The mad rush to be first with a blog leads to conspiracy theory or badly researched articles. Time to make haste slowly...
Everybody loves a good conspiracy theory. There's something inherently satisfying in thinking you have special, secret knowledge that has escaped the wider population. Unsurprisingly, the computer security community has its fair share of such theories.
It is sometimes assumed that smart, educated people are inoculated against conspiracy theories. Sadly, this isn't the case. As Michael Shermer, publisher of Skeptic magazine succinctly puts it, “Smart people believe weird things because they are skilled at defending beliefs they arrived at for non-smart reasons”.
A recent example involves INDECT (www.indect-project.eu), an EU-funded (and therefore, according to the UK tabloids, automatically evil) five-year research project to automatically analyse various surveillance data to detect crimes in progress – then attempt to identify the criminal parties involved.
This is an area fraught with ethical questions, but it is a research project, not a scheme for world domination. Not everyone shares my view of INDECT – and they have been discussing its potential problems in internet forums (http://tinyurl.com/37pe462, for example).
Some view surveillance technology as automatically bad. The real world is a much muddier area where, like most technologies, surveillance is ‘dual use' and can either be a benefit to law enforcement or, if overused, become a threat to civil liberties.
Others have even decided that the EC's Cordis FP7, the funding structure that pays for the project (http://tinyurl.com/6hlzhr), is some sort of overseeing evil empire scheme. A quick review of the website should satisfy anyone that it is far more mundane. Indeed, I would love to hear the conspiracy theorist's assessment of such FP7-funded projects as KBBE.2010.1.2-08, aka ‘Improving European mollusc aquaculture'.
In September, the German Pirate Party (Piratenpartei) ‘leaked' some INDECT documents (I use the word loosely, as almost all project documents are available on the public website anyway). This led to a number of reports on the ‘Orwellian' INDECT project in the popular press, all rather one-sided and poorly researched.
If the print media fall victim to this sort of snap judgment, the blogosphere is way ahead. The publication cycle online is measured in hours rather than days, and unfortunately this results in a mad rush to be first out with some useful or insightful analysis of recent events. The result is that a lot of blog posts fail the sort of verification and investigation expectations of a properly researched article, but get accepted in the same fashion by their readers.
This isn't a problem when such pieces are taken in context, but sadly the provenance of online publications is often ignored.
Back in the 1950s, colonel John Boyd of the US Air Force came up with the idea of the ‘observe, orient, decide, act' (OODA) loop, originally for combat operations, but later applied to commercial operations. Boyd himself said that the most critical phase of this process was the ‘orient' one, where new information is placed in the context of previous experiences and cultural norms.
In many online publications, this is often short-circuited to ‘observe – act'. The orientation phase is either ignored or replaced with the natural tendency to bend new evidence to fit an existing mind view.
Unfortunately, there's not much sign of this state of affairs improving. To get publicity and all-important commercial interest, it is necessary to react quickly and, ideally, dub the new threat or vulnerability with a name, for instant fame. When was the last time you heard an on-screen or online ‘talking head' respond with, “Well, at the moment, there's not enough information to make a sensible comment”?
As they say in the intelligence community, first reports from the field are almost always wrong. That's not a problem – until they get reported as fact to reinforce the latest conspiracy theory or poorly researched argument.
It seems patience is a virtue we all still need to work on.