Malware is Choking the World

I don't normally comment on the news, but this last week, two events occurred that count as both historic and highly relevant to software eating the world. In the more visible event, in a critical vote in the US Senate last night, 3 Republican senators voted against their own party, leading to a 51-49 defeat of the "skinny repeal" effort to dismantle Obamacare. In response, Donald Trump reiterated his old threat to drive Obamacare to "implode". In the less visible event, earlier this week the US Securities and Exchange Commission (SEC) ruled that the DAO token, the cryptocurrency instrument at the heart of the DAO hack (and subsequent hard fork of Ethereum) should be considered a security, and subject to securities regulations.

These events are significant because they suggest we are navigating a chapter of the software-eating-the-world story that could be titled malware is choking the world. The first event showcases malware in the form of malicious-intent political processes, while the second showcases the more literal kind. Malware, unlike good software, cannot truly eat the world in the positive, transformative sense we usually mean in this newsletter. Left unchecked though, it can choke it. This week's events represent small battles won against malware, but the overall war is being slowly lost. How do we turn the tide?

Digital cryptoducks and old economy ransomware

1/ Software eating the world comprises a pair of complementary forces -- the deconstruction of the old, and the construction of the new.

2/ In an ideal world, both forces would operate in humane ways, seeking a graceful transformation to the extent creative destruction can ever be humane and graceful.

3/ Both the deconstruction and the construction, in practice, operate as arms races between benevolent and malicious actors. Or between good software and malware.

4/ As of mid-2017, in both races, malicious actors have gained a temporary advantage, and are poised to parasitically exploit the transformation for much of the next decade.

5/ Periods of ascendancy by malicious actors during technology transformations are not new. Every major technology transformation has seen such periods.

6/ In the wake of the emancipation proclamation of 1863, which freed slaves in the US, and the rise of large-scale industry, malicious actors dominated in the short term.

7/ The "Reconstruction Era" saw carpetbaggers and Jim Crow laws on the deconstruction-of-the-old-economy side.

8/ On the construction-of-the-new-economy side, stock market scandals featuring figures like Jay Gould manipulating railroad stocks and currency markets dominated.

9/ Back then, the slave-based economic model was the "old economy", while the railroad and telegraph were the core of the new economy, like the Internet today.

10/ There was also financial evolution comparable to the blockchain: the free banking era of 1837-1862 had been succeeded by the first era of non-gold-backed fiat (1862-79) 

11/ This history offers some calibration on what to expect. Despite the early experiment, the US went back to gold and didn't return to true fiat till a century later.

12/ It took a century for the effects of the Jim Crow era laws to be reversed. Even today, voter-id laws in the US are used as thinly disguised means to pursue Jim-Crow ends.

13/ Blue Sky laws (state level investor protection laws) only emerged in 1911, and the SEC only emerged in 1933. Before that scammers ran amok, preying on investor ignorance.

14/ For decades reactionaries fought to reclaim political ground lost to emancipation while scammers preyed on gullible investors eager to invest in the industrial economy.

15/ It took a century to meaningfully install socially progressive changes. And half a century to balance the competing concerns of investor access and investor protection.

16/ Though technology transitions evolve quickly, associated sociopolitical transformations follow a slower, messier timeline, and are deeply vulnerable to malicious actors.

17/ In Carlota Perez's model of these phenomena, the "transition" era between the "installation" and "deployment" phases is notionally around a decade.

18/ For the industrial age, the "transition" peaked in the 1870s but in practice, sprawled messily from the 1860s through the 1890s, with the aftermath playing out over a century.

19/ For the Internet age, the transition peaked in the aughts, but the socially messiest part of the sprawl is still to come.

20/ Technologically, the story is pretty clean and sharp. The proven installation phase technologies (basic computing and communications, computing, and mobile) are in place.

21/ The deployment phase technologies -- machine learning, blockchains, IoT, VR/AR -- are past their early proving stages and into a growth and scaling stage.

22/ But that's the clean subplot. The ugly, messy subplot is the one that's playing out right now, and will dominate the next decade, and to a lesser extent, the rest of the century.

23/ We are dealing with the Internet Age equivalent of carpetbaggers and Jim Crow in the old economy. And scammers and regulators grappling with each other in the new economy.

24/ The events surrounding Obamacare repeal are best understood as a deconstruction story under the control of malicious actors, much like voting laws in the Jim Crow era.

25/ Nobody in the United States denies that the healthcare system is an unsustainable mess, or that Obamacare was at best a deeply flawed stop-gap fix.

26/ Yet, it was also a sincere attempt to create a humane transition out of the unsustainable old equilibrium. The intentions driving it were not malicious overall, whatever the effects.

27/ It is conceivable that under a different Republican President, a sincere attempt to fix the deficiencies of Obamacare, and move to a better compromise, might have played out.

28/ The Trump administration, however, is pursuing what can only be described as a vengeful attempt to dismantle the legacy of the first Black President of the US.

29/ Any differences of opinion concerning healthcare, from any political perspective, take a backseat to the main agenda: reclaiming political power for a class that has lost it.

30/ Last night's failed bill was a content-free legislative farce being forced through the Senate through bullying. Pure malware being installed in the legislative computer.

31/ Lisa Murkowski of Alaska, one of the dissenting Republican senators, was threatened with reprisals for her state by Trump's interior secretary.

32/ She held her ground, but we may never know the details of the bullying and pressure that was brought to bear on the 49 Republican senators who unhappily voted for the bill.

33/ While I'm an obvious partisan in this matter, the picture of bullying and intimidation is being painted by those who voted for it, hoping it wouldn't pass, not opponents.

34/ After the vote failed, Trump tweeted a dark warning of Obamacare "imploding." Coming from the President of the US, such a prediction can only be taken as a threat.

35/ What kind of threat though? Curiously enough, the structure of the threat is most similar to the ransomware of the sort that's been on the rise lately.

36/ In purely structural terms, if the American state is a large and complex governance computer, the Trump administration is malware, specifically, ransomware, within it.

38/ Ransomware operates by encrypting your data and demanding payment in bitcoin in return for supplying the decryption keys allowing you to regain access to it.

39/ Critically, the creators of ransomware have no interest in the thing being held ransom. Only in the fact that it is vulnerable and of value to a party with resources to spare.

40/ What Steve Bannon called the "deconstruction of the administrative state," of which Obamacare repeal efforts are an example, is a process that operates by ransomware logic.

41/ Superficially, Bannon's phrase sounds like digital transformation rhetoric; the goal being to simplify, rationalize, automate and lower costs in aging, sclerotic systems.

42/ The Trump-Bannon model though, operates on the logic of malware: hold mission-critical systems, on which the lives of millions depend, hostage for political ransom.

43/ This isn't digital transformation or software eating the world. It is profiteering based on gaining privileges within a complex system that's in a vulnerable state.

44/ The Trump-Bannon ransomware saga is playing out most dramatically in healthcare, but is also visibly operating in the EPA, the military, and other government operations.

45/ In each case, the specific ideological status quo could be debated. The climate science orthodoxy that used to prevail at the EPA could be challenged in good faith for example.

46/ I am not a climate skeptic, but I am not opposed in principle to sincere skeptics attempting to reform the agency on the basis of intellectual challenges to orthodoxy.

47/ But in each case, what is actually happening is that critical operating assets are being held hostage for political ransom, beneath a paper-thin theater of reform.

48/ That intent to reform, it is clear, is never sincere, and any contrarian ideologies such as climate skepticism are adopted merely as matters of convenience.

49/ In every single case, it is merely a cover story to extract a political ransom. But political malware creators aren't after bitcoin bounties like the makers of WannaCry and Petya.

50/ Payoffs can take economic forms, such as rent-seeking opportunities for cronies and client classes (Trump follows in the footsteps of the inventor of clientelism, Andrew Jackson)

51/ But the more important forms are cultural: political recognition, accommodation of regressive ideologies, and humiliation of perceived enemies, especially uppity, newly enfranchised political actors.

52/ As the hashtag #BTFSTTG ("burn the fucking shit to the ground") suggests, the content of the systems being held hostage is irrelevant. The point of the threat of institutional arson is recognition gain.

53/ The point is to deny control to those who want to govern those systems in ways more meaningfully related to their intended function.

54/ In governance-by-ransomware (ransomocracy?), healthcare isn't about healthcare, and environmental policy isn't about the environment. They are both about ransom.

55/ Horse-trading and backroom dealmaking are always part of legislative processes worldwide. Policy-making always involves arm-twisting and blackmail.

56/ What is different about ransomocracy is that a political ransom largely unrelated to the nominal policy objectives is the sole objective. Control gained to deny it to those capable of actually wielding it.

57/ Pretending that the Trump administration actually intends to pursue policy objectives is like pretending the creators of Petya took control of global shipping to manage it better.

58/ Whatever your views on healthcare, environmental protection, and other matters, this particular approach to pursuing change -- ransomocracy -- should worry you.

59/ Turning to the less visible event of the week, the SEC announcement on DAO tokens, there too, malware -- in this case economic and technological -- plays a role.

60/ A quote attributed to Kat Walsh (@mindspillage) gets to the heart of the matter: "if it quacks like a duck and walks like a duck, it's still a duck, even if it's a digital cryptoduck."

61/ The cryptoeconomy boom of the first half of 2017 saw a great deal of thoughtful and intelligent thinking and experimentation on the fundamentally new possibilities.

62/ As many observers noted, tokens on the blockchain have the potential to be truly new and strange things. They may function in ways we've never experienced before.

63/ Tokens in your browser might manage advertising. Tokens in computer networks might manage traffic flow. Tokens associated with filesystems might manage storage efficiently.

64/ Much of the excitement and promise of the cryptoeconomic is about these strange new transactional forms and behaviors. Protocol economics built around flows of secure private keys.

65/ But the flip side is that the cryptoeconomy also provides convenient cover for very old and familiar malicious behaviors, with zero innovative content.

66/ These include scams patterned on stock market scams, ponzi schemes, and of course outright thefts, as in the case of the $32 million heist from insecure multisig wallets.

67/ These are digital cryptoducks. The thin veneer of novelty cannot disguise very traditional, and often malicious, objectives.

68/ To the extent that tokens are designed to act like, and function in practice like, stocks, they should be regulated like stocks. To the extent they are scams, they should be policed.

69/ If you've dipped a toe in the cryptoeconomy, you will know that it's a wild west of scams out there. Unless you know what you're doing, you're liable to get screwed over fast.

70/ The healthy, positive sign was that the SEC announcement didn't really spook the crypto markets. The market, it appears, was expecting, even welcoming, such regulatory developments.

71/ So long as regulators restrict old playbooks to digital cryptoducks, and treat genuinely new and innovative uses of tokens more imaginatively, this is a positive development.

72/ While blockchain technologies, due to the financial component of their public face, are particularly vulnerable to new economy malware, the same regulatory philosophy applies elsewhere.

73/ In thinking about the regulation of ridesharing, machine learning, or IoT for instance, the "digital cryptoduck" principle is sound. Techno-bs shouldn't obscure obvious intentions.

74/ Glossy apps don't turn intent to defraud drivers into noble ones. The fact that it took the form of sophisticated software doesn't mean Uber's greyball tactics weren't fraud.

75/ Stepping back, it's time to take a hard look at the sheer amount of malware that's part of this big megatrend we call software eating the world.

76/ The Trump administration is not exceptional. Around the world, as the industrial economy declines, political profiteers are rushing to install extractive political malware in the guise of radical positive change.

77/ In every single new economy sector, there are as many scammers looking to take advantage of eager new entrants as there are genuine innovators.

78/ What can you do? The key is what my programmer friend Kartik, who helped me navigate my own wobbly first steps in the cryptoeconomy, calls _infrastructure fluency. _

79/ Stable, mature infrastructure systems, staffed by dedicated experts, are always a breeze to navigate. In the 1980s dealing with banks and post offices wasn't rocket science.

80/ Navigating infrastructure that is either still taking shape, or in the process of winding down, is a much tougher matter. You need much higher infrastructure fluency.

81/ Infrastructure that is in flux, due to either growth or decline, is highly vulnerable infrastructure, with many subtle opportunities for malicious actors to operate.

82/ In the US for instance, if you're not careful in navigating healthcare systems, you could wind up with no access to care, or burdened with enormous medical debts.

83/ Infrastructure fluency there means knowing how to understand health plans, spot potentially dangerous gaps in coverage or risks, etc.

84/ On the new economy front, infrastructure fluency, for instance, means understanding technologies like cryptocurrency wallets and exchanges, and the threat environment.

85/ Buying a stock or fund on the traditional stock market is easy. Online services offer you safe ways to buy and hold investments. There are no mysterious moving parts.

86/ To operate in the cryptoeconomy on the other hand, you need high situation awareness, a nose for scams, and the infrastructure fluency to demystify the mysterious bits.

85/ Online bulletin boards are full of stories of people who have lost money in a huge number of creative ways, from sending ether to bitcoin addresses to being phished.

87/ Infrastructure fluency is finger-tips feeling, necessary for operating in an environment of massive institutional creative destruction. But  it is not sufficient for surviving today.

88/ I have no illusions about my ability to survive long-term in a postapocalytic cryptoanarchy full of cyberpaleo hunter-gatherers. I'd be a sitting digital cryptoduck.

89/ Fortunately, the threshold for survival is not that high. But make no mistake, surviving the next decade, in a world that is being choked by malware, will not be easy.

91/ The most important thing to understand is that we are, in fact, in a different political and economic condition from the one any of us grew up in. Everything is not normal.

92/ Malware is choking the world, and in the US, we are looking at between 3 to 7 more years of this condition at least. But battles are being won, and the tide of the war can turn.

_Feel free to forward this newsletter on email and share it via the social media buttons below. You can check out the archives here. First-timers can subscribe to the newsletter here. You can set up a phone call with me via my profile page. _

Check out the 20 Breaking Smart Season 1 essays for the deeper context behind this newsletter. If you're interested in bringing the Season 1 workshop to your organization, get in touch. You can follow me on Twitter @vgr

Copyright © 2017 Ribbonfarm Consulting, LLC, All rights reserved.