The subtitle of this Privacy Symposium is “Privacy in Transition.”  Well timed.  I look around my neighborhood and my city and I can practically see those transitions in real time.  I’ve talked about the security cameras in my neighborhood before.  This weekend, the Washington Post reports that DC is planning on sing license plate readers to “fight terrorism.”  Find stolen cars - sure.  Find Osama bin laden - not so much.  The District has got to release data retention plans for this data quickly.  For now, the word is that this data will not be retained.  The systems checks plates against “Federal databases” and looks for matches.  (How long until we have a No-Fly list equivalent of license plates?)  I have to imagine that the data retention policy will change very quickly.  How long until third parties get access to this data?  I can see the District using the revenue it makes from selling access to this data to divorce lawyers to pay for school repairs.

At any rate, I’ll be in Cambridge this week mulling some of these ideas over hearing more on matters like these.  See you there.

Day 1 - A Good Start

After Shamshu (or Uncle as he is known in the office) picked me up at oh-dark-thirty, we headed to the office. There in watching everyone try and get organized, I introduced him to the expression “herding cats.” I knew I was in for a good time when I noticed dried vomit festooned on the side of the bus. Shortly after, Shamshu asked, with a slight malevolent grin, “Do you get the motion sickness?” I do, Shamshu, I do indeed, but I had prepared for such a situation by doping up appropriately.

So off we went, about 2 hours later than we were supposed to. And by off we went I mean to say, we started fighting through traffic in Pune. Both buses stopped a while later to pick up more people. (There were two buses. Hare Krishna, seen above, and The Short Bus, which will be taking a prominent role in a moment.) In the crew that we picked up at the second included Shishir, Kaustubh, and Aniruddha. After much back and forth, it was decided that the drinkers and smokers would take The Short Bus and everyone else would ride with Krishna. So off we went… again.

Queue Bollywood sound track at earsplitting decibels. After an hour of that I did make out the distinct sound of a beer being opened. Okay, I’m thinking, this is a good old fashion road trip. Kingfisher in hand I sat back and enjoyed the drive out of Pune and into the hills. Stopping at a Tata Power Generation control reservoir I got a good sense of the landscape reminded me of Southern California.

On the way back to the bus I saw something hanging from the open engine compartment. Shamshu called it lemon chili and it was, supposedly, for good luck. Keep that good luck charm in mind.

Day 1 – The Short Bus to Trouble

One more pee stop later and I was asked if I wanted to join the drinker bus. I was perfectly happy on the big bus… well cooled, plenty of people to talk to and a chance to sleep. But then the guys put the hard sell on. And the reality was that the deafening songs in combination with a lack of beer started to worry me. Joel, Shishir, and Amit demonstrated something from the Kama Sutra for me as part of the sale. Now if that didn’t get me, the wild eyed look of Joel (whom I later learned, doesn’t drink), Kaustubh and the others tripped off my, “This is going to be too much fun to pass up.” So of course I got on the Short Bus. And this is where it all goes wrong.

Getting onto the Short Bus, I knew, absolutely knew I had fallen in with an evil lot. Shishir and Aniruddha grinning as I made my way to the back of bus. There was a beer in my hand before I could sit down. Multiple cigarettes thrust at me and then a plastic bottle of vodka. We hadn’t even started moving yet. There are no photos from this part of the trip. I will not share these conversations for a variety of reasons.

Day 1 – Home sweet home

Somewhere along the way, I fell asleep. It was a blast furnace inside that Short Bus and the alternating vodka/beer mix didn’t help much. I awoke and we were there. Not really sure where there was but we were there. Oozing out of the bus, groggy and confused, I was shown to my cottage: a pleasant space with an indoor bathroom. See photos:

For those of you renovating bathrooms, might I suggest this little number? It is convenient for both sitters and squatters alike. A real marvel of looks and design.

So the bathroom left a little to be desired and the bed was essentially a rope mattress. It was quaint and had a fan which was about all I could hope for.

Day 1 - Party Time

After the very late lunch, I crashed pretty hard. I won’t go into extraordinary details on the bed, but needless to say I decided to do something I have never done, outside of camping, which is sleep in my clothes. Meals were served in an open area in front of the stage. Did I mention the stage? With lights? And a sound system? Yeah, they take dancing and performing very seriously here and I had no idea what I was in for.

After dinner, the music was cranked up and it was time to dance. Almost everyone flocked the dance floor. Ambarish is one crazy little dancer. Not dancing was simply not an option. So as Ambraish dragged me up on the stage, he said, “Elisabet told me to get pictures of you.” Nice, E, send your spies after me.

I took a walk on the beach. The beach, by the way, was great. Really wide. You could walk out into the water a long way. Pretty good sand too.

I fell into bed around midnight or so…

Day 2 - Morning on the Beach

I was up around 7, which was not what I wanted to do but frankly spending another moment in that bed was just not appealing. So, off to the beach I went. As I mentioned before it is a great beach. Here are a few shots from it:

The amount of pollution in the air did have one good upside, it made for nice early morning light.

I earned big points to eating anything and everything set before me. Maybe it had to do with the dining room?

After breakfast was a rousing volleyball match. Now before you get images in your head of Val Kilmer and company from the volleyball scene in Top Gun, you have to keep in mind that we are talking about members of a technology company playing volleyball. Imagine if scene from Top Gun was recast with members of Animal House and Revenge of the Nerds and you’d be in the right neighborhood. So as to maintain the dignity of the players, myself included, I will not share photos from the game.

Day 2 - Afternoon Fun

After a healthy dose of body surfing and playing in the sea, the guys set up a cricket match while others went parasailing.

Day 2 - Dinner and Six Movies

Kudos to the Culture Club for coming up with this event. The group was broken into six teams and each was given a list of lines from famous Bollywood movies to include a skit the team had to design. I was, clearly, the anchor dragging down my team. To offset my lack of Hindi, Shishir was put on our team. Now for those of you who don’t know, Shishir actually won awards for his acting; I kid you not. Apparently, in college as well as after he acted, including on a soap, but I don’t have details about that. To include me, we did get one line in English. I’m not really sure how it fit or what was going on, but I did get to deliver the line, “Show your mettle, man!” Yes, I got to play PV in a Bollywood skit. Truly a high point in my career.

We didn’t win. There was great debate as to whether the voting was rigged. Shishir lodged a protest; booze may have been involved.

And then there was dancing, again. I have a video from that which pretty much sums up what happened.

Campfire singing and off to bed. Day 3 awaited us and no one knew what lay in store for us…

Day 3 - And away we go (kinda)

The campfire has burnt out. Songs over. Hangovers well in place. It was time to go. The Silver Sands resort had us check out by 9. Knowing that this group doesn’t move too fast, we had to be up and out by 7:30… we barely made it.

Before taking off, Shamshu asked Aniruddha to make sure that both buses were fully inspected. Tires, engine, etc. This inspection, or whatever little was done for it, did not pay off, at all, as we were to learn.

All the Short Bus warriors, now fully broken by their own doing, were on Krishna. The ladies took over the Short Bus and would likely have a far less rowdy ride out as I had in.

As we pulled out of the parking area, the group recited some sort of prayer or war cry. Shamshu explain it was for good luck. I should have learned Hindi just to help out on that one. And so we left Silver Sands and headed home.

We took a different route out and it was extremely beautiful. And death defying. The road was about a lane and a half wide. With a shear, and I mean really fucking shearing, drop on one side. At every bend, images of us tumbling down the side of the road came to mind. Guardrails, you say. Ha – this in India folks; to quote Warren Zevon here, “Life is cheap and death is free.” No guardrails except for the well placed tree or short brick wall.

Day 3 - Break Down Number 1

I must have fallen asleep somewhere along the line as I woke up when the bus stopped. In a bad way. The driver was furiously wrestling with the stick. Clearly something was wrong with the bus. So off we went as it was blazing hot and sitting on Tandoor oven that our bus was to become did not sound like fun. We piled out in the town of Poladpur, or at least I think that was the name. Shamshu told Kaustubh and Amit to make sure that I didn’t get kidnapped. Since he told them first in Hindi, I have to imagine he was vaguely serious. Ah well. In hearing the translation, I told Kaustubh, if asked, that he should say I was he mute little brother.

Standing by the side of the road we ate watermelon. Yes, by this point in the trip I started doing everything they say not to do when traveling to India, including eating raw vegetables. Damn good watermelon, by the way.

I have yet to comment on the driver and his assistant. Kamikaze and Cabin Boy. So picture if you will, a grown man and his prepubescent boy under the bus arguing and fiddling with tools, and there you have the picture that presented us. These guys did not instill the confidence I was hoping to find. Yes, Kamikaze kept the bus from falling off the side, but beyond that, little was confidence building. It was 40kms to the top of the hill over what was promised as very difficult driving. Walking was out of the question. The auto rickshaws were trying to rip us off by charging $3 instead of the more appropriate $1, and that was greatly offensive to everyone. So we waited.

Eventually, Kamikaze got things working. Well, at least he could disengage the clutch and shift. So back on Krishna we went and off we went.

Day 3 - Strawberries

We reached the top of the hill after an hour or two. Upon cresting the hill Krishna came to a stop in the way that a fighter jet landing on an aircraft carrier stops. We had reached strawberry country.

They grow them there and they are damn good. Along with the boiled peanuts and mulberries, we had a great light meal. I was told that the carrots were awesome as well, but warned not to eat them. Apparently, it was thought, that my delicate Western stomach would simply not handle whatever bacterial fun lay in store.

Meanwhile, Kamikaze was furiously pounding on the transmission. It became clear that if we wanted to get going again, we had to push start Krishna. And we did. And Krishna started.

And fifty yards later Krishna stopped dead. So the second shift of pushers got out and got to work. They got Krishna moving again. And Krishna did not stop, not to pick them up, not for any reason. So we blast off down the road with six or so guys left behind. This did not seem to phase anyone. Not sure what to make of that.

Day 3 - Pratapgad and more strawberries

Pratapgad is a fort that was never conquered. It sits atop a ridge with shear cliffs on three sides. The road we took goes near it and let me tell you, it is obvious why this place was never conquered. The road got improbably worse. Twisty. Narrow. And everyone is trying to pass you left, right and center. When I mentioned we went there today to Samir, he responded with, “The road there is very hard to drive.” No shit. The picture I have included here gives you a sense of the height of the climb as well as the twisty nature of the road.

Having come to the area where we were to have lunch, it was revealed that the driver could no longer shift gear and couldn’t really stop either. We avoided numerous near collisions to come to a bumpy stop in front of the restaurant were here were headed. Sending the Short Bus back to get the guys we left behind, we sat and ate. The food was fine. The strawberry milkshake, which was mandatory and considered a delicacy, afterwards, was damn good.

The combination of milkshake and curry became a biological hand grenade in my stomach. One trip to a very scary squat toilet later and things were okay. I was mentally shaken but okay.

Short Bus, in the meantime, had been deployed to get a mechanic, in hopes that he could fix Krishna. Two plus hours later, the mechanic arrived and, in fact, fixed Krishna. Well, fixed in that we still had to push start it. And we pushed it backwards to start it, which seemed a bit odd, but par for the course.

And off we went again.

Day 3 - You can never go home

We drove on through Panchgani which was absolutely beautiful. No wonder why the British built their summer homes there. The view were amazing and definitely worth the trip. We were now headed down the other side of the hills and on to Pune. Victory was in sight.

As the sun was setting, we got on the highway and were just and hour from Pune. And then the bus shook like it was going to fall apart. It came to a stop by the side of highway next to a little temple. We expected that one of the tires had blown. Did I mention that the tires on the right side of the bus were totally bald? But guess what, the tires didn’t blow. The transmission did. Kamikazi and Cabin Boy were back under the bus, but this time we knew we were screwed. A new bus had been summoned. Short Bus was heading back to Pune. They offered to put me on. This was one of those moments where looking back I can say with confidence that I did the right thing. I declined a seat on the bus. As I told Aniruddha and Shamshu, I was the last person to get on Shortie as I no one waiting for me, nothing to do, and nowhere to go.

So we stood by the side of the highway. Santosh and others harvested some veggies from a nearby garden. Kaustubh and I grabbed beers from Krishna. We watched the sun go down over another temple. It was oddly peaceful.

And then it was not so oddly dark. Really dark. An endless sound of truck horns, under-powered motors, and air brakes filled the air.

So standing there in the dark, we drank as much warm beer as we could stomach. Shishir told dirty jokes in Hindi. And we all, slowly, lost our minds together. Waiting for this damn bus. Then we learned that it had overshot us on the highway and was lost. And then we really lost our minds.

Finally, after nearly an hour and half it arrived. Mind you it started only 45 minutes away. We unloaded Krishna and got on this new bus, which was by no means news to the world but new to us.

I’ll sum over the details, but we got back to the office around 11pm, 14 hours after we started. Shamshu dropped off at Gordon House. I tried to shower and sleep off the day. It barely worked.

Conclusions

“It’s all confused and beautiful,” wrote Mike Ladd and I think that that is an accurate description of what I have seen of India so far. I truly did enjoy the trip. The scenery was worth the journey alone and there’s nothing like bonding like be stranded in the middle of nowhere.

Besides the great opportunity I had to break down some of the barriers with the Pune office, here are a few things that I learned:

• Dirty jokes sound the same, roughly, in every language.
• There is no better way to win the trust and respect of another person than by sitting next to them and eating their food.
• If the food thing doesn’t work, try bringing a bottle of Johnnie Walker Green Label. That seems to do just fine.

What is Abigail saying?

I saw the attached poster today in Union Station. I stood and stared at it wondering whether I read it correctly. Then I took a picture of it and stared at that for a while. Using Adams bank gives Abigail Adams the vapors? And that’s supposed to be a good thing?

Having the vapors was a medical term used roughly around the time of the Civil War, which was fifty years after Abby Adams was dead. It was used to refer to nervous disorders like depression or hysteria. There’s a misconception that it was also used to refer to flatulence, though I cannot find hard evidence of that. Either way an ATM that gives me gas with a bought of depression seems like a place I want to bank. I wonder if the bank gives away a combination of Gas-X and Zoloft with every checking account?

Someone paid for this ad? I think Creative got a little too creative.

The problem is that some day, in the not too distant future, I am going to go to 10.5 and that means no more Classic OS 9 and thus no more FullWrite.  I have converted most of my documents but I still have a worry that I’ve miss something.

Does anyone know if someone has ported FullWrite to OS X?  Can any of the newer processor convert FullWrite docs? The only thing I have found so far is this post which most extols the virtues of FullWrite. Anyone out there have a good solution for document conversion?

I will be moderating a panel called: Can identity be a filter for information overload?  Eric and I are in search of interesting people and points of view to include on this panel.  

On first blush, to me, this sounds like a discussion of the current state of personalization.  Eric isn’t sold yet on that angle.  I’d be interested to learn if/how personalization is moving from explicit declarations, “I like cake,” to something more implicit, “From examining your read RSS feeds, Computer thinks you like cake.” 

Putting on my enterprise identity hat, I start to wonder if my role and relationship to my employer has a hand in this.  Again, this ought to be an interpretation of pattern and not an explicit assignment.  I am a senior analyst at Burton Group focused on identity and privacy.  I share interests with my team.  Collectively this blob of information (feeds, groups, sites, etc) is likely to be of interest to us.  Further, I am curious how my role and relationship combined with a Google Search Appliance or SharePoint can act as a filter.

Finally, I can’t help but think of the privacy implications here.  Traffic analysis can and will start to reveal my preferences, and there definitely are privacy implications to this. Add extra data to the mix, like location, and the privacy concerns grow quickly.  (I swear there are moments that my iPhone seems eerily like HAL.)  How does industry handle my contradicting desires to filter based on my identity (and here I am including preferences as part of my identity) while not revealing too much about me?  What is too much anyway?  Who gets to decide?

At any rate, if you’ve got some ideas on the matter, please send them to Eric and me - operators are standing by.  

Among others, Matt Pollicove wrote about this and the need for trust.  Matt asserts that trust is a must and I completely agree. That being said, the last two points in his post are mistaken.

First he says:

This means, making sure there’s no orphan or rogue accounts in the systems.

While this is a generally accepted good practice, it would not have necessarily helped San Francisco keep from losing their network. Privileged account management would have been far more useful.  Discipline and control around how sysadmins gain access to and use root-like accounts, the bread and butter of privileged account management, would have helped avert some of San Francisco’s problems.

Second Matt says:

GRC tools will be a must in this verification.

This first thing that springs to my mind is a question: what aspect of governance, risk management, and compliance would have helped the city of San Francisco in this case? A good governance and risk identification and management process would have helped a great deal.  But we have to keep in mind there is no such thing as a GRC tool; there is no such animal.  In fact, GRC is starting to sound like the wonderful magical bacon animal that Homer Simpson dreams of. If pork chops, ham and bacon all come from the magical animal in the Simpsons, then privileged account management, orphan account management and provisioning all come from the magical GRC animal. Where does it end?  The reality is that the industry has confused the benefits of good governance processes and risk management capabilities with automation tools that aid, but never replaces, those processes and capabilities.

Privileged account management is not and should not be considered part of the marketing fog of GRC. Does the controlled management of root-like accounts constitute good operating procedure and help reduce risk?  Absolutely. But that doesn’t make privileged account management a GRC technology.  Is orphan account removal a critical process from a security and risk mitigation perspective?  Of course. However, that doesn’t mean the technologies to do that are GRC technologies.

Specificity of language is crucial. Telling the city of San Francisco that the solution to their problems lay within “GRC” would have done little except lengthen the time to finding what their real problems were.  Our industry cannot take the easy route and lump every possible technology and procedure under the sun onto the GRC heap or else we’ll find ourselves chasing Homer’s magical bacon animal.

UPDATE:

And by so far, so good, I meant it crashed when I posted this post. Sigh.  I’m sure this too shall pass.