Associations are Powerful – and therefore Targets for Hackers

Associations are very powerful, particularly in America.

Think about it. Your Doctor is approved by the American Medical Association. Your Attorney is approved by the American BAR association. Your Accountant is approved by the American Association of CPAs (certified public accountants).  A person’s license /certifications may be “recognized” by the government, but ultimately it is a group of peers that form the association.

Americans of all ages, all stations of life, and all types of disposition are forever forming associations… In democratic countries knowledge of how to combine is the mother of all other forms of knowledge; on its progress depends that of all the others.

– Alexis de Tocqueville – Book Two, Chapter V. (source)

This may sound philosophical, and we’ve blogged about this before, but it’s important for associations to remember just how much power they have.  And with power comes great responsibility.


Why? Because it’s logical.

If you were a dictator in a country that had sanctions against it, I dunno, maybe they didn’t allow US Companies to help you drill for your oil reserves and you lacked the technology to do it yourself, wouldn’t it make sense to go after an association of accomplished professionals in that area?

St. Petersburg IP Address Alerts
Security Alerts with  IP addresses (listed as) St. Petersburg Targeting Associations. NOTE: IP Addresses are easy to fake so it could be a false positive.

It sounds horrible, but it is logical in a Machiavellian kind of way.

A story for y’all. I was talking to a client who had a Tendenci Open Source AMS site for a group of students at universities in the liberal arts. He said

nobody is going after English majors“.

“Oh really?” I asked.

Then I asked If any of his students attended X University (really I could have picked any University). He said “yes.” I pointed out that exact University also has extensive Chemistry, Energy and Engineering programs that do cutting edge work.

My point was if you can do spear phishing on a student to get closer to an Engineering Professor with expertise in Directional Drilling, wouldn’t Russia be interested in that? Would North Korea be interested in obtaining information on the latest tech in chemistry? Of course they would.

Those countries might not even be directly doing the hack attempt. But a entrepreneurial hacker knows there is a market for that data. Would Russia buy it? Yes. Would the US buy it? Yes.

My point was simply that if you can infect the computer or phone of one student, any student, then you can get into the network. And then move laterally. You are in.

Again – to the POWER of ASSOCIATIONS:

Americans combine to give fêtes, found seminaries, build churches, distribute books, and send missionaries to the antipodes. Hospitals, prisons, and schools take shape in that way. Finally, if they want to proclaim a truth or propagate some feeling by the encouragement of a great example, they form an association. In every case, at the head of any new undertaking, where in France you would find the government or in England some territorial magnate, in the United States you are sure to find an association. I have come across several types of association in America of which, I confess, I had not previously the slightest conception, and I have often admired the extreme skill they show in proposing a common object for the exertions of very many and in inducing them voluntarily to pursue it.

– Alexis de Tocqueville – Book Two, Chapter V. (source)

This is not to scare users of any association management software. It is pointing out facts and hopefully increasing awareness among NGO technology professionals, association executives, association leadership and in fact (hopefully) the whole country, that there is a serious vulnerability if not addressed seriously.

Who was the villain, the mob or the monster?

Pitchfork Mobs Frankenstein

Mob rule from the movie frankenstein. Who was the villain, the mob or the monster?


Mob rule from the movie twitter/facebook/snapchat. Who was the villain, the mob or the monster?

What is a group. From Swati Gautam on slideshare.
What is a group. From Swati Gautam on slideshare.

We all bind together as a group, but don’t always share the same values.


When we band together but don’t share values, we have low cohesiveness and act as a mob. Queue case studies here.

Slideshare stills from Swati Gautam on Group Dynamics on slideshare.

what happens and how it happens depend on the network

“The crux of the matter is that in the past, networks have been viewed as objects of pure structure whose properties are fixed in time. Neither of these assumptions could be further from the truth. First, real networks represent populations of individual components that are actually doing something ““ generating power, sending data, or even making decisions. Although the structure of the relationships between a network’s components is interesting, it is important principally because it affects either their individual behavior or the behavior of the system as a whole. Second, networks are dynamic objects not just because things happen in networked systems, but because the networks themselves are evolving and changing in time, driven by the activities or decisions of those very components.

In the connected age, therefore, what happens and how it happens depend on the network.”

–               Duncan J. Watts, Six Degrees ““ the Science of a Connected Age

the TRAGEDY of the commons

no dumping allowed CC heyjoewhereyougoingwiththatguninyourhand
CC heyjoewhereyougoing...

When we say “the tragedy of the commons” I really think it should be stated “the TRAGEDY of the commons” to indicate that it really is an all caps TRAGEDY.

Summarized on wikipedia as

(the the tragedy of the commons is) a dilemma in which multiple individuals acting independently and solely and rationally consulting their own self-interest will ultimately destroy a shared limited resource even when it is clear that it is not in anyone’s long term interest for this to happen.

Hardin’s original article on the tragedy of the commons expands on this.

Picture a pasture open to all. It is to be expected that each herdsman will try to keep as many cattle as possible on the commons. Such an arrangement may work reasonably satisfactorily for centuries because tribal wars, poaching, and disease keep the numbers of both man and beast well below the carrying capacity of the land. Finally, however, comes the day of reckoning, that is, the day when the long-desired goal of social stability becomes a reality. At this point, the inherent logic of the commons remorselessly generates tragedy.

Each man is locked into a system that compels him to increase his herd without limit–in a world that is limited. Ruin is the destination toward which all men rush, each pursuing his own best interest in a society that believes in the freedom of the commons. Freedom in a commons brings ruin to all.

Rationally it makes more sense for me to pollute. Rationally it makes more sense for me to over-fish. Treachery in fact pays. In a recession it is logical to steal. There is a reason you see “no dumping” signs by the side of the road – rationally it is more profitable for people to illegally dump than to pay the dump fee. It’s wrong, it’s unethical, it ruins the commons, but it is in fact rational.

And there are only three ways to avoid the tragedy of the commons. ONLY THREE.

  1. Legislative (ex: make it against the law/rules),
  2. Material (ex: tax it like a parking meter or a toll road) or
  3. Social Pressure (ex: make a public negative example of the person, Stockades).

That’s it people. That’s it. There are no other solutions.Yes get creative within those three, but that’s it folks.

People are NOT going to sing Kum Bay Ya and do the right thing if it is in their rational best interest NOT to. Period. Some people will, but all it takes is one rational actor hiding behind Machiavelli. And there is always one. I have written about this before in the three motivations of people.

Understanding this makes listening to political debate painful. Tax the rich to provide health care to everyone else? What is the rational thing to do? To use as much health care (the commons) as possible which would bankrupt the system (irrational result). You would need rules (rationing) or fees (taxes and copays) or social disclosure (social pressure, but not a good idea for health care privacy). Ask a sociologist, that won’t work.

But this post is not about health care. It is about a tragedy of the commons in the form of an office break room. And while I rationally understand that it is in everyone’s rational best interest to not clean it at the end of the day, it is still a tragedy to observe. Rationally they are right to observe it is always miraculously clean in the morning regardless of if they participate in the cleaning!All of the benefits with none of the work. Woot! (a tragic woot, but woot none the less).

Hopefully the team will forgive me for using material motivation (removal of coffee) to encourage dialog and transparency (social pressure) to find a solution (process and procedures to ensure cleaning). And as the person who cleans the coffee pot more than any other, hopefully I’ll be down to only cleaning the coffee pot once a week as I lock up and head home. I can live with once a week.

Netsquared – Jim Forrest of Tech For All notes

JimforrestnetsquaredJim Forrest of Tech For All was the speaker at NetSquared Houston last night. Topics ranged from a discussion of the Tech for All involvement with Katrina relief at the Astrodome in 2005 to a discussion of Houston Hope Neighborhoods.

  • The goal of TechForAll is to "put the tools of technology in low income communities"
  • On Katrina relief in Houston:
    • "50% of the people were found through comments"
    • many did not know the name of the street they lived on
    • many had unique spellings of their first names but the red cross database did not allow you to search on first name (really? seems odd)
    • Yahoo was there from the beginning. Jim said this over and over that Yahoo had the people on the ground in the dome from the start. He spoke very highly of David Filo. Good to hear that.
    • He talked about the Recovery2.0 efforts.
    • Volunteers – fatigue over time. "this notion of social responsibility, it wore off"
    • "At the end of the day there were 56 systems"
  • On Houston, Independence Heights, a Houston Hope neighborhood, still has no city utilities on all streets despite being annexed in the 1928. Definitely no wifi to sign up for the prescription drug plans.
  • In the low income neighborhoods many pay exorbitant rent because of the don’t ask don’t tell aspect of being an immigrant. (can we call this "hush rent"? – ed)
  • The shift from corporations owning computers to leasing has reduced the number of computers available to be given to non profits.
  • Jim talked about Jerome Crowder’s efforts in cultural anthropology. Specifically the photography efforts to give people cameras because they will naturally take pictures of "trusted icons" (can’t find much on that on google though and the link on Jerome’s page is broken)
  • The need for "recovery war games"

For more on Technology for All check out their site and blog.

Wired: Collectivist Versus Individualist Societies and the Individual

An interesting article in Wired on collectivist versus individualist societies and how they treat the individual.

Where Solo Is Sociable (Momus)

<snip>A single person with a free evening in a Japanese city could go to one of these restaurants, a pachinko arcade, a public bath-house, a manga cafe, a cosplay maid cafe, a karaoke bar and other (shadier) places and feel like they were participating socially without being in a couple.

In the West, it seems to me, that isn’t as easy. And that seems counter-intuitive: Shouldn’t individualist societies cater better to the needs of individuals, and collectivist societies cater worse to them? How come it seems to be the other way around?

If the premise is true, then surely some entrepreneur can come up with a way to make more individual friendly establishments in the west.  Incentives…..

Office Move Reminds me of Kitty Genovese

KittygenoveseThe image on the left is of Kitty Genevese from this article on Wikipedia.  I was rereading parts of different books that discussed the bystander effect.

We just moved into a new office, which is cool, but everyone assumes "someone else" sees a given need and surely THEY will fix them.  Two people within the organization are clearly demonstrating civil courage – which if anything causes them to be blamed even more while others continue to say nothing.

Granted, our situation is far less tragic than Kitty’s, but the bystander effect remains in effect.  Even with great people.

Organizational Behavior – When Smart People Make Bad Decisions

I have been reading a lot lately on incentives for individuals within organization.  What motivates different folks, and of course how that affects group actions.  Interesting stuff and hopefully I’ll get an article posted on related to individual incentives soon.

In a different email thread I was pointed to this article (linked below) by Art Berman with the Houston Geological Society (HGS is a client).  The full article is quite lengthy and is somewhat of a tragedy of beaucratic decision making regarding the Tsunami of December 2004.  The full article is worth a read.  My selected excerpts below specifically highlight elements of social psychology that relate to a broader range of situations where individuals apparently lacked incentive to speak up in a convincing manner.

Letters From Jakarta: Indian Ocean Nations Select a Tsunami Warning System

After 12 years of siege, the armies of King Priam awoke one morning to find their Greek opponents gone from the Plain of Troy.  A giant wooden horse stood alone outside the city.  Priam and his men decided to bring the horse inside the walls of Troy to celebrate their victory over the Greeks.  Not all of Priam’ s men, however, agreed with the decision. 

Chief among the king’ s counselors was an elder named Laöcoon.*  Laöcoon and his sons urged Priam to reconsider the decision and to investigate the situation more fully before bringing the horse into the city.  It seemed peculiar, Laöcoon argued, and out of character that the Greeks had departed for no apparent military reason and had left behind a gift.  In addition, he thought he heard sounds coming from inside the horse.  Laöcoon and his sons were killed by the Trojans. The horse was brought into the city and the Greek soldiers concealed within the horse emerged, sacked Troy, and won the Trojan War.

This excerpt below is almost painful to read – mostly because it is likely, inevitable, that gargantuan mistakes like this will occur again in the future!

History is full of astonishing examples of how great states and institutions often consciously pursued policies and strategies that were not in their best interests, and sometimes led to their downfall.  The Trojan horse is the archetypal example of the tendency for smart people to make bad decisions.

In her 1984 book The March of Folly: From Troy to Vietnam, popular historian Barbara Tuchman describes several outrageous examples of smart people who made poor or ill-informed decisions (Conway, 1998).  The Catholic Church managed to lose half of Christendom in the 16th century because seven Renaissance popes consistently ignored advice to abandon secular endeavors and end corrupt practices within the Church.  The British Empire lost America in a war of independence that no one in the North American colony initially wanted or supported, due to failure to adopt minimal measures to satisfy the clear and simple requests from the colonists.  During the decade leading up to World War II, the Japanese Empire convinced itself to attack Pearl Harbor as the best way to avoid violating its cardinal strategy of not becoming involved in a war with the United States!

I will leave conclusions on the Tsunami situation to people far more knowledgeable about nation states and geology than myself.  But after reading Art’s article, I found my mind jumped to something Bishop said at his IABC talk last month.

(in the future) is instantaneous and simultaneous.  If you are not
instantaneous then you’re not there yet.  If your information is not
simultaneously available to everyone then you’re not there yet.“ ““ Peter Bishop Ph.D., Futurist

Communication.  It just keeps coming back to communication which is why I remain interested in social applications of technology.  Like what we are trying to do with Tendenci.

For more fun, see:

Incentive Systems: A Theory of Organizations

Peter B. Clark, James Q. Wilson
Administrative Science Quarterly,
       Vol. 6,
       No. 2
       (Sep., 1961)
           pp. 129-166

View Article Abstract