A Fire Under Embers

 by ZACHARY TUMIN

James Q. Wilson passed away this week. Never met him. Many folks I know and respect esteemed him.  Here’s what the NYTimes obit had to say:

James Q. Wilson, [was] a wide-ranging social scientist whose “broken windows” theory of law enforcement laid the groundwork for crime reduction programs in New York, Los Angeles and other cities.  Probably his most influential theory holds that when the police emphasize the maintenance of order rather than the piecemeal pursuit of rapists, murderers and carjackers, concentrating on less tthreatening though often illegal disturbances in the fabric of urban life like street-corner drug-dealing, graffiti and subway turnstile-jumping, the rate of more serious crime goes down. Such a strategy became a cornerstone of the “quality of life” crime-reduction program in the 1990s of Mayor Rudolph W. Giuliani of New York and his first police commissioner, William J. Bratton

Wilson’s “broken windows” work gave “permission” to cops to pay attention to the small stuff. In fact, it demanded it. Want to fight crime? Here’s how, it seemed to say.

But like most theories there were dozens of critical steps  from Wilson’s formulation to results on the street. Implementers like Bill Bratton (full disc: my co-author of COLLABORATE OR PERISH!) already knew it was the small stuff – the crappy behavior on streets — that drove people crazy and killed neighborhoods. Just as important, it was the small stuff in normal behavior that, when it returned, signaled the all-clear for others to take chances. Bratton calls it the “dog walker factor.”

Signaling, it turns out, was everything. Read the rest of this entry »

 by ZACHARY TUMIN

“Light at the mouth of the cave,” a senior state food safety executive murmured.

He was watching Tim Wormus, an evangelist for Tibco/Spotfire’s visualization software, track a lot of tomatoes from the moment it left a California grower to its ultimate destination on someone’s plate.  As Wormus clicked through screens that showed a flowing stream of circles, lines and dots, the tomatoes made their way from the grower/shipper, to packing shed, and on to a repack house.  The biggest circle then fragmented and scattered across the screen– the repack house had broken the lot apart, combined it with other lots, and sent it on its way to distribution centers, retail outlets and restaurants for life as salsa, fresh tomatoes, fast food sliced product, or a dozen other tomato products. Read the rest of this entry »

There’s a claim made by researchers at Harvard Business School that men are followed disproportionately on Twitter. That may be true on a straightline basis.  But there may be more – or less — here than the authors make out. The fact is, we can’t tell yet.

A first order question is, “What is the correct denominator in this rate? What’s the expected value of the rate of male-male follow?” Then, “What’s the observed deviation and to what extent is it attributable to gender?” We don’t think the authors are in a position to answer that yet, based on the data they’ve offered.

How to sort this through? Best thing to do here is find a real world use case where we can test our intuitions about what might be going on in the authors’ data, and the claims made for it.

As we think about how we come to follow others on Twitter, there are three or four obvious vectors. To explain, we’ll choose one, and use a man named “Harry” as an example.

Here’s the vector: Harry wakes up to find that someone is now following him on Twitter. He could (but doesn’t always) follow back. Harry faces a decision: should he follow back? In this case, we’d want to know, when making his choice, does Harry show a bias in favor of following males vs. females? Secondly, if he does appear to bias towards male or female,  is it due to maleness/femaleness, or to some underlying trait?

The first thing we’d want to know is what the proportion of males-to-females is in the group of people newly following Harry – this is the universe of his potential choice. If it’s 30-70, then all things equal we should expect Harry to follow back at that rate if he’s gender blind.

That gives us the expected value of Harry’s follow-back rate for males vs females: it’s 30-70.

Anything other than that is a deviation that may or may not be attributable to chance – and if not to chance, then to some other factors, including (possibly) gender bias.

But the authors of the HBS note seem to suggest that the 30-70 (or whatever its equivalent) is in fact prima facie good evidence of a gender-based selection bias on Harry’s part – when in fact, for a 30-70 population it’s exactly perfect. So we need to know what the expected value is, and what the observed deviation from this expected value is – if any. If Harry should follow 30-70 and does, he’s perfect: zero observed bias. But if Harry ends up following 50-50, ok – something is possibly going on.

But we can’t stop there. Just because it’s 50-50 doesn’t mean there’s gender bias. Because when someone follows Harry, Harry actually *reads* what these folks do – and Harry won’t follow folks whose profile says they do Internet marketing, for example.  It may turn out that the ranks of Internet marketers are disproportionately male, or female. So when Harry elects not to follow, what might at first blush look like a gender bias is actually a bias against a profession.

So, Harry might have plenty of biases, but gender might not be one of them. What looks like a gender bias is in fact first and foremost an expected value; and after than, much of the deviation could be explained by non-gender factors like profession.

This points to the importance of understanding the vectors and dynamics of the follow/don’t follow decision in Twitter. There are more vectors than this one use case, and plenty of dynamics. In the current analysis, the data offered could be explained by a host of factors, most not explicated by the authors.

Until they are it’s a little early to point the fickle finger of gender bias at Twitter.

We’ll save for another post taking a look at these important questions, too:

– How does the fact that 80% of users follow or are followed by one or more in fact test the capacity of a user base to understand the service? Do we have some expectation about the probability of an occurrence of a tie, and if so, why?

– A large proportion of Twitter users keep their gender identification ambiguous. To what extent does this alter the authors’ conclusions – did they adjust for this?

– As the authors assert, all well developed online social media services have a contribution pattern that roughly follows power-law or exponential distributions. Does the fact that Twitter falls within the extreme bounds of these distributions point to the fact that it is still settling into an equilibrium?

(With Andrew Conway/cross-posted to http://www.drewconway.com/zia/)

There continues to be concern that we are not doing enough to address the problem of cyber security – even that we lack, still, a clear view of the problem, a vision or strategy to deal with it, or an investment plan that will succeed.

It is not for want of trying. Our nation’s cybersecurity issues are well-documented. Yet current efforts such as the National Cyber Security initiative, cloaked in secrecy, and limited to governments, have been critiqued as too little, too limited, and too mysterious. Others have offered sharp critiques of the critiques.

How should the United States or any reasonable nation respond? The complexity of events and response, and their dynamism, argue for vision, strategy, and investment. For the United States, the advent of a national cybersecurity czar; of a chief technology officer with “domain” over the federal IT enterprise; and of a chief privacy officer with similar purview, all point to a new level of seriousness and commitment to cybersecurity in the new Administration.

How shall we move next? As a new cyber czar takes this on, many approaches will compete for time, attention and investment.

Should we attack the problem of cybersecurity at the level of hardware or software solutions, moving first to secure servers and computers, or applications and services?

Should we perhaps approach the problem from the level of integrated management, taking up the major vulnerabilities which corporations and governments all face, such as identity management and authentication?

We could focus instead on securing critical business operations – whether power plants, financial payments systems, or next generation civil aviation. At least we’d be assured of lights on, cash available, and planes staying in the sky.

Perhaps we should focus on securing the social web. Millions of citizens use Twitter and Facebook, for example, and we’ll need those during disaster or crisis — or even for everyday “citizen engagement/web 2.0” activities. That digital device in my pocket is my friend and yours. Or, is it an enemy’s on-ramp? At the moment, there’s no saying it’s not both, and that makes the social web risky.

Should we, rather, deal with the “upstream” problem of nation states and criminal organizations who sponsor this stuff, and attack, dismember, and destroy them? Could we do that even if we wanted? Maybe we need them, too – for our own purposes.

Perhaps we should articulate a meaningful doctrine of cyber deterrence which freezes actors, not simply from fear of capture but from the threat of dire consequences to themselves, their families, and their allies. No one has, yet.

Framing the Options: The 10 Challenges We Face

A new cyber security czar will quickly face such choices. Ultimately, the czar will have to translate all into tactical, practical, and actionable options and results. Any strategy for cybersecurity would have to address – have an answer to — these ten great challenges:

1.    The boundary between nation states, rogue states, and criminal organizations is now blurred. As recent Russian-involved cyber attacks on Estonia, Georgia, and now Kyrgyzstan make clear, many groups may concentrate or coordinate attacks for strategic purpose and tactical gain. Any cyber strategy must enable us to deter, detect and thwart such complex, multipronged attacks.

2.    Key global and domestic infrastructures remain vulnerable, even unattended. Do our electronic payment systems, for example, remain exposed? Who has — owns — a clear strategy to define, let alone assure, minimum essential functioning at the retail or wholesale level in the event of attack? We need a cyber strategy that defines the minimum essential level of functioning required for key infrastructures, specifies its requirements, and assures it.

3.    The uptake and adoption of innovation is uneven, and creates risk in pockets. Yet network defense of every node is inherently more difficult than network attack on a single node– especially networks that criss-cross organizations, sectors and nations. We need a strategy that assures adoption of innovation throughout networks and which is consistent with requirements for resilience in our key sectors.

4.    The nation’s welfare is no longer a mere function of government: corporate vulnerabilities create risk for the nation and obligation for private sector initiative and investment. We need a cyber strategy that articulates an effective approach, whether by market or regulation, to secure corporate assets as vital to national security.

5.    With military R&D limited now, commercial R&D proliferates and is widely available as technology both to attackers and defenders; the race to “asymmetric” advantage is based therefore not on technical superiority but on adaptation and response. We need a cyber strategy with a strong translational “bench-to-community” research capability, to move innovation quickly from field, to lab, to field again.

6.    Federal, state and local budgets are severely constrained; the opportunities for massive new infrastructure investments are limited; the capital plant as it exists today will likely be the legacy for the next decade; adapting legacy infrastructure to current and future challenges is therefore critical. We need a cyber strategy that requires few new resources and focuses on retrofitting the existing capital plant to new capabilities

7.    Governance of the national cybersecurity enterprise can neither be czar-like and  autocratic, nor anarchic or idiosyncratic. It must balance wisdom of crowds with communities of expertise. In no sense is governance now specified. Moving to standards, proving capabilities, assuring dynamic resilience are attributes any well-governed enterprise must provide for. We need a cyber strategy whose own process balances well the need for secrecy with public engagement.

8.    Our procedures for acquiring new products and services continue to slow our responses. Our adversaries – smaller, faster, more agile, less constrained – may adapt far more quickly to opportunity, and to our innovations, that we can. We need a cyber strategy which reforms our acquisition and procurement to support requirements for asymmetric advantage in cyberspace.

9.    The move to incorporate informal citizen and user networks under the “web 2.0” banner is unstoppable. It is also highly useful – especially in managing contested or confused domains of disaster, battle, or crisis. Such moves also put information reliability and security at risk. We need a cyber strategy that permits government and industry to take advantage of citizen networks while addressing critical issues in authentication and security.

10.    We have good “point” measures of readiness and capability, but no consistent way to apply them across our extended enterprise. That enterprise is of its nature a Wild-West show; who just came on and came off the enterprise platforms and how did that change risk for all? We need a capability to measure test ever-changing risk, readiness and capability for cyber attack across extended enterprises which cross the boundaries of organizations, sectors and nations.

The Leadership Play: Fixing What’s Wrong

A cybersecurity czar faces critical questions not only of strategy, but of managing a sprawling enterprise over which the czar will have little direct authority or control. What effects will she want to achieve? What’s the right mix of government and industry action to achieve them? Will it be by regulation and enforcement, or laissez-fair market forces? None are perfect. How best to work the levers of change? As a nation, we will explore that next.

[Cross posted to the Harvard Kennedy School Leadership for a Networked World blog.]

I’m returning to blogging after a few months off. I’ve been playing with Twitter, FB, writing, making our numbers, creating some initiatives that with any luck will change the world some for the better, or at least shake it up a bit. That’s what we do, I reckon. A friend and colleague of my dad’s once called this crew “creators and disturbers”. I’ll take it.

I signal my return to blogging, then, recognizing my dad on his 90th birthday. He died somewhere in the mid-90s – I know the date – March 3 – but not the year. The day is easy – three days after my daughter’s birthday, one day after my son’s. Lord giveth, lord taketh away and such.  At graveside, my son asked, “Is that grandpa in that box?” Which, indeed, it was. Lying under a lovely elm in Princeton Cemetery, in view of Princeton Hospital, and in the shade of John Tulane and Grover Cleveland, whom he neither admired nor knew much about but would have enjoyed for their bulk, presence, and apparent orneriness. Tulane’s statue is closest to the edge bounding the University, with his backside turned to the University in some grudge now realized in perpetuity.

Melvin Marvin Tumin was born on this day – February 10, 1919.  Moshe Mordecai Tumin was known as Moishe to his mother Rose and his two brothers Israel and Eddie.  His father Robert was an ordained rabbi who left the rabbinate for an anarchist commune in New Jersey, abandoning three sons and wife in Newark NJ mid-Depression, leaving scars one can only imagine. In his farewell letters, written from a flophouse on West 23rd Street in Manhattan as he lay dying, hacking his lungs out with some ghastly consumption, Bob Tumin made not one mention of his three sons. Dead when my dad was 14, buried as a pauper on Staten Island, he stayed a man of pain and mystery for my dad, I suspect; he never visited that graveside. I weep for my dad’s pain, still. My brother and I are both named for Robert Tumin, even so. Rose insisted on it.  Robert is my first name.

I suspect that one of the reasons my father never visited his own father’s grave — aside from all the obvious things about pain — is that he resoundingly did not believe in what he would call “spooks”.  It was a remarkable transition generation, from generations of rabbis, to teachers, to radicals and rabble rousers, all learned. My dad cut his pais and left home at 15 to become a freshman at the University of Wisconsin at Madison. He was a red – but smart, and deeply read. He wrote a 150-page autobiography at 20, insufferable to a fault. He went on to his PhD at Northwestern, having done his field work in Guatemala in the 1940s and, he mentioned, spied some on Germans there. He came back with awful stomach problems, which ultimately rotted his teeth. He spent his life popping Gelusils and smoking Benson&Hedges which, of course, eventually killed him.

He was a Jew deep in every bone of his body who walked away from the rabbinate and became, instead, a professor at Princeton in 1947, one of the founding members of the sociology department there when it was still embedded in the economics department. He met my mother teaching at Wayne State in Detroit just after Northwestern. Isadore Yarost asked to learn Mel’s intentions towards his daughter Sylvia. These turned out to honorable. They married and set up home in Princeton, New Jersey in 1948.

The story progresses, of course. But the post will end here. Over the year perhaps I’ll share a story or two – and there are good ones — growing up in Princeton NJ as my brother and I did in the 1950s and 1960s.  Today is Melvin Marvin Tumin’s 90th birthday, or would have been. We loved him madly, of course. Sons being sons, wives wives, nieces and nephews, brothers- and sisters-in laws, his own Uncle Martin,  and brothers, and cousins literally too numerous to mention. After all, Rose Yawitz Tumin (later -Fishbein, and then-Gorin! boy, could she bury them!) was one of nine daughters. Wolf Yawitz, the kosher butcher, had no sons.  Rose turned around and had three.  Today and always we remember as much as we can of those three Tumin boys – Mel, Israel and Eddie.

Recently, I saw a “tweet” to an article reporting that Harvard professors were banding together to push their research to the Internet. Well, ok!

While it’s great to put their stuff in the “open”, this barely scratches the surface of the talent — or the output — at Harvard. What about the thousands of Harvard undergrad, graduate students, and staff who constantly write as well? Their work is invaluable as additions to the “conversation,” if not to scholarship.

I use Harvard here both specifically – I’m interested in the place because I trained and work here — but also as a marker for any community with a distinguishing niche or competency, and certainly research institutions.

What’s the problem? There exists huge untapped potential to see, use and advance research going on around the University. Today it lies behind the boundaries of Harvard’s stand-alone schools, and locked into statuses like “student” or “staff”.

That potential represents the University’s greatest assets: its brains and its reputation.

How would we specify/launch a social media capability for Harvard where any student, faculty or staff could post papers, do crowd research, share bookmarks – and collaborate across the boundaries of the schools and statuses?

I’m seeing this, initially, as focused on the professional schools — HKS, HBS, HLS, HSPH, HDS — and on the policy arenas they all touched. I’d see climate, health, national security, for example  as “verticals”, and leadership, technology, regulation, for example, as “horizontals” – though in social media and “socnet” terms I’m not sure how these hold up!

It would be great to create the effect of having cobbled together attributes of existing social media applications, like Twitter, Slideshare, YouTube, Ma.Gnolia/Delicious, Wiki, Alltop, StumbleUpon, Digg, Facebook.

What’s the architecture that does that? How to stitch them together? How to put a string around the community as “Harvard” so that that credential defined the boundary?

Yes, we could add other research institutions, making it a powerhouse.

Does Friendfeed offer a solution, as per this from “socnet” strategist Chris Brogan?

It would be great to sketch this out.

Some people are goofy about police/fire scanners. I never have been, but I’m intrigued by LA Fire Department’s “push” of LA fire updates to its Google group subscribers (or anyone else).  You can get LAFD’s updates by your channel of choice: RSS feed, email, or Twitter (click “follow” LAFD on Twitter, and you’re in). For its part, LAFD pushes its “tweets” via Twittermail – using a web app to send its information to Twitter, which turns around and pushes it to LAFD’s Twitter “followers.”

So, this is important for a couple of reasons. First, LAFD looks like it’s among the only big city public safety agencies making these notifications via Twitter. It’s pathbreaking. Second, 311 and 911 systems are all crunched and looking for ways to divert inbound traffic: Twitter notifications reverse the flow and push updates without using operators.  Third, it’s a pathway — albeit for emergency notification — for government-citizen communication.   But build a channel, and they will come.  Gov Schwartzenegger of CA is already tweeting his “followers” with a flurry of “watch me” updates. He won’t be lonely here for long  – and if you install Twitter as a Facebook application, your own Tweets will keep your Facebook friends company long into the night.

Looks like we’re in the early stages of uptake and adoption, with some mix of goofy kid stuff and industrial-strength applications ricochetting. No one is telling anyone to do it, but in LAFD’s case there’s a bottom-up business driver, it’s low cost,  there’s an enabler, and there’s no org culture blocking the way. That sounds ripe for fast uptake and adoption.

This doesn’t answer the question that Tom Davenport has raised whether this stuff will “transform” government. But emergency notifications, like political campaigns, are important “canaries in a cage” vectors for new-fangled techno entering government. We’re sure to see political leaders and agency heads quickly push this stuff further, faster and more  broadly.

Watching (me and) my age cohort figure out Facebook, Twitter and the like is a little like watching my mother figure out ATM cards (“What is it? Why do you need one?”) Harvard Business School’s Andy McAfee is now first encountering his Twitter angels and demons here, for example, trying to make sense of it all. The whole social networking thing for us older dudes veers to the mortifying , can get downright embarrassing, and remains a bunch incomprehensible, except when you see some breakthrough applications. Well, breakthrough for us, anyway. Then the light goes on, kinda.

US Coast Guard Admiral Thad Allen’s Facebook page is that — it straddles the goofy stoopid kid stuff of Facebook with a corporate leadership play in eye-popping ways.  Admiral Allen is now chronicling his trip north to Alaska — with pictures and text detailing his voyage. The public sees him here; the entire USCG community sees him right next to the troops, on station, seeing what they see. It’s updated every day with his personal comments. So it extends his visibility through the channel they live on, and shows him “in theatre” — no one can say Thad Allen is stuck behind a desk. It makes transparent and democratizes all at once without diluting the Commandant’s rank, stature, or status — actually, one suspects, boosting all. It does wonders, also, for DHS Secretary Mike Cherthoff — visible in the Admiral’s pix in a US Coast Guard uniform!

Yesterday I received a fascinating email to my corporate email address. It was — as far as I can tell– a phishing attack launched as an invitation to (the aptly-named) Snapfish photosharing site. The content of the message is baldly flim-flam — “Computer Central has identified you as …Your name appeared among the beneficiaries who will receive part-payment of US $5.5 million…[etc etc]” But the invitation to click through is decidedly Web 2.0 — “you’re invited to view James’s photos – plus, get 20 FREE prints when you upload your photos to Snapfish.” — all in lovely Snapfish web 2.0 graphics and colors. 

I love the play in “lemming-space.”  The web 2.0 world/wisdom of crowds embraces the unknown user. Yet the unknown user is also the unauthorized user, and the great risk of the websphere.  Gosh, it’s well done — except for the decidely East European cant to the English invitation, it rides the Web 2.0 wave beautifully.

As we ready ourselves at HKS for a late August session with the nation’s food security executives, I have brushed off and posted up a case I wrote eight (8?!) years ago, telling the story of William von Raab, Reagan’s Customs Commissioner. WvR led the charge to consolidate the entire US import/export chain onto a single information platform/knowledge market– the Automated Commercial Environment (hat tips: Tom Eisenmann and Tom Davenport!) As the nation’s produce industry tackles the current salmonella outbreak, it finds itself struggling similarly to gain a clear view of the entire farm-to-fork supply chain when it needs it most… See “‘Automate or Perish’: William von Raab and the US Customs Service,” here .