Legislators tilt at the digital privacy windmill (again).

In the effort to preserve individual privacy in the digital age, hope springs eternal.

The latest endeavor to protect individuals’ privacy in the digital era is legislation introduced this week in the U.S. Senate that would require law enforcement and government authorities to obtain a warrant before accessing the digital communications of U.S. citizens.

Known as the ECPA Modernization Act of 2017, it is bipartisan legislation introduced by two senators known for being polar opposites on the political spectrum: Sen. Patrick Leahy (D-VT) on the left and Sen. Mike Lee (R-UT) on the right.

At present, only a subpoena is required for the government to gain full access to Americans’ e-mails that a over 180 days old. The new ECPA legislation would mean that access couldn’t be granted without showing probable cause, along with obtaining a judge’s signature.

The ECPA Modernization Act would also require a warrant for accessing geo-location data, while setting new limits on metadata collection. If the government did access cloud content without a warrant, the new legislation would make that data inadmissible in a court of law.

There’s no question that the original ECPA (Electronic Communications Privacy Act) legislation, enacted in 1986, is woefully out of date. After all, it stems from a time before the modern Internet.

It’s almost quaint to realize that the old ECPA legislation defines any e-mail older than 180 days as “abandoned” — and thereby accessible to government officials.  After all, we now live in an age when many residents keep the same e-mail address far longer than their home address.

The fact is, many individuals have come to rely on technology companies to store their e-mails, social media posts, blog posts, text messages, photos and other documents — and to do it for an indefinite period of time. It’s perceived as “safer” than keeping the information on a personal computer that might someday malfunction for any number of reasons.

Several important privacy advocacy groups are hailing the proposed legislation and urging its passage – among them the Center for Democracy & Technology and the Electronic Frontier Foundation.

Sophia Cope, an attorney at EFF, notes that the type of information individuals have entrusted to technology companies isn’t very secure at all. “Many users do not realize that an e-mail stored on a Google or Microsoft service has less protection than a letter sitting in a desk drawer at home,” Cope maintains.

“Users often can’t control how and when their whereabouts are being tracked by technology,” she adds.

The Senate legislation is also supported by the likes of Google, Amazon, Facebook and Twitter.

All of which makes it surprising that this type of legislation – different versions of which have been introduced in the U.S. Senate every year since 2013 – has had such trouble gaining traction.

The reasons for prior-year failure are many and varied – and quite revealing in terms of illuminating how crafting legislation is akin to sausage-making.  Which is to say, not very pretty.  But this year, the odds look more favorable than ever before.

Two questions remain on the table: First, will the legislation pass?  And second, will it really make a difference in terms of protecting the privacy of Americans?

Any readers with particular opinions are encouraged to weigh in.

When it comes to city parklands, the Twin Cities of Minneapolis-St. Paul rule.

Minneapolis, Minnesota

Although I lived in five states prior to going away to college, I spent the most time in those formative years of my life residing in the Twin Cities of Minneapolis and St. Paul in Minnesota.

The city parks in both towns are major amenities. Indeed, you could say that the entire fabric of life in the two cities is interwoven with the park systems; they’re that special.  And my family was no exception in taking advantage of everything the parks had to offer.

So it wasn’t much of a surprise to find that both cities are at the very top of the list of U.S. cities with the best parks.

The evaluation is done annually by The Trust for Public Land, and covers the 100 most populous cities in the United States.

The major metric studied is the percent of city residents who live within a 10-minute walk of a park — although other characteristics are also analyzed, such as park size and investment, the number of playgrounds, dog parks and recreation centers in relation to city population, and so on.

In the 2017 evaluation, Minneapolis topped the list of 100 cities, helped by superior park access across all ages and income levels, as well as achieving top scores in park investment as well as the number of senior and recreation centers, plus dog parks.

In total, an incredible 15% of Minneapolis’ entire square mileage is dedicated to park space.

St. Paul was right behind Minneapolis in the #2 slot out of 100 cities evaluated. As visitors to the Twin Cities know, Minneapolis is blessed with seven natural lakes within its borders, whereas next-door St. Paul has just two.  Nevertheless, its commitment to parkland is nearly as strong.

Here’s how the Top 10 list of cities shakes out:

  • #1 Minneapolis, MN
  • #2 St. Paul, MN
  • #3 San Francisco, CA
  • #4 Washington, DC
  • #5 Portland, OR
  • #6 Arlington, VA
  • #7 (tie) Irvine, CA and New York, NY
  • #9 Madison, WI
  • #10 Cincinnati, OH

Several of these cities shine in certain attributes. San Francisco, for instance, scores highest for park access, with nearly every resident living within a 10-minute walk of a park.

Three cities (Arlington, Irvine and Madison), achieved Top 10 ranking for only the second time (all three first made it into the Top 10 ranking in 2016).

What about cities that appear at the bottom of the Trust for Public Land list? They tend to be “car-dominated” cities, where parks aren’t easily accessible by foot for many residents.  For the record, here are the cities that rank lowest in the rankings:

  • #90 (tie) Fresno, CA, Hialeah, FL and Jacksonville, FL
  • #93 (tie) Laredo, TX and Winston-Salem, NC
  • #95 Mesa, AZ
  • #96 Louisville, KY
  • #97 Charlotte, NC
  • #98 (tie) Fort Wayne, IN and Indianapolis, IN
Bottom dweller: A crumbling structure in a padlocked park in Indianapolis, Indiana.

Interestingly, one of these cities – Charlotte – leads all others in median park size (~16 acres). Of course, this likely means that residents’ access to them suffers because there are fewer small parks scattered around the city.

To see the full rankings as well as each city’s score by category evaluated, you can view a comparative chart here.

Based on your experience, do any of the city rankings surprise you? Is there a particular city that you think should be singled out for praise (or pan) about their parklands?

For job seekers in America, the compass points south and west.

Downtown Miami

Many factors go into determining what may be the best cities for job seekers to find employment. There are any number of measures – not least qualitative ones such as where friends and family members reside, and what kind of family safety net exists.

But there are other measures, too – factors that are a little easier to apply across all workers:

  • How favorable is the local labor market to job seekers?
  • What are salary levels after adjusting for cost-of-living factors?
  • What is the “work-life” balance that the community offers?
  • What are the prospects for job security and advancement opportunities?

Seeking to find clues as to which metro areas represent the best environments for job seekers, job posting website Indeed set about analyzing data gathered from respondents who live in the 50 largest metro areas on the Indeed review database.

Indeed’s research methodology is explained here. Its analysis began by posing the four questions above and applying a percentile score for each one based on the feedback it received, followed by additional analytical calculations to come up with a consolidated score for each of the 50 metro areas.

The resulting list shows a definite skew towards the south and west. In order of rank, here are the ten metro areas that scored as the most attractive places for job seekers:

#1. Miami, FL

#2. Orlando, FL

#3. Raleigh, NC

#4. Austin, TX

#5. Sacramento, CA

#6. San Jose, CA

#7. Jacksonville, FL

#8. San Diego, CA

#9. Houston, TX

#10. Memphis, TN

Not all metro areas ranked equally strongly across the four measurement categories. Overall leader Miami scored very highly for work-life-balance as well as job security and advancement, but its cost-of-living factors were decidedly less impressive.

“Where are cities in the Northeast and the Midwest?”, you might ask. Not only are they nowhere to be found in the Top 10, they aren’t in the second group of ten in Indeed’s ranking, either:

#11. Las Vegas, NV

#12. San Francisco, CA

#13. Riverside, CA

#14. Atlanta, GA

#15. Los Angeles, CA

#16. San Antonio, TX

#17. Seattle, WA

#18. Hartford, CT

#19. Charlotte, NC

#20. Tampa, FL

… except for one: Hartford (#18 on Indeed’s list).

Likely, the scarcity of Northeastern and Midwestern cities correlates with the loss of manufacturing jobs, which have typically been so important to those metro areas.  Many of these markets have struggled to become more diversified.

If there are similar characteristics between the top-scoring cities beside geography, it’s that they’re high-tech bastions, highly diversified economies or – very significantly – the seat of state government.

In fact, if you look at the Top 10 metro areas, three of them are state capital cities; in the next group, there are two more.  Not surprisingly, those cities were ranked higher than others for job security.  And salary levels compared to the cost of living in those areas were also quite lucrative.

So much for the adage that a government paycheck is low but the job security is high; it turns out, they both are.

For more details on the Indeed listing, how the ranking was derived, and individual scores by metro area for the four criteria shown above, click here.

The U.S. Postal Services unveils its Informed Delivery notification service – about two decades too late.

Earlier this year, the U.S. Postal Service decided to get into the business of e-mail. But the effort is seemingly a day late and a dollar short.

Here’s how the scheme works: Via sending an e-mail with scanned images, the USPS will notify a customer of the postal mail that will be delivered that day.

It’s called Informed Delivery, and it’s being offered as a free service.

Exactly what is this intended to accomplish?

It isn’t as if receiving an e-mail notification of postal mail that’s going to be delivered within hours is particularly valuable.  If the information were that time-sensitive, why not receive the actual original item via e-mail to begin with?  That would have saved the sender 49 cents on the front end as well.

So the notion that this service would somehow stem the tide of mass migration to e-mail communications seems pretty far-fetched.

And here’s another thing: The USPS is offering the service free of charge – so it isn’t even going to reap any monetary income to recoup the cost of running the program.

That doesn’t seem to make very good business sense for an organization that’s already flooded with red ink.

Actually, I can think of one constituency that might benefit from Informed Delivery – rural residents who aren’t on regular delivery routes and who must travel a distance to pick up their mail at a post office. For those customers, I can see how they might choose to forgo a trip to town if the day’s mail isn’t anything to write home about — if you’ll pardon the expression.

But what portion of the population is made up of people like that? I’m not sure, but it’s likely far fewer than 5%.

And because the USPS is a quasi-governmental entity, it’s compelled to offer the same services to everyone.  So even the notion of offering Informed Delivery as “niche product” to just certain people isn’t relevant.

I guess the USPS deserves fair dues just for trying to come up with new ways to be relevant in the changing communications world. But it’s very difficult to come up with anything worthwhile when the entire foundation of the USPS’s mission has so been eroded over the past generation.

Where’s the Best Place to Live without a Car?

For Americans who live in the suburbs, exurbs or rural areas, being able to live without a car seems like a pipedream. But elsewhere, there are situations where it may actually make some sense.

They may be vastly different in nearly every other way, but small towns and large cities share one trait – being the places where it’s more possible to live without a car.

Of course, within the larger group of small towns and larger cities there can be big differences in relative car-free attractiveness depending on differing factors.

For instance, the small county seat where I live can be walked from one side of town to the other in under 15 minutes. This means that, even if there are places where a sidewalk would be nice to have, it’s theoretically possible to take care of grocery shopping and trips to the pharmacy or the cleaners or the hardware store on foot.

Visiting restaurants, schools, the post office and other government offices is also quite easy as well.

But even slightly bigger towns pose challenges because of distances that are much greater – and there’s usually little in the way of public transport to serve inhabitants who don’t possess cars.

At the other end of the scale, large cities are typically places where it’s possible to move around without the benefit of a car – but some urban areas are more “hospitable” than others based on factors ranging from the strength of the public transit system and neighborhood safety to the climate.

Recently, real estate brokerage firm Redfin took a look at large U.S. cities (those with over 300,000 population) to come up with its listing of the 10 cities it judged the most amenable for living without a car. Redfin compiled rankings to determine which cities have the better composite “walk scores,” “transit scores” and “bike scores.”

Here’s how the Redfin Top 10 list shakes out. Topping the list is San Francisco:

  • #1: San Francisco
  • #2: New York
  • #3: Boston
  • #4: Washington, DC
  • #5: Philadelphia
  • #6: Chicago
  • #7: Minneapolis
  • #8: Miami
  • #9: Seattle
  • #10: Oakland, CA

Even within the Top 10 there are differences, of course. This chart shows how these cities do relatively better (or worse) in the three categories scored:

Redfin has also analyzed trends in residential construction in urban areas, finding that including parking spaces within residential properties is something that’s beginning to diminish – thereby making the choice of opting out of automobile ownership a more important consideration than in the past.

What about your own experience? Do you know of a particular city or town that’s particularly good in accommodating residents who don’t own cars?  Or just the opposite?  Please share your observations with other readers.

The downside dangers of IoT: Overblown or underestimated?

In recent weeks, there has been an uptick in articles appearing in the press about the downside risks of the Internet of Things (IoT). The so-called “Weeping Angel” technique, which essentially allows hackers to turn a smart television into a microphone, is one eyebrow-raising example included from the CIA files released by WikiLeaks recently. Another is the potential for hacking into the systems of autonomous vehicles, enabling cargo to be stolen or the vehicles themselves to be held for ransom.

Some of it seems like the stuff of science fiction – or at the very least a modern form of cloak-and-dagger activity. Regular readers of the Nones Notes blog know that when we’re in the midst of a “collective angst” about a topics of this nature, I like to solicit the views of my brother, Nelson Nones, who has been in the fields of IT and operations management for decades.

I asked Nelson to share his perspectives on IoT, what he sees are its pitfalls, and whether the current levels of concern are justified. His comments are presented below:

Back in 1998, I was invited to speak about the so-called “millennium bug” (also known as the “Y2K bug”) at a symposium in Kuching, Malaysia. It was a hot topic at that time, because many computer systems then in use hadn’t been designed or built to deal with calendar dates beyond the end of the 20th century.  

The purpose of my presentation was to educate the audience about the nature of the problem, and how to mitigate it. During the question-and-answer session which followed, a member of the audience rose and began to speak rather hysterically of the threat which the millennium bug posed to civilization as we knew it.  

His principal concern was the millions of embedded sensors and controllers in use throughout industry which were not programmable and would therefore need to be replaced. In his view, very few people knew which of those devices were susceptible to the millennium bug, or where they were running.  

As a result, he felt that many flawed devices would go undetected, causing critical infrastructures such as power generation plants, electricity grids and aircraft to fail.  

Needless to say, his dire predictions did not come to pass and humankind sailed into the 21st century with barely a murmur. This isn’t to say that the millennium bug wasn’t a real threat – it certainly was – but rather that providers and users of information technology (IT) mostly did what was necessary to prepare for it.  As Britain’s Guardian newspaper reported in April 2000, “In truth, there have been bug incidents … none of this, however, adds up to global recession, or infrastructure collapse, or accidental nuclear war, as the most heated prophets were anticipating.”  

It is for similar reasons that I take much of today’s hype over security vulnerabilities of IoT with more than a pinch of salt. 

It’s worth noting that, technologically speaking, IoT isn’t really very new at all. As the prophet of doom at my 1998 symposium (correctly) observed, sensors, software, actuators and electronic controllers have been integral components of automated industrial systems for the past thirty years at least.   

What’s new is that these technologies have begun to be accepted and deployed by consumers. I say “begun” because I don’t know anyone who has actually rigged a “smart home” to work in the all-encompassing way breathlessly envisioned by purveyors of home automation technology; but I do know people who use the technology for specific purposes such as home security, thermostat control and recording TV programs.  

Just last week I spoke with someone who is beta testing a self-driving Tesla automobile, but he confessed that he still won’t take his hands off the wheel because he doesn’t really trust the self-driving technology yet.  

What’s also new is that businesses are extending their use of sensors and controllers well beyond the confines of plants, factories and warehouses. For example, trucking companies routinely use global positioning system (GPS) sensors to monitor fleet locations in real-time.  

Aircraft engine makers such as Rolls-Royce and GE rely on management and monitoring systems to transmit information from sensors to ground stations for real time analysis, during flight.  Many problems which are detected in this manner can be instantly corrected during flight, by relaying instructions back to controllers and actuators installed on the engine.  

The common denominator for what’s new is the use of existing Internet infrastructure; hence the “I” in “IoT.”  

In earlier times, sensors, software and electronic controllers could communicate only through local area networks (LANs) which were physically isolated and therefore impermeable to external attacks. But when those devices are connected to the public Internet, in theory anyone can access them — including cyber-criminals and governments engaged in sabotage or espionage, or who want to hold things for ransom, surreptitiously watch live feeds, or deploy botnets for distributed denial of service (DDoS) attacks.  

It is clear, therefore, that the root causes of privacy and security concerns arising from increasing IoT usage are mainly network security lapses, and not the things themselves.

Ensuring the highest possible degree of network security is no easy task. Above and beyond arcane technical details such as encryption, installing network firewalls, and opening and closing of ports, it means deploying multiple layers of defenses according to specific policies and controls, and that requires skills and knowledge which most consumers, and even many businesses, do not possess. 

Still, one doesn’t have to be a network geek to implement basic security mechanisms that far too many people overlook. In search of easy pickings, cyber-criminals usually prefer to exploit the huge number of unlocked doors begging for their attention, rather than wasting time trying to penetrate even slightly stronger defenses.   

For example, many people install wireless networks in their homes but forget to change the default router password and default network name (SSID) – or they pick a password that’s easy to guess. In addition, many people leave their network “open” to anyone having a wireless card by failing to implement a security key such as a WPA, WPA2 or WEP key, or by choosing a weak security key.   

An attacker can discover those lapses in a matter of seconds, or less, giving them full administrative authority and control over the compromised network with little risk of detection. This, in turn, would give the attacker immediate access to, and remote control over, any device on the network which is switched on but does not require authentication; for example, network printers, data storage devices, cameras, TVs and personal computers (PCs) which are not configured to require a user logon. 

Plugging those security holes doesn’t require specialist knowledge and shouldn’t take more than an hour for most home networks. Recognizing the security concerns, an increasing number of hardware and software vendors are preconfiguring their products in “full lockdown” mode, which provides basic security by default and requires users to apply specialist knowledge in order to open up their networks as necessary for greater convenience.  

This is precisely what Microsoft did over a decade ago, with great success, in response to widely publicized security vulnerabilities in its Windows® operating system and Internet Explorer browser. 

It’s all too easy to imagine the endgames of hypothetical scenarios in which the bad apples win by wresting control over the IoT from the good guys. But just like the millennium bug nearly two decades ago, it is wiser to heed the wisdom of Max Ehrmann’s Desiderata, published back in 1927:  

“Exercise caution in your business affairs, for the world is full of trickery … but do not distress yourself with dark imaginings.”  

Going forward, I’m confident that a healthy dose of risk intelligence, and not fear, will prove to be the key for successfully managing the downside aspects of IoT.

_________________________

So those are Nelson’s views on the Internet of Things. What about you?  Are you in agreement, or are there aspects about which you may think differently?  Please share your thoughts with other readers.

Some good news for the U.S. Postal Service for a change …

psThe U.S. Postal Service has just implemented a price adjustment on first class letter mail – the first rate increase in quite a few years. Some other pricing adjustments have been implemented as well, but on the whole they are modest.

Hopefully the rate increases won’t throw water on the good news that the USPS experienced over the holiday season. According to a Rasmussen Reports consumer survey of ~1,000 American adults age 18 and over conducted at the end of December, Americans used the USPS more in the most recent holiday than in the 2015 season.

The public also continues to give the USPS higher marks than its major competitors – FedEx and UPS – on the way it handles their packages.

For the record, ~21% of the respondents surveyed by Rasmussen reported that they used the U.S. Postal Service more this holiday season than they have in previous years, while ~18% reported they used it less. The remaining ~61% kept their USPS usage at around the same level of activity.

On the commercial side, for many businesses who do not have the kind of high volume shipping needs to qualify for special pricing from FedEx or UPS, the USPS also appears to be a far more lucrative choice from a price-to-value relationship.

usIn mid-2015, FitSmallBusiness.com undertook apple-to-apples comparisons of the three big package delivery firms, and found some startling differences.  For example, to ship a 3-lb. package overnight-delivery from New York City to Los Angeles, using FedEx would set the sender back $83.  UPS was even worse, at $84.

The USPS price?  Just $24.99.

Comparing short-haul rates as well as heavier 10-lb. packages found similar major discrepancies — all in favor of using the U.S. Postal Service. On top of that, the USPS provides free packaging materials, complimentary pick-up service, free insurance and tracking — not to mention flat-rate boxes for packages that weigh up to 70 lbs.

feSealing the deal further, while FedEx’s 50,000+ and UPS’s 63,000+ locations worldwide are certainly nice to rely on, the number of USPS locations dwarfs those figures by a country mile. Those myriad USPS locations also mean that packages can be shipped to P.O. boxes in addition to physical addresses – something that’s out of the reach of either FedEx or UPS.

People love to beat up on the United States Postal Service.  But say what you will about the USPS, its problems and its financial challenges, they’re still a major-league bargain for many consumers and businesses.