Matt Wilcox Pro

You may have heard of the Fourth Amendment. It says, in essence, that if the cops want to search your home, they’d better convince a judge to issue a warrant.

In theory, anyhow. It’s another matter in practice, for things have changed since the Amendment’s ratification in 1792. For instance, we didn’t have trash collection back then. Madison might have been amused—or appalled—to see that, a year short of two centuries later, none other than the U.S. Supreme Court would have to weigh in on when cops can legally dig through your trash.[1]

There were other things besides trash collection that no one foresaw in 1792, such as hidden cameras and microphones, tracking devices, radar that detects motion through walls, and camera-carrying drones, to name a few. And we didn’t have cloud technology.

Warrants collided with the cloud in Microsoft Corporation v. United States of America.

It all began with a 2013 drug trafficking case in New York. The government jumped through the right hoops and obtained a warrant for documents stored on Microsoft servers. Microsoft said—I’m paraphrasing somewhat liberally here—“Sure, fine, you can search our servers located in the U.S., but some of the data you want resides on servers in Ireland, where you have no jurisdiction, so, no.”

A series of suits followed. A federal magistrate judge ordered Microsoft to furnish the data residing in Ireland. Microsoft appealed to a federal district judge, who agreed with the magistrate judge. Next Microsoft appealed to the Second Circuit Court of Appeals. This time, Ireland weighed in, saying they’d kind of like a say as to who accesses data stored on their soil. The district judge overturned the earlier decisions.

So, the government took the matter to the Supreme Court, which heard arguments in February.

A decision is due later this year. Or not.

Microsoft and the government have since filed a motion with the Supreme Court that says, and again I paraphrase, “Yeah, about that? Never mind.”

That’s because the situation appears resolved by the CLOUD Act, a bill quietly attached to the 2,232-page, $1.3 trillion omnibus spending bill that U.S. Congress passed last month. “CLOUD” is for “Clarifying Lawful Overseas Use of Data.”[2] The CLOUD Act lets “qualifying foreign governments” and the United States access information from servers on each other’s respective soil.

In what might at first blush seem a sudden turnabout, the government and Microsoft both support the CLOUD Act. So do Apple, Google, and others. But that would be curious only if Microsoft’s earlier resistance had been grounded on Fourth Amendment principles. It now appears that Microsoft et al may have been less concerned about individual privacy rights and more concerned about being sued or prosecuted for handing over information. The CLOUD Act provides tech companies complete protection from civil and criminal actions for compliance with government requests.

There are a couple of wrinkles.

Under the CLOUD Act, a “qualifying foreign government” can demand and obtain access to your U.S.-based records without approval from the United States. And, as pointed out by the Electronic Frontier Foundation (EFF) on February 8, not all qualifying governments have privacy laws as stringent as ours.

And then, this question popped into my devious, loophole-seeking mind: Couldn’t a U.S. president skip the whole obtaining-a-warrant thing by asking a foreign country to obtain data—from servers in the U.S.? Apparently the same thing has popped into other devious, loophole-seeking minds. As EFF reported on March 22, this and other issues have more than a few people concerned.

But perhaps we are being unduly paranoid. Never in history have high-ranking U.S. officials abused their power. Right?

I needn’t tell readers of this blog what apparently came as news to a U.S. Senator: Advertising revenues keep the lights on at Facebook and account for Mark Zuckerberg’s $62.2 billion net worth.

Nor need I point out that the more targeted an advertising medium, the more valuable it is to advertisers, and that it is with targeting that Facebook shines. 

With every Facebook action, and with every personality test (Which Muppet are you?), users reveal a good deal more about themselves than their fondness for kitten videos. Facebook abounds with opportunities to disclose your age, location, interests, reading choices, product preferences, religion, sexual orientation, political leanings, eating habits, TV and movie favorites, clothing preferences, music choices, favorite activities, travel habits, marital status, and more. That data is compiled, and it is sortable. 

So, say your product is ideal for married vegan Trekkies who like reggae, drive a Prius, and own a dog. Facebook lets you select and show your ads only to people fitting that profile. (I’m not making that up.) That much seems to upset a lot of people, though it needn’t. Each Facebook is a data point among billions. Advertisers aren’t interested in peering into your individual life. They’re interested in not wasting money trying to sell steaks to vegans.

Data-driven targeting benefits users, too. It cuts down the number of irrelevant ads showing up in your feed. (Yes, without it, you’d see even more irrelevant ads.) It lets you enjoy Facebook—and oodles of content that come with it—without having to shell out. If the thought of your data being amassed no matter how it’s used creeps you out on general principle, that’s one thing. Otherwise, Facebook data gathering is arguably helpful.

Then came Cambridge Analytica.

The seeds for trouble spilled onto rich soil shortly after academic psychologist and data scientist Aleksandr Kogan obtained a boatload of data from Facebook. He obtained it in accordance with Facebook policy, so that much wasn’t the problem. The problem was that then he turned around and gave the data, which wasn’t his to give, to British political consulting firm Cambridge Analytica. 

There’s a reason Facebook is in hot water even though it was Kogan who broke the rules. “Unlike other recent privacy breakdowns,” wrote TIME’s Lisa Eadicicco earlier this month,

“… thieves or hackers did not steal information. [Facebook] actually just handed the data over, then didn’t watch where it went.” [Italics added.]

What puts Facebook in even hotter water is that Cambridge Analytica’s clients didn’t use the data to sell mac and cheese or hand soap, but to promote political causes and candidates—from Brexit, to Ted Cruz, to Donald Trump.

(Time to pause for a disclaimer: This isn’t about Brexit or Trump. It’s about data.)

The way Cambridge Analytica may have applied the data has people upset. The New York Times painted a scary picture:

One recent advertising product on Facebook is the so-called “dark post”: A newsfeed message seen by no one aside from the users being targeted. With the help of Cambridge Analytica, Mr. Trump’s digital team used dark posts to serve different ads to different potential voters, aiming to push the exact right buttons for the exact right people at the exact right times.

Imagine the full capability of this kind of “psychographic” advertising. In future Republican campaigns, a pro-gun voter whose Ocean score ranks him high on neuroticism could see storm clouds and a threat: The Democrat wants to take his guns away. A separate pro-gun voter deemed agreeable and introverted might see an ad emphasizing tradition and community values, a father and son hunting together.

In this election, dark posts were used to try to suppress the African-American vote. According to Bloomberg, the Trump campaign sent ads reminding certain selected black voters of Hillary Clinton’s infamous “super predator” line. It targeted Miami’s Little Haiti neighborhood with messages about the Clinton Foundation’s troubles in Haiti after the 2010 earthquake. Federal Election Commission rules are unclear when it comes to Facebook posts, but even if they do apply and the facts are skewed and the dog whistles loud, the already weakening power of social opprobrium is gone when no one else sees the ad you see—and no one else sees “I’m Donald Trump, and I approved this message.”

(Time for another disclaimer: This isn’t about the Republican Party, either. Examples focus on the GOP because in the U.S. Cambridge Analytica refuses to work for other parties.)

The fear is less that dark posts might change minds and more that it might push fence-sitting minds to the message-sender’s side. Cambridge Analytica reportedly knows how to identify and push the hot buttons of large numbers of people by sending them tailored messages. If they present misleading or even false information, there’s pretty much no one to call them on it, because those likely to object don’t see those messages.

This, as reported by Reuters, has not helped ease concerns:

The suspended chief executive of Cambridge Analytica said in a secretly recorded video broadcast on Tuesday that his UK-based political consultancy’s online campaign played a decisive role in U.S. President Donald Trump’s 2016 election victory.

Yet some voices are skeptical.

Vox quite bluntly states, “There’s nearly no evidence these ads could change your voting preferences or behavior.”

To be sure, advertising is oft accused of persuasion power it doesn’t have. And as yet no hard data support the claim that dark posts affected the outcome of the Brexit vote or the U.S. 2016 elections. Consider, for instance, that the first U.S. politician to retain Cambridge Analytica was Ted Cruz. As you may have heard, Cruz didn’t secure the nomination.

For that matter, targeted messaging is nothing new. The only difference is that technology can amass data faster, in greater volume, and in near real-time; has sharpened marketers’ aim; and facilitates matching messages to audiences in a way never before seen.

But it’s equally true that it’s premature to dismiss claims about dark data’s potential to influence undecideds. It may simply be that dark data is so new that there hasn’t been time to execute valid tests. We can assuredly expect those tests very soon.

On a lighter note

Shall we end on a lighter note? Here are three of my favorite questions put to Mark Zuckerberg by U.S. Senators in last week’s hearing:

Is Twitter the same as what you do? —Senator Lindsey Graham, R, South Carolina

I’m communicating with my friends on Facebook, and indicate that I love a certain kind of chocolate. And, all of a sudden, I start receiving advertisements for chocolate. What if I don’t want to receive those commercial advertisements? —Senator Bill Nelson, D, Florida

How do you sustain a business model in which users don’t pay for your service? —Senator Orrin Hatch, R, Utah (where I live). (Zuckerberg: Senator, we run ads.)

How reassuring it is to know that powerful people who don’t understand Facebook are investigating Facebook on our behalf.

These days blockchain technology shows up in the news with regularity. Deservedly so. It promises a new level of security for a host of online transactions,[1] and not just for cryptocurrency. Blockchain has proved useful for ensuring the security of stock trades, currency exchanges, retail sales, contracts, diamond and gold exchanges, health care data, and more.

Blockchain presents a rather daunting challenge to would-be hackers. It is, essentially, an online ledger with identical copies distributed around the world. Hacking one copy would instantly betray it as out of sync with its myriad copies; and hacking all copies at once is, as of this writing, beyond the technological reach of even the most adept hackers.

In an interview published by Harvard Business Review, Harvard Business School professor and co-founder of the HBS Digital Initiative Karim Lakhani explained blockchain technology this way:

When a transaction is posted on the network between two parties, other nodes on the network compete to solve a mathematical proof that locks that transaction into everybody else’s ledger as well. So if you wanted to go back and hack the Blockchain ledger, you would have to undo every single other prior transaction. And that proof of work and the chain aspect of the block—a block is a transaction—is chained to all prior blocks, is what makes this the interesting technological innovation that the Blockchain is.

Looking for someone to thank for blockchain? Try spammers.

In popular lore, breakthrough technologies are born overnight thanks to a lone visionary. It makes for inspiring storytelling, but it’s almost never true.

Take, for instance, iPhone. IBM explored touchscreen technology for phones 47 years before iPhone’s debut. And the idea for developing touch-screen tablets didn’t come from Jobs. A skunkworks at Apple pursued it in secret until they dared show it to their capricious and unpredictable boss—who at first dismissed it out of hand.[2]

Likewise, contrary to what many believe, blockchain technology didn’t pop into existence overnight, nor did bitcoin’s pseudonymous creator Satoshi Nakamoto invent it. On the contrary, the series of events that led to blockchain as we know it today were set in motion by none other than spam. But then, perhaps email deserves the credit, since spam was set in motion by email’s rapid popularity gains in the early 1990s. (Email was no overnight creation or sensation, either, its having been under development since 1965.)

In 1992, the growing spam problem promoted computer scientists Cynthia Dwork and Moni Naor to produce a paper entitled, “Pricing via Processing or Combatting Junk Mail.” In it, they proposed filtering out cyber attacks by posing problems human minds could readily solve but computers couldn’t. The idea proved useful. Soon dubbed a proof-work-system, or POW for short, it found its way into a number of applications we now all encounter every day. When you must prove you’re not a robot—say, by correctly typing in CAPTCHA characters or identifying related photos on a grid—you’re dealing with a derivative of Dwork’s and Naor’s proposal.

In 1997, British cryptographer and crypto-hacker Adam Back proposed a proof-of-work-based spam filter he called Hashcash. It proved significant, for Microsoft improved on Hashcash’s technology to create proof-of-work-based spam filters for Exchange, Outlook, and Hotmail. And it was Hashcash’s technology that Satoshi Nakamoto adapted when he (she?) used blockchain as the underlying technology for an electronic P2P based cash system, namely, bitcoin.

Today, one industry after another has glommed on to blockchain. As Chief Technology Officer Marc West and I blogged last year for our employer, Fiserv:

Pick a service that involves moving assets, and it’s likely blockchain has the potential to play a role. It could transform person-to-person payments, data sharing, person-to-business money transfers, securities exchanges or even movement of frequent-flyer miles, to name a few …

… The security features work toward enhancing confidence in the network and driving cost benefits in areas such as exchanges. The real-time functionality may lead to shorter, and less costly, settlement cycles on trade day.

… blockchain has transformative potential for those who dig in and understand it. Top organizations are testing its use cases. Now is the time to take a long-term, purposeful approach to finding the most valuable areas and smart ways to leverage the value that blockchains create.

I couldn’t have said it better myself.

Never trust an absolute. (Irony intended.)

The historical floor is littered with axioms once immune to challenge because, according to circular reasoning at the time, everyone knew they were true. Take, for instance: Running a mile in under four minutes is physiologically impossible, we’ll never put a human on the moon, only people use tools, guitar bands are on their way out, and there is no reason anyone would want a computer in their home.

Thanks to the ingenuity of the criminal mind, we now have a more recent absolute to discard: Blockchain technology is secure.

Blockchain technology’s roots stretch back to a 1992 idea for combatting junk email, later dubbed a Proof-of-Work system (POW). The original idea was to present challenges daunting to computer but not human processing. Everyone’s favorite annoyance, CAPTCHA, is an example. This in time led to Hashcash, a spam-stopper notably used by Microsoft in various applications. Full-fledged blockchain technology emerged when “Satoshi Nakamoto,” whose true identity remains a mystery, used Hashcash’s proof-of-work function as the mining core for Bitcoin. Medium’s Aleksandr Bulkin wrote:

… the way Satoshi combined [Hashtag’s POW] and other existing concepts — cryptographic signatures, merkle chains, and P2P networks — into a viable distributed consensus system, of which cryptocurrency is the first and basic application, was quite innovative.

Blockchain is “similar to an enormous ledger,” reports Fraedom, that “… stores transaction data across vast networks of computers that constantly check and verify information with each other.” To hack innumerable, identical copies of a transaction spread around the globe is a near impossibility at this time. That is the essence of the technology’s imperviousness to mischief.

It wasn’t long before industries with no interest in Bitcoin nonetheless showed an interest in blockchain. Since its essential features—distribution, transparency, and permission—made online counterfeiting and fraud pretty much impossible, blockchain seemed to promise an ideal way to conduct secure transactions online.

The problem with “pretty much impossible” are those words “pretty much.” Blockchain has not turned out to be invulnerable.

Enter ComboJack

ComboJack may sound like a cholesterol-laden breakfast offering on the menu at Denny’s, but in fact it’s a malware application designed to steal online currency—including Bitcoin, Ethereum, Litecoin and Monero. Self-described next-generation security company Palo Alto Networks discovered the app and named it ComboJack “… because of how it attempts to hijack a combination of digital currencies.”

According to Palo Alto, ComboJack targets cryptocurrencies and online wallets …

… by replacing clipboard addresses with an attacker-controlled address which sends funds into the attacker’s wallet. This technique relies on victims not checking the destination wallet prior to finalizing a transaction … ComboJack targets both a range of cryptocurrencies as well as digital currencies such as WebMoney and Yandex Money.

ComboJack finds its ways into computers via an innocent-looking email and is unleashed by clicking on an attached PDF. The malware relies on the fact that humans aren’t fond of typing and retyping digital wallet addresses, preferring to copy and paste them. I wouldn’t call the preference laziness, but pragmatism. Just yesterday, as I moved some cryptocurrency from my coinbase account to a hardware wallet, I saw for myself how cumbersome those strands of code are for anyone self-punishing enough not to use copy-and-paste.

On the reassuring side, according to SC Magazine, CrytoJack’s “… early results don’t appear impressive.” Still, there is prudence in looking at malware the likes of ComboJack as an initial foray. Nastier iterations are likely coming. For that matter, ComboJack is itself something of an iteration of CyptoShuffler, a trojan that, as also reported by SC Magazine last October, had by then absconded with $145,000 worth of Bitcoin.

As I have noted before, cyber security is an arms race. The moment the good guys come up with new levels of security, the bad guys rise to the challenge and look for ways to beat them. If I had to come up with something positive out of that, I suppose I could say that the perpetual nature of the arms race provides job insurance for both sides.

All of which spells an opportunity in the wallet software space. I’m betting that operating system manufacturers the likes of Microsoft, Apple, Google, and others will not be long in offering support for labeling, or at least simplifying, wallet address management.

Here’s how my grandparents dined out:

They sat, ordered, ate, and, when the check arrived, gave the server cash. The server returned with change, hoping some or all of it would remain behind, thanks to America’s curious practice of underpaying servers and expecting diners to make up the difference.

By the time my parents were dining out, paying with cash had declined to the point of being almost quaint. It was more common to slap down a credit card. The server would return with a slip of paper sporting a blank for writing in a tip amount.

Now we have portable mag strip readers brought to your table by a server; tabletop tablets from which you can order, pay, and tip; and direct payment via the portable device of your choice.

McDonald’s even lets you use your portable device to order and pay before you leave home. Only upon your arrival at the store is your food prepared and your account charged. This gives you the convenience of waiting in a designated parking space instead of waiting a roughly equal amount of time at the drive-up window.

Of course, fast food vendors have long mounted card readers outside the drive-up window. Surely someone has used one sometime, but I’ve never witnessed it.

And now MasterCard has issued a press release boasting that in the U.K.,

Diners at Pizza Hut restaurants across the country will be able to pay through their mobile without having to ask a waiter for the bill, saving them 12 minutes on average.

The news packs a double surprise.

The lesser surprise is that it takes about 12 minutes to pay your Pizza Hut server the new old-fashioned way.

And the greater surprise? That there are still parts of the world with sit-down Pizza Hut restaurants. Such are all but a relic in the U.S.

Server-less payment comes to U.K. Pizza Huts via the MasterCard app Qkr with Masterpass. It is designed to make a cinch of “…splitting the bill at a restaurant, ordering food to your seat at the cinema, or pre-ordering your child’s lunch.”

Besides offering a customer convenience, tableside POS systems promise a profitability boost for the restaurant industry as a whole. It has to do with table turns, that is, how fast restaurateurs cycle diners. Hospitality Technology places the average time saved per table by tableside POS systems at about 10 minutes, suggesting that …

… Cutting down that wait time by bringing the payment device to the table not only leads to more table turns and increased face-time, but also higher customer satisfaction. The result is better tips for servers. We witnessed this firsthand in Canada, where Pay-at-the-Table became the standard shortly after that country’s EMV migration in 2010.

In “The Benefits of Tableside POS for Restaurant Owners and Servers,” FSR reports:

Deployment of tableside POS can help streamline the dining experience and even increase tip percentages for servers. Casual-dining chain Olive Garden has already adopted tableside payment systems and is pleased with the results. According to The Los Angeles Times, a spokesman for Olive Garden said wait staff using the payment tablets see a 15 percent increase in tips and turn over their tables seven to 10 minutes faster. A spokesperson told the newspaper, “Guests can set the pace of their meals by ordering drinks, appetizers, and desserts as they want them and pay their checks with ease whenever they are ready.”

It will be interesting to watch how speeding up table turns plays out in the U.K. Americans tend to associate good service with swiftness, such as the whisking away of plates no longer needed or wanted, the prompt sweeping away of breadcrumbs, frequent check-ins (“How is everything?”), dessert suggested mid-meal, and having the check arrive before you ask for it. Sometimes visitors from the U.K. find the swiftness and attention rude, as if they’re being hurried along. Which, in fact, they are.

Besides speedier table turns, the restaurant industry agrees that tableside POS systems reduce human error and chargebacks. Plus they benefit servers in the U.S. by providing suggested, percentage-based tip amounts (including zero as an option). The result has been what The New York Times referred to as “tip creep” in its 2015 article, “$3 Tip on a $4 Cup of Coffee? Gratuities Grow, Automatically.”

Digital payment has sped and improved restaurant pick-up and delivery services as well. Websites like Eat 24 let you order, pay, and tip online, so you needn’t wrestle with tipping at your front door while your food cools. Pick-up restaurants like Papa Murphy’s let you order and pay online so you can duck in, grab your take-and-bake pizza, and duck back out while others stand at the counter deciding whether they want extra cheese.

Unlike many industries where technology eliminates jobs, it seems the high-end restaurant business will always need servers. The burgeoning supply of hospitality apps makes the job more efficient but doesn’t obviate it. Smartphones can take orders and receive payment, but it will be a while before they can drape a napkin over their arm and, with a flourish, deliver a hot meal to the table.