamline our game. Individuals presented on what their game might look like, if left to their own devices. We explored combining the most compelling parts of those games, and started a prototype to playtest. It ended up being a counting game. Hm. That can’t be right.
A very few sticky notes indicate various steps in the game. These have all since become wrong, although we wouldn't have been able to arrive where we are now without first having gone through this.
On Wednesday, we drew through what the game play might look like and troubleshot around this shared understanding. It was closer to modeling reality, but still took some counting. We drafted it out to playtest, narrated through parts which didn’t yet make sense, and took notes on where we could improve. The last bit of the day was getting a start on documentation of the game process, on the workshop process, and on starting some language to describe the game.
Cards and arrows are hand-drawn onto a whiteboard in order to visualize the logical steps or game mechanics necessary to move through one round of the game. Cards scatter the tabletop in a variety of colors, and with drawings on them. We’ve since continued cleaning up the documentation and refining the game process. And so dear readers, I’m excited to tell you about how this game works, how you can play, and how you can (please) help improve it even more. Continue reading

Secondary effects of mood stability

Content warning: diet, food

I’ve spent most of my life mitigating what many people call being “hangry.” That is to say, whenever my blood sugar got too low, I would become incapacitated. I couldn’t solve challenges, I got mean in ways I simply am not the rest of the time, and I couldn’t track more than one thing (at most) at a time. I dealt with this by carrying snacks with me everywhere to prevent the onset, and I would get really quiet if I felt the symptoms setting in so I wouldn’t harm people around me. The more active I was being, the more often I would need to eat. To be someone who gets hangry (AKA “hypoglycemic”) is expensive, time consuming, injurious, and distracting. But it has been reality for all my life that I can remember.

There’s this human I’ve been dating for awhile named Reed. We like having conversations about difficult topics and going for long bicycle rides together, among other things. And I started to notice that he could know that he needed to eat, but still be a totally pleasant person and/or get the rest of a ride in before eating food. We talked about if that had always been the case for him – it hadn’t – and what had changed – his diet (keto).

“Seems worth a shot,” I thought to myself.

I’ve never been on a diet before. I’ve always been pretty physically active (although even more so in recent years) but haven’t paid attention to my food intake. I know I am rare in this, and give many thanks to my parents for a healthy home (no scale, no beauty magazines, healthy food only around, structure around sweets) in this regard. So I was worried about making it stick. I’m now 2 months in, and my mood has indeed stabilized.

This has been great. But there are also some second-order effects of this shift worth talking about. Continue reading

Password Managers for Estate Planning : a checklist

Now that we’ve covered what a password manager is, why they are useful for estate planning, and what specifics to consider while setting up a password manager for estate planning, the final step is to execute on the plan. What follows is the last part in this blog series: a checklist for implementation.

1. Select a password manager.

The available password managers and their features are changing over the years, and people more technically and security-savvy than I am are continually doing high-quality analysis of the ones available. Rather than give an overview, here are some aspects you should consider when selecting from those currently available:

  • Does it run on your operating system? You are likely viewing this blog entry on a Windows PC, an Apple computer or phone, or an Android device. While most password managers will run on all of these, it is important to verify.
  • What is the cost? Some have a one-time cost, others have a monthly fee.
  • Does the password manager have sharing built in? Some even have sharing specifically for estate planning built in now!
  • Can you use it? Is the interface clear and easy to navigate? If you’re not going to use it, there’s no point in getting it.

2. Set up your password manager

  • Install your selected password manager.
  • Go through the set-up process.
  • Make sure your password for the password manager is memorable or that you have saved it physically somewhere.
  • Try it out with a few sites you commonly use, without changing your passwords for those sites yet.
  • If it sticks for a few days, start migrating more passwords into the manager’s vault.
  • If it sticks for a of couple weeks, start changing your passwords to more complicated ones, which will be stored in the password vault.

3. Notify folks of your setup.

  • Select the people involved with your digital estate planning based on the previous posts in this series as well as your own guidelines.
  • What do you want these folk to do with your digital assets? Make a list of actions and who should take those actions.
  • Define when you want what actions to be taken, and how they’ll know.
  • Describe how to find and unlock the encrypted password file to those folk.

4. Do a test run

All this overhead only matters if it works. Set up a time with the person you’re trusting with your password, plus possibly another trusted person or two, with whom to walk through the process. Make sure it works, and that everyone knows what’s going on. Then drink tea and have cookies!

Not ready to do this? That’s ok! Instead you can…

Inventory the most important accounts you use in another way, such as a spreadsheet. Ideally you will store this printed out and left in a lockbox or with your attorney, rather than on your computer.

Extra credit

If your life is compartmentalized (maybe the folks in your book club hate the folks in your cribbage club, or your work life and personal life have different levels of security concern and different people need to have access upon death or incapacity), it might be worthwhile to “tag” the accounts in your vault for those different compartments. Various people might be assigned to take actions in specific groups, rather than one person issuing a blanket statement to all social networks and account providers. This takes regular upkeep and additional planning which might seem overwhelming, so don’t embark upon this until/unless you’re completely comfortable in the rest of the setup!

How to Set Up a Password Manager with Estate Planning in Mind

Now that we’ve covered what a password manager is and how it matters in estate planning, this entry will take us through how to set up your password manager with this situation in mind, or to set a password manager for the first time.

Who should know about your accounts (and what are their contexts)?

Who are the folk who need access? Who don’t you want to have access? For a deeper dive into this question, you can also do a threat model, but in the meantime, here are the three factors to focus on for this use case:

  • Trust : you are granting access to your bank account, to your social media, to everything you have online. You should be excited for the person/people you grant it to speak for you (posts to social media), manage your money (withdraw and deposit funds, sign for things in your name), and the like.
  • Technical ability : after reading through the rest of this post, consider who in your life has the technical ability to understand and execute your password-manager-related request.
  • Legal context : the law around who can access an account is still squishy. Accessing an account you’ve been given the right to via a will may still overlap with a nasty law called the Computer Fraud and Abuse Act (CFAA). Come back soon for a link from the legal side in how to set up your fiduciaries to succeed and be safe.

How will you notify them?

The folks you select need to know when to access and act upon your digital assets. Just like other aspects of estate planning, it can be difficult to talk about these inevitabilities, but it’s better for folks to know what is expected of them than to have it sprung upon them. Additionally, setting up a way for them to be reminded at the time of need will help refresh folk’s memories. I use a mailing list, to which any of the folks I am often around can post. You might add the reminder in with you will and other related paperwork.

How and when will they gain access?

Password managers store all your passwords in one encrypted file called a “password vault.” The person(s) executing your estate will need to be able to find this file. Some places that file might be, which will need to be communicated:

  • A device you share with that person, such as a laptop. If it’s on your own machine, they’ll also need a password to unlock that device – how will you get that to them? This is the best option if you live with a loved one you trust.
  • You can keep the encrypted file of your passwords in “hard copy” – such as a thumb drive stored in a lockbox or secret place. This means the fiduciary will need to know where to find the object on which the file is stored, and be able to access it. This is the best option if you’d like to keep the file offline and generally out of touch until it’s needed.
  • The file can be kept in “cloud storage” like Google Drive or SpiderOak. This means just about anyone can look at the file, but unless they have the password, they won’t be able to unlock it. This is the best option if you’re concerned people won’t find or keep track of a physical object.

Unlocking the password file

  • The fiduciary will then need to be able to decrypt (sometimes called “unlock”) the password file. This person or persons should be someone you trust – see the above section on “Who Should Know About Your Accounts?” You should trust them both to not unlock unless necessary, and to remember/store the password.
  • It is also possible to put your password in escrow, often with the attorney who helps with your estate planning. Be sure to check that they understand the setup and are able to execute on it.
  • For the technically savvy, it is also possible to split your password amongst multiple people, so that no one person might decrypt (or be compelled to decrypt) the password file. Then the trick is for them to be able to be in touch with one another in order to execute the digital estate.

Our lives have changed in the digital age. So, too, will our deaths. Through some careful planning, you can make yourself more secure at the same time you ease the execution of your digital estate – by using a password manager. Those you care about will have an easier time when they are already under duress. After the initial setup, your life should be easier, not harder, with a password manager. You should be able to live your life normally, and have your password manager and a system you trust be kept up to date through its use so when you fail out, your system doesn’t.

The next entry will be a checklist to help you set up and make sure a password manager for your digital assets is working. Let me know if you have any questions! I’d love to improve this blog entry and the checklist.

Why a Password Manager for Estate Planning?

Password managers aren’t just for security and privacy, they can also be useful for digital estate planning. This entry takes us through how to consider setting up “password vault” access in case of emergency and incapacitation. The previous entry went over what a password vault is. This entry covers why a password vault is useful for estate planning. The next will cover how to set up a password manager with estate planning in mind, and the final entry will offer a checklist with extra credit.

We do a lot in digital space these days – manage our bills and banking; socialize, share adventures, get tickets to a show; and store our emails, photos, and videos. All of these actions require accounts (usernames and passwords). Some people use what are called “password managers” to keep track of all those accounts and the associated passwords. There are many resources on how useful password managers are regarding security and privacy which we encourage you to check out if interested (1, 2, 3). But here we’re talking about estate planning. This entry isn’t about just privacy – but how you share to others when appropriate.

When you see friends and family in the physical world, your online accounts are invisible and inaccessible. When a friend or family member sees you on a social platform (like Mastodon or Facebook), or sees your bank name on your screen over your shoulder or on your card at a shared meal, they are unlikely to have access to those accounts, just as they are unlikely to have access to your bank account because they walked into a branch with you one time. That’s the main point of having a password – so your accounts are your accounts.

The password vault maintained by a password manager is a record of your accounts and how to access them. This is valuable for your daily life, and is also a valuable asset for fiduciaries. By carefully choosing with whom and how you share a way to access your password vault, you make your digital life visible and accessible – just like your photo albums and china plates.

Using a password manager can make your accounts visible and accessible not just to you, but also to those you care about when they are closing bank accounts, searching for photos of that one day at the park, and notifying your online hobby group of your passing. The trick is letting the right people know, and limiting their access only until they need that access. The next blog entry will cover how to consider setting up your digital estate with a password manager, and who to involve in the process.

Password Managers for the Non-Technical

Most of the folk who read this blog probably know what a password manager is. You likely even have opinions about what the best one is. The core audience to the Networked Mortality project, however, does not. While any user of technology is impacted by digital estate planning (either because they are doing it or because they are not doing it), few have the technical literacy to manage their digital assets. These skills are necessary to plan for the future of those assets, which is what is then defined in an estate plan. In order to move into management and future planning, this first in a series of posts will describe what a password manager is in this context. The following entries will cover how to set up a password manager with estate planning in mind; and a checklist with extra credit.

Many folk (maybe that’s you!) keep passwords in written format, share passwords with a family member, or have the browser remember passwords. These are understandable ways of dealing with your accounts – remembering passwords is hard! But these techniques don’t set you up to succeed for estate planning, nor do they protect you from abuses.

The area of study dedicated to thinking about how computers store and transmit information to authorized and unauthorized users is called Information Security, sometimes abbreviated to “InfoSec.” InfoSec experts have long advocated for “strong” passwords, meaning they should be long, with many strange characters. For instance, “password” is not a good password. “2=7Am8,KI5eOL!3AnvbGHjT” is a great password. But how would anyone remember something like that?!

Luckily, smart people have made something called a Password Manager. There are now many different options available, but they all basically work like this:

  1. You create a vault, which requires one password to lock and unlock.
  2. By unlocking that vault, always with that one password, you can use all the other passwords you usually have access to. You don’t have to remember which password goes to which account – the vault does that for you!

This means that you need to remember one password, and because the program is remembering all the rest of them for you, they can be long and complicated like D7z8~t;adn4VfLqR!LhUzLlix}sSH6H|1 which prevents others from guessing them. It’s like carrying around a bag full of keys. You only have to remember the one bag in order to have all the keys with you.

  1. Then you need to put your current keys into the vault. Each password manager has a clear way to add accounts – often as you use them.
  2. This is also an excellent time to change simple or redundant passwords into complex ones.

Please take a look at some password managers – do a search for “password manager” and read what other folk have to say about them. The next post will take you through thinking about using password managers for estate planning, the following post will include questions to keep in mind while doing so, and a final blog post will offer a checklist and some extra credit.

I’m super happy to answer any questions you have. These blog posts will be further improved upon as people ask questions and point out issues – so every bit of feedback you give helps others.

Password Managers for Estate Planning – primer post

While any user of technology is impacted by digital estate planning (either because they are planning or because they are not planning), few have the technical literacy to manage their digital assets. These skills are necessary to plan for the future of those assets, which is what is then defined in an estate plan. In order to move into digital management and future planning, this Networked Mortality blog series will have several posts on topics such as password managers and digital media assets, which go through this arc of explanation.

We’re going to assume some things about our user base, of which readers of this series are a part, or are supporting someone who is:

  • Low/negative desire to try new technologies, especially when complicated.
  • Interact with one or two devices, which other people likely have access to.
  • Deal with memory loss or other cognitive impairments.
  • Any threats tend to fall within the elder abuse model.

And we’re going to assume some things about our purpose.

  • Autonomy should be advocated for whenever possible.
  • Privacy is important.
  • We should respect an individual’s wishes.
  • Death is a community-centric event.

From this perspective, the first set of blog entries will start tomorrow – using password managers for estate planning. The first will cover what password managers are for this audience (literacy), the second how to adapt or set up a password manager for estate planning (management), a third on how to consider choices to be made when doing that set up (future planning), and finally a checklist with extra credit will be offered for individuals to execute.

2016 Retrospective

I did one of these posts last year, inspired by Tilde, who I continue to be inspired by. In an effort to be more consistent in my life, I’m going to do it again this year.

Unachieved 2016 Goals:

I did a lot this year, but I did not do everything I set out to do. Before we jump into the “lookit how great it was!” here are the things at which I fell short:

Get this paper out the door

I have an editor I’m working on with this. But it’s still not out. Fingers crossed on 2017.

Do 2 speaking gigs max — unlimited participatory events

I ended up doing 3, but 2 of those were 7 minutes long. This is still a drastic change from past years.

Read and comment on at least one blog entry/article a week

Reach conversational comfort in Deutsche, Kiswahili, or ASL. Future years for the others.

Yeah, neither of these happened. I still understand how important they are, but they just didn’t stay at the top of the stack.

What I did manage to do was…

Slowed down. For me.

Only travel for (well-paid) work and family/close friends

This year was a year of transitions and movement, but also of stillness and consistency. I did go completely around the world once. I also went to India and Japan, meaning I’m now only missing Antartica from Continent Yhatzee.

That said, I travelled less than I have in years past (~30k less). There was an entire month where I didn’t go anywhere further than a 3 hour drive (!!). This has not happened since 2012.

This gave me a chance to… Continue reading

Remembering Normal

Most of my corners of the internet are currently filled with rage. One of the ongoing cries is “this is not normal.” It’s true, it’s not. So let’s take a moment to remember what normal has been for the past bit. This is to both balance out the past blog post, and in light of great blog posts like this one about mental health and long fights. Much of my “normal” has to do with where I live and what I look like. I still find it important to talk about them because these levels of freedom are something I actively fight to make available for others on a daily basis in my own flawed and insufficient ways.

  • Normal has been a high likelihood that overhead helicopters etc are for traffic reporting.
  • Normal has been walking in my neighborhood safely.
  • Normal has been making aggressively questioning remarks about government, governance, and other systems of power in public and having lively debate and no concern for my long-term well-being.
  • Normal has been visiting nearly every continent in 5 years and only getting heavy scrutiny thrice, including when soft-packing through TSA.
  • Normal has been asking friends to move to encrypted channels and no one being targeted for those moves.
  • Normal has been holding hands with a girlfriend and a boyfriend on a street corner and only getting occasional side-eye.
  • Normal has been openly attending talks from activists in other countries.
  • Normal has been experiencing shock when I see enforcement agents with semi-automatic weapons in other countries (because they don’t where I live).
  • Normal has been publishing under my own name.
  • Normal has been making an appointment for, and then getting, an IUD from my doctor, and it being covered by insurance.
  • Normal has been, and will always be, a slow fight towards more justice and more equality.

And so much more. Remember what is normal.