long post

    Some policy thoughts on corporate "revenge hacking"

    Michael Riley and Jordan Robertson, reporting a fascinating story at Bloomberg:

    In the U.S., companies are prohibited by the 30-year-old Computer Fraud and Abuse Act from gaining unauthorized access to computers or overloading them with digital demands, even to stop an ongoing attack.

    The act exempts intelligence and law-enforcement activities, allowing the government to respond more aggressively than private-sector firms. There’s little indication, though, that military and intelligence agencies have used their most powerful tools to shut down attacks on businesses, as the U.S. has attempted to address foreign-based hacking through diplomacy and the courts.

    Diplomacy and the courts are clearly inadequate channels for preventing, halting or discouraging foreign-based hacking.

    The question, then, is whether the U.S. government will use its broader “revenge” authority under the CFA to defend not only itself but private U.S. companies. This method would be problematic from a funding perspective, and may cause diplomatic friction.

    Alternatively, the CFA could be amended to allow “proportional responses” by private U.S. companies to foreign-based hacking. This method would be problematic from oversight and transparency perspectives, subjecting revenge hacking to market dynamics and the “black box” in which companies conduct so much of their business (especially when they’re privately held).

    Yes, companies often have to deal with reporting requirements in the aftermath of a major data breach, but they don’t have to disclose any countermeasures under any current state or federal notification regime I can find.

    Perhaps the best solution would involve some hybrid of these. For example, a department of government investigators and hackers could be assigned in small groups to companies facing imminent or ongoing foreign-based hacking.

    They could embed into the companies like journalists sometimes embed into military units, assisting the company in its response and pulling the trigger on revenge hacks, insulating the company from CFA immunity.

    The hybrid method minimizes government expense, maximizes company involvement and allows for the use of transparency laws such as the Freedom of Information Act by journalists and policy analysts to peek inside the black box.

    I’m obviously not going to come up with a perfect solution in a short blog post, but it’s worth thinking about.

    Image by the author

    A court of beginnings

    Photo of Pike County Courthouse by the author

    Several excellent writing professors have told me throughout my life that you start by starting. Introductions, caveats and excuses delay your goal and bore or confuse the reader. Don’t tell people what you’re going to do. Do it.

    But they also advised me always to write with my audience in mind. This is a blog, and you’re still reading, which suggests you like to read blogs, or at least my blog. So I’m assuming you’re prepared for and maybe even expecting some opinions. Here they are, by way, as they say, of introduction.

    I can be a cynical, pessimistic bastard.

    I can’t help it, and I really don’t want to help it. The world is a nasty, ugly place where terrible things happen to innocent people all the time. I’m convinced, through arrogance or narcissism or rationalization, that my gloomy outlook keeps me well-prepared for those dismal days we all inevitably encounter, and insulates me from the worst disappointments. Optimism sounds in my ears like a synonym for naivety.

    Told you: I’m a bastard. But today I’m going to break character for a few hundred words.

    I don’t often write about my work. I never have. I think it’s a good rule to stay away from what you’re currently doing, especially in the world of the law, where much of it is privileged and confidential.

    It’s unprofessional to complain about your job in any detail, and as a cynical, pessimistic bastard I find joyous reports about one’s work untrustworthy at best. I have stories from previous jobs that would make your eyeballs burst from your face. But even if I was unscrupulous about what I was willing to share, to the extent that I wrote here about everything, what stories would I have left to tell at parties?

    So there it is. That’s the introduction my writing advisors always advised against. But I think I did okay. I needed all that to make it clear to you why the rest of this little essay is an exception for me.

    I don’t have to violate any privilege or confidentiality to say a typical Common Pleas court sees a lot of depressing stuff: divorce, custody, drug addiction, acrimonious estate distributions, and worse. Yes, our judges also perform marriages, but those aren’t really cases, so the law clerks never have occasion to attend.

    From where I am sitting, it is often a court of dismantling, of endings.

    Today, though, I was present for the first time at an adoption proceeding. It was emotional for the family. And all of the Court’s personnel were doing something we rarely do during court proceedings: we were smiling.

    While I think family is most clearly defined by something ineffable in our hearts, legal recognition gives that definition life in the outside world.

    And that can be just as important, especially when it comes to the right to protect, provide benefits to or make healthcare decisions for your family when they are unable to do those things for themselves.

    It’s hard to be a cynical, pessimistic bastard while you watch a group of children and adults get their first photograph taken as a legally recognized family. Today, even if only for thirty minutes, ours was a court not of dismantling, but a court of building, and beginnings.

    What a beautiful thing.

    Update to iOS 8 even without enough free space

    I’ve heard from many people who insist their iPhone or iPad “can’t handle” or “doesn’t fit” iOS 8. I read an article about a slow-down in updates to iOS 8. John Gruber of Daring Fireball first posited that some well-documented software bugs were making people reluctant to update.

    But his follow-up post reminded me how many times I’ve been asked by “normals” how I managed to update my iPhone 5. Their phones, the common story goes, just don’t have enough free space available to perform the update.

    I know this is frustrating, so I wanted to share some quick and easy advice on the topic. First, if your iOS device is low on space, it’s probably because of all those photos and videos you’re taking. Learn how to move that stuff to your computer so you can safely delete it from your device.

    Second, if you have an iPhone 4 or 4s, think hard before updating to iOS 8. Some reports suggest you’ll have a much slower device after the update. There are some neat new features, but none of them are worth slowing your phone down.

    Third, make sure your iPhone or iPad is fully charged before you try to update. While it will be plugged into the computer and therefore charging during the update, it’s best to be safe about these things. Make sure your battery icon is green before you start the update and you should be fine.

    Update to iOS 8 with iTunes

    1. If you want to install the iOS 8 update but your iPhone or iPad tells you it doesn’t have enough free space, make sure you have the latest version of iTunes.
    2. Plug the charging cable into your computer’s USB port and then connect it to your iPhone or iPad.
    3. If iTunes isn’t already opened, it will open. If it doesn’t open automatically you’ll just have to open it yourself (a first-world problem if ever I heard one).
    4. Click on the iPhone button that appears in iTunes and, if iTunes isn’t already offering to update your phone, click Check for Update.
    5. Wait. iTunes will download the five-gigabyte update to your computer and install it on your device.

    <

    p>Check out Apple’s support page for more information.

    Check for lint before trying to replace your iPhone's charging port

    My iPhone 5 recently stopped charging, unless I propped the phone upside down against an inclined surface like a lamp stand or a keyboard. I’m not in a position to buy one of those fancy new iPhones, so I shopped around in the internet’s DIY isle.

    I found a well-reviewed set of iPhone surgery tools and even a well-reviewed replacement part on Amazon. Armed with those and an instructional YouTube video, I planned to replace the part myself.

    Luckily, one of my many neuroses involves exhaustively reading through reviews before I buy anything from Amazon. It’s my favorite part of the site. I don’t even consider products with less than 25 or so reviews.

    In a bricks-and-mortar store, you probably only have the staff to ask for advice, and they’re obviously biased. And if you’re anything like me, you probably know far more about the product than they do. Always take advantage of the availability of reviews on Amazon.

    Anyway, with the necessary tools in my cart and the video queued up in the Watch Later section of my YouTube account, I headed over to read some reviews. That’s when I found this gem by Amazon user DullJack, who wrote:

    First off, if you suspect your charging port is going bad, it probably isn’t. Grab a flashlight and a safety pin/needle, shine the light into the charging port and you will probably see a bunch of lint tightly jammed into the back of the port that is preventing the cable from fully inserting.

    But I had looked in there and I didn’t see anything, DullJack. So what gives? He continues:

    I looked into my old port before replacing it and it looked clear, but I didn’t shine a light into it.

    Ah. I shined a light into it and alas, there it was. I turned my phone off (better safe than sorry when poking around inside your iPhone with anything sharp or metal) and gently used a paper clip to pull out more lint that I would have though could fit in there. Do this over a piece of white paper to get the full effect.

    So. Much. Lint.

    Then, I plugged it in with the reckless abandon I had used before the problems began. A small white Apple logo appeared in the middle of the screen. The phone booted up and the battery icon showed it was charging. I moved it around in all the common ways that had been causing it to stop charging.

    Fixed!

    I don’t use exclamation points very often on this site because that’s just not the tone I’m going for over here. But that one was obligatory. The sense of relief I felt upon learning I wouldn’t need to expose my iPhone’s innards to the harsh light of day is something only fellow geeks can understand.

    Of course, exposing an iPhone’s innards to the harsh light of day is something only fellow geeks would even consider, too.

    Let this be a lesson, well, several lessons, to you all:

    1. Always, always read the reviews before you buy online,
    2. Be absolutely certain the problem isn’t lint before replacing your iPhone’s charging port, and
    3. Amazon user DullJack is a gentleman and scholar deserving of the gratitude and respect of fellow geeks everywhere.

    How law firms can innovate by providing third-party services to other law firms

    The Economist wrote in 2011 about the end of the legal industry’s lofty heights, saying of one large but ill-fated American firm:

    Howrey’s boss, Robert Ruyak, blamed two new trends for his firm’s demise. Howrey had begun acceding to clients’ demands for flat, deferred or contingent fees, causing income to become clumpy and unpredictable. And the rise of specialised e-discovery vendors hollowed out another source of revenue.

    Legal services continue to unbundle as traditionally firm-based work like document review is outsourced and electronic discovery becomes more complex. Chicago-based law firm Winston and Strawn is bucking both trends, performing e-discovery for not only itself but other firms and forgoing staffing agencies to directly hire and provide benefits to its document review attorneys.

    The firm’s e-discovery division brings in little revenue compared to the firm’s other practice areas. But it has seen three years of growth amid increasing demand for a la carte e-discovery services from other law firms and non-clients. This is a classic example of a business disrupting itself before outsiders irreparably damage it. Ben Thompson wrote an exhaustive case study of Apple’s own self-disruption that perfectly illustrates the strategy.

    Many firms are still trying to cope with the boom in third-party legal services providers and complaints about the cost of good legal representation. Formerly bullet-proof business models no longer guarantee the luxurious profits to which so many law firms were once accustomed. And law firm leadership, like publishing and music executives before them, must find innovative ways to provide new value to clients and industry peers.

    That’s why law firms like Winston and Strawn are doing more ancillary legal work in-house. I wonder whether more firms will pitch those services to their competitors. It sounds counterintuitive to provide valuable services to competitors, but I think there’s a case to be made for it as a way to revitalize the legal industry.

    Many law firms could use guidance on business process improvement, e-discovery, technology, management consulting and more. No one is more qualified to provide those service to law firms than other law firms. Two factors should minimize the fear of deliberate sabotage by a firm you have hired in a non-legal consulting role. The first is a reputational consideration and the second is an ethical one.

    Law firms providing their own third-party services to clients and non-clients, including other law firms, have the opportunity every business has when it is among the first to market with an innovative high-value product or service. That opportunity is the chance to become the gold standard, to set the bar high and be the first name that comes up when someone seeks out that product or service. It makes good business sense to treat that first-mover reputational advantage as you would any valuable asset, with great care and cultivation.

    <

    p>Law firms, via the attorneys who helm and staff them, are subject to myriad ethical requirements. The same processes currently in place at most large law firms to manage conflicts of interest, particularly with regard to walling off potentially conflicted attorneys from a given client or matter, could be easily applied to the firms consulting clients. In fact, the team within a firm which provides third-party consulting services to other firms could be completely walled off from the firms legal work, insulating the consulting services from concerns about endangering relationships with and the interests of current, former and prospective clients.

    Perverting the Metric: The Role of Metrics in Editorial Strategy

    HuffPo and BuzzFeed co-founder Jonah Peretti recently said in a long and fascinating interview by Felix Salmon published at Matter:

    I love metrics and I love thinking about optimization, but I think that the optimal state is being slightly suboptimal because as soon as you try to actually optimize, particularly for a single metric, you end up finding that the best way to optimize for that metric ends up perverting the metric and making the metric mean the opposite of what it used to mean.

    This reminded me of an idea I’ve been kicking around for a while about how best to approach digital editorial strategy: it requires an ability to wield metrics, vision and instinct in just the right proportions.

    It’s something I’ve been a part of for my own tiny blog here, an arts and culture website I co-founded, and even a business journal’s web presence. I’ve learned a few important things from my experience with editorial strategy, and while none of them are particularly surprising or mysterious, I think writing them out will be helpful to myself and perhaps to others.

    Contribute to the conversation

    Metrics are a great place to begin a conversation about editorial strategy but a terrible way to end it. I’ve seen metrics substituted for thinking critically about editorial direction all over the web, and what’s worse is I’ve been in the room when some of those poor decisions were made and I failed to object. It’s not a mistake I’m proud of, nor one I would make again.

    But it’s easy to criticize after the fact. True leadership demands urgency. Whenever metrics are the deciding factor in an editorial decision, someone is making a mistake and it’s your responsibility to tell them.

    Be respectful when their name is closer to the top of the org-chart than yours, but be direct and back up your assertions with evidence. Even if you’re outranked by everyone else in the room, at worst, you’ll be ignored, and at best you’ll show initiative and concern for the publication’s success.

    I’m not saying there is no place for metrics in editorial strategy. They should absolutely be involved in the decision-making process, but they should never be the sole ingredient. In other words, these days metrics are usually necessary1 but never sufficient to make an informed editorial judgement.

    Reactive vs. critical thinking

    Pure reactivity is the wrong way to use metrics, and looks something like this:

    “Everyone clicks this type of story, so let’s do more of this type of story!"

    Don’t use metrics to narrowly define editorial strategy. After all, an algorithm could do that with little or no human intervention (and, as I’ll discuss below, they often do). Popular topics don’t need much additional promotion. They surface organically and allow you to focus on promoting lesser-known work of equal quality. This is a powerful concept if you’re wiling to use it in your strategy sessions.

    Use metrics as one factor in your strategy. After all, the numbers are way to read between your own lines and to learn what drives popular content beyond mere keywords. That looks something like this:

    “Everyone clicks on this type of story. What about it, beyond the mere subject matter, makes it so appealing?"

    One problem, many possible solutions

    There are many reasons some content does more pageviews, higher time-on-page or lower bounce rates than other content. Here are some illustrations of the problem of a narrow band of popular topics getting the majority of attention, and some ways I have thought up and in some cases successfully implemented to solve the problem.

    The “Top Post” Filter Bubble

    Eli Pariser popularized the idea of the filter bubble, an explanation for how tailored web content reinforces viewpoints with which we already agree, and insulates us from alternative perspectives. Metrics are often used to do this on websites.

    The most-read stories of the previous day might be featured prominently in the sidebar. This additional exposure gets them even more clicks, and even if the software causes articles older than one day to “age out” of the featured-posts box, it still severely limits the potential for featuring other articles.

    This may be the problem at some sites: your digital publication doesn’t know how to surface its best content. Consider adding to popular posts some links to less popular but equally valuable content. This will combat the filter bubble and help expose readers to good stuff they may otherwise miss.

    The Slideshow Site

    Slideshows are a dangerous game. They are almost guaranteed to turn your steady daily traffic into a big spike. If even half your daily visitors go through even half a 20-slide show, you’re doing five times your usual traffic that day. If you’re not careful, you risk becoming known as the slideshow site, instead of the news site.

    If you insist on building slideshows, use myriad internal links to point your slideshow viewers to your substantive content. Better yet, work with in-house or outside developers to automate internal links to archive pages. For example, if you run a site about New York, the first time the name “Michael Bloomberg” appears in an article, your content management system could auto-generate a link to a page listing all articles mentioning his name.

    10 Things About Headlines You Have to Read to Believe

    Sorry to mislead you, but I’m only to going to talk about one. Slideshows often have numbers in the headline by definition. That is one explanation for why they’re so popular. People like headlines with numbers, as a quick search for “numbers in headlines” will illustrate.

    I don’t advocate making every article a list. In fact, that’s a terrible idea, at least for news sites. But it’s worth incorporating numbers into headlines where it doesn’t look forced. For example, instead of “CEOs cite multiple syngeries as key to upcoming merger,” try “3 reasons Hospital 1 and Hospital 2 are merging, straight from the CEOs.”

    On-point but out of sight

    Maybe topics clearly within your site’s wheelhouse don’t perform well, no matter how many headlines, reporters or A/B tested tweets you use to produce and market them. This may simply mean the audience for those topics is substantially smaller than your broader audience. Don’t wait for the audience to find you.

    I had great success finding an audience for some very niche stories because I sought it out on Reddit, in web forums, in Google+ Communities, with Twitter hashtags and more. The idea is that there are groups of people who self-select for interest in topics otherwise lacking broad appeal. Those audiences are smaller, but they are also more engaged, so the time spent finding them is worth it.

    These are just examples, and the problems differ from site to site. But I think they explain the value and the limits of metrics in evaluating and improving editorial strategy at digital publications.


    1. If I say metrics are always necessary to make an informed editorial judgement, I omit the occasionally successful-despite-what-the-metrics-suggest, good-old-fashioned gut decision, and I’m not comfortable doing that. 

    Down the aggregation rabbit hole

    This began as a link post pointing to Joel Achenbach’s Washington Post blog entry Journalism is aggregation. But, like more and more link posts lately, it got away from me and merged into its own article.

    Achenbach decides journalism is aggregation, and that’s okay. Or maybe he decides it’s not really aggregation, or that it’s at an acceptable point along the continuum between valueless aggregation and value-adding aggregation. I’m not actually sure he settled on a conclusion, and that’s okay, too.

    Achenbach had reminded me of my recent post on the topic, which prompted the author of the post I was commenting about to leave me a nice comment of his own. (So meta!)

    And then I found this post by Joshua Benton at the Nieman Journalism Lab expressing some disappointment with Achenbach’s aforementioned lack of a conclusion, or more precisely paints his conclusion as a bit of backtracking. I’m not sure I agree with Benton’s take, but both men raise interesting points.

    Some journalism is aggregation, but most good and all great journalism is more than mere aggregation. It’s a synthesis of the anecdotes, data, facts and perspectives of as many reliable sources as you can fit into your word limit. Right? That’s an accurate description of much of the best journalism I’ve read in the past year or two.

    To me, pure aggregation on the web involves sharing a link and perhaps pairing it with an inflammatory or vapid comment. Sometimes, that’s actually fine with me. Twitter is a good example of that. But no one would call it journalism, even when journalists do it. That’s important to keep in mind, I think: not everything a journalist does online or off is, or is intended as, journalism.

    Achenbach wrote about the interview process, which most journalists use to offer different perspectives on a piece of news from experts of different disciplines or schools of thought. Interviews, collecting the commentary of multiple sources, are an aggregation of those opinions. But that’s just one activity in the composite of activities which together compose an act of “journalism.” The result is an article in which, as Achenbach also says near the end of his post, the reporter has drawn on personal knowledge, research and experience beyond the interviews and facts aggregated.

    Aggregation, then, is the collection and presentation of opinions or facts, adding little or no context. Journalism, I think, is an equation like this:

    Journalism = aggregation + context

    I want to know what you would add to, or remove from, that equation. I realize that aggregation on the web generally, and as an issue in digital journalism and publishing specifically, predates my humble blog posts on the topic, but I want to explore it with other interested folks.