Cybersecurity is not very important – Andrew Odlyzko


University of Minnesota professor Andrew Odlyzko just released a new paper titled Cybersecurity is not very important.  I had an opportunity to review an early version of the paper, and I was eager to see it published on the web.  While the title is a bit provocative, Andrew’s paper brings a critically important perspective to the cybersecurity debate which is too often grounded in fear mongering.

In no way is this an argument that digital hygiene and basic security measures are not important.  It is an argument about being honest and realistic about the state of things in the digital space and putting them in perspective.  Scott and I will surely add this to our required reading for our courses, and I would encourage anyone interested in cybersecurity to read it.


Someone needs to step in and fill the void. DuckDuckGo maybe?


I have had DuckDuckGo (DDG) as my default search engine since probably around 2012. I was curious, and a little nervous at first, but now it seems like it was a good choice.  Now, of course, this is assuming that what goes on behind the curtain at DDG, is entirely consistent with what is being projected to the people who use it.  A search engine that respects/protects your privacy seems too good to be true – yet, DDG seems to have stuck to its original principles.

Teaching on issues relating to privacy, security, and life in the digital space has sensitized me to their critical importance for an increasingly online world, today, and moving forward.  As part of the courses we (Scott and I) teach, we cover news highlights every week, and we have done so for many years. The intersection of technology, security, privacy, social dynamics, etc. is a space we have been watching for a long time. In the past couple of years, it is very clear that slowly but surely, the surveillance marketing economy is being challenged. It is clear that “cool” big techs, doing “great things” for the world are being challenged by the need to prioritize profits based on their current business models over legitimate (or superficial) aspirations to do good for society.

Yet, with all the coverage of bad or questionable behaviors by big platform operators, it seems the general public is still not migrating en masse off of these platforms.  Much of this is possibly because people don’t care about these issues – after all, these issues are more “boiling frog” types of issues (see SocialCooling for a simple introduction to some of these issues, or at least their impact).  But another explanation may be that there doesn’t seem to be a viable alternative in the market.

So it seems as though now would be a good time for someone to step in and create a social network for the rest of us. A social network platform that not only respects people’s privacy, but also one that addresses other major flaws of existing social network platforms. DDG the little search engine that could (actually, not so little anymore…), is one of those companies that seems to have the legitimacy to stand proudly on its early achievements, and do something about this.  If DDG hasn’t explored the idea (and I’d be surprised if they have not), now may be a good time to do so.  And while going from search engine to content platform is a big scary step, I trust the people at DDG would probably do a decent job of it.

Business and government leaders, and the “laws of physics” of technology


I was incredibly excited, this past April, to play a minor role in getting a small event pulled together to celebrate the 20th anniversary of Larry Lessig’s paper “The laws of cyberspace” (Lessig – 1998). A paper that is just as relevant today as it was twenty years ago.

You can see a re-cap of the event here: Force of Nature – Celebrating 20 years of the laws of cyberspace

Government and business organizations, over the past few decades, have (or are on their way to) become technology organizations – whether they are willing to acknowledge it to themselves, or not. Yet, the technical bits have not been, and are increasingly less, the central part of this transformation. As a result, non-technical business and government leaders need to invest time to understand the “laws of physics” of the digital space (cyberspace). Delegating this responsibility to the “technology” people in the organization (CIO, CTO, CISO, etc.) is no longer sufficient.

As highlighted in Larry’s paper, cyberspace is influenced and regulated by four forces: social norms, markets, laws, and “code”. For individual organizations, these forces affect business strategies, products & services, supply chains, and business operations. One needs only to look at the news every week and the debates over such things as Net Neutrality, Privacy, Cybersecurity, GDPR, SESTA-FOSTA, CDA 230, the Cloud Act, etc. to understand why it is becoming critical for business/government leaders to get up to speed on these issues.

We (Scott and I) assign Larry’s paper as required reading for the first week of the classes we teach. I would recommend it to anyone who is in a business or government leadership positions, and appreciates the centrality of technology to every aspect of what they do as an organization.

2017 HKS Exec Ed program “Cybersecurity: at the intersection of technology and policy”


Another successful run of the fantastic program.  Great group of attendees as usual, with representation from all corners of the U.S. Federal government, as well as other countries, and some private sector representatives.  Mind-blowing topics and lectures every day.  And of course, the always fun cyberwarfare exercise on Friday.  See here for more information.  And here, here, here, and here for some feedback on the program


New semester, and over 200 students!


Here we go, another semester starts for CSCI e45a, with the “all online” format that we started last year.  Very exciting and a little scary to have 226 students enrolled. I hope this is an indication that the content of the course is becoming more important and relevant to folks out there!