“Dear/Cher Canadians”, an amazing project to bring people together at a time when we need it the most


A few months ago, I had the privilege to meet Katherine Lou, one of the amazing student behind the “Dear Harvard” site. Just a few days ago, Katherine reached out to discuss a new project: “Dear/Cher Canadians”. Today, just in time for Canada Day, Katherine and six other Canadian youth launched this new site to celebrate Canada Day, and with TELUS Inc.’s help, raise money in support of COVID-19 relief for vulnerable communities and youth across Canada. These “Dear” sites are such a simple concept, and yet such a powerful idea at a time when we can all benefit from expressing gratitude for what we have, and hope for the future. (see the press release for additional detail)

Cybersecurity is not very important – Andrew Odlyzko


University of Minnesota professor Andrew Odlyzko just released a new paper titled Cybersecurity is not very important.  I had an opportunity to review an early version of the paper, and I was eager to see it published on the web.  While the title is a bit provocative, Andrew’s paper brings a critically important perspective to the cybersecurity debate which is too often grounded in fear mongering.

In no way is this an argument that digital hygiene and basic security measures are not important.  It is an argument about being honest and realistic about the state of things in the digital space and putting them in perspective.  Scott and I will surely add this to our required reading for our courses, and I would encourage anyone interested in cybersecurity to read it.

Someone needs to step in and fill the void. DuckDuckGo maybe?


I have had DuckDuckGo (DDG) as my default search engine since probably around 2012. I was curious, and a little nervous at first, but now it seems like it was a good choice.  Now, of course, this is assuming that what goes on behind the curtain at DDG, is entirely consistent with what is being projected to the people who use it.  A search engine that respects/protects your privacy seems too good to be true – yet, DDG seems to have stuck to its original principles.

Teaching on issues relating to privacy, security, and life in the digital space has sensitized me to their critical importance for an increasingly online world, today, and moving forward.  As part of the courses we (Scott and I) teach, we cover news highlights every week, and we have done so for many years. The intersection of technology, security, privacy, social dynamics, etc. is a space we have been watching for a long time. In the past couple of years, it is very clear that slowly but surely, the surveillance marketing economy is being challenged. It is clear that “cool” big techs, doing “great things” for the world are being challenged by the need to prioritize profits based on their current business models over legitimate (or superficial) aspirations to do good for society.

Yet, with all the coverage of bad or questionable behaviors by big platform operators, it seems the general public is still not migrating en masse off of these platforms.  Much of this is possibly because people don’t care about these issues – after all, these issues are more “boiling frog” types of issues (see SocialCooling for a simple introduction to some of these issues, or at least their impact).  But another explanation may be that there doesn’t seem to be a viable alternative in the market.

So it seems as though now would be a good time for someone to step in and create a social network for the rest of us. A social network platform that not only respects people’s privacy, but also one that addresses other major flaws of existing social network platforms. DDG the little search engine that could (actually, not so little anymore…), is one of those companies that seems to have the legitimacy to stand proudly on its early achievements, and do something about this.  If DDG hasn’t explored the idea (and I’d be surprised if they have not), now may be a good time to do so.  And while going from search engine to content platform is a big scary step, I trust the people at DDG would probably do a decent job of it.

Business and government leaders, and the “laws of physics” of technology


I was incredibly excited, this past April, to play a minor role in getting a small event pulled together to celebrate the 20th anniversary of Larry Lessig’s paper “The laws of cyberspace” (Lessig – 1998). A paper that is just as relevant today as it was twenty years ago.

You can see a re-cap of the event here: Force of Nature – Celebrating 20 years of the laws of cyberspace

Government and business organizations, over the past few decades, have (or are on their way to) become technology organizations – whether they are willing to acknowledge it to themselves, or not. Yet, the technical bits have not been, and are increasingly less, the central part of this transformation. As a result, non-technical business and government leaders need to invest time to understand the “laws of physics” of the digital space (cyberspace). Delegating this responsibility to the “technology” people in the organization (CIO, CTO, CISO, etc.) is no longer sufficient.

As highlighted in Larry’s paper, cyberspace is influenced and regulated by four forces: social norms, markets, laws, and “code”. For individual organizations, these forces affect business strategies, products & services, supply chains, and business operations. One needs only to look at the news every week and the debates over such things as Net Neutrality, Privacy, Cybersecurity, GDPR, SESTA-FOSTA, CDA 230, the Cloud Act, etc. to understand why it is becoming critical for business/government leaders to get up to speed on these issues.

We (Scott and I) assign Larry’s paper as required reading for the first week of the classes we teach. I would recommend it to anyone who is in a business or government leadership positions, and appreciates the centrality of technology to every aspect of what they do as an organization.

2017 HKS Exec Ed program “Cybersecurity: at the intersection of technology and policy”


Another successful run of the fantastic program.  Great group of attendees as usual, with representation from all corners of the U.S. Federal government, as well as other countries, and some private sector representatives.  Mind-blowing topics and lectures every day.  And of course, the always fun cyberwarfare exercise on Friday.  See here for more information.  And here, here, here, and here for some feedback on the program


New semester, and over 200 students!


Here we go, another semester starts for CSCI e45a, with the “all online” format that we started last year.  Very exciting and a little scary to have 226 students enrolled. I hope this is an indication that the content of the course is becoming more important and relevant to folks out there!


Another successful run of the Cyber warfare exercise


US CYBERCOMMANDAs part of the Harvard Kennedy School’s Executive Education program on Cybersecurity: The Intersection of Policy and Technology, we ran the cybersecurity warfare scenario that we have used for many years now.  As usual it seemed to be a blast for both participants and organizers.  The original gang was back with professor Jim Waldo leading the charge.  I also had a couple of folks from the Harvard Info Sec team join the fun.

Incidentally, I today I received a patch for the U.S Cyber Command (USCYBERCOM) with an MD5 hash on it: 9ec4c12949a4f31474f299058ce2b22a

It is the hash for the mission statement of USCYBERCOM:

USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

A Herman Hollerith early IBM tabulating machine


Today at the MIT Swapfest, I found and bought a punch card making machine/device.  It is from The Tabulating Machine Company.  The Tabulating Machine Company was founded by Herman Hollerith – initially in 1896 as Tabulating Machine Company, and again in 1905 as The Tabulating Machine Company – to commercialize his tabulating machine which he invented and revolutionized the US Census tabulation process in in the late 1800’s.  In 1911, The Tabulating Machine Company and three other companies came together as the Computing Tabulating Recording (CTR) company, which a few years later in 1924 became International Business Machines corporation (IBM).  But the individual companies in the CTR holding company continued to use their original name until 1933, so this device could have been made anytime between 1905 and 1933.

Hollerith 1 Hollerith 2