Pure Democracy & the RoboDialer

Posted by K Krasnow Waterman on Sun, Nov 24, 2013 @ 17:11 PM

Tags: technology innovation, technology implementing law, public policy, legaltech

The ultimate digital townhall has arrived, and with it, have we seen the flicker of opportunity for pure democracy?  A recent experience tells me the time has arrived for a bold politician to consider offering an experiment in such democracy.

A few evenings ago, my home phone rang.  When I answered, a robodialer asked if I'd like to join the Town Hall being conducted my my local Congresswoman, where her team was available to answer questions on the Affordable Care Act and the insurance process.  I pressed the assigned key and was dropped into a conversation in which other constituents were queing up, asking questions, and getting answers, all shared with everyone one the line. 

I want to be clear - I had not signed up or indicated interest in any way.  I have not yet been able to confirm, but it appeared that the robodialer called the home of every voter in the district and the call had no limit on participants.  Kudos to my Congresswoman, Carolyn Maloney, because her assembled team answered a myriad of diverse questions during a call that went on for a long time.

During the course of the call, one of the staffers would occasionally ask a survey question and ask the constituents to enter their vote through their phone keypad.  This is when my enthusiasm really picked up. 

When I first moved to New York City many years ago, before email and the web, I wondered if the sheer proximity of an entire constituency would make it possible to experiment with truly representative government, for an elected official to actually accumulate the opinion of the people on an issue and vote according to the majority. At the time, I envisioned ballots dropped in stacks at buildings, or delivered with the newspaper, or some equivalent.  The logistics of collecting the returns were achievable but labor intensive.

In the mechanics of this digital town hall call, were the mechanisms for achieving such an experiment. The robodialer combined with Q&A for difficult details and a phone survey would make it possible to get meaningful and representative constituent input.  And, this can be done asynchronously, so no need to get all constituents at the same moment.

When I speak about LegalTech innovation, this is the sort of thing I'm envisioning.  With all due respect to those who are offering enhanced document management applications for the legal profession, that's not what I'm seeking.  Technology offers the opportunity to implement the law as we know it in completely new ways, or to create wholly new legal paradigms.  Here is the opportunity for a bold politician to offer to represent his or her constituents in the most pure form of democracy.  Any takers? 

 

 

 

Article has 3 Comments. Click here to read/write comments

URI - Organizing your world's information

Posted by K Krasnow Waterman on Sat, May 17, 2008 @ 09:05 AM

Tags: technology innovation, technology for business managers

Google's mantra is "organizing the world's information." If you're organizing information in your corporation or organization, that might not be a viable option. URIs present the opportunity for everyone in a web environment to make a step in that direction.

One of the major challenges for large organizations is that different people, departments, etc. use the same words to mean different things. Every business and subset of business has "terms of art", often common words or phrases that mean something special to that group.

To a programmer, the word "beta" means the test of software before it's released for general use. To a stock broker "beta" is a number that shows whether a stock is more or less volatile than the market. They're in diffferent industries so, talking face-to-face, it's pretty easy to tell that they're talking about different things.

There are plenty of examples, though, where the same word in the same industry means different things. In the financial industry, "wealth" is used to define the threshold for accepting clients for certain services. Every institution picks its own number and they can be the same or different (e.g., over $1 million in net worth; over $1 miillion in liquid funds invested; over $1 million in assets other than personally-used real estate). When those institutions merge, the inconsistent definitions become an impediment to merging their data.

In computer systems, there historically weren't good ways to know which meaning someone had in mind when they put a particular word in a file or database. The problem was the same for the names of fields or columns. Now, we have metadata...data that let's us provide information about data. So, we can stick tags on data in a file that tells us things like where it came from, what day it was collected, or what size it's supposed to be.

A URI (uniform reference identifier) can store the definition you have in mind. So Citi/define/wealth can have a different meaning from UBS/define/wealth. And, your system can point to the appropriate one whenever "wealth" appears in your data. This makes it possible to merge data and retain different meanings or to compute across disparate meanings.

Article has 0 Comments. Click here to read/write comments

Microformats! Adding tags to webpages to improve search results

Posted by K Krasnow Waterman on Thu, Apr 10, 2008 @ 07:04 AM

Tags: technology innovation, technology b2c

I'm definitely a fan of the concept of semantic web, the ability to reach individual pieces of data you want from the internet rather than having to get whole pages and then find the information. A little while back, I wrote about FOAF (Friend-of-a-Friend), a semantic web tool to make social connections more readily accessible from the internet.

Now, I'm starting to get enthusiastic about Microformats, little bits of code you can add to a website or page that humans don't see, but make some particular type of information accessible to the web. If you want customers or potential customers to be able to get to contact information, calendar information (events, possibly business hours), or product information without having to read whole pages, there's a little set of tags you can stick into your page code that will make it possible. Yahoo! search recently announced support for some of these formats (seems to be calendars and reviews but not yet product listings) so people performing search will get the information in response to their Yahoo! search. These are particularly great because you need very little technical skill. The examples springing up around the web are things you can cut and paste into your web code even if you only know a little bit about html. And, there are programs, like hCalendarCreator, that will create the code for you. You can use this code even if you're on a pre-fabricated site that only lets you enter text and html in a module on a page.

The only downsides I can see are: 1) each microformat has a limited purpose and a limited number of things you can express and 2) some have questioned how long they'll be supported. The answers to both these challenges appears to be, ultimately, RDF which is the more robust smantic web standard sanctioned by the World Wide Web Consortuim. RDF will pretty much let you express anything about anything (solving problem 1). RDF requires a much higher level of technical skill and access to the header portion of your web pages. But, there's a next generation of tools (things like GRDDL) coming that will translate microformats to RDF, so even if Yahoo! does decide to pull support for every microformat you'll have a way to still get your tags read (solving problem 2).

I'll be trying this technology out on a new e-commerce site and will report back about the experience.


 

 

 

 

Article has 0 Comments. Click here to read/write comments

FOAF and the coming wave of semantic web social networking

Posted by K Krasnow Waterman on Wed, Mar 12, 2008 @ 19:03 PM

Tags: FOAF, social graph, technology innovation, semantic web, technology

"FOAF" -- short for Friend-Of-A-Friend -- offers a vocabulary for putting machine readable code into a webpage, making it possible to link from one site, person, company, etc to related ones.  It's been evolving since 2000, but seems on the edge of a major break-out.  Now's a good time to learn about it and ride the wave of its growth.

FOAF is part of the semantic web movement, a philosophy and method of using technology to be able to reach, combine, and react to discrete information coming from multiple sources.  Put simply, it lets you (or your system) get to very specific bits of information from many web pages or systems, even if they're not yours.  Of course, as this technology develops, you'll only be able to reach the discrete bits of data that you're allowed to (more about that some other time).

If you think about it, the concept of machine-readable Friend-of-A-Friend data would seem to eliminate the need for LinkedIn, FaceBook, MySpace, and all the rest.   In theory, you wouldn't need these services because you could pull together your networks by first, second, and nth degree of separation automatically.  You could see networks of friends, business associates, or whatever directly from everyone's pages.  But, in that surprising way the web works, that's not how it's going to happen exactly.

A few weeks ago, I had the distinct pleasure of meeting Dan Brickley, creator of FOAF.  From him, I learned that software is going to start linking FOAF data with other machine-readable social network information.  The way I understand it, smart folks at places like Google and Yahoo are  providing code (APIs) that will let you bridge data from FOAF with data from places like Flickr and Twitter.  So they'll be able to make the jump from one social network to the next.  If FOAF knows Amy is my friend; Twitter knows I share what I'm doing with Bobby; and Flickr knows I share my pictures with Cindy, these APIs will pull that information together and know that I know Amy, Bobby, and Cindy.  These relationships can be displayed in "social graphs", visualizations that look like linked Tinker Toys where every bubble is a person.Flickr and Twitter are out front on this one because they, too, put data in code that's directly accessible to the web. 

The big ideas here are:

1) People won't have to keep entering the same information to get the same people into new social network websites.   If Twitter knows that I know Cindy, but she's not in my Twitter group, it can ask me if I want to include her.  This is HUGE.  There are millions of people joining networks all the time and one that offers this no-typing option will have a big competitive advantage.

2) People won't have to have their data stored with a particular website. They could have their data stored anywhere and just use websites that offer network topics or services, bringing together the right data only for the moment they need it.  So, you wouldn't have to permanently set up accounts of all your friends on a wine tasting network because you wanted them to share an event there one time.  

3) Applications will grow up around this, offering ways to segment relationships into different levels of access. Just because the web can see that your mom and your girlfriend are both connected to you doesn't mean you want to share the same things with them.  

Article has 0 Comments. Click here to read/write comments

Virtual World Collaboration for Business

Posted by K Krasnow Waterman on Thu, Sep 27, 2007 @ 10:09 AM

Tags: technology innovation, business collaboration, technology for business managers, virtual world

If you work in the world of technology, you've certainly heard of Second Life, the 3D virtual world that started as a social game site. With more than 40 million registered users, over a million claimed active users, and the generation of revenue in not-so-virtual millions, it's a long way from the 1970's Troll Room of Zork. But, did you know that this technology is now creeping back to the corporate world?

Recently, I've been working on a project that required me to give myself a crash course in online collaboration spaces. Sure, I've known Groove, GoToMeeting, and WebEx. This, though, is the beginning of a new world in which telecommuting and outsourcing become increasingly irrelevant issues as people have the ability to work in persistent, fully functional, 3D, web offices.

Imagine "going" to work by logging on to the web and having your 3D avatar with your face walk into your "office." Your office can have your whiteboard as you left it and one or more iterations of your desktop applications. Then, walk into the "coffee room" where you run into co-workers who are physically in Mumbai or London. You can communicate through text chat, emoticons, and the physical gestures of your avatars; or, you can be yourself through microphone and webcam if you prefer. Some technology so replicates the real world that voices will increase and recede in volume as you move towards and away from other avatars.

You can hold meetings anytime with those remote co-workers in "rooms" which allow you to project on the wall any desktop application or live web browser, or share a whiteboard or document. You can leave the room and come back to everything in place ("persistent state") if that's your preference. Assuming the "door" is not locked, you can also "walk" into co-workers offices to visit or ask questions, again sharing computer and web screens.

Not so long ago, talking to people from the other side of the world was clunky and slow.  Just as international telephone calls have become fast, clear, and reliable, so too here in the virtual world; the delays ("latency") are minimal. 

In this configuration, the collaboration platforms are relatively new.  As the offerings expand and mature, customization will be easier and prices will be quite reasonable.  It won't be long (two years?) before this technology takes off and is considered an everyday choice for those managing dispersed workers.
Article has 1 Comment. Click here to read/write comments

Technorati: Joining the blogging world

Posted by K Krasnow Waterman on Sun, Aug 19, 2007 @ 08:08 AM

Tags: technology innovation, technology

Today, I'm joining 97 million other bloggers and making my pages searchable by Technorati.  Stay tuned for updates on whether/how it changes this site and the traffic coming to it.


Technorati Profile
Article has 0 Comments. Click here to read/write comments

Lucky 13, Nicely Nicely and User Attributes in Identity Management for Access Control

Posted by K Krasnow Waterman on Wed, Aug 15, 2007 @ 09:08 AM

Tags: technology innovation, access control, identity management, technology for business managers, technology, technology management

I've always loved the Guys and Dolls song in which a bunch of guys sing a catchy round about picking their favorite nag at the track. They're telling each other why they've made their pick. It goes like this:

"I got the horse right here
The name is Paul Revere
And here's a guy that says that the weather's clear
Can do, can do, this guy says the horse can do"
...
"I'm pickin' Valentine, 'cause on the morning line
A guy has got him figured at five to nine
...
I know it's Valentine, the morning work looks fine
Besides the jockey's brother's a friend of mine "
...
"And just a minute, boys.
I've got the feed box noise
It says the great-grandfather was Equipoise "

What does this have to do with computers? It provides an easy to understand example of how we make decisions. The gamblers are describing where they got their information and what categories of information matter to them. They rely on a favorite racing form, friends of friends, and gossip from the staff. In the brave new world of dynamic access control, we want to do the same thing to reach an automated decision about what data you can see. Instead of racing forms, we have "trusted sources" or "authoritative data" -- repositories we believe have reliable information. And, instead of the weather, lineage, and distance, we're looking for other categories of facts that consistently help us to reach our decisions.

I've recently done a project in which we attempted to define how many things you really need to know about a system user to decide whether or not s/he can have access to particular government work-related information. The idea was to see if there was an universal core of attributes that most system access rules are seeking. In other words, does the decision about what you can see in the human resources system rely on the most of the same categories of information about you as the decision about what you can see in a criminal case file or a person's tax filing. Our answer is "yes," if you create the right sort of categories. And, much to our surprise, our core list is only thirteen attributes.

What's the right sort of category? Other proposals have made each fact its own category. For example, imagine an attribute which indicates whether someone is a law enforcement officer and a different one for whether someone is a lawyer. Organized that way, you would need thousands (millions?) of attribute categories. But, if you say the attribute is "job description" then you can include officer, attorney, and a million other jobs in one attribute category.

Having a small number of needed attribute categories has a tremendous advantage. It means the software can be less complex, handling a smaller number of variables. It means the processing time should be faster. In this design, each system needs to know only the values it cares about. For example, if the access rules for a system only permit government auditors and law enforcement officers to view the data, the particular system doesn't need to know that a person can be a doctor or a dog catcher. It only looks to see if the person seeking access matches (or has an equivalent to) "government auditor" or "law enforcement officer" in his "job description" attribute.

We think the 13 user attributes are:

Employer Name
Employer Subgroup (as many hierarchical levels as needed)
Employer Type (e.g., federal government, private hospital)
Employment Type (e.g., permanent, temporary assignment, contractor)
Job Designation
Location (physical and virtual)
Location Type (permanent, temporary)
Special authorities/licenses (granted by others)
Management Level
Direct Reports
Rating/Reviewing Official
Skill (ability, irrespective of outside grants)
Skill Level

So far, we haven't come across a data access rule we couldn't parse into one of these attributes. If you do, please tell me.





Article has 0 Comments. Click here to read/write comments

New technologies for Authority Based Access Control

Posted by K Krasnow Waterman on Sun, May 20, 2007 @ 09:05 AM

Tags: technology innovation, technology for business managers

Traditionally, if someone wanted to restrict access to a computer system,  the first line of defense was a list of authorized users...a list of people, by name.  These systems generally relied on one central administrator to keep track and keep up.  Not surprisingly, in any system with more than a few users, it was hard to keep up with who should and who shouldn't have access.  System administrators had to rely on others to keep them informed when people quit a job or left a group.  There have certainly been occasions when fired employees continue to have access to the systems of their former employers for at least some time.  At the personal or small group level, the name registry sort of security has just been too hard for most and we end up either posting things to the entire internet (like this blog), or not posting things that we might worry about people using inappropriately (like pictures of small kids).   Today, many of us are tackling ways to grant and deny access to information without making and maintaining lists of authorized persons. 

One method is to allow access based upon "attributes."  Instead of trying to identify people by name, we say what kind of people we want to let in.  We might focus on what sort of job they have (anyone in sales can have access) or what their relationship is to us (anyone who is a member of this museum, but not anyone who is an affiliate of a member).  In more complex systems, we can allow for multiple attributes (employees, in the sales department, who work in the western region).  In order for this to be successful, we still must have access to information about the people who will seek access (the employee roster, the membership list).  This model allows for limited decentralization; we can get the attributes from a number of systems that centralize each attribute. In an environment like the government, this could be successful, because the government can mandate a relatively high level of structure and consistency.

Another method is to give people "permissions."  In the physical world, when we want to give someone access to our home or office, we give them a key.  If we trust them, we may give them a key that they can copy (my housekeeper had the set she carried plus the set she made as a back-up at home; my mother-in-law makes a copy for my brother-in-law); if we trust them less, or have more to secure, we give them a key that cannot be copied without special permission or special equipment.  In the virtual world, we can give someone a bit of code that works much the same way.  With software, though, we can create more permutations of the key.  It might only work during certain hours, only work for a certain number of times, or only be shareable with people with a particular type of userID, say a company webname.  This is a distributed trust model; it lets us trust people who have access to our information to make decisions about whether other people should have access. 

Both of these models assume that each system has its own structure and that information presented must be structured in a manner expected by a system.   On the web, we can expand capability even more.  Imagine carrying "keys" that describe all the different aspects of who you are and the verifications of those facts by others.  For example, you have a "key" that says "I'm the den mother of the Girl Scout troop #4566" and a verification from the regional Scouting office.  When you approach a Girl Scout website with that key, the site can calculate and give you appropriate access, say to the phone numbers of the parents of your troop, but not the parents of the troop in the next town. 

Using semantic web technologies, there is work underway to go one step better.  In the prior example, the Girl Scout website could anticipate that you would be coming.  What about the larger world, where you want to go new places, where the people don't know you at all? Say as den mother, you want to get the phone numbers of the troop leaders for other children's groups in the region: Boy Scouts, Campfire Girls, etc.  Or, your girls are doing a project on Korea and you want to get email addresses for girls in a troop there, so that your girls can write and ask them questions.  You could approach these different sites and each would look at your Den Mother key and decide if, according to their own rules, you can have the information you're seeking.  The benefit of the semantic web technologies is that it lets you present your credentials to systems that didn't know or expect you.  This works by including some information with your keys that explains how your keys are structured, how to read and understand them.  The tremendous advantage to this is that everyone doesn't have to use the same software or the same structure.  It can be adopted and used more readily because it doesn't require everyone with a system or everyone with keys to agree in advance how they will be built.  To be fair, it does require some minimal adherence to common principles much the way the internet works today.

One other exciting benefit of these movements in technology is the potential to improve privacy protection.  You could subdivide your virtual keyring.  So, personal facts (I'm Susie's brother; I'm Frank's friend) would not be revealed to a site for which you were seeking job-related access.  Nor would professional facts be shared with friends, volunteer associates, or commercial vendors.  This will be a significant improvement over the cookies that are passed to websites, because most people don't understand what information their computer is giving out or know how to find out.
Article has 0 Comments. Click here to read/write comments

Transparent Accountable Data Mining Initiative - UPDATE

Posted by K Krasnow Waterman on Wed, Apr 26, 2006 @ 22:04 PM

Tags: technology innovation, technology implementing law

The pace is picking up at CSAIL!

We've posted lots of code, some summaries, and the next scenarios we will work on.

If you haven't looked at the project yet, the summary is here.

A summary of the work and links to the details are here.

Scenario 3 - is a fictional scenario in whch information is collected by the Transportation Security Administration about airline passengers, being matched to possible terrorist names, and ultimately being forwarded to the FBI. 

In this scenario, the system checks to see if TSA's actions are appropriate under the Privacy Act.

That law requires agencies to publish a "System of Records Notice" (called a SORN) stating the source, type, and authorized putpose for acquiring data.  The law also requires agencies to publish the terms and conditions -- called "Routine Uses" -- under which they will disseminate information.

We now have code:
  • that represents a series of transactions (in various forms, including using NIEM, N3, and RDF)
  • that represents some of the rules in the Privacy Act;
  • that checks to see if the data TSA collects is permitted under the SORN; and
  • that checks to see if the dissemination from TSA to the FBI matches the requirements in the Routine Uses published by the TSA..

Scenario 4 - expands the fictional scenario 3 to have a longer chain of actions. 

The data is disseminated by the FBI to the US Marshals, who then approach an Assistant United States Attorney, who in turn presents the matter to a Court in order to obtain a warrant.

This will give us a chance to see if a recipient agency's conditions for receiving data (stated in its SORN) is consistent with the providing agency's rules for dissemination (stated in its Routine Uses).

Scenario 5 - expands the scenario to consider case law, the decisions of courts regarding disputes of interpretation.

Scenario 6 - is a different fictional scenario involving a web-crawler that aggregates data about individuals.

(Scenarios 5 & 6 should be posted by tomorrow.)

Although our long-term goal is proof generation, we've learned a lot about what it takes to build rules-based reasoning for law in general and for information acquisition and dissemination by the government in specific.  I've promised to write a paper on the lessons learned, so tune in for that soon (projected to be finished by June 1).


Article has 0 Comments. Click here to read/write comments

Transparent Accountable Data Mining: New Strategies for Privacy Protection

Posted by K Krasnow Waterman on Sat, Feb 11, 2006 @ 19:02 PM

Tags: technology innovation, technology implementing law

The longer paper on our research has been submitted for the AAAI Spring Symposium. 

Here's the link:

http://www.w3.org/2006/01/tami-privacy-strategies-aaai.pdf
Article has 0 Comments. Click here to read/write comments