Wednesday, March 29, 2017

Your privacy at a price

By now, you've probably heard of J.Res.34, which will permit your Internet Service Provider at home to sell your browsing data to others. I admit that this wasn't on my tech radar until it happened. That's because this bill is extremely stupid and I assumed it would never pass.

Welcome to the new world, I guess.

The Electronic Frontier Foundation has a list of five ways your cybersecurity will change once this is signed into law:
  1. Your ISP will now snoop on you
  2. Your ISP will probably break encryption
  3. Your ISP will probably insert ads on web pages
  4. Your ISP will create supercookies to track you
  5. You are at risk for spyware
I agree with the items in the article. I think the loss of privacy will be the first thing the general public will recognize in this. The other points are also important, but they aren't as visible as privacy. Now your ISP can sell your browsing habits, including your visits to Google, GMail, Amazon, Target, Apple, Hulu, Netflix, YouTube, CNN, BBC News, Facebook, Twitter, porn, etc.

I suspect the first thing ISPs will do is monetize your online activity at a broad level. They can very easily identify when your home is passing the most traffic. Do you go online in the morning, reading the news over breakfast? Do you do much online activity in the evening? Advertisers can use this information in various ways to build a better picture of you.

After that, I think ISPs will monetize DNS lookups. That gives a broad look at what you are doing. And it's relatively straightforward to create a log of DNS lookups. What websites do you visit most often? When do you visit them? By itself, that's very bad for privacy. But people can use other DNS providers (like Google Public DNS) so this will not be the final step.

From there, I think ISPs will do deep packet inspection. By inspecting traffic at greater detail, the ISP can see what pages you are looking at. That's where they will unravel your "https" request and create what's called a "Man in the Middle" (MITM). There are products that do this today, for corporate networks. And the EFF article correctly points out that this creates a security vulnerability. So now you don't have to worry if your browser is up to date on security, you have to worry if your ISP's MITM is up to date on security.

I fear the day that ISPs decide to insert ads into your browsing experience. This will not go over well. Imagine an H&R Block ad appearing on the Apple.com website around tax time, because your ISP inserted an ad. That happened. Other ISPs have tried inserting ads on web pages before, and received such negative feedback they stopped doing it. But I think that day is coming back.

More likely over the long term is we'll see ISPs offering another tier of service. "Don't want us to sell your data? Upgrade to our Privacy-plus plan for an extra $20/month." But by then, will you trust your ISP anymore?

Monday, March 27, 2017

Technology trends for 2017

Technology is always changing. You don't have to go back very far to see how quickly technology evolves. Ask yourself how things will be different a few years from now. IT organizations must adapt to constant change, or they will die.

Along those lines, an article at The Enterprisers Project shares these eight big trends that will impact IT in 2017. From the article:
  1. US government deregulation
  2. Rise in state-sponsored cyberattacks
  3. IoT security as first priority
  4. Geo-fencing for mobile app push notifications
  5. Digital customer experience as important as the product
  6. App modernization for consistency
  7. AI will be everywhere
  8. Displacements due to digital transformation and demonetization displacements
How do these stack up in your organization? Look ahead to the coming year and ask yourself what changes you envision for your future and your organization. Don't be the next CIO who might have brought change. Be the CIO who embraces change.

Monday, March 20, 2017

On open government

An item at Opensource.com discusses the topic of "Open Government." This is timely for me, because where I work (local government) we have been building a new Open and Accessible Data Portal. Open data and open government is the new norm. Government is "of the people, by the people, for the people" (Lincoln, Gettysburg Address, 1863) and open data makes information about your government available to you, the taxpayer.

The Opensource.com article describes open government as "one with high levels of transparency and mechanisms for public scrutiny and oversight in place, with an emphasis on government accountability." Another way to describe open government is providing information in an open and accessible way, without filters.

The key goal for open government is transparency. Anyone should be able to view information about the government.

Open data laws require that public and government organizations provide information upon request, such as a US Freedom of Information Act (FOIA) request. There are a few exceptions, such as information related to security, but generally any information is accessible by making a FOIA request.

Open government takes this a step further. Why wait for the request before we make it available? Let's share the information proactively. If we can provide the raw data, governments should provide that.

And that's exactly what we are doing at my county. I'm proud to do this work.

Functional and Unit organizations

A colleague pointed me to a great article about Functional vs Unit Organizations. It's a long article, so it's difficult to summarize in a brief post.

Author Steven Sinofsky describes "going functional" at Microsoft, and says "No organization is purely functional or entirely unit-based, nevertheless in any given company of size (more than one product or more than about 100 engineers) there is almost certainly a dominant shape."

Sinofsky adds that while there's no obvious answer to "functional vs unit" for every organization, he does provide a few pros and cons. I'll attempt to summarize some of the core ideas here:

Pros

One product, one org. Sinofsky says "if you’re building one product then you just don’t really need “units”."

Better develops skills for each functional area. The "functional" org chart allows you to develop staff in the direction in which they are aligned. This is critical to an organization to grow its core strengths, especially as Sinofsky highlights that "the future of a technology company is never the current product, but the ability to lead technology change over many years and that only happens with depth of technology skills."

Easier to resource load balance. If you operate in a field that faces constant change, Sinofsky advises "A functional org is perfect for this because all the discipline resources are under one “roof.”"

Cons

Potentially diffuses accountability. When I worked in higher ed, we had a saying when referring to "academic IT" and "administrative IT": "One IT." It didn't matter what group you were in, but we were all in this together. But organizing your groups by function may spread out accountability.

Challenging to manage physically separate people. I've experienced this issue first-hand. It can be very difficult to manage people who are not sharing the same office space as you. Sinofsky agrees, and comments "a [geographically dispersed] functional org can be challenging because it pushes each of your functional leaders to become skilled in managing people from a distance."

People tend to feel less opportunity because there is “one” leader of a functional area. We all need to grow, and it's important for our star performers and future leaders to feel there is a place for them within the organization. Sinofsky agrees, and adds "there can be a feeling of limited opportunity “managing within a discipline” compared to “managing across disciplines”."
Sinofsky continues to compare and contrast Functional and Unit organizations. It's a long read, but worth your time if you are involved in defining your organizational structure.

Monday, March 13, 2017

Business and busy-ness

A friend and I do peer-coaching with each other, every few weeks. If you don't practice peer coaching, you should find someone you trust (and ideally outside your organization) and just talk for half an hour or an hour every month. Practice your coaching and mentoring with each other. Challenge each other. And help each other out. I find that these peer coaching sessions help provide clarify and allow me to refocus on my priorities.

This last session is a great example. In our last session, I related how things seem very busy right now, so my friend asked me what was going on. As I started to iterate the different things I was working on, I suddenly realized that I have over-stretched myself.

Here's a quick list of what I'm doing now:

  1. My day job (CIO)
  2. Founder and coordinator of the FreeDOS Project
    • Several projects associated with FreeDOS
  3. Director on the GNOME Foundation's Board of Directors
    • A few side projects for the Board
  4. Adjunct professor for an online class
  5. Writing articles for several different journals/magazines
  6. Writing a book about leadership
  7. Planning to write a book about usability in open source software
  8. Planning to write a book about management

Basically, I think my problem is I said "yes" to too many things. Someone asked me to take on a new responsibility, and I agreed to it before I really thought about how much free time I had available, and how much of that time I could realistically commit.

Take this as your reminder to stop and reflect on what extra things you've taken on. Have you tried to tackle too much? What can you do about it?

In my case, I'm planning to step down from the non-profit board when my tenure is up, in May. I'm also going to avoid teaching again, at least for a few years. And my book will have to wait until I have a little more free time to commit to it, while the future books will be put on "hold" until the first book is done.

Monday, March 6, 2017

On becoming a multi-dimensional leader

I recently discovered this great article from last year about "How to gain merit, regardless of your job function." The article begins by describing the ideal workplace, one organized as a kind of meritocracy: "In a meritocracy, leaders progress because of their demonstrated leadership abilities (not their formal titles). But how exactly do you gain merit in an organization using practices that aren't specifically related to your job function? "

The article then lists several key attributes for successful leadership in such a meritocracy. I thought this was good advice for any leader, and I wanted to highlight the attributes here:

  1. Listen to people
  2. Put yourself out there
  3. Maintain your moxie
  4. Cultivate diversity
  5. Own your mistakes
  6. Be mindful

I've discussed several of these leadership traits elsewhere in Coaching Buttons, but it's good to highlight them again here.