Bracken Bower Prize 2019: excerpts from finalists’ proposals
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
Edited excerpts from the book proposals of the three finalists for the 2019 Bracken Bower Prize, backed by the Financial Times and McKinsey.
The Sinolarity
China’s quest to wire the world and win the future
By Jonathan Hillman
On May 15, America’s most isolated town was catapulted to the centre of a global contest. Glasgow, Montana is almost five hours from any major US metropolitan area, a badge of honour for its 3,319 residents, who proudly call their home “the Middle of Nowhere”. Few realised, however, that their rural community now occupied a dangerous new frontier.
Nearly 2,000 miles away, in Washington DC, Donald Trump had declared a national emergency, warning against “foreign adversaries” who “create and exploit vulnerabilities in information and communications technology or services”. Hours later, the US Department of Commerce banned American companies from doing business with the Chinese tech giant Huawei and scores of its affiliates around the world.
Trump’s bombshell escalated a conflict that journalists and academics are still grasping for the right words to describe, and everyone — citizens, businesses, and governments — is struggling to navigate. Is it a trade war? A new cold war? The reality is frustratingly more complex, and the stakes fundamentally higher: America and China are fighting for control over tomorrow’s technology and networks. It is a battle for the future itself.
No one will escape untouched. Today’s battle lines are impossibly blurred, fast-moving, and far-reaching. The commerce department’s initial ban named 70 Chinese firms, but it impacted 1,200 US companies that supply them. The fallout is still ricocheting through global supply chains, creating winners and losers in surprising places, starting in America’s own backyard.
Glasgow is among the underserved communities that could become collateral damage. Overlooked by major US telecom companies, rural American towns have fallen behind larger, more lucrative urban markets. With precious few resources for cell phone towers, high-speed internet switches, and broadband cables, rural wireless carriers in Montana and more than a dozen states turned to Huawei in recent years.
Glasgow’s struggle is part of an epic drama, decades in the making, that is now playing out around the world. As western firms raced to roll out high-speed internet, they focused primarily on larger, wealthier markets. The digital divide that emerged is actually several divisions: between developed and developing countries, between urban and rural areas, and between rich and poor. China has masterfully turned these faultlines into runways for its tech giants. Now they are taking flight.
From the ocean floor to outer space, China is forging new connections and touching everything in between. The People’s Bank of China is close to becoming the first major central bank to release a digital currency. Chinese officials are pushing hard at international bodies to set standards for 5G, artificial intelligence, and other advanced technologies. These and other efforts reinforce China’s hard infrastructure drive, enhancing its control over financial and data flows and the rules governing them.
China’s digital silk road is where Chinese president Xi Jinping’s two signature policies meet. Made in China 2025 is aggressively growing China’s high-tech industries with state subsidies and ambitious targets, including capturing 60 per cent of the world’s fibre-optic market, 40 per cent of the server market, and 25 per cent of the router market. Promising to invest a trillion dollars in infrastructure beyond its borders, China’s Belt and Road is an avenue for Chinese firms to expand into foreign markets and reach these targets.
China’s expanding digital reach would appear less menacing if its own government was more focused on increasing connectivity than control. At home, it leverages new technology to censor and track citizens, turning smart cities into panopticons for the Communist party and imprisoning an estimated 1.5m ethnic minorities. China’s Belt and Road was intended to connect its less-developed interior with its more prosperous coast. Made in China 2025 promised to bring high-tech manufacturing to these areas. Instead, the digital silk road is deleting a culture.
Predictably, authoritarian leaders are intrigued. They want the benefits of global connectivity without risks to their rule, and China provides the full package: financing, technology, and expertise. Fast and flexible, Chinese firms have raced ahead of the competition, supplying AI-enabled surveillance equipment to more than 60 countries. In several countries, they have helped governments spy on dissidents and journalists.
But even America’s allies are seriously considering China’s high-tech sales pitch. The UK has not ruled out including Huawei equipment in its 5G networks, nor have other Nato members, including Spain, Hungary, and Italy. Developing countries are even more receptive.
Like the residents of Glasgow, Montana, most of us are waking up to a world that feels like it began spinning faster overnight. China’s rise and reach beyond its borders is eviscerating long-held assumptions about technology and liberty, western primacy, and the very nature of power. We’re dizzy, knocked off balance, and veering from optimism to pessimism.
The future is up for grabs. The “singularity” is what technologists call the hypothetical moment when AI explodes, resulting in uncontrollable change. “It is a point where our old models must be discarded and a new reality rules,” the futurist Vernon Vinge explained in 1993. While that moment has not arrived, Vinge’s words capture the essence of today’s confusion. Old models are broken. American dominance of global networks is waning.
The Sinolarity describes a new reality: China’s quest to wire the world and rule its networks. If China becomes the world’s chief network operator, it will reap a commercial and strategic windfall. It will reshape global flows of data, finance, and communications to reflect its interests. It will possess an unrivalled understanding of market movements, the deliberations of foreign competitors, and the lives of countless individuals enmeshed in its networks.
“These days, all roads lead to Beijing,” the historian Peter Frankopan has written, reminding us that networks have risen and fallen with empires since Rome. Urgently, and before it arrives, it is time to consider a world in which all routers lead to Beijing.
Jonathan Hillman is director of the Reconnecting Asia Project at the Center for Strategic and International Studies in Washington DC. Twitter: @HillmanJE
Hacking Social Impact
How to change systems to tackle urgent problems
By Paulo Savaget
When I was 10 months old, I developed life-threatening diarrhoea. Unable to absorb food or water, I suffered from severe malnutrition and dehydration that caused rapid weight loss and hair loss. There were two ways to treat my condition: I could take an over-the-counter formula, or I could be fed breastmilk. The problem was, I lived in a part of Brazil where the formula was unavailable and breastmilk banks did not exist.
My parents had to find a workaround — and fast. Through word-of-mouth, they located young mothers, living in favelas, who generously fed me along with their own babies. My parents knew that there was a risk of transmitting disease, such as HIV, through the breastmilk. But they had to take a chance and make a choice, even if it was an imperfect one. If not for their actions, I would have lost more than 10% of my body fluid and died of dehydration.
Today, roughly 2,200 children under the age of five experience life-threatening diarrhoea every day. The condition can be easily treated with a cheap medicine recommended by the World Health Organisation. But, in many parts of the world, broken systems make it impossible for people to access the treatment.
Which speaks to a larger issue facing business and society: what happens when we can’t afford to wait for a persistent problem to be solved? What alternatives do we have to address problems when time is limited, resources are scarce, and stakes are high? The answer is a crude one: we have to ignore constraints and come up with an alternative way around. In other words, we have to hack systems.
*****************************************************
We usually think of hacking as a computing exercise with a nefarious intent. Even the term “hacker” conjures up the stereotype of a hoodie-wearing figure sitting hunched over a laptop, trying to breach cyber security protections.
But there’s another way to look at hacking. It’s a method of finding ingenious ways to bypass limitations; of circumventing problems, rather than approaching them directly; and of exploiting legal ambiguities or loopholes. Hackers don’t try to change rules. They ignore rules and work around limitations to achieve results quickly.
In this sense, hacking isn’t limited to the world of computing. It can be applied to tackle problems in all sorts of contexts. As Paul Buchheit, creator and lead developer of Gmail, once wrote: “Wherever there are systems, there is the potential for hacking, and there are systems everywhere.”
Hacking may perhaps help vulnerable and marginalised populations the most. Consider those that face problems such as water scarcity, child marriage, caste prejudice, poor sanitation, gender inequality or illiteracy. These populations can’t wait for change; they need solutions now — even if those solutions are messy, flawed or even temporary. Hacking can deliver on that need.
We especially need to employ hacking in instances where governments, NGOs and organisations have to wrestle with bottlenecks (for example, funding shortages, broken contracts, abrupt changes in strategy) that slow progress toward long-term solutions. Consider, for example, how the process of building roads to transport diarrhoea treatments requires co-ordination of multiple agents with different governance structures, regulatory compliances and expectations. It takes time to work through these issues, and hacking can provide a stop gap until those issues are resolved.
*****************************************************
Hackers are different from the rest of us, and those differences prove advantageous when it comes to solving systemic problems.
For one, hackers are external to the systems upon which they intervene. Although they are not barred from actively participating in a system, they are not publicly visible as participants. As a result, hackers know how to circumvent limitations to tackle problems quickly. They mistrust authority, traditional problem-solving approaches, and deep-rooted privileges.
Since hackers are not responsible for managing a system, they aren’t expected to take action — which explains why hacks often evoke surprise. Furthermore, by acting as outsiders, hackers use unconventional means to address problems. As one computer hacker put it: “Hacks don’t come from people that have been faced with the problem every day, because they are . . . numb to it.”
Hackers have other unique characteristics: they favour getting things done, even if the outcomes aren’t ideal. They use intelligence and ingenuity to repurpose and manipulate the resources they have. Moreover, the hack timeframe isn’t absolute. It is relative to the time required by what hackers perceive as conventional, hierarchical approaches.
Hackers are also eager to experiment and explore. They counteract expectations of how things are meant to be done. They enjoy the challenge of navigating complex puzzles, including (and especially!) the ones which have been deliberately designed to keep them out.
Finally, hackers don’t read manuals. They jump straight into problems and enhance their skills by learning from others and learning by doing. They are motivated by the approbation of peers and often work in favour of the common good.
*****************************************************
Hacking Social Impact is based on research that I conducted at the University of Cambridge. As part of this four-year study, which was funded by the Gates Foundation and the Cambridge Trust, I interviewed computational hackers and cyber security experts before journeying to nine countries to study 20 cases of mavericks hacking pressing social challenges. This work has exposed and learned from ingenious ways to work around deep-rooted bottlenecks constraining access to healthcare, education, gender equality, sanitation, civic empowerment, and human rights.
The book will explore: what is hacking, how hacking works, how hackers think, why hacking is valuable for tackling systemic problems, how hacking has helped people and organisations facing critical social challenges, and how to effectively hack systems for social good. Through a combination of case studies and research insights, I hope to demonstrate that hacking holds enormous potential for transforming business and society in positive ways.
Paulo Savaget is an assistant professor at the Durham Business School and a researcher at the Skoll Centre, University of Oxford who focuses on systems change for social and environmental impact.
InfoSec
Inside the world’s most secure organisations
By Ernesto Zaldivar
This book provides a look inside the world’s most secretive information security teams. As you read further along and enter the world of cyber security, the unique value of hearing directly from security teams will become more apparent. For now, let’s just say that within organisations that are already highly secretive, security teams don’t talk to outsiders. Period. Peeking inside the way that powerful, well-funded organisations approach the unique security challenges of our connected world will teach you personal and professional lessons. You will also gain a new perspective on how businesses make decisions as they weigh risks and costs in the cyber security arena.
Since late 2017, I have dedicated myself to researching the way organisations deal with security in all its forms. Specifically, I’ve been studying the way that government entities and Fortune 500 companies train their employees to spot and defend against cyber attacks. At first glance, one might think that defending against cyber intrusions is the sole responsibility of government agencies and internet providers. On the contrary, the scope and scale of cyber attacks has created a situation where most private organisations are the gatekeepers of their own cyber wellbeing. Even when nation states are involved, governments don’t have enough resources to examine every incident, let alone to preemptively defend against one. This context underscores the main argument of this book: within the next decade, all employees, at all organisations, will be called upon to be part of the cyber security apparatuses for their organisations. Whether employees can answer that call is unknown. This shift will require that employers train their employees to be cyber security savvy.
Cyber security is a relatively new concept. At this point, it still has different meanings to different people. Throughout this book, the extensive parameters of cyber security will be examined. For now, let’s move forward with the idea that cyber security involves at least two key areas: physical security and information security.
Physical security is exactly what it sounds like. If a computer has the strongest passwords, the best encryption, and top of the line malware protection, its security can still be defeated if someone has physical access to it. Doors, safes, locks, guards, gates, and cameras are all part of physical security. Information security — known as InfoSec — is a more intangible concept.
There are elements of InfoSec that are tangible, like hardware and written security policies. But InfoSec is more a state of mind than anything else. The best security practitioners around the world share at least one key trait: they don’t trust. I’m not just saying that they don’t trust computers; they don’t trust people, dogs, ice cream or even the most trustworthy thing on the planet — bacon. InfoSec practitioners are regular people and my examples are a playful way to highlight the way they observe the world. The reason they don’t trust is because they can’t; all it takes is one opening to bring down a system. The stakes are too high for trust.
********
This book takes the reader on a journey to find out how organisations are dealing with complex cyber attacks. At the heart of how organisations deal with these problems are employees. Employees are often the last line of defence because they are the ones with the access and permission to use systems and see important data. Let’s look at the way that a major investment firm, with billions in assets under management, and offices all over the world handles the phishing problem.
This firm has a unique approach to information security awareness training that stands out as highly effective. Every employee is phished as part of a security simulation each month. Phishing simulations are a common approach that companies use to build employee recognition of phishing attacks. Employees know that they might be sent phishing emails by their own company, but they get these emails in their regular work inbox. So, although it’s a training simulation, the training is interwoven with the regular work the employees do. These simulations don’t typically occur in a closed environment where an employee has a fake inbox and must sort real emails from phishing emails during a specified training period. Companies have different approaches for reporting malicious emails and for evaluating employee success on phishing simulations.
At the financial management firm in this case study, employees have a phish alarm in an Outlook toolbar which allows them to report an email as malicious to a third-party simulation provider. In order to leverage the competitive, type A personalities at the firm, there is a detailed “feedback loop”, said the firm’s chief information security officer or CISO. Employees are told how they rank in the simulation against the performance of others at the firm. For example, a person will be told that he ranks 300th in his ability to accurately detect a phishing email. If a non-phishing email is reported by the employee as malicious, he receives feedback that it was benign. By contrast, those accurately reporting a phishing email get a congratulatory pop-up message when they click the phish alarm in their toolbar.
The key to the phishing simulation’s effectiveness is the firm-wide ranking system. “Everyone wants to be number one,” noted the CISO. Furthermore, to feed off the ranking competition that he created, the CISO also developed an “information security all-star” recognition program. If you’re with the firm for a full 12 months, pass all 12 phishing tests, and complete all required trainings, then you become an “information security all-star”. All-stars get a certificate and a $100 Amazon gift card. Employees receive the gift card through internal mail inside a wallet. Becoming an all-star is a highly sought after goal.
This firm’s CISO saw that the employees’ competitive spirit could motivate them to be excited about information security. His understanding of the firm’s culture resulted in people taking phishing very seriously. The CISO noted that getting buy-in for the all-star program from the firm’s leaders was an easy sell. Gift cards, certificates, and wallets are low-cost expenses for a program that can mitigate phishing.
Ernesto Zaldivar is an experienced attorney, cyber security adviser, and management consultant
Comments