Technology

You are currently browsing the archive for the Technology category.

fruit thought

If personal data is actually a commodity, can you buy some from another person, as if that person were a fruit stand? Would you want to?

Well, no.

Yet there is lately a widespread urge to claim personal data as personal property, and to create commodity markets for personal data, so people can start making money by selling or otherwise monetizing their own.

ProjectVRM, which I direct, is chartered to “foster development of tools and services that make customers both independent and better able to engage,” and is a big tent. That’s why on the VRM Developments Work page of its wiki a heading called Markets for Personal Data. Listed there are:

So: respect.

Yet, while I salute these efforts’ respect for individuals, and their righteous urges to right the wrongs of wanton and rude harvesting of personal data from approximately everybody, I also think there are problems with this approach. And, since I’ve been asked lately to spell out those problems, I shall. Here goes.

The first problem is that, economically speaking, data is a public good, meaning non-rivalrous and non-excludable. Here’s a table that may help (borrowed from this Linux Journal column):

Excludability Excludability
YES NO
Rivalness YES Private good: good: e.g., food, clothing, toys, cars, products subject to value-adds between first sources and final customers Common pool resource: e.g., sea, rivers, forests, their edible inhabitants and other useful contents
Rivalness NO Club good: e.g., bridges, cable TV, private golf courses, controlled access to copyrighted works public good: e.g., data, information, law enforcement, national defense, fire fighting, public roads, street lighting

 

The second problem is that nature of data as a public good also inconveniences claims that it ought to be property. Thomas Jefferson explained this in his 1813 letter to Isaac MacPherson:

If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of every one, and the receiver cannot dispossess himself of it. Its peculiar character, too, is that no one possesses the less, because every other possesses the whole of it. He who receives an idea from me, receives instruction himself without lessening mine; as he who lights his taper at mine, receives light without darkening me. That ideas should freely spread from one to another over the globe, for the moral and mutual instruction of man, and improvement of his condition, seems to have been peculiarly and benevolently designed by nature, when she made them, like fire, expansible over all space, without lessening their density in any point, and like the air in which we breathe, move, and have our physical being, incapable of confinement or exclusive appropriation

Of course Jefferson never heard of data. But what he says about “the thinking power called an idea,” and how ideas are like fire, is essential in a very human way.

The third problem is that all of us as human beings are able to produce forms of value that far exceed that of our raw personal data.

Specifically, treating data as if it were a rivalrous and excludable commodity—such as corn, oil or fruit—not only takes Jefferson’s “thinking power” off the table, but misdirects attention, investment and development work away from supporting the human outputs that are fully combustible, and might be expansible over all space, without lessening density. Ideas can do that. Oil can’t, even though it’s combustible.

Put another way, why would you want to make almost nothing (the likely price) selling personal data on a commodity basis when you can make a lot more by selling your work where markets for work exist?

What makes us fully powerful as human beings is our ability to generate and share ideas and other combustible public goods, and not just to slough off data like so much dandruff. Or to be valued only for the labors we contribute as parts of industrial machines.

Important note: I’m not knocking labor here. Most of us have to work for wages as parts of industrial machines, or as independent actors. I do too. There is full honor in that. Yet our nature as distinctive and valuable human beings is to be more and other than a source of labor alone, and there are ways to make money from that fact too.

Many years ago JP Rangaswami (@jobsworth) and I made a distinction between making money with something and because of something. It’s a helpful one.

Example: I don’t make money with this blog. But I do make money because of it—and probably a lot more money than I would if this blog carried advertising or if I did it for a wage.

Which gets us to the idea behind declaring personal data as personal property, and creating marketplaces where people can sell their data.

The idea goes like this: there is a $trillion or more in business activity that trades or relies on personal data in many ways. Individual sources of that data should be able to get in on the action.

Alas, most of that $trillion is in what Shoshana Zuboff calls surveillance capitalism: a giant snake-ball of B2B activity wherein there is little interest in buying what can be had for free.

Worse, surveillance capitalism’s business is making guesses about you so it can sell you shit. On a per-message basis, this works about 0% of the time, even though massive amounts of money flow through that B2B snakeball (visualized as abstract rectangles here and here). Many reasons for that. Here are a few:

  1. Most of the time, such as right here and now, you’re not buying a damn thing, and not in a mood to be bothered by someone telling you what to buy.
  2. Companies paying other companies to push shit at you do not have your interests at heart—not even if their messages to you are, as they like to put it, “relevant” or “interest based.” (Which they almost always are not.)
  3. The entrails of surveillance capitalism are fully infected with fraud and malware.
  4. Surveillance capitalism is also quite satisfied to soak up to 97% of an advertising spend before an ad’s publisher gets its 3% for pushing an ad at you.

Trying to get in on that business is just an awful proposition.

Yes, I know it isn’t just surveillance capitalists who hunger for personal data. The health care business, for example, can benefit enormously from it, and is less of a snakeball, on the whole. But what will it pay you? And why should it pay you?

Won’t large quantities of anonymized personal data from iOS and Android devices, handed over freely, be more valuable to medicine and pharma than the few bits of data individuals might sell? (Apple has already ventured in that direction, very carefully, also while not paying for any personal data.)

And isn’t there something kinda suspect about personal data for sale? Such as motivating the unscrupulous to alter some of their data so it’s worth more?

What fully matters for people in the digital world is agency, not data. Agency is the power to act with full effect in the world. It’s what you have when you put your pants on, when you walk, or drive, or tell somebody something useful while they listen respectfully. It’s what you get when you make a deal with an equal.

It’s not what any of us get when we’re just “users” on a platform. Or when we click “agree” to one-sided terms the other party can change and we can’t. Both of those are norms in Web 2.0 and desperately need to be killed.

It’s still early. Web 2.0 is an archaic stage in the formation of the digital world. surveillance capitalism has also been a bubble ready to pop for years. The matter is when, not if. It’s too absurd, corrupt, complex and annoying to keep living forever.

So let’s give people ways to increase their agency, at scale, in the digital world. There’s no scale in selling one’s personal data. But there’s plenty in putting our most human of powers to work.

The most basic form of agency in the digital world is control over how our personal data might be used by others. There are lots of developers at work on this already. Here’s one list at ProjectVRM.

Bonus links:

 

 

 

 

How would you feel if you had been told in the early days of the Web that in the year 2018 you would still need logins and passwords for damned near everything.

Your faith in the tech world would be deeply shaken, no?

And what if you had been told that in 2018 logins and passwords would now be required for all kinds of other shit, from applications on mobile devices to subscription services on TV?

Or worse, that in 2018 you would be rob-logged-out of sites and services frequently, whether you were just there or not, for security purposes — and that logging back in would often require “two factor” authentication, meaning you have to do even more work to log in to something, and that (also for security purposes) every password you use would not only have be different, but impossible for any human to remember, especially when average connected human now has hundreds of login/password combinations, many of which change constantly?

Would you not imagine this to be a dystopian hell?

Welcome to now, folks. Our frog is so fully boiled that it looks like Brunswick stew.

Can we please fix this?

Please, please, please, tech world: move getting rid of logins and passwords to the top of your punch list, ahead of AI, ML, IoT, 5G, smart dust, driverless cars and going to Mars.

Your home planet thanks you.

[Addendum…] Early responses to this post suggest that I’m talking about fixing the problem at the superficial level of effects. So, to clarify, logins and passwords are an effect, and not a cause of anything other than inconvenience and annoyance. The causes are design and tech choices made long ago—choices that can be changed.

Not only that, but many people have been working on solving the identity side of this thing for many years. In fact we’re about to have our 27th Internet Identity Workshop in October at the Computer History Museum. If you want to work on this with other people who are doing the same, register here.

 

In The Big Short, investor Michael Burry says “One hallmark of mania is the rapid rise in the incidence and complexity of fraud.” (Burry shorted the mania- and fraud-filled subprime mortgage market and made a mint in the process.)

One would be equally smart to bet against the mania for the tracking-based form of advertising called adtech.

Since tracking people took off in the late ’00s, adtech has grown to become a four-dimensional shell game played by hundreds (or, if you include martech, thousands) of companies, none of which can see the whole mess, or can control the fraud, malware and other forms of bad acting that thrive in the midst of it.

And that’s on top of the main problem: tracking people without their knowledge, approval or a court order is just flat-out wrong. The fact that it can be done is no excuse. Nor is the monstrous sum of money made by it.

Without adtech, the EU’s GDPR (General Data Protection Regulation) would never have happened. But the GDPR did happen, and as a result websites all over the world are suddenly posting notices about their changed privacy policies, use of cookies, and opt-in choices for “relevant” or “interest-based” (translation: tracking-based) advertising. Email lists are doing the same kinds of things.

“Sunrise day” for the GDPR is 25 May. That’s when the EU can start smacking fines on violators.

Simply put, your site or service is a violator if it extracts or processes personal data without personal permission. Real permission, that is. You know, where you specifically say “Hell yeah, I wanna be tracked everywhere.”

Of course what I just said greatly simplifies what the GDPR actually utters, in bureaucratic legalese. The GDPR is also full of loopholes only snakes can thread; but the spirit of the law is clear, and the snakes will be easy to shame, even if they don’t get fined. (And legitimate interest—an actual loophole in the GDPR, may prove hard to claim.)

Toward the aftermath, the main question is What will be left of advertising—and what it supports—after the adtech bubble pops?

Answers require knowing the differences between advertising and adtech, which I liken to wheat and chaff.

First, advertising:

    1. Advertising isn’t personal, and doesn’t have to be. In fact, knowing it’s not personal is an advantage for advertisers. Consumers don’t wonder what the hell an ad is doing where it is, who put it there, or why.
    2. Advertising makes brands. Nearly all the brands you know were burned into your brain by advertising. In fact the term branding was borrowed by advertising from the cattle business. (Specifically by Procter and Gamble in the early 1930s.)
    3. Advertising carries an economic signal. Meaning that it shows a company can afford to advertise. Tracking-based advertising can’t do that. (For more on this, read Don Marti, starting here.)
    4. Advertising sponsors media, and those paid by media. All the big pro sports salaries are paid by advertising that sponsors game broadcasts. For lack of sponsorship, media—especially publishers—are hurting. @WaltMossberg learned why on a conference stage when an ad agency guy said the agency’s ads wouldn’t sponsor Walt’s new publication, recode. Walt: “I asked him if that meant he’d be placing ads on our fledgling site. He said yes, he’d do that for a little while. And then, after the cookies he placed on Recode helped him to track our desirable audience around the web, his agency would begin removing the ads and placing them on cheaper sites our readers also happened to visit. In other words, our quality journalism was, to him, nothing more than a lead generator for target-rich readers, and would ultimately benefit sites that might care less about quality.” With friends like that, who needs enemies?

Second, Adtech:

    1. Adtech is built to undermine the brand value of all the media it uses, because it cares about eyeballs more than media, and it causes negative associations with brands. Consider this: perhaps a $trillion or more has been spent on adtech, and not one brand known to the world has been made by it. (Bob Hoffman, aka the Ad Contrarian, is required reading on this.)
    2. Adtech wants to be personal. That’s why it’s tracking-based. Though its enthusiasts call it “interest-based,” “relevant” and other harmless-sounding euphemisms, it relies on tracking people. In fact it can’t exist without tracking people. (Note: while all adtech is programmatic, not all programmatic advertising is adtech. In other words, programmatic advertising doesn’t have to be based on tracking people. Same goes for interactive. Programmatic and interactive advertising will both survive the adtech crash.)
    3. Adtech spies on people and violates their privacy. By design. Never mind that you and your browser or app are anonymized. The ads are still for your eyeballs, and correlations can be made.
    4. Adtech is full of fraud and a vector for malware. @ACFou is required reading on this.
    5. Adtech incentivizes publications to prioritize “content generation” over journalism. More here and here.
    6. Intermediators take most of what’s spent on adtech. Bob Hoffman does a great job showing how as little as 3¢ of a dollar spent on adtech actually makes an “impression. The most generous number I’ve seen is 12¢. (When I was in the ad agency business, back in the last millennium, clients complained about our 15% take. Media our clients bought got 85%.)
    7. Adtech gives fake news a business model, because fake news is easier to produce than the real kind, and adtech will pay anybody a bounty for hauling in eyeballs.
    8. Adtech incentivizes hate speech and tribalism by giving both—and the platforms that host them—a business model too.
    9. Adtech relies on misdirection. See, adtech looks like advertising, and is called advertising; but it’s really direct marketing, which is descended from junk mail and a cousin of spam. Because of that misdirection, brands think they’re placing ads in media, while the systems they hire are actually chasing eyeballs to anywhere. (Pro tip: if somebody says every ad needs to “perform,” or that the purpose of advertising is “to get the right message to the right person at the right time,” they’re actually talking about direct marketing, not advertising. For more on this, read Rethinking John Wanamaker.)
    10. Compared to advertising, adtech is ugly. Look up best ads of all time. One of the top results is for the American Advertising Awards. The latest winners they’ve posted are the Best in Show for 2016. Tops there is an Allstate “Interactive/Online” ad pranking a couple at a ball game. Over-exposure of their lives online leads that well-branded “Mayhem” guy to invade and trash their house. In other words, it’s a brand ad about online surveillance.
    11. Adtech has caused the largest boycott in human history. By more than a year ago, 1.7+ billion human beings were already blocking ads online.

To get a sense of what will be left of adtech after GDPR Sunrise Day, start by reading a pair of articles in AdExchanger by @JamesHercher. The first reports on the Transparency and Consent Framework published by IAB Europe. The second reports on how Google is pretty much ignoring that framework and going direct with their own way of obtaining consent to tracking:

Google’s and other consent-gathering solutions are basically a series of pop-up notifications that provide a mechanism for publishers to provide clear disclosure and consent in accordance with data regulations.

Specifically,

The Google consent interface greets site visitors with a request to use data to tailor advertising, with equally prominent “no” and “yes” buttons. If a reader declines to be tracked, he or she sees a notice saying the ads will be less relevant and asking to “agree” or go back to the previous page. According to a source, one research study on this type of opt-out mechanism led to opt-out rates of more than 70%.

Meaning only 30% of site visitors will consent to being tracked. So, say goodbye to 70% of adtech’s eyeball targets right there.

Google’s consent gathering system, dubbed “Funding Choices,” also screws most of the hundreds of other adtech intermediaries fighting for a hunk of what’s left of their market. Writes James, “It restricts the number of supply chain partners a publisher can share consent with to just 12 vendors, sources with knowledge of the product tell AdExchanger.”

And that’s not all:

Last week, Google alerted advertisers it would sharply limit use of the DoubleClick advertising ID, which brands and agencies used to pull log files from DoubleClick so campaigns could be cohesively measured across other ad servers, incentivizing buyers to consolidate spend on the Google stack.

Google also raised eyebrows last month with a new policy insisting that all DFP publishers grant it status as a data controller, giving Google the right to collect and use site data, whereas other online tech companies – mere data processors – can only receive limited data assigned to them by the publisher, i.e., the data controller.

This is also Google’s way of scraping off GDPR liability on publishers.

Publishers and adtech intermediaries can attempt to avoid Google by using Consent Management Platforms (CMPs), a new category of intermediary defined and described by IAB Europe’s Consent Management Framework. Writes James,

The IAB Europe and and IAB Tech Lab framework includes a list of registered vendors that publishers can pass consent to for data-driven advertising. The tech companies pay a one-time fee between $1,000 and $2,000 to join the vendor list, according to executives from three participating companies…Although now that the framework is live, the barriers to adoption are painfully real as well.

The CMP category is pretty bare at the moment, and it may be greeted with suspicion by some publishers.There are eight initial CMPs: two publisher tech companies with roots in ad-blocker solutions, Sourcepoint and Admiral, as well as the ad tech companies Quantcast and Conversant and a few blockchain-based advertising startups…

Digital Content Next, a trade group representing online news publishers, is advising publishers to reject the framework, which CEO Jason Kint said “doesn’t meet the letter or spirit of GDPR.” Only two publishers have publicly adopted the Consent and Transparency Framework, but they’re heavy hitters with blue-chip value in the market: Axel Springer, Europe’s largest digital media company, and the 180-year-old Schibsted Media, a respected newspaper publisher in Sweden and Norway.

In other words, good luck with that.

[Later, 26 May…] Well, Google caved on this one, so apparently Google is coming to IAB Europe’s table.

[And on 30 May…] Axel Springer is also going its own way.

One big upside for IAB Europe is that its Framework contains open source code and an SDK. For a full unpacking of what’s there see the Consent String and Vendor List Format: Transparency & Consent Framework on GitHub and IAB Europe’s own FAQ. More about this shortly.

Meanwhile, the adtech business surely knows the sky is falling. The main question is how far.

One possibility is 95% of the way to zero. That outcome is suggested by results published in PageFair last October by Dr. Johnny Ryan (@JohnnyRyan) there. Here’s the most revealing graphic in the bunch:

Note that this wasn’t a survey of the general population. It was a survey of ad industry people: “300+ publishers, adtech, brands, and various others…” Pause for a moment and look at that chart again. Nearly all those proffesionals in the business would not accept what their businesses do to other human beings.

“However,” Johnny adds, “almost a third believe that users will consent if forced to do so by ‘tracking walls’, that deny access to a website unless a visitor agrees to be tracked. Tracking walls, however, are prohibited under Article 7 of the GDPR…”

Pretty cynical, no?

The good news for both advertising and publishing is that neither needs adtech. What’s more, people can signal what they want out of the sites they visit—and from the whole marketplace. In fact the Internet itself was designed for exactly that. The GDPR just made the market a lot more willing to start hearing clues from customers that have been laying in plain sight for almost twenty years.

The first clues that fully matter are the ones we—the individuals they’ve been calling “users,” will deliver. Look for details on that in another post.

Meanwhile::::

Pro tip #1: don’t bet against Google, except maybe in the short term, when sunrise will darken the whole adtech business.

Instead, bet against companies that stake their lives on tracking people, and doing that without the clear and explicit consent of the tracked. That’s most of the adtech “ecosystem” not called Google or Facebook.

Google can say it already has consent, and that it is also has a legitimate interest (one of the six “lawful bases” for tracking) in the personal data it harvests from us.

Google can also live without the tracking. Most of its income comes from AdWords—its search advertising business—which is far more guided by what visitors are searching for than by whatever Google knows about those visitors.

Google is also also relatively trusted, as tech companies go. Its parent, Alphabet, is also increasingly diversified. Facebook, on the other hand, does stake its life on tracking people. (I say more about Facebook’s odds here.)

Pro tip #2: do bet on any business working for customers rather than sellers. Because signals of personal intent will produce many more positive outcomes in the digital marketplace than surveillance-fed guesswork by sellers ever could, even with the most advanced AI behind it.

For more on how that will work, read The Intention Economy: When Customers Take Charge. Six years after Harvard Business Review Press published that book, what it says will start to come true. Thank you, GDPR.

Pro tip #3: do bet on developers building tools that give each of us scale in dealing with the world’s companies and governments, because those are the tools businesses working for customers will rely on to scale up their successes as well.

What it comes down to is the need for better signaling between customers and companies than can ever be possible in today’s doomed tracking-fed guesswork system. (All the AI and ML in the world won’t be worth much if the whole point of it is to sell us shit.)

Think about what customers and companies want and need about each other: interests, intentions, competencies, locations, availabilities, reputations—and boundaries.

When customers can operate both privately and independently, we’ll get far better markets than today’s ethically bankrupt advertising and marketing system could ever give us.

Pro tip #4: do bet on publishers getting back to what worked since forever offline and hardly got a chance online: plain old brand advertising that carries both an economic and a creative signal, and actually sponsors the publication rather than using the publication as a way to gather eyeballs that can be advertised at anywhere. The oeuvres of Don Marti (@dmarti) and Bob Hoffman (the @AdContrarian) are thick with good advice about this. I’ve also written about it extensively in the list compiled at People vs. Adtech. Some samples, going back through time:

  1. An easy fix for a broken advertising system (12 October 2017 in Medium and in my blog)
  2. Without aligning incentives, we can’t kill fake news or save journalism (15 September 2017 in Medium)
  3. Let’s get some things straight about publishing and advertising (9 September 2017 and the same day in Medium)
  4. Good news for publishers and advertisers fearing the GDPR (3 September 2017 in ProjectVRM and 7 October in Medium).
  5. Markets are about more than marketing (2 September 2017 in Medium).
  6. Publishers’ and advertisers’ rights end at a browser’s front door (17 June 2017 in Medium). It updates one of the 2015 blog posts below.
  7. How to plug the publishing revenue drain (9 June 2017 in Medium). It expands on the opening (#publishing) section of my Daily Tab for that date.
  8. How True Advertising Can Save Journalism From Drowning in a Sea of Content (22 January 2017 in Medium and 26 January 2017 in my blog.)It’s People vs. Advertising, not Publishers vs. Adblockers (26 August 2016 in ProjectVRM and 27 August 2016 in Medium)
  9. Why #NoStalking is a good deal for publishers (11 May 2016, and in Medium)
  10. How customers can debug business with one line of code (19 April 2016 in ProjectVRM and in Medium)
  11. An invitation to settle matters with @Forbes, @Wired and other publishers (15 April 2016 and in Medium)
  12. TV Viewers to Madison Avenue: Please quit driving drunk on digital (14 Aprl 2016, and in Medium)
  13. The End of Internet Advertising as We’ve Known It(11 December 2015 in MIT Technology Review)
  14. Ad Blockers and the Next Chapter of the Internet (5 November in Harvard Business Review)
  15. How #adblocking matures from #NoAds to #SafeAds (22 October 2015)
  16. Helping publishers and advertisers move past the ad blockade (11 October 2015 on the ProjectVRM blog)
  17. Beyond ad blocking — the biggest boycott in human history (28 Septemper 2015)
  18. A way to peace in the adblock war (21 September 2015, on the ProjectVRM blog)
  19. How adtech, not ad blocking, breaks the social contract (23 September 2015)
  20. If marketing listened to markets, they’d hear what ad blocking is telling them (8 September 2015)
  21. Apple’s content blocking is chemo for the cancer of adtech (26 August 2015)
  22. Separating advertising’s wheat and chaff (12 August 2015, and on 2 July 2016 in an updated version in Medium)
  23. Thoughts on tracking based advertising (18 February 2015)
  24. On marketing’s terminal addiction to data fracking and bad guesswork (10 January 2015)
  25. Why to avoid advertising as a business model (25 June 2014, re-running Open Letter to Meg Whitman, which ran on 15 October 2000 in my old blog)
  26. What the ad biz needs is to exorcize direct marketing (6 October 2013)
  27. Bringing manners to marketing (12 January 2013 in Customer Commons)
  28. What could/should advertising look like in 2020, and what do we need to do now for this future?(Wharton’s Future of Advertising project, 13 November 2012)
  29. An olive branch to advertising (12 September 2012, on the ProjectVRM blog)

I expect, once the GDPR gets enforced, I can start writing about People + Publishing and even People + Advertising. (I have long histories in both publishing and advertising, by the way. So all of this is close to home.)

Meanwhile, you can get a jump on the GDPR by blocking third party cookies in your browsers, which will stop most of today’s tracking by adtech. Customer Commons explains how.

Nature and the Internet both came without privacy.

The difference is that we’ve invented privacy tech in the natural world, starting with clothing and shelter, and we haven’t yet done the same in the digital world.

When we go outside in the digital world, most of us are still walking around naked. Worse, nearly every commercial website we visit plants tracking beacons on us to support the extractive economy in personal data called adtech: tracking-based advertising.

In the natural world, we also have long-established norms for signaling what’s private, what isn’t, and how to respect both. Laws have grown up around those norms as well. But let’s be clear: the tech and the norms came first.

Yet for some reason many of us see personal privacy as a grace of policy. It’s like, “The answer is policy. What is the question?”

Two such answers arrived with this morning’s New York TimesFacebook Is Not the Problem. Lax Privacy Rules Are., by the Editorial Board; and Can Europe Lead on Privacy?, by ex-FCC Chairman Tom Wheeler. Both call for policy. Neither see possibilities for personal tech. To both, the only actors in tech are big companies and big government, and it’s the job of the latter to protect people from the former. What they both miss is that we need what we might call big personal. We can only get that with with personal tech gives each of us power not just resist encroachments by others, but to have agency. (Merriam Websterthe capacity, condition, or state of acting or of exerting power.)

We acquired agency with personal computing and the Internet. Both were designed to make everyone an Archimedes. We also got a measure of it with the phones and tablets we carry around in our pockets and purses. None are yet as private as they should be, but making them fully private is the job of tech.

I bring this up because we will be working on privacy tech over the next four days at the Computer History Museum, first at VRM Day, today, and then over next three days at IIW: the Internet Identity Workshop.

On the table at both are work some of us, me included, are doing through Customer Commons on terms we can proffer as individuals, and the sites and services of the world can agree to.

Those terms are examples of what we call customertech: tech that’s ours and not Facebook’s or Apple’s or Google’s or Amazon’s.

The purpose is to turn the connected marketplace into a Marvel-like universe in which all of us are enhanced. It’ll be interesting to see what kind of laws follow.*

But hey, let’s invent the tech we need first.

*BTW, I give huge props to the EU for the General Data Protection Regulation, which is causing much new personal privacy tech development and discussion. I also think it’s an object lesson in what can happen when an essential area of tech development is neglected, and gets exploited by others for lack of that development.

Also, to be clear, my argument here is not against policy, but for tech development. Without the tech and the norms it makes possible, we can’t have fully enlightened policy.

Bonus link.

Let’s start with Facebook’s Surveillance Machine, by Zeynep Tufekci in last Monday’s New York Times. Among other things (all correct), Zeynep explains that “Facebook makes money, in other words, by profiling us and then selling our attention to advertisers, political actors and others. These are Facebook’s true customers, whom it works hard to please.”

Irony Alert: the same is true for the Times, along with every other publication that lives off adtech: tracking-based advertising. These pubs don’t just open the kimonos of their readers. They bring readers’ bare digital necks to vampires ravenous for the blood of personal data, all for the purpose of aiming “interest-based” advertising at those same readers, wherever those readers’ eyeballs may appear—or reappear in the case of “retargeted” advertising.

With no control by readers (beyond tracking protection which relatively few know how to use, and for which there is no one approach, standard or experience), and no blood valving by the publishers who bare those readers’ necks, who knows what the hell actually happens to the data?

Answer: nobody can, because the whole adtech “ecosystem” is a four-dimensional shell game with hundreds of players

or, in the case of “martech,” thousands:

For one among many views of what’s going on, here’s a compressed screen shot of what Privacy Badger showed going on in my browser behind Zeynep’s op-ed in the Times:

[Added later…] @ehsanakhgari tweets pointage to WhoTracksMe’s page on the NYTimes, which shows this:

And here’s more irony: a screen shot of the home page of RedMorph, another privacy protection extension:

That quote is from Free Tools to Keep Those Creepy Online Ads From Watching You, by Brian X. Chen and Natasha Singer, and published on 17 February 2016 in the Times.

The same irony applies to countless other correct and important reporting on the Facebook/Cambridge Analytica mess by other writers and pubs. Take, for example, Cambridge Analytica, Facebook, and the Revelations of Open Secrets, by Sue Halpern in yesterday’s New Yorker. Here’s what RedMorph shows going on behind that piece:

Note that I have the data leak toward Facebook.net blocked by default.

Here’s a view through RedMorph’s controller pop-down:

And here’s what happens when I turn off “Block Trackers and Content”:

By the way, I want to make clear that Zeynep, Brian, Natasha and Sue are all innocents here, thanks both to the “Chinese wall” between the editorial and publishing functions of the Times, and the simple fact that the route any ad takes between advertiser and reader through any number of adtech intermediaries is akin to a ball falling through a pinball machine. Refresh your page while reading any of those pieces and you’ll see a different set of ads, no doubt aimed by automata guessing that you, personally, should be “impressed” by those ads. (They’ll count as “impressions” whether you are or not.)

Now…

What will happen when the Times, the New Yorker and other pubs own up to the simple fact that they are just as guilty as Facebook of leaking their readers’ data to other parties, for—in many if not most cases—God knows what purposes besides “interest-based” advertising? And what happens when the EU comes down on them too? It’s game-on after 25 May, when the EU can start fining violators of the General Data Protection Regulation (GDPR). Key fact: the GDPR protects the data blood of what they call “EU data subjects” wherever those subjects’ necks are exposed in borderless digital world.

To explain more about how this works, here is the (lightly edited) text of a tweet thread posted this morning by @JohnnyRyan of PageFair:

Facebook left its API wide open, and had no control over personal data once those data left Facebook.

But there is a wider story coming: (thread…)

Every single big website in the world is leaking data in a similar way, through “RTB bid requests” for online behavioural advertising #adtech.

Every time an ad loads on a website, the site sends the visitor’s IP address (indicating physical location), the URL they are looking at, and details about their device, to hundreds -often thousands- of companies. Here is a graphic that shows the process.

The website does this to let these companies “bid” to show their ad to this visitor. Here is a video of how the system works. In Europe this accounts for about a quarter of publishers’ gross revenue.

Once these personal data leave the publisher, via “bid request”, the publisher has no control over what happens next. I repeat that: personal data are routinely sent, every time a page loads, to hundreds/thousands of companies, with no control over what happens to them.

This means that every person, and what they look at online, is routinely profiled by companies that receive these data from the websites they visit. Where possible, these data and combined with offline data. These profiles are built up in “DMPs”.

Many of these DMPs (data management platforms) are owned by data brokers. (Side note: The FTC’s 2014 report on data brokers is shocking. See https://www.ftc.gov/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014. There is no functional difference between an #adtech DMP and Cambridge Analytica.

—Terrell McSweeny, Julie Brill and EDPS

None of this will be legal under the #GDPR. (See one reason why at https://t.co/HXOQ5gb4dL). Publishers and brands need to take care to stop using personal data in the RTB system. Data connections to sites (and apps) have to be carefully controlled by publishers.

So far, #adtech’s trade body has been content to cover over this wholesale personal data leakage with meaningless gestures that purport to address the #GDPR (see my note on @IABEurope current actions here: https://t.co/FDKBjVxqBs). It is time for a more practical position.

And advertisers, who pay for all of this, must start to demand that safe, non-personal data take over in online RTB targeting. RTB works without personal data. Brands need to demand this to protect themselves – and all Internet users too. @dwheld @stephan_lo @BobLiodice

Websites need to control
1. which data they release in to the RTB system
2. whether ads render directly in visitors’ browsers (where DSPs JavaScript can drop trackers)
3. what 3rd parties get to be on their page
@jason_kint @epc_angela @vincentpeyregne @earljwilkinson 11/12

Lets work together to fix this. 12/12

Those last three recommendations are all good, but they also assume that websites, advertisers and their third party agents are the ones with the power to do something. Not readers.

But there’s lots readers will be able to do. More about that shortly. Meanwhile, publishers can get right with readers by dropping #adtech and going back to publishing the kind of high-value brand advertising they’ve run since forever in the physical world.

That advertising, as Bob Hoffman (@adcontrarian) and Don Marti (@dmarti) have been making clear for years, is actually worth a helluva lot more than adtech, because it delivers clear creative and economic signals and comes with no cognitive overhead (for example, wondering where the hell an ad comes from and what it’s doing right now).

As I explain here, “Real advertising wants to be in a publication because it values the publication’s journalism and readership” while “adtech wants to push ads at readers anywhere it can find them.”

Doing real advertising is the easiest fix in the world, but so far it’s nearly unthinkable for the ad industry because it has been defaulted for more than twenty years to an asymmetric power relationship between readers and publishers called client-server. I’ve been told that client-server was chosen as the name for this relationship because “slave-master” didn’t sound so good; but I think the best way to visualize it is calf-cow:

As I put it at that link (way back in 2012), Client-server, by design, subordinates visitors to websites. It does this by putting nearly all responsibility on the server side, so visitors are just users or consumers, rather than participants with equal power and shared responsibility in a truly two-way relationship between equals.

It doesn’t have to be that way. Beneath the Web, the Net’s TCP/IP protocol—the gravity that holds us all together in cyberspace—remains no less peer-to-peer and end-to-end than it was in the first place. Meaning there is nothing to the Net that prevents each of us from having plenty of power on our own.

On the Net, we don’t need to be slaves, cattle or throbbing veins. We can be fully human. In legal terms, we can operate as first parties rather than second ones. In other words, the sites of the world can click “agree” to our terms, rather than the other way around.

Customer Commons is working on exactly those terms. The first publication to agree to readers terms is Linux Journal, where I am now the editor-in-chief. The first of those terms is #P2B1(beta), says “Just show me ads not based on tracking me,” and is hashtagged #NoStalking.

In Help Us Cure Online Publishing of Its Addiction to Personal Data, I explain how this models the way advertising ought to be done: by the grace of readers, with no spying.

Obeying readers’ terms also carries no risk of violating privacy laws, because every pub will have contracts with its readers to do the right thing. This is totally do-able. Read that last link to see how.

As I say there, we need help. Linux Journal still has a small staff, and Customer Commons (a California-based 501(c)(3) nonprofit) so far consists of five board members. What it aims to be is a worldwide organization of customers, as well as the place where terms we proffer can live, much as Creative Commons is where personal copyright licenses live. (Customer Commons is modeled on Creative Commons. Hats off to the Berkman Klein Center for helping bring both into the world.)

I’m also hoping other publishers, once they realize that they are no less a part of the surveillance economy than Facebook and Cambridge Analytica, will help out too.

[Later…] Not long after this post went up I talked about these topics on the Gillmor Gang. Here’s the video, plus related links.

I think the best push-back I got there came from Esteban Kolsky, (@ekolsky) who (as I recall anyway) saw less than full moral equivalence between what Facebook and Cambridge Analytica did to screw with democracy and what the New York Times and other ad-supported pubs do by baring the necks of their readers to dozens of data vampires.

He’s right that they’re not equivalent, any more than apples and oranges are equivalent. The sins are different; but they are still sins, just as apples and oranges are still both fruit. Exposing readers to data vampires is simply wrong on its face, and we need to fix it. That it’s normative in the extreme is no excuse. Nor is the fact that it makes money. There are morally uncompromised ways to make money with advertising, and those are still available.

Another push-back is the claim by many adtech third parties that the personal data blood they suck is anonymized. While that may be so, correlation is still possible. See Study: Your anonymous web browsing isn’t as anonymous as you think, by Barry Levine (@xBarryLevine) in Martech Today, which cites De-anonymizing Web Browsing Data with Social Networks, a study by Jessica Su (@jessicatsu), Ansh Shukla (@__anshukla__) and Sharad Goel (@5harad)
of Stanford and Arvind Narayanan (@random_walker) of Princeton.

(Note: Facebook and Google follow logged-in users by name. They also account for most of the adtech business.)

One commenter below noted that this blog as well carries six trackers (most of which I block).. Here is how those look on Ghostery:

So let’s fix this thing.

[Later still…] Lots of comments in Hacker News as well.

[Later again (8 April 2018)…] About the comments below (60+ so far): the version of commenting used by this blog doesn’t support threading. If it did, my responses to comments would appear below each one. Alas, some not only appear out of sequence, but others don’t appear at all. I don’t know why, but I’m trying to find out. Meanwhile, apologies.

Power of the People is a great grabber of a headline, at least for me. But it’s a pitch for a report that requires filling out the form here on the right:

You see a lot of these: invitations to put one’s digital ass on mailing list, just to get a report that should have been public in the first place, but isn’t so personal data can be harvested and sold or given away to God knows who.

And you do more than just “agree to join” a mailing list. You are now what marketers call a “qualified lead” for countless other parties you’re sure to be hearing from.

And how can you be sure? Read the privacy policy,. This one (for Viantinc.com) begins,

If you choose to submit content to any public area of our websites or services, your content will be considered “public” and will be accessible by anyone, including us, and will not be subject to the privacy protections set forth in this Privacy Policy unless otherwise required by law. We encourage you to exercise caution when making decisions about what information you disclose in such public areas.

Is the form above one of those “public areas”? Of course. What wouldn’t be? And are they are not discouraging caution by requiring you to fill out all the personal data fields marked with a *? You betcha. See here:

III. How we use and share your information

A. To deliver services

In order to facilitate our delivery of advertising, analytics and other services, we may use and/or share the information we collect, including interest-based segments and user interest profiles containing demographic information, location information, gender, age, interest information and information about your computer, device, or group of devices, including your IP address, with our affiliates and third parties, such as our service providers, data processors, business partners and other third parties.

B. With third party clients and partners

Our online advertising services are used by advertisers, websites, applications and other companies providing online or internet connected advertising services. We may share information, including the information described in section III.A. above, with our clients and partners to enable them to deliver or facilitate the delivery of online advertising. We strive to ensure that these parties act in accordance with applicable law and industry standards, but we do not have control over these third parties. When you opt-out of our services, we stop sharing your interest-based data with these third parties. Click here for more information on opting out.

No need to bother opting out, by the way, because there’s this loophole too:

D. To complete a merger or sale of assets

If we sell all or part of our business or make a sale or transfer of our assets or are otherwise involved in a merger or transfer of all or a material part of our business, or participate in any other similar business combination (including, without limitation, in connection with any bankruptcy or similar proceeding), we may transfer all or part of our data to the party or parties involved in the transaction as part of that transaction. You acknowledge that such transfers may occur, and that we and any purchaser of our business or assets may continue to collect, use and disclose your information in compliance with this Privacy Policy.

Okay, let’s be fair: this is boilerplate. Every marketing company—hell, every company period—puts jive like this in their privacy policies.

And Viant isn’t one of marketing’s bad guys. Or at least that’s not how they see themselves. They do mean well, kinda, if you forget they see no alternative to tracking people.

If you want to see what’s in that report without leaking your ID info to the world, the short cut is New survey by people-based marketer Viant promotes marketing to identified users in @Martech_Today.

What you’ll see there is a company trying to be good to users in a world where those users have no more power than marketers give them. And giving marketers that ability is what Viant does.

Curious… will Viant’s business persist after the GDPR trains heavy ordnance on it?

See, the GDPR  forbids gathering personal data about an EU citizen without that person’s clear permission—no matter where that citizen goes in the digital world, meaning to any site or service anywhere. It arrives in full force, with fines of up to 4% of global revenues in the prior fiscal year, on 25 May of this year: about three months from now.

In case you’ve missed it, I’m not idle here.

To help give individuals fresh GDPR-fortified leverage, and to save the asses of companies like Viant (which probably has lawyers working overtime on GDPR compliance), I’m working with Customer Commons (on the board of which I serve) on terms individuals can proffer and companies can agree to, giving them a form of protection, and agreeable companies a path toward GDPR compliance. And companies should like to agree, because those terms will align everyone’s interests from the start.

I’m also working with Linux Journal (where I’ve recently been elevated to editor-in-chief) to make it one of the first publishers to agree to friendly terms its readers proffer. That’s why I posted Every User a Neo there. Other metaphors: turning everyone on the Net into an Archimedes, with levers to move the world, and turning the whole marketplace in to a Marvel-like universe where all of us are enhanced.

If you want to help with any of that, talk to me.

 

Sometimes you get what you pay for.

In this case, a good microphone in a bluetooth headset.

Specifically, the Bose Soundsport Wireless:

I’ve had these a day so far, and I love them. But not just because they sound good. Lots of earphones do that. I love them because the mic in the thing is good. This is surprisingly rare.

Let’s start with the humble Apple EarPods that are overpriced at $29 but come free with every new Apple i-thing and for that reason are probably the most widely used earphones on Earth:

No, their sound isn’t great. But get this: in conversation they sound good to ears at the other end. Better, in my judgement than the fancy new AirPods. (Though according to Phil Windley in the comments below, they are good at suppressing ambient noise.) The AirPods are also better than lots of other earphones I’ve used: ones from Beats, SkullCandy, Sennheiser and plenty of other brands. (I lose and destroy earphones and headphones constantly.) In all my experience, I have have not heard any earphones or headphones that sound better than plain old EarPods. In fact I sometimes ask, when somebody sounds especially good over a voice connection, if they’re using EarPods. Very often the answer is yes. “How’d you guess?” they ask. “Because you sound unusually good.”

So, when a refurbished iPhone 7 Plus arrived to replace my failing iPhone 5s two days ago, and it came with no headphone hole (bad, but I can live), I finally decided to get some wireless earphones. So I went to Consumer Reports on the Web, printed out their ratings for Wireless Portable Stereo Headphones (alas, behind a subscription wall), went to the local Staples, and picked up a JBL E25BT for $49 against a $60 list price. I chose that one because Consumer Reports gives it a rating of 71 out of 100 (which isn’t bad, considering that 76 is the top rating for any of the 50 models on the list)—and they called it a “best buy” as well.

I was satisfied until I talked to my wife over the JBL on my new phone. “You’re muffled,” she said. Then I called somebody else. “What?” they said. “I can’t hear you.” I adjusted the mic so it was closer to my mouth. “What?” they said again. I switched to the phone itself. “That’s better.” I then plugged the old EarPods into Apple’s Lightning dongle, which I also bought at Staples for $9. “Much better.”

So the next day I decided to visit an Apple Store to see what they had, and recommended. I mean, I figured they’d have a fair chance of knowing.

“I want a good mic more than I want good sound,” I said to the guy.  “Oh,” he replied. “I shouldn’t say this because we don’t sell them; but you need a Bose. They care about mics and theirs are the best. Go to the Best Buy down the street and see what they’ve got.” So I went.

At Best Buy the guy said, “The best mic is in the Bose Soundsport Wireless.” I pulled my six-page Consumer Reports list of rated earphones out of my back pocket. There at the top of the ratings was the Soundsport. So I bought a blue one. Today I was on two long calls and both parties at the other ends said “You sound great.” One added, “Yeah, really good.” So there ya go.

I’m sure there are other models with good mics; but I’m done looking, and I just want to share what I’ve found so far—and to implore all the outfits that rate earphones and headphones with mics to rate the mics too. It’s a kindness to the people at the other end of every call.

Remember: conversations are two-way, and the person speaking has almost no idea how good they’re sounding to the other person over a mobile phone. So give the mics some weight.

And thanks, Bose. Good product.

This post continues the inquiry I started with Making sense of what happened to Montecito. That post got a record number of reads for this blog, and 57 comments as well.

I expect to learn more at the community meeting this evening with UCSB geologist Ed Keller in the Faulkner Room in the main library in Santa Barbara. Here’s the Library schedule. Note that the meeting will be streamed live on Facebook.

Meanwhile, to help us focus on the geology questions, here is the final post-mudslide damage inspection map of Montecito:

I left out Carpinteria, because of the four structures flagged there, three were blue (affected) and one was yellow (minor), and none were orange (major) or red (destroyed). I’m also guessing they were damaged by flooding rather than debris flow. I also want to make the map as legible as possible, so we can focus on where the debris flows happened, and how we might understand the community’s prospects for the future.

So here are my questions, all subject to revision and correction.

  1. How much of the damage was due to debris flow alone, and how much to other factors (e.g. rain-caused flooding, broken water pipes)?
  2. Was concentration of rain the main reason why we saw flows in the canyons above Montecito, but not (or less so) elsewhere?
  3. Where exactly did the debris flow from? And has the area been surveyed well enough to predict what future debris flows might happen if we get big rains this winter and ones to follow?
  4. Do we need bigger catch basins for debris, like they have at the base of the San Gabriels, above Los Angeles’ basin?
  5. How do the slopes above Montecito and Santa Barbara differ from other places (e.g. the San Gabriels) where debris flows (and rock falls) are far more common?
  6. What geology-advised changes in our infrastructure (especially water and gas) might we make, based on what we’ve learned so far?
  7. What might we expect (that most of us don’t now) in the form of other catastrophes that show up in the geologic record? For example, earthquakes and tsunamis. See here: “This earthquake was associated with by far the largest seismic sea wave ever reported for one originating in California. Descriptive accounts indicate that it may have reached elevations of 15 feet at Gaviota, 30 to 35 feet at Santa Barbara, and 15 feet or more in Ventura. It may have even shown visible effects in the San Francisco harbor.” There is also this, which links to questions about the former report. (Still, there have been a number of catastrophic earthquakes on or affecting the South Coast, and it has been 93 years since the 1925 quake — and the whole Pacific Coast is subject to tsunamis. Here are some photos of the quake.)

Note that I don’t want to ask Ed to play a finger-pointing role here. Laying blame isn’t his job, unless he’s blaming nature for being itself.

Additional reading:

  • Dan McCaslin: Rattlesnake Canyon Fine Now for Day Hiking (Noozhawk) Pull-quote: “Santa Barbara geologist Ed Keller has said that all of Santa Barbara is built on debris flows piled up during the past 60,000 years. Around 1100 A.D., a truly massive debris flow slammed through Rattlesnake Canyon into Mission Canyon, leaving large boulders as far down as the intersection of Alamar Avenue and State Street (go check). There were Chumash villages in the area, and they may have been completely wiped out then. While some saddened Montecitans claim that sudden flash floods and debris flows should have been forecast more accurately, this seems impossible.”
  • Those deadly mudslides you’ve read about? Expect worse in the future. (Wall Street Journal) Pull-quote: “Montecito is particularly at risk as the hill slopes above town are oversteepened by faulting and rapid uplift, and much of the town is built on deposits laid down by previous floods. Some debris basins were in place, but they were quickly overtopped by the hundreds of thousands of cubic yards of water and sediment. While high post-fire runoff and erosion rates could be expected, it was not possible to accurately predict the exact location and extreme magnitude of this particular storm and resulting debris flows.”
  • Evacuation Areas Map.
  • Thomas Fire: Forty Days of Devastation (LA Times) Includes what happened to Montecito. Excellent step-by-step 3D animation.

Montecito is now a quarry with houses in it:

So far twenty dead have been removed. It will take much more time to remove twenty thousand dump truck loads of what geologists call “debris,” just to get down to where civic infrastructure (roads, water, electric, gas) can be fixed. It’s a huge thing.

The big questions:

  1. Did we know a catastrophe this huge was going to happen? (And if so, which among us were the “we” who knew?)
  2. Was there any way to prevent it?

Geologists had their expectations, expressed as degrees of likelihood and detailed on this map by the United States Geological Survey:

That was dated more than a month before huge rains revised to blood-red the colors in the mountains above town. Worries of County Supervisors and other officials were expressed in The Independent on January 3rd and 5th. Edhat also issued warnings on January 5th and 6th.

Edhat’s first report began, “Yesterday, the National Weather Service issued a weather briefing of a potential significant winter storm for Santa Barbara County on January 9-10. With the burn scar created by the Thomas Fire, the threat of flash floods and debris/mud flows is now 10 times greater than before the fire.”

But among those at risk, who knew what a “debris/mud flow” was—especially when nobody had ever seen one of those anywhere around here, even after prior fires?

The first Independent story (on January 3rd) reported, “County water expert Tom Fayram said county workers began clearing the debris basins at San Ysidro and Gobernador canyons ‘as soon as the fire department would let us in.’ It is worth noting, Lewin said, that the Coast Village Road area flooded following the 1971 Romero Fire and the 1964 Coyote Fire. While touring the impact areas in recent days, (Office of Emergency Management Director Robert) Lewin said problems have already occurred. ‘We’re starting to see gravity rock fall, he said. ‘One rock could close a road.'”

The best report I’ve seen about what geologists knew, and expected, is The Independent‘s After the Mudslides, What Does the Next Rain Hold for Montecito?, published four days after the disaster. In that report, Kevin Cooper of the U.S. Forest Service said, “no one alive has probably ever seen one before.” [January 18 update: Nick Welch in The Independent reports, “Last week’s debris flow was hardly Santa Barbara’s first. Jim Stubchaer, then an engineer with County Flood Control, remembers the avalanche of mud that took 250 homes back in November 1964 when heavy rains followed quickly on the heels of the Coyote Fire. He was there in 1969 and 1971 when it happened again.” Here is a long 2009 report on the Coyote Fire in The Independent by Ray Ford, now with Noozhawk. No mention of the homes lost in there. Perhaps Ray can weigh in.]

My point is that debris flows over Montecito ae a sure bet in geologic time, but not in the human one. In the whole history of Montecito and Santa Barbara (of which Montecito is an unincorporated part), there are no recorded debris flows that started on mountain slopes and spread all the way to the sea. But on January 9th we had several debris flows on that scale, originating simultaneously in the canyons feeding Montecito, San Ysidro and Romero Creeks. Those creeks are dry most of the time, and beautiful areas in which to build homes: so beautiful, in fact, that Montecito is the other Beverly Hills. (That’s why all these famous people have called it home.)

One well-studied prehistoric debris flow in Santa Barbara emptied a natural lake that is now Skofield Park,dumping long-gone mud and lots of rocks in Rattlesnake Canyon, leaving its clearest evidence in a charming tree-shaded boulder field next to Mission Creek called Rocky Nook Park.

What geologists at UCSB learned from that flow is detailed in a 2001 report titled UCSB Scientists Study Ancient Debris Flows. It begins, “The next ‘big one’ in Santa Barbara may not be an earthquake but a boulder-carrying flood.” It also says that flood would “most likely occur every few thousand years.”

And we got one in Montecito last Tuesday.

I’ve read somewhere that studies of charcoal from campfires buried in Rocky Nook Park date that debris flow at around 500 years ago. This is a good example of how the geologic present fails to include present human memory. Still, you can get an idea of how big this flow was. Stand in Rattlesnake Canyon downstream from Skofield Park and look at the steep rocky slopes below houses on the south side of the canyon. It isn’t hard to imagine the violence that tore out the smooth hillside that had been there before.

To help a bit more with that exercise, here is a Google Streetview of Scofield Park, looking down at Santa Barbara through Rattlesnake Canyon:

I added the red line to show the approximate height of the natural dam that broke and released that debris flow.

I’ve also learned that the loaf-shaped Riviera landform in Santa Barbara is not a hunk of solid rock, but rather what remains of a giant landslide that slid off the south face of the Santa Ynez Mountains and became free-standing after creeks eroded out the valley behind. I’ve also read that Mission Creek flows westward around the Riviera and behind the Mission because the Riviera itself is also sliding the same direction on its own tectonic sled.

We only see these sleds moving, however, when geologic and human time converge. That happened last Tuesday when rains Kevin Cooper calls “biblical” hit in the darkest hours, saturating the mountain face creek beds that were burned by the Thomas Fire just last month. As a result, debris flows gooped down the canyons and stream valleys below, across Montecito to the sea, depositing lots of geology on top of what was already there.

So in retrospect, those slopes in various colors in the top map above should have been dark red instead. But, to be fair, much of what geology knows is learned the hard way.

Our home, one zip code west of Montecito, is fine. But we can’t count how many people we know who are affected directly. One friend barely escaped. Some victims were friends of friends. Some of the stories are beyond awful.

We all process tragedies like this in the ways we know best, and mine is by reporting on stuff, hopefully in ways others are not, or at least not yet. So I’ll start with this map showing damaged and destroyed buildings along the creeks:

At this writing the map is 70% complete. [January 17 update: 95%.] I’ve clicked on all the red dots (which mark destroyed buildings, most of which are homes), and I’ve copied and pasted the addresses that pop up into the following outline, adding a few links.

Going downstream along Cold Spring Creek, Hot Springs Creek and Montecito Creek (which the others feed), gone are—
  1. 817 Ashley Road
  2. 817 Ashley Road (out building)
  3. 797 Ashley Road
  4. 780 Ashley Road. Amazing architectural treasure that last sold for $12.9 million in ’13.
  5. 809 Ashley Road
  6. 809 Ashley Road (there are two at one address)
  7. 747 Indian Lane
  8. 631 Parra Grande Lane. That’s the mansion where the final scene in Scarface was shot.
  9. 590 Meadowood Lane
  10. 830 Rockbridge Road
  11. 800 Rockbridge Road
  12. 790 Rockbridge Road
  13. 787 Riven Rock Road B
  14. 1261 East Valley Road
  15. 1240 East Valley Road A (mansion)
  16. 1240 East Valley Road B (out building)
  17. 1254 East Valley Drive
  18. 1255 East Valley Road
  19. 1247 East Valley Road A
  20. 1247 East Valley Road B (attached)
  21. 1231 East Valley Road A
  22. 1231 East Valley Road B (detached)
  23. 1231 East Valley Road C (detached)
  24. 1221 East Valley Road A
  25. 1221 East Valley Road B
  26. 369 Hot Springs Road
  27. 341 Hot Springs Road A
  28. 341 Hot Springs Road B
  29. 341 Hot Springs Road C
  30. 355 Hot Springs Road
  31. 335 Hot Springs Road A
  32. 335 Hot Springs Road B
  33. 333 Hot Springs Road (Not marked in final map)
  34. 341 Hot Springs Road A
  35. 341 Hot Springs Road B
  36. 341 Hot Springs Road C
  37. 340 Hot Springs Road
  38. 319 Hot Springs Road
  39. 325 Olive Mill Road
  40. 285 Olive Mill Road
  41. 275 Olive Mill Road
  42. 325 Olive Mill Road
  43. 220 Olive Mill Road
  44. 200 Olive Mill Road
  45. 275 Olive Mill Road
  46. 180 Olive Mill Road
  47. 170 Olive Mill Road
  48. 144 Olive Mill Road
  49. 137 Olive Mill Road
  50. 139 Olive Mill Road
  51. 127 Olive Mill Road
  52. 196 Santa Elena Lane
  53. 192 Santa Elena Lane
  54. 179 Santa Isabel Lane
  55. 175 Santa Elena Lane
  56. 142 Santo Tomas Lane
  57. 82 Olive Mill Road
  58. 1308 Danielson Road
  59. 81 Depot Road
  60. 75 Depot Road
Along Oak Creek—
  1. 601 San Ysidro Road
  2. 560 San Ysidro Road B
Along San Ysidro Creek—
  1. 953 West Park Lane
  2. 941 West Park Lane
  3. 931 West park Lane
  4. 925 West park Lane
  5. 903 West park Lane
  6. 893 West park Lane
  7. 805 W Park Lane
  8. 881 West park Lane
  9. 881 West park Lane (separate building, same address)
  10. 1689 Mountain Drive
  11. 900 San Ysidro Lane C (all the Lane addresses appear to be in San Ysidro Ranch)
  12. 900 San Ysidro Lane Cottage B
  13. 900 San Ysidro Lane Cottage A
  14. 900 San Ysidro Lane Cottage D
  15. 900 San Ysidro Lane E
  16. 900 San Ysidro Lane F
  17. 900 San Ysidro Lane G
  18. 900 San Ysidro Lane H
  19. 900 San Ysidro Lane I
  20. 900 San Ysidro Lane J
  21. 900 San Ysidro Lane K
  22. 900 San Ysidro Lane L
  23. 900 San Ysidro Lane M
  24. 900 San Ysidro Lane N
  25. 900 San Ysidro Lane O
  26. 900 San Ysidro Lane R
  27. 900 San Ysidro Lane S
  28. 900 San Ysidro Lane T
  29. 888 San Ysidro Lane A
  30. 888 San Ysidro Lane B
  31. 888 San Ysidro Lane C
  32. 888 San Ysidro Lane D
  33. 888 San Ysidro Lane E
  34. 888 San Ysidro Lane F
  35. 805 West Park Lane B
  36. 799 East Mountain Drive
  37. 1801 East Mountain Lane
  38. 1807 East Mountain Drive
  39. 771 Via Manana Road
  40. 899 El Bosque Road
  41. 771 Via Manana Road
  42. 898 El Bosque Road
  43. 800 El Bosque Road A (Casa de Maria)
  44. 800 El Bosque Road B (Casa de Maria)
  45. 800 El Bosque Road C (Casa de Maria)
  46. 559 El Bosque Road (This is between Oak Creek and San Ysidro Creek)
  47. 680 Randall Road
  48. 670 Randall Road
  49. 660 Randall Road
  50. 650 Randall Road
  51. 640 Randall Road
  52. 630 Randall Road
  53. 619 Randall Road
  54. 1685 East Valley Road A
  55. 1685 East Valley Road B
  56. 1685 East Valley Road C
  57. 1696 East Valley Road
  58. 1760 Valley Road A
  59. 1725 Valley Road A
  60. 1705 Glenn Oaks Drive A
  61. 1705 Glen Oaks Drive B
  62. 1710 Glen Oaks Drive A
  63. 1790 Glen Oaks Drive A
  64. 1701 Glen Oaks Drive A
  65. 1705 Glen Oaks Drive A
  66. 1705 East Valley Road A
  67. 1705 East Valley Road B
  68. 1705 East Valley Road C
  69. 1780 Glen Oaks Drive N/A
  70. 1780 Glen Oaks Drive (one on top of the other)
  71. 1774 Glen Oaks Drive
  72. 1707 East Valley Road A
  73. 1685 East Valley Road C
  74. 1709 East Valley Road
  75. 1709 East Valley Road B
  76. 1775 Glen Oaks Drive A
  77. 1775 Glen Oaks Drive B
  78. 1779 Glen Oaks Drive A
  79. 1779 Glen Oaks Drive B
  80. 1779 Glen Oaks Drive C
  81. 1781 Glen Oaks Drive A
  82. 1711 East Valley Road (This and what follow are adjacent to Oprah)
  83. 1715 East Valley Road A
  84. 1715 East Valley Road B
  85. 1719 East Valley Road
  86. 1721 East Valley Road A (This might survive. See Dan Seibert’s comment below)
  87. 1721 East Valley Road B (This might survive. See Dan Seibert’s comment below)
  88. 1721 East Valley Road C (This might survive. See Dan Seibert’s comment below)
  89. 1694 San Leandro Lane A
  90. 1694 San Leandro Lane D
  91. 1690 San Leandro Lane C
  92. 1690 San Leandro Lane A
  93. 1694 San Leandro Lane B
  94. 1696 San Leandro Lane
  95. 1710 San Leandro Lane A
  96. 1710 San Leandro Lane B
  97. 190 Tiburon Bay Lane
  98. 193 Tiburon Bay Lane A
  99. 193 Tiburon Bay Lane B
  100. 193 Tiburon Bay Lane C
  101. 197 Tiburon Bay Lane A
Along Buena Vista Creek—
  1. 923 Buena Vista Avenue
  2. 1984 Tollis Avenue A
  3. 1984 Tollis Avenue B
  4. 1984 Tollis Avenue C
  5. 670 Lilac Drive
  6. 658 Lilac Drive
  7. 2075 Alisos Drive (marked earlier, but I don’t see it in the final map)
  8. 627 Oak Grove Lane
Along Romero Creek—
  1. 1000 Romero Canyon Road
  2. 1050 Romero Canyon Road
  3. 860 Romero Canyon Road
  4. 768 Winding Creek Lane
  5. 745 Winding Creek Lane
  6. 744 Winding Creek Lane
  7. 2281 Featherhill Avenue B

Below Toro Canyon—

  1. 876 Toro Canyon Road
  2. 572 Toro Canyon Park Road

Along Arroyo Paredon, between Summerland and Carpinteria, not far east of the Toro Canyon—

  1. 2000 Cravens Lane

Ten flanking Highway 101 by the ocean are marked as damaged, including four on Padero Lane.

When I add those up, I get 142 163* 178† among the destroyed alone.

[* This is on January 17, when the map says it is 95% complete. All the additions appear to be along San Ysidro Creek, especially on San Ysidro Lane, which I believe is mostly in San Ysidro Ranch. Apparently nearly the whole place has been destroyed. Adjectives such as “lovely” fail to describe what it was.]

[† This is on January 18, when the map is complete. I’ll need to go over it again, because there are subtractions as well as additions. Additional note: on March 22, the resident at 809 Ashley Road asked me to make sure that address was also added. There are two homes at that address, both gone.]

Now let’s go back and look more closely at this again from the geological perspective.

What we see is a town revised by nature in full disregard for what was there before—and in full obedience to the pattern of alluvial deposition on the flanks of all fresh mountains that erode down almost as fast as they go up.

This same pattern accounts for much of California, including all of the South Coast and the Los Angeles basin.

To see what I mean, hover your mind above Atlanta and look north at the southern Appalachians. Then dial history back five million years. What you see won’t look much different. Do the same above Los Angeles or San Francisco and nothing will be the same, or even close. Or even there at all.

Five million years is about 1/1000th of Earth’s history. If that history were compressed to a day, California showed up in less than the last forty seconds. In that short time California has formed and re-formed constantly, and is among the most provisional landscapes in the world. All of it is coming up, sliding down, spreading out and rearranging itself, and will continue doing so through all the future that’s worth bothering to foresee. Debris flows are among nature’s most casual methods for revising landscapes. (By the way, I am writing this in a San Marino house that sits atop the Raymond Fault scarp, which on the surface takes the form of a forty-foot hill. The stack of rock strata under the bottom of that hill is displaced 17,000 feet from the identical suite under the base at the top. Many earthquakes produced that displacement, while erosion has buffed 16,960 feet of rock and soil off the top.)

So we might start to look at the Santa Ynez Mountains behind Santa Barbara and Montecito not as a stable land form but rather as a volcano of mud and rock that’s sure to go off every few dozen or hundreds of years—and will possibly deliver a repeat performance if we get more heavy rains and there is plenty of debris left to flow out of mountain areas adjacent to those that flowed on January 9th. If there’s a lot of it, why even bother saving Montecito?

Here’s why:

One enters the Engineering building at the University of Wyoming under that stone plaque, which celebrates what may be our species’ greatest achievement and conceit: controlling nature. (It’s also why geology is starting to call our present epoch the anthropocene.)

This also forecasts exactly what we will do for Montecito. In the long run we’ll lose to nature. But meanwhile we strive on.

In our new strivings, it will help to look toward other places in California that are more experienced with debris flows, because they happen almost constantly there. The largest of these by far is Los Angeles, which has placed catch basins at the mouths of all the large canyons coming out of the San Gabriel Mountains. Most of these dwarf the ones above Montecito. All resemble empty reservoirs. Some are actually quarries for rocks and gravel that roll in constantly from the eroding creek beds above. None are pretty.

To understand the challenge involved, it helps to read John McPhee’s classic book The Control of Nature, which takes its title from the inscription above. Fortunately, you can start right now by reading the first essay in a pair that became the relevant chapter of that book. It’s free on the Web and called Los Angeles Against the Mountains I. Here’s an excerpt:

Debris flows amass in stream valleys and more or less resemble fresh concrete. They consist of water mixed with a good deal of solid material, most of which is above sand size. Some of it is Chevrolet size. Boulders bigger than cars ride long distances in debris flows. Boulders grouped like fish eggs pour downhill in debris flows. The dark material coming toward the Genofiles was not only full of boulders; it was so full of automobiles it was like bread dough mixed with raisins.

The Genofiles were a family that barely survived a debris flow on a slope of Verdugo Mountain, overlooking Los Angeles from Glendale. Here’s another story, about another site not far away:

The snout of the debris flow was twenty feet high, tapering behind. Debris flows sometimes ooze along, and sometimes move as fast as the fastest river rapids. The huge dark snout was moving nearly five hundred feet a minute and the rest of the flow behind was coming twice as fast, making roll waves as it piled forward against itself—this great slug, as geologists would describe it, this discrete slug, this heaving violence of wet cement. Already included in the debris were propane tanks, outbuildings, picnic tables, canyon live oaks, alders, sycamores, cottonwoods, a Lincoln Continental, an Oldsmobile, and countless boulders five feet thick. All this was spread wide a couple of hundred feet, and as the debris flow went through Hidden Springs it tore out more trees, picked up house trailers and more cars and more boulders, and knocked Gabe Hinterberg’s lodge completely off its foundation. Mary and Cal Drake were standing in their living room when a wall came off. “We got outside somehow,” he said later. “I just got away. She was trying to follow me. Evidently, her feet slipped out from under her. She slid right down into the main channel.” The family next door were picked up and pushed against their own ceiling. Two were carried away. Whole houses were torn loose with people inside them. A house was ripped in half. A bridge was obliterated. A large part of town was carried a mile downstream and buried in the reservoir behind Big Tujunga Dam. Thirteen people were part of the debris. Most of the bodies were never found.

This is close to exactly what happened to Montecito in the wee hours of January 9th. (As of March 22, two of the 23 dead still haven’t been recovered, and probably never will be.) (In September 2018 a first responder I talked with said the bodies of a least one the two missing victims, a teenage boy and a toddler, were probably carried to the ocean.)

As of now the 8000-plus residents of Montecito are evacuated and forbidden to return for at least another two weeks—and maybe much longer if officials declare the hills above town ready to flow again.

Highway 101—one of just two major freeways between Southern and Northern California, is closed indefinitely, because it is now itself a stream bed, and re-landscaping the area around it, to get water going where it should, will take some time. So will fixing the road, and perhaps bridges as well.

Meanwhile getting in and out of Santa Barbara from east of Montecito by car requires a detour akin to driving from Manhattan to Queens by way of Vermont. And there have already been accidents, I’ve heard, on highway 166, which is the main detour road. We’ll be taking that detour or one like it on Thursday when we head home via Los Angeles after we fly there from New York, where I’m packing up now.

Expect this post to grow and change.

Bonus links:

Tags: , , , ,

That was yesterday. Hard to tell from just looking at it, but that’s a 180° shot, panning from east to west across California’s South Coast, most of which is masked by smoke from the Thomas Fire.

We weren’t in the smoke then, but we are now, so there’s not much to shoot. Just something more to wear: a dust mask. Yesterday I picked up two of the few left at the nearest hardware store, and now I’m wearing one around the house. Since wildfire smoke is bad news for lungs, that seems like a good idea.

I’m also noticing dead air coming from radio stations whose transmitters have likely burned up. And websites that seem dead to the fire as well. Here’s a list of signals that I’m pretty sure is off the air right now. All their transmitters are within the Thomas Fire perimeter:

Some are on Red Mountain (on the west of Highway 33, which connects Ventura with Ojai); some are in the Ventura Hills; and some are on Sulphur Mountain, which is the high ridge on the south side of Ojai. One is on Santa Paula Mountain, with a backup on Red Mountain. (That’s KOCP. I don’t hear it, and normally do.)

In some cases I’m hearing a live signal but dead air. In others I’m hearing nothing at all. In still other cases I’m hearing something faint. And some signals are too small, directional or isolated for me to check from 30 miles (give or take) away. So, fact checking is welcome. There’s a chance some of these are on the air with lower power at temporary locations.

The links in the list above go to technical information for each station, including exact transmitter locations and facilities, rather than to the stations themselves. Here’s a short cut to those, from the great Radio-Locator.com.

Nearly all the Ventura area FM stations — KHAY, KRUZ, KFYV, KMLA, KCAQ , KMRO, KSSC and KOCP — have nothing about the fire on their websites. Kinda sad, that. I’ve only found only two local stations doing what they should be doing at times like this. One is KCLU/88.3, the public station in Thousand Oaks. KCLU also serves the South Coast with an AM and an FM signal in Santa Barbara. The other is KVTA/1590. The latter is almost inaudible here right now. I suppose that’s because of a power outage. Its transmitter, like those of the other two AM stations in town, is down in a flat area unlikely to burn.

KBBY, on Rincon Mountain (a bit west of Red Mountain, but in an evacuation area with reported spot fires), is still on the air. Its website also has no mention of the fire. Same with KHAY/100.7, on Red Mountain, which was off the air but is now back on. Likewise KMLA/103.7, licensed to El Rio but serving the Ventura area.

KXLM/102.9 which transmits from the flats, is on the air.

Other sources of fire coverage are KPCC, KCRW and KNX.

 

 

 

Tags:

« Older entries