innovation

A 12-post collection

Uber & Regulatory Lurch

jj-ying-215292

Today Transport for London (TfL), the body responsible for regulating transportation in London announced something surprising: they will not be renewing Uber’s licence to operate in London, and Uber will have to stop providing its service in the coming months. Of course, there was an understandable uproar from the 40,000 Uber drivers currently making a living from driving in the capital, as well as the millions of passengers that use the service every day. Uber will appeal the decision, but TfL may decide to uphold the ban.

The Regulatory Decision

The reasons TfL have given to suspend Uber centre upon one major judgement. In the report, TfL states that:

Uber's approach and conduct demonstrate a lack of corporate responsibility in relation to a number of issues which have potential public safety and security implications

Read the full report

It is certainly true that Uber hasn’t been a perfect corporate citizen in recent years. Its corporate culture has been shown to be hideously sexist, it has bullied its staff and systematically underpaid its drivers. The judgement made by TfL doesn’t directly reference this behaviour, though, and despite Uber’s activity being undeniably abhorrent it doesn’t directly relate to the public safety and security implications raised by TfL.

Surely if public safety issues were brought to TfL’s attention - as they have been in the past - it would have been appropriate for them to revoke Uber’s licence before it came up for renewal after five years. When it comes to public safety, how is it possible that the issues TfL has cited have only become apparent at the exact moment that the licence needs to be reviewed? In this way the decision seems like a general moral judgement rather than one related specifically to safety.

Regulatory Lurch

The pace of change in today’s world has resulted in regulators being left behind. I’ve identified this in many areas - from crypto currencies to data and education. Sadly, the regulatory approach to technology is often doing nothing for many months or years, and then rather than engaging with the inevitable social and political issues that this technology raises, banning the technology completely.

On the same day that TfL made its regulatory ruling, Jamie Dimon the Chief Executive of JPMorgan made a comment about crypto currencies:

Right now these crypto things are kind of a novelty. People think they're kind of neat. But the bigger they get, the more governments are going to close them down
See full video

This is exactly the same approach that TfL has taken with Uber - permissive at the beginning so that the technology is able to proliferate, resulting in ambiguous employment relationships and unfair competition, and then - unable to control it - aggressively punitive at the end, shutting the entire service down.

regChart

This regulatory lurch - moving from absolutely zero regulation to a ban - is hugely damaging to innovative efforts and acts to characterise entire technologies and activities as illegal without trying to identify the benefits and actively engaging in the debate. Simply banning Uber will not solve the issue of insecure employment for workers, or the fact that many people who are able to act as taxi drivers were prevented from doing so because of extensive regulation in the past. Firms like Deliveroo and Amazon operate with these principles too; will the government shut down these operations as well? Where is the line drawn?

Engagement is the answer

These decisions are damaging. Not just for Uber, but for the 40,000 who drive for the company and the 3.5 million people who use the service. By engaging early with disruptive technologies regulators can actually help to shape services, forcing them to be socially responsible as well as profitable. By ignoring the issues until the last moment no one wins: consumers get a worse service, drivers lose their jobs and the important social and political issues raised by peer to peer technology are - conveniently - swept under the rug.

[LINK]

The Ethics & Governance of Decentralisation

Decentralised systems have the power to transform the way that we live and do business. Up until a few years ago if you wanted to start a company you needed to do it in a particular jurisdiction, usually a country. Today, using the Ethereum network you are able to start and manage a company, mint your own coin & create secure ways to vote on key topics without having any one country's backing. Disputes are reconciled by impartial smart contracts - bits of code that make decisions in a computational way, arbitrated by thousands of nodes based around the world. If one of the nodes goes down it doesn't matter - others will pick up the slack.

nodes

The distribution of Ethereum nodes, from Ethernodes

Decentralisation & Anarchy

The debate around decentralisation from a political standpoint isn’t new. The political philosopher Alexis de Tocqueville wrote in 1840 that:

Our contemporaries are constantly excited by two conflicting passions; they want to be led, and they wish to remain free: as they cannot destroy either one or the other of these contrary propensities, they strive to satisfy them both at once. They devise a sole, tutelary, and all-powerful form of government, but elected by the people. They combine the principle of centralization and that of popular sovereignty; this gives them a respite: they console themselves for being in tutelage by the reflection that they have chosen their own guardians.

Modern governments work because they combine elements of centralisation and control - they hold the monopoly of the legitimate use of violence, for example - with decentralised rule: you are able to decide who is in power with a democratic vote. What de Tocqueville highlights, though, is the need for both elements of governance. A purely centralised government leads to tyranny and an exclusively decentralised government leads to anarchy.

Unrestricted decentralisation is a threat for government - and decentralised currencies and tokens are no different. In the past few days China has legislated for a “comprehensive ban” on crypto currency exchanges. This ban is seen by many as an inevitable outcome of an innovative technology moving quickly; it’s easier to ban that to regulate, but eventually the technology will prevail. However, the problems with decentralisation run much deeper than this - something that de Tocqueville predicted in the mid 1800s.

alexis-de-tocqueville

Alexis de Tocqueville - The first crypto philosopher?

Decentralisation creates a moral vacuum

The reason political systems have evolved to have elements of both centralised & decentralised systems is because decentralisation on its own creates a world that is just as tyrannical, cold and morally ambiguous as the most despotic dictator. In Ethereum’s short life we’ve already seen examples of this. For example, The DAO - a digital decentralised autonomous organisation - was created in May 2016. It raised more than $150 million, with the aim of distributing funds to ventures that people could vote on.

In June 2016 a hacker stole around $50 million of the DAO’s funds. Though there is still dispute as to who was behind the attack - a note supposedly from the hacker read:

I am disappointed by those who are characterizing the use of this intentional feature as "theft". I am making use of this explicitly coded feature as per the smart contract terms and my law firm has advised me that my action is fully compliant with United States criminal and tort law. For reference please review the terms of the DAO
Read Full Text

In one sense they were right - in a decentralised network the only truth is what is in the smart contract. One of the critical elements of a judicial system - discretion - is removed, and every decision is subject to the cold and calculated world of computer as judge and jury.

Whilst the attacker of the DAO undoubtedly abided by the rule of the law (i.e they didn’t attempt to change the DAO to remove the funds, they simply exploited a well known vulnerability) they did not abide by the spirit of the law which can be characterised as: don’t take things that aren’t yours. The Ethereum community agreed that a “hard fork” should take place - reversing the transaction that allowed the attacker to steal the cash and reversing the currency. This fork created two currencies: “Ethereum classic,” the original currency with the theft in place and “Ethereum” which returned the tokens to their rightful owners. Vitalik Buterin, the creator of Ethereum wrote in July 2016 that:

We would like to congratulate the Ethereum community on a successfully completed hard fork. Block 1920000 contained the execution of an irregular state change which transferred ~12 million ETH from the “Dark DAO” and “Whitehat DAO” contracts into the WithdrawDAO recovery contract.
Read Full Text

As Alexis de Tocqueville noted, the best systems of governance has elements of both centralised & decentralised systems, perfectly executed in the DAO example. Though many would argue systems like Ethereum are completely decentralised, in order to avoid morally dangerous outcomes there needs to be regulation and decision making that comes from trusted gatekeepers. A world of complete decentralisation leads to anarchy.

The future of decentralisation

Decentralised technologies are here to stay, but in their current form simply aren’t compatible with the ethical requirements of a civilised society. Regulation isn’t bad - bad regulation is bad - and turning a blind eye to systems trying to revolutionise the way that we do the most fundamental things in our lives isn’t the answer. There must be an interplay between governments and decentralised systems - to ignore either isn’t utopian: it’s dangerous.

[LINK]

Hiring & purpose

One of the implications of the phrase “every company is a technology company” is that suddenly it’s not just traditional tech companies that have to hire developers or data scientists. Yes, it is possible to outsource and use people as a service solutions; but in critical positions talent with a deep technical & business understanding are required. This is a significant problem for recruitment professionals - you’re now not just competing with your industry for talent, your competing with the some of the richest (and coolest..) technology companies in the world too.

One organisation that doesn’t have issues with hiring, despite being relatively small, is Aragon, a company co-founded by Luis Cuende, 20, that recently raised €25 million in 1.5 minutes by selling ANTs (Aragon network tokens). Aragon is a DAO (Digital Decentralised Organisation) - and described as a “Decentralised Infrastructure for Value Exchange”. In essence what this means is that it’s a way for founders to create companies that are stateless, with their cap table, by laws and corporate structures defined by decentralised smart contracts rather than a central (country) authority.

So what does this have to do with hiring? Well, in one sense Aragon isn’t particularly remarkable. There are lots of organisations that facilitate the creation of companies - in many ways Aragon shares a lot of similarities with multinationals like PwC and KPMG - both can establish and help you run a company. Admittedly the traditional players use centralised methods, but it seems like this is a change in the “how” not necessarily the “why”. Yet whilst traditional accountancy firms are struggling to hire the best people - Cuende has the opposite problem:

purposequote1

The easy answer to this question is to say that people want to work for Aragon because it’s a cool, small and young company. However, the real answer lies slightly deeper. When you look at the way that Cuende talks about Aragon it’s clear that he doesn’t see it as just another corporate services firm.

purposequote2

He’s written extensively about the ways in which he believes decentralisation will change the world, with blog posts that could might be considered slightly hyperbolic by some large corporate. Nevertheless, after reading the literature surrounding Aragon there is no doubt that the company is attempting to reshape and change the world to rid it from the tyranny of centralisation (and make a profit whilst doing so). Whether it succeeds in its mission is another question, but the clarity and ambition of the organisation is undoubtably one of the reasons why so many talented people want to be part of the company.

This purpose driven approach isn’t just applicable to small start ups - Kersti Kaljulaid the president of Estonia has presided over the Estonia e-residency scheme which has seen over 1,000 new companies and more than 2,000 entrepreneurs register to administer their business. Cynically speaking this could have a dramatic effect on the amount of tax paid to the Estonian government, but from a purpose standpoint Kaljulaid speaks in Cunde’s language: encouraging any entrepreneur who believes in a digital first future to sign up to the e-residency scheme and change the world for the better.

Purpose, like brand, is something easy to discount in the seemingly utility driven tech marketplace, but the most successful organisations are harnessing and communicating their purpose to attract the best and most innovative people to join them on their mission. An essential first step is to determine and agree on what that mission actually is.

[LINK]

Working with hackers

Of all the topics I speak about the one that provokes the most controversy is related to hackers. The idea that respectable companies would ever work with people who are good at breaking into systems is seen, at best, as a counter intuitive strategy, and at worst as a trivialisation of what may be the most significant problem facing the criminal justice system today. A comment I’m often surprised by is: “can’t we just lock them all up”?

marc

This “lock them up and throw away the key” approach is shared by several governments around the world, including the United States. The FBI recently charged 22 year old Marcus Hutchins - the security researcher that accidentally stopped the spread of the Wannacry ransomware - with selling banking malware. There is a substantial amount of evidence to suggest that a number of years ago Hutchins may have been involved in this sort of activity (at the age of 17), and he now faces 40 years in a federal prison. The US government’s response to the challenging issue of cyber crime is to make examples of people they’re able to arrest or extradite - regardless of whether it takes almost a decade (in the case of Kim Dotcom, an eccentric billionaire charged with copyright infringement) - or if the sentence seems hugely disproportional to the crime. In the sentencing of Ross Ulbright, the creator of the drugs marketplace Silk Road, the judge explicitly referenced the danger that cyber crime poses to society as a whole, and handed down a more severe sentence than even the prosecution asked for: life without the possibility of parole. For the judge in Ulbright’s case, the issue was simply one of deterrence.

Much like the war on drugs, this deterrence led approach isn’t working. Last week Equifax announced they were subjected to a data breach affecting 143 million Americans (nearly half the US population), a systems compromise that is just one of many high profile hacks this year. Ironically too as the US attempts to lock up every hacker they can lay their hands on it’s estimated that Europe faces a cyber security skills gap of 350,000 workers by 2022.

The Catch Me If You Can approach

What do you do with the best bank forger of his generation? Let him rot forever in prison? At the end of the film Catch Me If You Can Frank Abignail is offered a deal: work with us to catch other forgers and secure bank systems and we’ll reduce your sentence. Unless you’re a hardline absolutist this makes a lot of sense - why waste a talent when you can use it to prevent more bad occurring?

Many companies and governments are going a step further than this traditional method of collaboration in their attempts to work with hackers. Tesla encourages and rewards hackers that compromise their systems, as long as they disclose the vulnerability. This year a group of Chinese hackers did just this - and Tesla were thrilled about it.

hackquote-1

In a similar way GCHQ in the UK have begun to work out that treating hackers as run of the mill criminals may not be the most effective approach. They recently trialled a rehab camp where young hackers that had been caught would be given the opportunity to work with the security forces. One of the quotes from an attendee of the programme was that they didn’t even realise that working to prevent hacks was a real profession.

When a developer found several security holes in in HMRC’s website it was hugely challenging to even report the problems - not the best indication that the government is interested in any sort of collaboration with the security community - let alone young hackers in their bedroom.

Thinking differently

Even the US government is starting to think about different approaches to their cyber security problems - though their justice system doesn’t appear to be getting the memo. The US Army ran a scheme called “Hack the Pentagon” which encouraged ethical hackers to hack into the pentagon with a reward if they disclosed their exploits. It took just 13 minutes for the first issue to be reported.

hackstats

One of the most interesting things about the “Hack the Pentagon” event was that generals admitted that it was actually quite difficult for hackers to collaborate with the US government.

hackquote2-1

There will always be hackers uninterested in collaboration & who will always aim to make money via illegal methods - this is criminal activity - but when companies or organisations make no effort to engage young hackers is it any wonder that they get drawn into the darker places on the web? There is another way; and creating a strategy and framework to allow external hackers to collaborate with you, rather than compromise you, has got to be the first step.

[LINK]