The Ethics of Serial

serial-social-logoThe obsession

Two months in and I’m still hooked. That’s my biggest surprise when it comes to Serial. If you’re unfamiliar, Serial spawned as a proof-of-concept from the creators of This American Life. Unlike TAL, Serial borrows mechanics from HBO and Netflix, and tells a single story over the course of a season, with one major difference. Serial is audio only. It’s a podcast. If you haven’t given it a shot, do yourself a favor and do it now. I have yet to meet someone who regrets it. If you need better convincing, The Atlantic can take it from here.

And just like House of Cards or Game of Thrones, Serial listeners don’t simply internalize the show. It’s an outward cathartic experience. Bring up the show to any listener and be prepared to have your ear talked off with theories and predictions. YouTube has gifted us with How People Obsess Over ‘Serial’ which basically sums it up. As you might expect, these obsessions spill over into social media.

It’s a true story about a murder

Without getting into too big of an explainer (Vox can handle that), the important thing to remember is the show is re-investigating a closed murder case from 1999. Sarah Koenig, the show’s host, strings listeners along by carefully crafting when and how she will reveal information she has spent months piecing together. She creates suspicion around a man who was investigated but never jailed for the murder. She creates empathy towards the convicted murder. She paints some side-personnel as trustworthy, others as not; some are portrayed favorably while others are not afforded that luxury.

And this is where I starting thinking about the ethics of it all. Since the show is so excellent at captivating its audience, it’s no surprise that avid listeners have taken to sites like reddit to continue the discussion and share theories. Unfortunately, reddit doesn’t have the best track record when it comes to real-life murders.

serial-twitter

The internet is not better than professionals

In 2013, reddit users decided they would become internet vigilantes and solve the Boston bombing attack via a crowd-sourced investigation. They “analyzed” photos and video from the event and outed, and subsequently doxxed, multiple people that they believed were behind the attack. The only problem is that reddit was wrong. All of those exposed through their investigative work were completely innocent. Unfortunately for those put under the magnifying glass, their personal information was shared and harassment and threats of violence followed. Upper brass at the site apologized, but it was too late.

And redditors are almost doing it again with Serial. The podcast’s subreddit is a mix of fans and theorists. Most of which are benign. After all, it’s impossible to listen to Serial and not form an opinion! But then there are others who are digging up old arrest records. Users are sharing color-coded Excel sheets of dates, times, and events. Commenters are avidly pro- or anti- Adnan. Users are already being driven out of the community. And this is where I get nervous. As far as I know, redditors have not personally contacted those involved in the story. And so I caution redditors or anyone else fixated on the show: don’t do it.

rabi-chaudry-serial

These are real people, not characters. They endured a childhood friend being murdered. The last thing any of this needs is a self-proclaimed internet sleuth deciding they’re taking matters into their own hands. The subreddits does state “We do not support doxxing or harassment towards any of the people mentioned in Serial” but has a disclaimer ever changed the mind of a troll?

The messengers

The last question I have, and I admit it’s open-ended, is whether Sarah Koenig and the This American Life team are completely absolved of any ethical concerns. As of now (and as far as I know), nothing bad has come from the production of Serial. And Koenig has tried to make it very clear that she doesn’t want Serial to be a means to an end. It’s not her stated goal to free someone from prison. And yet, you hear a different story in her voice. Just as listeners yearn for answers, Koenig telegraphs a similar ethos as she tells the story. It’s very clear when she is frustrated by confusion, contradiction, and deceit. Our emotions are guided by the emotions she puts into the show. Is this a side-effect or by design?

Keep the correct perspective

Last month, Ira Glass told a performance hall full of people in Cincinnati that the show’s audience was in the “hundreds of thousands”. Since that time it has only gained in popularity. It is masterfully produced and will be sorely missed when the season ends. But when the latest episode is delivered every Thursday, keep in mind that Koenig, Glass, et all are doing just that: producing an amazing story. You don’t know the subjects, and it is unlikely that the show is going to change the lives of anyone involved. No matter how good Serial is, we will never know the whole story. We weren’t there and we weren’t in the courtroom. Stick around for the ride and remember that this is all packaged entertainment.

Of Course It’s Already Been Taxed

About a year ago one of my best friends had come into some inheritance. We were talking about the situation and it didn’t take long for him to express his disdain for the taxes that had to be paid on the money. He reiterated a complaint that many of my conservative-leaning friends have voiced: “It’s not fair to tax this money again since it was already taxed as income!”

He and I have a good back-and-forth relationship when it comes to politics, and he often challenges me to justify an ideology. So let’s take a look at a simplified situation to see why the “it’s already been taxed” argument falls apart. In order to avoid conflating points about states’ rights let’s just look at current federal taxes in the United States.

Meet Joe. Joe has a nine-to-five job that brings home a regular paycheck. But as we all know, Joe doesn’t get to keep 100% of his paycheck. Every month, a chunk is taken out as Income Tax, Medicare and Medicaid Tax, and Social Security Tax. In other words, the money is taxed.

Joe invests part of his income in stocks and mutual funds. He’s a casual investor who periodically moves money in and out of his investment portfolio. Whenever he sells a position, and if he comes out on top, Joe must pay capital gains tax. In other words, the money is taxed.

Joe also drives a car. Since Joe doesn’t own a Tesla, his car runs on gasoline. Joe may not know it, but a slightly more than $0.18 per gallon of gasoline he purchases goes to the government. In other words, the money is taxed.

Joe is also a gambler. Sometimes he wins, sometimes he loses. On a random stroke of luck, Joe once walked away from a casino up over $20,000. That money had originally been in the pockets of other casino patrons and had been taxed on their income. But Joe also owed a cut for his gambling. This is classified as “other income.”  In other words, the money is taxed.

Because Joe is a nice man, he decides to give a good portion of his winnings to his loving sister, Jane. And, of course, there is a gift tax. In other words, the money is taxed.

Jane is somewhat of a whiskey connoisseur, so she tends to buy a lot. Like gasoline, whiskey is subject to a federal excise tax. In other words, the money is taxed.

The whiskey company is located in the United States and is rather successful. They make a profit off of purchases like Jane’s. The company must pay corporate tax. In other words, the money is taxed.

The whiskey company also has many employees that receive a monthly paycheck, just like Joe. And as such, they also pay into Income, Medicare, Medicaid, and Social Security. In other words, the money is taxed.

Joe, Jane, the whiskey company employees, and most other Americans go on and live their lives. They work, they buy, they consume. All the while they are paying their taxes. Then one day, Joe passes away and decides to leave his entire estate to Jane. As we already know, a portion of that inheritance goes to the federal government. In other words, the money is taxed.

monicleThis brings us to the point with which many people have problems. They don’t believe that inheritance should be taxed because it was already taxed. But by that logic, no taxes could exist at all because the whole system is a circle. Money isn’t really being taxed. Actions are being taxed and money is just the mechanic through which it is collected.

That is not to say that my friend is wrong. Perhaps inheritance tax is a bad thing. But “the money was already taxed” is not a logical reason why.

When Half Of Your Founders Quit

About two months ago we had a really big shakeup. In what felt like an asteroid out of nowhere, an influential portion of our team was suddenly gone. On Friday night our company had four active founders; on Monday morning we had two. This post is not about them. Their decision to leave was made by them alone and I was not part of the discussion. This post is not about the company. We’ve changed a lot in the past two months and we’re definitely moving in a good direction. This post is about me.

I am not a founder–I am a full-time employee. I was contacted, and hired, by one of the exited founders. Rightly or wrongly, I considered him, and the other departed founder, my bosses. After all, the “Co-Founder” title carries weight. In my mind, they made decisions and guided me when I had company or technical concerns. Upon their departure, there were no immediate replacements. This was a rattling wakeup call to how I should have been thinking about things all along. When you’re a small company (a startup, if you will) there needs to be a sense of shared responsibility. I had spent nine months thinking of myself as “the iOS developer” instead of part of the overall team that drove the direction of the company. That changed quickly.

This cognitive shift was weird, to say the least. My end-of-the-day (hah!) stressors changed from writing code to helping steer the company. Nobody explicitly asked me to do this, it just happened. I started working more closely with one of the remaining co-founders. I was suddenly thinking about recruiting, interviewing, funding, sales, and company structure. A new sense of urgency came around building the product. I was no longer working for a paycheck and a culture. It became something larger about which I cared a lot more.

Around the time that these founders left, we were already in the process of bringing new people in at the top. It’s weird to restructure the top of the company but I’m incredibly thankful that it happened. We brought in some kick-ass talent to lead operations and management, and I think I’m going to learn a lot from these guys. And even though they have taken on a lot of the stress and responsibilities that came from the original shakeup, the way I’m thinking about things isn’t going back to just writing code.

I haven’t worked 40-hour weeks since the shift. I don’t know an exact number but 60 seems closer. I think we all realize that it isn’t sustainable but I also think we know it isn’t long-term. In addition to our new people at the top, we’ve also expanded our development, design, and business teams. The fire has been put out, we’re just still adjusting to our new situation.

determined-challenge-accepted-lIf you’re part of a startup, even just as an employee, you need to be thinking like a founder. Even if the motivators are slightly different, the goal should be the same. If you’re not in it to build something awesome, something you really believe in, then you probably shouldn’t be in it at all. You never know when something big, like half your founders quitting, is going to turn your world upside-down. You better be ready for it.

I Don’t Control Anything

Pretty much everything that represents me online is controlled by someone else. More likely than not, pretty much everything that represents you online is controlled by someone else too. Think for a moment about your online identity and whether or not you can dictate what happens to it.

Facebook could delete my account at any moment. Poof. Hundreds of pictures, events, tags, and conversations would be inaccessible by me. I don’t keep a backup of my Facebook data. Do you?

Twitter could take your account away if they didn’t think you used it enough. That’s your public-facing account, badged with your name and your photo. But it’s not yours. It’s an entity in their database.

Instagram could repossess your account and give it to an employee.

Medium could shut down just like Posterous. Posterous was nice and gave its user the opportunity to migrate their data off. Are you 100% sure other services will do the same?

If Reddit shut down my profile, it wouldn’t be devastating but it would be a little annoying.

YouTube suspends accounts all the time.

I like to participate in tech conversations. I have representation on HackerNews and StackOverflow. If those accounts were gone, I would essentially vanish from those communities.

GitHub is where I show off some of my side projects. Potential employers seem to like that. In this case, I do have a copy of the code on my personal computer. But that won’t do me any good if something were to happen to my GitHub profile.

Same for LinkedIn.

This very blog is hosted on Namecheap. It lives on their boxes–I don’t even know where. They could turn off my hosting, or dump my data, or lose my data. That would suck.

The list goes on and on: Dribbble, Soundcloud, Vine, Skype, Pinterest, Tumblr, Google+, and so on.

huhUnfortunately, I don’t think there’s much that can be done. Sure, I could host my website on my own hardware but that’s expensive and takes time to manage (and not really worth it given my readership). I can’t escape the fact that my social presence and identity is completely dependent on others wanting to keep me around. If any of those service ever decided that they wanted me out, I’d be out.

Every single Terms of Service is an Adhesion Contract. That’s not going to change.

My Brokerage Firm Is A Security Vulnerability

cereal-guy-cereal-guy-squint-lIn 2012 I discovered that my bank is a security vulnerability. Today, while calling support, I happened upon the realization that my brokerage firm is too. One of the first things the automated system had me do was type in my account password via the number pad on my phone. It was at this point that I was reminded of why I don’t trust anyone with anything. Allow me to explain the red flags that shot up.

Strength in numbers

For the sake of explanation, let’s assume we’re working with a 10-character password. It is the unfortunate truth that many financial institutions place very weird limits on user passwords. For example, it is not uncommon to disallow special characters, and to limit the password to 12 characters. So for this explanation, we’ll use a 10-character alpha-numeric password with a-z, A-Z, and 0-9. This gives us roughly 8.39*10^17 possibilities (it’s actually lower than that because certain passwords like aaaaaaaaaa are not allowed).

misc-seriously-lNow, think about what I was asked to do. The brokerage firm asked me to type in my password on my phone’s number pad. There are multiple consequences here. First, my password complexity has been reduced from a 62-character alphabet to a 10-character alphabet. This means that there are only 10^10 possibilities. We have reduced the complexity by almost 8 orders of magnitude! Are the red flags flying up yet?

Everything is broken

troll-problem-on-phone-lWhat followed is equally concerning. After punching in 10 numeric keys on my phone, the system successfully authenticated me! Uhm, what?! Depending on the key that was pressed, there are up to 9^10  possible passwords (some keys, like 7, have nine possible characters that they represent in this alphabet). There are a few possibilities that could explain this:

  • The brokerage firm hashed all 9^10 possible strings and compared every hash to my hashed password in their database. Not only is this very unlikely, but it creates a collision attack by design.
  • The brokerage firm isn’t hashing my password, but is storing it with a two-way encryption scheme like AES. When I attempt to login, the firm decrypts my password, translates it to a T-9 representation (which is extremely easy to do), and compares. But if an attacker (or rogue employee) ever obtains that encryption key, I’m screwed.
  • The brokerage firm is storing a pre-computed T-9 representation of my password in their database. It’s extremely easy to do, and would require no additional work on their part. This is only negligibly better than storing my password in plaintext.
  • The brokerage firm is storing my password in plaintext. If that’s the case, then all hope is lost.

crazy-pillsI feel like I’m taking crazy pills

All of these options leave me feeling very insecure about my money. I’m inclined to look into transferring my funds to a different company, but if this AAA firm can’t get it right, will anyone?