When Bitcoin first started up, although I have to say I admired the solution in an academic sense, I had two critiques. One is that PoW is not really a sustainable approach. Yes, I buy the argument that you have to pay for security, and it worked so it must be right. But that's only in a narrow sense - there's also an ecosystem approach to think about.
Which brings us to the second critique. The Bitcoin community has typically focussed on security of the chain, and less so on the security of the individual. There aren't easy tools to protect the user's value. There is excess of focus on technologically elegant inventions such as multisig, HD, cold storage, 51% attacks and the like, but there isn't much or enough focus in how the user survives in that desperate world.
Instead, there's a lot of blame the victim, saying they should have done X, or Y or used our favourite toy or this exchange not that one. Blaming the victim isn't security, it's cannibalism.
Unfortunately, you don't get out of this for free. If the Bitcoin community doesn't move to protect the user, two things will happen. Firstly, Bitcoin will earn a dirty reputation, so the community won't be able to move to the mainstream. E.g., all these people talking about banks using Bitcoin - fantasy. Moms and pops will be and remain safer with money in the bank, and that's a scary thought if you actually read the news.
Secondly, and worse, the system remains vulnerable to collapse. Let's say someone hacks Mt.Gox and makes a lot of money. They've now got a lot of money to invest in the next hack and the next and the next. And then we get to the present day:
Message to the individual responsible for the Bitfinex security incident of August 2, 2016We would like to have the opportunity to securely communicate with you. It might be possible to reach a mutually agreeable arrangement in exchange for an enormous bug bounty (payable through a more privacy-centric and anonymous way).
So it turns out a hacker took a big lump of Bitfinex's funds. However, the hacker didn't take it all. Joseph VaughnPerling tells me:
"The bitfinex hack took just about exactly what bitfinex had in cold storage as business profit capital. Bitfinex could have immediately made all customers whole, but then would have left insufficient working capital. The hack was executed to do the maximal damage without hurting the ecosystem by putting bitfinex out of business. They were sure to still be around to be hacked again later.It is like a good farmer, you don't cut down the tree to get the apples."
A carefully calculated amount, coincidentally about the same as Bitfinex's working capital! This is annoyingly smart of the hacker - the parasite doesn't want to kill the host. The hacker just wants enough to keep the company in business until the next mafiosa-style protection invoice is due.
So how does the company respond? By realising that it is owned. Pwn'd the cool kids say. But owned. Which means a negotiation is due, and better to convert the hacker into a more responsible shareholder or partner than to just had over the company funds, because there has to be some left over to keep the business running. The hacker is incentivised to back off and just take a little, and the company is incentivised to roll over and let the bigger dog be boss dog.
Everyone wins - in terms of game theory and economics, this is a stable solution. Although customers would have trouble describing this as a win for them, we're looking at it from an ecosystem approach - parasite versus host.
But, that stability only survives if there is precisely one hacker. What happens if there are two hackers? What happens when two hackers stare at the victim and each other?
Well, it's pretty easy to see that two attackers won't agree to divide the spoils. If the first one in takes an amount calculated to keep the host alive, and then the next hacker does the same, the host will die. Even if two hackers could convert themselves into one cartel and split the profits, a third or fourth or Nth hacker breaks the cartel.
The hackers don't even have to vote on this - like the old joke about democracy, when there are 2 wolves and 1 sheep, they eat the sheep immediately. The talk about voting is just the funny part for human consumption. Pardon the pun.
The only stability that exists in the market is if there is between zero and one attacker. So, barring the emergence of some new consensus protocol to turn all the individual attackers into one global mafiosa guild, a theme frequently celebrated in the James Bond movies, this market cannot survive.
To survive in the long run, the Bitcoin community have to do better than the banks - much better. If the Bitcoin community wants a future, they have to change course. They have to stop obsessing about the chain's security and start obsessing about the user's security.
The mantra should be, nobody loses money. If you want users, that's where you have to set the bar - nobody loses money. On the other hand, if you want to build an ecosystem of gamblers, speculators and hackers, by all means, obsess about consensus algorithms, multisig and cold storage.
John and Alicia Nash in equilibrium. 23rd May 2015.
One of the things that I've gradually come to believe in is that secrecy in anything is more likely to be a danger to you and yours than a help. The reasons for this are many, but include:
There are no good reasons for secrecy, only less bad ones. If we accept that proposition, and start unwinding the secrecy so common in organisations today, there appear to be two questions: how far to open up, and how do we do it?
How far to open up appears to be a personal-organisational issue, and perhaps the easiest thing to do is to look at some examples. I've seen three in recent days which I'd like to share.
First the Intelligence agencies: in the USA, they are now winding back the concept of "need-to-know" and replacing it with "responsibility-to-share".
Implementing Intellipedia Within a "Need to Know" CultureSean Dennehy, Chief of Intellipedia Development, Directorate of Intelligence, U.S. Central Intelligence Agency
Sean will share the technical and cultural changes underway at the CIA involving the adoption of wikis, blogs, and social bookmarking tools. In 2005, Dr. Calvin Andrus published The Wiki and The Blog: Toward a Complex Adaptive Intelligence Community. Three years later, a vibrant and rapidly growing community has transformed how the CIA aggregates, communicates, and organizes intelligence information. These tools are being used to improve information sharing across the U.S. intelligence community by moving information out of traditional channels.
The way they are doing this is to run a community-wide suite of social network tools: blogs, wikis, youtube-copies, etc. The access is controlled at the session level by the username/password/TLS and at the person level by sponsoring. That latter means that even contractors can be sponsored in to access the tools, and all sorts of people in the field can contribute directly to the collection of information.
The big problem that this switch has is that not only is intelligence information controlled by "need to know" but also it is controlled in horizontal layers. For same of this discussion, there are three: TOP SECRET / SECRET / UNCLASSIFIED-CONTROLLED. The intel community's solution to this is to have 3 separate networks in parallel, one for each, and to control access to each of these. So in effect, contractors might be easily sponsored into the lowest level, but less likely in the others.
What happens in practice? The best coverage is found in the network that has the largest number of people, which of course is the lowest, UNCLASSIFIED-CONTROLLED network. So, regardless of the intention, most of the good stuff is found in there, and where higher layer stuff adds value, there are little pointers embedded to how to find it.
In a nutshell, the result is that anyone who is "in" can see most everything, and modify everything. Anyone who is "out" cannot. Hence, a spectacular success if the mission was to share; it seems so obvious that one wonders why they didn't do it before.
As it turns out, the second example is quite similar: Google. A couple of chaps from there explained to me around the dinner table that the process is basically this: everyone inside google can talk about any project to any other insider. But, one should not talk about projects to outsiders (presumably there are some exceptions). It seems that SEC (Securities and Exchange Commission in USA) provisions for a public corporation lead to some sensitivity, and rather than try and stop the internal discussion, google chose to make it very simple and draw a boundary at the obvious place.
The third example is CAcert. In order to deal with various issues, the Board chose to take it totally open last year. This means that all the decisions, all the strategies, all the processes should be published and discussable to all. Some things aren't out there, but they should be; if an exception is needed it must be argued and put into policies.
The curious thing is why CAcert did not choose to set a boundary at some point, like google and the intelligence agencies. Unlike google, there is no regulator to say "you must not reveal inside info of financial import." Unlike the CIA, CAcert is not engaging in a war with an enemy where the bad guys might be tipped off to some secret mission.
However, CAcert does have other problems, and it has one problem that tips it in the balance of total disclosure: the presence of valuable and tempting privacy assets. These seem to attract a steady stream of interested parties, and some of these parties are after private gain. I have now counted 4 attempts to do this in my time related to CAcert, and although each had their interesting differences, they each in their own way sought to employ CAcert's natural secrecy to own advantage. From a commercial perspective, this was fairly obvious as the interested parties sought to keep their negotiations confidential, and this allowed them to pursue the sales process and sell the insiders without wiser heads putting a stop to it. To the extent that there are incentives for various agencies to insert different agendas into the inner core, then the CA needs a way to manage that process.
How to defend against that? Well, one way is to let the enemy of your enemy know who we are talking to. Let's take a benign example which happened (sort of): a USB security stick manufacturer might want to ship extra stuff like CAcert's roots on the stick. Does he want the negotiations to be private because other competitors might deal for equal access, or does he want it private because wiser heads will figure out that he is really after CAcert's customer list? CAcert might care more about one than they other, but they are both threats to someone. As the managers aren't smart enough to see every angle, every time, they need help. One defence is many eyeballs and this is something that CAcert does have available to it. Perhaps if sufficient info of the emerging deal is published, then the rest of the community can figure it out. Perhaps, if the enemy's enemy notices what is going on, he can explain the tactic.
A more poignant example might be someone seeking to pervert the systems and get some false certificates issued. In order to deal with those, CAcert's evolving Security Manual says all conflicts of interest have to be declared broadly and in advance, so that we can all mull over them and watch for how these might be a problem. This serves up a dilemma to the secret attacker: either keep private and lie, and risk exposure later on, or tell all upfront and lose the element of surprise.
This method, if adopted, would involve sacrifices. It means that any agency that is looking to impact the systems is encouraged to open up, and this really puts the finger on them: are they trying to help us or themselves? Also, it means that all people in critical roles might have to sacrifice their privacy. This latter sacrifice, if made, is to preserve the privacy of others, and it is the greater for it.
As you know, this blog does not like the over-deification of standards that many encourage. So when Mitchell asks:
The goal of is the discussion is to think about whether we can improve the setting. It's because this is so important that I want to focus on it.For example, can we encourage more openness and transparency in the creation of web standards? We've proved that openness and transparency work well for code: they encourage discussions to focus on technical merit; they allow everyone who is interested to understand the details; they encourage participation. Why not do this with the creation of web standards?
you can expect some less than positive responses. Still, much as we don't like it, it's a fair question, because whichever way you look at it, Mozo is stuck in the standards game.
Why is Standards so hard? We are up against many things here, but one view is that it is a battle of the worst of the small against the worst of the large.
Firstly, the small. Human nature is to operate in closed groups. Even in so-called open groups, most work gets done in private, and people are adept at creating motives, processes, and excuses to push things more to the closed end of the scale.
For example, many Internet security projects claim to run an open security process, but operate a closed process. They do this by various tricks: invite-only policy, closed archives, hidden names, no communications. In practice such a process reduces to a closed group, and the result of such dissonance is stagnation and mistrust, often needlessly because the people working in these groups are trying their damnest to get the job done.
What are the human processes here? People all want to be with the winning side, and for the last 10 years, "open" is the winning side. So the "open" is essential, and security groups are not immune to that.
But, when push comes to shove, being open is such a complete change for the psyche that most people can't deal with it. One minor example: how does the security director can say "I don't know" on a public list when breaches are in the air and the press is looking for blood? It's hard enough to be uncertain before your own team, not to mention that it is hard to sort things out when too many people are able to speak at once.
The business of security has more than its fair share and historical wisdom, excuses and complexities, so, human nature being what it is, we end up with a facade of openness, and real work gets done in closed session. Even in the open groups...
In between the large and the small is the economics. These might be considered to the rules of warfare in Standards. The top three influences in Standards Setting are economics, economics and economics. In that order.
Luckily, the economics is well known! By agreeing to a common standard, we achieve a benefit in common. We each individually face a higher cost. However, some of us don't have to pay the individual higher cost, and may still win from the others, because the benefit is in common.
If this sounds familiar, it is because it is a widely studied thing called The Prisoner's Dilemma.
What's the big thing about the Prisoner's Dilemma? Cheating: everyone has the incentive to cheat, but hold the other guys to honesty. If I cheat, and you all do the right thing, I win. Unfortunately if we all cheat, we all lose, which is why it is called a dilemma.
Now we get to the large: if we then add competitive pressures to this mix, we have an explosive combination that is called "cartels" in economic terms (c.f., Gary Hamel and C. K. Prahalad, who studied the economics of standards, joint ventures and industry associations). Harken back to the old Netscape days, and consider how Microsoft and others fought over the "web standard". Blackbird, W3C etc. As there's real money involved here, the end result is that people take cheating seriously, and deception is the rule, not the exception.
In such a circumstance, the Standards Business is best modelled as a battle between large corporations under Prisoner's Dilemma economics. (Other things might sound nicer, but remember that deception is the rule...) If you want to get anywhere in that battlefield, the only way is to break the economics of the Prisoner's Dilemma, and that means ... to change the reward structure. But because the Standards group is supposed to be unpaid, it has to be done with non-monetary payoffs.
Which leaves one thing: reputation.
To put the other guy's reputation on the line, you have to show that he is breaking the rules. Which means: we need rules, tough ones, and the fiercer rules the better. Here's some ideas:
For yourself,
Knowing all this doesn't mean we can avoid the Prisoner's Dilemma, as some dilemmas can't be saved. But it does put you in a better position to realise when the process is stalled through deadlock, and to spot who is really unable to contribute because deception is the only way they know. As it is an economic process, withdrawal is the ultimate defence, as your time is better spent elsewhere.
There is always the downside to any silver bullet. Last month I proposed that the MBA is the silver bullet that the security industry needs, and this caused a little storm of protest.
Here's the defence and counter-attack. This blog has repeatedly railed against the mostly-worthless courses and certifications that are sold to those "who must have a piece of paper." The MBA also gets that big black mark, as it is, at the end of the day, a piece of paper. Saso said in comments:
In short, I agree, CISO should have an MBA. For its networking value, not anything else.
Cynical, but there is an element of wisdom there. MBAs are frequently sold on the benefits of networking. In contrast to Saso, I suggest that the benefits of networking are highly over-rated, especially if you take the cost of the MBA and put it alongside the lost opportunity of other networking opportunities. But people indeed flock to pay the entrance price to that club, and if so, maybe it is fair to take their money, as better an b-school than SANS? Nothing we can do about the mob.
Jens suggests that the other more topical courses simply be modified:
From what I see out there when looking at the arising generation of CSO's the typical education is a university study to get a Master of Science in the field of applied IT security. Doesn't sound too bad until we look into the topics: that's about 80% cryptography, 10% OS security, 5% legal issues and 5% rest.
Well, that's stuffed up, then. In my experience, I have found I can teach anyone outside the core crypto area everything they need to know about cryptography in around 20 minutes (secret keys, public keys, hashes, what else is there?), so why are budding CSOs losing 80% on crypto? Jens suggests reducing it by 10%, I would question why it should ever rise above 5%?
Does the MBA suffer from similar internal imbalance? I say not, for one reason: it is subject to open competition. There is always lots of debate that one side is more balanced than others, and there is a lot of open experimentation in this, as all the schools look at each other's developments in curricula. There are all sorts of variations tuned to different ideas.
One criticism that was particularly noticeable in mine was that they only spent around 2 days in negotiation, and spent more than that on relatively worthless IT cases. That may be just me, but it is worth noting that b-schools will continue to improve (whereas there is no noticeable improvement from the security side). Adam Shostack spots Chris Hoff who spots HBR on a (non-real) breach case:
I read the Harvard Business Review frequently and find that the quality of writing and insight it provides is excellent. This month's (September 2007) edition is no exception as it features a timely data breach case study written by Eric McNulty titled "Boss, I think Someone Stole Out Customer Data."The format of the HBR case studies are well framed because they ultimately ask you, the reader, to conclude what you would do in the situation and provide many -- often diametrically opposed -- opinions from industry experts.
...
What I liked about the article are the classic quote gems that highlight the absolute temporal absurdity of PCI compliance and the false sense of security it provides to the management of companies -- especially in response to a breach.
What then is Harvard suggesting that is so radical? The case does no more than document a story about a breach and show how management wakes up to the internal failure. Here's a tiny snippet from Chris's larger selection:
Sergei reported finding a hole—a disabled firewall that was supposed to be part of the wireless inventory-control system, which used real-time data from each transaction to trigger replenishment from the distribution center and automate reorders from suppliers.“How did the firewall get down in the first place?” Laurie snapped.
“Impossible to say,” said Sergei resolutely. “It could have been deliberate or accidental. The system is relatively new, so we’ve had things turned off and on at various times as we’ve worked out the bugs. It was crashing a lot for a while. Firewalls can often be problematic.”
Chris Hoff suggests that the managers go through classic disaster-psychological trauma patterns, but instead I see it as more evidence that the CISO needs an MBA, because the technical and security departments spun out of corporate orbit so long ago nobody can navigate them. Chris, think of it this way: the MBAs are coming to you, and the next generation of them will be able to avoid the grief phase, because of the work done in b-school.
Lynn suggests that it isn't just security, it isn't just CSOs, and is more of a blight than a scratch:
note that there have been a efforts that aren't particularly CSO-related ... just techies ... in relatively the same time frame as the disastrous card reader deployments ... there were also some magnificent other disastrous security attempts in portions of the financial market segment.
My thesis is that the CSO needs to communicate upwards, downwards, sideways, and around corners. Not only external but internal, so domination of both sides is needed. As Lynn suggests, it is granted that if you have a bunch of people without leadership, they'll suggest that smart cards are the secure answer to everything from Disney to Terrorism. And they'll be believed.
The question posed by Lynn is a simple one: why do the techies not see it?
The answer I saw in banking and smart card monies, to continue in Lynn's context, was two-fold. Firstly, nobody there was counting the costs. Everyone in the smart card industry was focussed on how cheap the smart card was, but not the full costs. Everybody believed the salesmen. Nobody in the banks thought to ask what the costs of the readers were (around 10-100 times that of the card itself...) or the other infrastructure needed, but banks aren't noted for their wisdom, which brings us to the second point.
Secondly, it was pretty clear that although the bank knew a little bit about transactions, they knew next to nothing about what happened outside their branch doors. Getting into smart card money meant they were now into retail as opposed to transactions. In business terms, think of this as similar to a supermarket becoming a bank. Or v.v. That's too high a price to pay for the supposed security that is entailed in the smart card. Although Walmart will look at this question differently, banks apparently don't have that ability.
It is impossible to predict whether your average MBA would spot these things, but I will say this: They would be pass/fails in my course, and there would not be anything else on the planet that the boss could do to spot them. Which you can't say for the combined other certifications, which would apparently certify your CSO to spot the difference between 128 bit and 1024 bit encryption ... but sod all of importance.
Meredith Belbin [1] did some stunning research on teams, and postulated that there are, in good teams, 8 or 9 roles [2]:
Shaper | Plant | |
---|---|---|
Co-ordinator | Monitor Evaluator | |
Completer-Finisher | Implementor | |
Team Worker | Specialist | |
We know about Specialists, and our computing world is chock-full of Implementors. We can't have too many coders... Completer-finishers are like distro people, and Shapers are like visionaries. The others are more or less familiar.
It is the Plant I want to discuss today.
Sound familiar? What that little summary doesn't say is that the Plant is named after the potplant in the corner of the room, who also rarely says or does anything in the team meetings. But when they speak, they cause commotion - they stop everything.
They might have been better off naming it the Cactus. This dangerous characteristic might be what
Dave Winer calls it StopEnergy, and if so, he's partly right and partly wrong. What is going on here is that some very bright guy who cannot communicate to save his life suddenly stood up and said "*That Won't Work!*" What's more, he's likely very offended at the very notion that it was suggested...
In teams within normal humanity (that is, non-computing), Plants are a rarer form of life, less of a worry, but in computing, this garden grows with bounty. So when Belbin above suggests "Too many Plants in one organisation, however, may be counter-productive as they tend to spend their time reinforcing their own ideas and engaging each other in combat" you can see how the computing garden starts to resemble the Day of the Triffids.
Now, your first impression might be to pump up the DDT can and go on a nature clearing ... but wait! What Belbin suggested -- strongly -- was that the good teams had one of every of the above roles. Including the Plant! Prickly, cactus-like, tripodal, full of StopEnergy, however you like to characterise him, the Plant performs a very valuable role: He stops the group going down a doomed path. Only the Plant has the breadth, the depth, the experience, the technical know-how, the empathy with the very soil of the mission and the arrogance to see in an instant that whatever had grabbed the delicious attention of the rest ... was nonsense.
Sadly, the Plant can't communicate. He has to argue, to cause chaos, to attack, to not budge. Which is why you really hope there is only one in the room, and sometimes you feel like the only answer is destructive.
But after all that, consider the complexity of systems: before it works how many of you know it will? The Plant knows it won't, and frankly, the statistics are on his side. That's because so much of what the rest of us do is to grasp at marketing hype, the buzzwords of the month, the framework of the quarter, and how to re-energise the perpetual energy of the faithful. More faith, we cry! "You're an idiot," the Plant helpfully says...
What we don't do is go back to first principles and work out what works. The Plant does, and he's sometimes brave enough to stand up and go against the flow.
How then to handle the Plant is a task of deep and extreme interest to the leader of computing teams. He cares for the mission, even if he offends with every word. The rest of the group needs to be aware that when a true Plant speaks up, it's time to listen, not be offended. Go the extra distance to water that garden. When the Plant speaks, be aware. Beware.
But the rest of the team also need to create. We also need to move forward! The Plant won't give us the ideas, the team has to build them, only to have them knocked down by the Plant. So engaging the Plant, and keeping him at an appropriate, distanced but familar and inclusive attitude is critical to utilising him. We therefore do not glorify the Plant's role, rather we recognise it and look to help the Plant to develop the social skills to bring his perspective to the table. And look to creating the space within the team to let the Plant send out his early warning signals.
Of course, this all is no easy thing. True plants mingle with true weeds, and to the inexperienced gardener, they are indistinguishable. Belbin suggested that as much as 30% of a team are make-weights, and I wrote earlier about the RTFM factor and how it pervades our world. Unfortunately, it takes far less skill to repeat "RTFM" and pretend to be a Plant than it does to really acquire those deep and broad skills. Frankly, there are far more weeds in our tech garden, and our need as leader is to determine who has a long and productive record of growth, and who just messes up the garden. C.f. Belbin's comment above about multiple Plants. You may now be wondering whether we are talking about StopEnergy or instead, the Loner, as introduced by Mitchell.
As leader it is your job to find out. |
Why do I write all this? With such conviction? Of course, because I am a Plant. The Plant, even, when it comes to certain interests of user security. The Belbin tests pegged me as a natural triffid, and led me on to the next step: strengthening the other characteristics. These days, I spend most of my free time on projects where I cannot be the Plant, so I must adopt other roles. (Today, that of a Coordinator. It's a non-techie mission, and we have our full compliment of Plants already. We have our Resource Investigator and Shaper, we sorely lack Implementors, but I'm conflicted in that.)
Which brings us back full circle to my original claim - that leaders adopt the roles that others cannot do, appreciating their team members for the roles that they can and do fill.
Now, I don't claim to be a leader, let alone a good leader. I claim to be knowledgeable in it, and capable of spotting one when I see one. I can step aside when someone better comes along, or I can fill in the gaps, albeit in a 3-legged vegetarian sort of fashion.
The gap I'd like to point out today is that the Plants are a great help. Indeed, Belbin says critical. I won't push the point that all Plants are critical all the time, rather I'll agree with Frank:
I believe that dissidents can play a critical role in ensuring a project’s health in the long term, however annoying they might be in the near term.
You the leader need to water this garden, and you can do so firstly with an understanding of roles, secondly with a good understanding of negotiation, and finally, you also need a sense of avoiding the weeds, who latter might be the StopEnergy mentioned earlier. (For that latter, you need technical knowledge and patience, sorry.)
This task is doubly hard as the Plant will respond in a bad way if you treat him badly, thus confusing the signals. But underneath, he really wants to be your early warning device, and he can be harnessed as such, if you're ready and prepared for him.
Last week's post introduced negotiation as a battle between win-win and win-lose. Win-win sits in contrast with win-lose. The two do not go together. This gives us a few things to consider.
Today's entry addresses how to do win-win, the last of the above. It's only a start. You will not win by reading today's entry - you will just see a glimmer of the end-point today. Let's get stuck in.
Win-win negotiation is done in phases. There are five of them:
The above might be considered the strategy of win-win. It is the high level framework within which we work.
"When individuals having no established relationships are brought together to interact in group activities with common goals, they produce a group structure with hierarchical statuses and roles within it." Sherif's Hypothesis, part 1
The essence and mission of relationship is:
to establish our means and methods of communications.
How do you talk to someone you've never met before?
It takes a while for a rapport to be established - to understand how it is that the other side likes to communicate. How this is done is totally open - business lunches, beer, social engagements, mutual acquaintances, or just chit chat over the coffee machine.
There are two main mistakes in developing a relationship. Firstly, rushing things. That is, the speeding up or dropping completely of the phase. Rushing into the negotiation without having established a rapport will result in various errors in protocol, and there will be no basis on which to fall back on when suspicions arise.
Secondly, introducing elements of the negotiation-to-come in the hope of getting an early lead. This won't work in negotiation; it is a win-lose tactic, and will rebound later on.
It takes a fair amount of experience to figure out when to move on to the next phase, but this is akin to normal social skills. Both of you will know when you are comfortable to move on, because your relationship will tell you that.
Relationship may appear to be an odd investment to make, but it is important to keep in mind that win-win is a long term strategy. Any time spent early on in establishing relationship is paid off over many future rounds. If those future rounds aren't expected, this would question the very foundation of the negotiation. But even then, in those future rounds, expect to drop back into Phase 1 on a regular basis.
"go hard on the facts, soft on the people." [Old Dutch Expression]
In phase 2, we seek to share information, and only information.
It is an act of faith in win-win negotiation that there is a solution, or at the least we are better off discovering the impossibility of the solution, than going to win-lose. So in order to find that solution, we have to move away from the obvious -- if it was obvious, we wouldn't be here, right? -- and dig deep into the non-obvious.
In order to move forward into the non-obvious, we need real information. Hard facts, scary fears, the needs that the other person wouldn't ordinarily share with us. That's our goal:
to share the facts, needs, and fears necessary to craft solutions.
Now you see why Phase 1 was so important: In order to delicately express "home truths," "secret needs" and "fears," without launching into the verbal warfare, we need a solid relationship. How strong? One strong enough to get us past the Prisoners' Dilemma economics of cheating with the information we are about to share. One strong enough to let us suspend our prejudices and defences for a while, to really step into the other guy's shoes, without fear.
How do we go about this? The first and most necessary lesson is to separate out the information from the people. Facts are are not personal unless you make them so, so we need to avoid the language of "he said, she said," as that leads to personal attacks and defensiveness.
Personal opinion is dangerous. It is almost always outwards, accusatory, indeed that's what we mean by personal opinion as opposed to neutral observation. It takes our fears and ascribes blame for them to the opponent; it assumes the opponents fears and creates a need for defence.
Yet, those fears are real. Underlying those fears are real needs, real facts, and real clashes for which we need real solutions.
In order to find the non-obvious, we need to change our very behaviour. This does not mean avoiding the fears and hiding the needs. Far from it:
The techniques of win-win negotiation are replete with ways to express these in a neutral and non-accusatory fashion. There is a lot more to this than can be pressed into these few words. In brief example, consider that
"You choose to endanger users by blocking information from them."
Sound familiar? This statement is disastrous. It ties dangers to one person's actions, thus it is threatening. Because of the personal claim, it is accusatory. As it includes a direct accusation of intent to harm, it's also distracting from any reality. In the face of such an attack, defensive barriers will go up and no forward movement is possible.
How then can we express our fears, which really are present in the above, notwithstanding that I thrust the blame for those fears on some poor innocent bystander?
That is the essence of the exchange of information. We need to extract the facts, and present them neutrally.
"Users appear to be suffering from frequent attacks, which is a grave concern of mine. What information does the user have to deal with those attacks? One view has it that the user can't deal with any information, even if they were given it. Another view is that some users can deal with it, and they can help us refine what would work for the rest."
My fears are present. The blocking of information is recast as a question to establish what is present. And, there are different ways of looking at this, so let's get both of them there and see why each is attractive, and what problems exist with both sides.
Remember, this phase is about searching for what we know. Once we get facts out on the table, in a neutral setting, then the solutions will start to emerge by themselves. There is no obvious transition to the next phase, it simply happens as a consequence of the surfacing of the hidden information.
As the facts come tumbling out, in general, lots of good ideas will also come out. If there is a solution to be found, it will start to become apparent when enough new information hits the table. When one solution turns up, it will often be quickly be followed by others, or variations.
In the exploration of options, our intent is to develop them, and to compare and contrast them. Our goal is to:
to explore many solutions, as they arise, without prejudice, and without conclusion.
In exploring, our tendency is to rush in and grab the first that comes to mind. This is a mistake -- remember, if it was that obvious and that easy we wouldn't be here! The difficulty of our position is testament to the complexities we face, so let's treat those difficulties seriously and not just grab at the first idea, declare victory and head for the bar.
This is like whiteboarding. Or brainstorming. The difference between those terms and negotiation is that we are placing the techniques in a context to get to there, and onwards, not just announcing that at today's meeting we will whiteboard and nothing else.
In exploring these solutions, we use the full gamut of enthusiasm. Try and draw people in, to express ideas. Let a few arguments run on. Look for the crazy ideas, all that good brainstorming stuff.
We try to craft at least three solutions, as that makes it dynamic (it breaks any deadlock between two solutions, and it encourages any fourth or fifth). Cross fertilisation is good too.
Once we have started the free and open exchange of information, then slowly the solutions that arise. Once the the solutions start their dance, they will also naturally sort themselves out into various preferences.
Now is the time to recall open exchange. The surfacing of interests early sets the stage for an honest understanding of what benefits who and when. This allows for a fuller resolution of the issues, with shared benefits.
The danger here is that as the prize comes closer, some will realise they can win more than others. There will be a tendency to sink into the mire of politics; you should call these pullbacks by surfacing those as interests. "Yes, Bob does need to deliver a win to his department, but we need to balance that against..."
Recall, there are multiple rounds in the win-win game. Those people who push too hard this time to get their big win will be back in the ring next time, because they want to win again. But then, everyone will recall who made out like bandits and those bandits will suffer, as will the entire group.
This is the Follow-up phase. Because there is a next round, it is important to implement the chosen solution fully and make sure that all the parties enjoyed their benefits. That is, when you go into the next round, if the previous round stopped after the talking, there won't be much point in another round.
Only delivered solutions feed into the next round, and those that deliver the solution will earn more respect in the next round.
That concludes a shockingly brief discussion of the five phases of win-win negotiation, as well as the overall discipline of negotiating itself. It's not quick. It's not sure. Today's title was a bald-faced lie.
I suggest however that win-win is a whole lot more rewarding than anything else on the table.
I'll leave you with three caveats.
There remain more questions than answers, and while I don't want to take all the fun of learning away, I'll tell you where most of them are answered: You need to learn the many, various and peculiar tactics of negotiation. If you ever get a chance to go on a course or browse the net about negotiating, you will find lots of tactics to assist.
Those techniques all fit within the general rubric of negotiating, within the 2x2 of the prisoners' dilemma, within one of the two sides, or in the interaction. It makes a lot of sense to know where they fit within today's context of five phases, or how they assist in the list at the top. Unfortunately, most writings on the subject are weak, so you will have to apply the framework yourself.
Next. Learning negotiation is almost a lifelong quest. It does involve a change in your behaviour, unless you happen to be one of the people who have the skills already beaten into you (pop quiz -- who are they? yes, they exist). Changing behaviour is very tough, especially for techies.
Finally, be aware that win-win will not work with a win-loser. If someone is doing win-lose on you, trying win-win will simply fail. So it is essential for you to learn how to recognise a win-loser. Once you get a feel for the above five phases, you'll find it easy but very frustrating -- instead of sharing and taking risks, they keep attacking and trying to abuse the situation.
If you find yourself in a community, try to bring everyone along at the same speed. There's no point in trying to teach the "leaders" win-win, if the techies are all resorting to their natural state. At the meta-level, this is truly a cooperative effort.
Yesterday, I claimed that leadership in tech teams is more or less down to one thing -- communication. That is the one huge gaping hole in our skills. Now, there are certainly other holes, and deep students of leadership (have you read the Kotter articles yet?) will point them out. My claim here is that the comms hole is so big in tech teams that if you fill that you'll be a happy little vegemite; if you fill any other hole, you'll be justing sucking on salt.
Bang for buck, it is communication that will give you the biggest return on investment. You can see some efforts over at Mozo where Mitchell posts on 8 sessions with staff seeking some understanding at mission. Why? She is seeking to reduce the surface area of the discussions at hand. To do that, she has to get everyone on board; first with the things that Mozilla must do, and then on the things that Mozilla thinks it should do. Bit by bit.
Communication in tech teams however goes way way beyond corporate mission statements.
In essence we as leaders have to unwind the RTFM factor. A leader has to know how to deal with the deep-seated needs of tech people and how to acquire and transmit the information needed for all the people to contribute. The way to deal with this is a little known skill and science called negotiation.
So let's talk about that. First, definition. What is negotiation?
Negotiation is the reaching of agreement, where before there was none, by means of dialogue and communication.
How often do you negotiate? Much more than you think. In fact, almost all difficult discussion falls under the rubic of negotiation. Negotiation occurs whenever there is an issue of contention. It happens when you buy a house, marry, discipline a child, choose a school, pick a restaraunt, ask your boss for help, as well as buying an orange at a fruit market.
Do you disagree? Then we must negotiate. If we do agree on this point, it was an easy negotiation, and maybe you can save yourself the bother of reading further.
Most people think of negotiation as something that happens rarely, when buying something with an uncertain price tag, or trying to get a raise in your job. That is a mistake; negotiation is the process that occurs whenever there is some form of dispute or disagreement that is resolved by discussion.
Most people don't ever get a chance to learn it properly, and pick it up as they go along. For this reason, most people make terrible negotiators. There are a very few naturals, but for the most part, only learning some home truths will set you on the path to real negotiation. There is only one large group in society that has negotiation beaten into them, and they are *not* represented well in the techie field.
So I will ignore them for now, and thrust on. Let's talk negotiation. Let's negotiate some serious talk.
Negotiation divides into two halves: win-win and win-lose. Win-win sits in contrast with win-lose. The two do not go together, and much of ones basic skill is in knowing when each is appropriate, how to move between the two, and stick with the appropriate one. Today's post is really about win-win -- explaining the much over-hyped and misunderstood term of win-win.
The basic principle behind the separation of negotiation into these two components is known as The Prisoners' Dilemma. In this simple problem, two people have to cooperate, but the problem is such that if one of them cheats, that cheater earns a larger payoff.
Who wins? | I lose | I win |
---|---|---|
You lose | (failure) | win-lose |
You Win | win-lose | win-win |
The Prisoner's Dilemma is a game from economics. Do not be scared by this, it is a very simple game, with some wonderful and thought provoking results that explain many complexities in your day to day life. Understanding this game will payoff in many ways -- the first of which is why Frank's suggestion of Reciprocity works!
This problem is a dilemma, because the total payout if we cooperate is higher, but the individual payout if one can successfully cheat is higher for the cheater. Do we cooperate or do we cheat? (These tables will be better on the HTML - click the link). But if we both cheat, we both lose big time.
Payouts: yours / mine | I cheat | I cooperate |
---|---|---|
You cheat | -10 / -10 | 10 / -20 |
You cooperate | -20 / 10 | 5 / 5 |
In the above table, see how if only one of us cheats, the payout for the cheater is high, but the cooperator is punished badly! If we both cooperate, we get less each, but we are both in the positive.
Now add the numbers together - the sum for both of us cooperating is 10, and all of the others squares are summed to much less. So, as a group, we are better off cooperating, and individually, we are better off cheating, but making sure the other does not cheat. Are we saying that we need to cheat, but stop the other person cheating?
Sounds like real life, right?
Classically, we talk about two accused crooks brought in for questioning by the police -- they are the two prisoners in the dilemma. If both of them keep quiet, then both walk, as there is no real evidence of the crime. If one of them blabs, then the other goes to jail for a long time because he also lied, while the blabber gets off lightly for turning evidence. The question is, for you as a crook, how do you stop the other guy blabbing?
What can we do to try and reach the best payoff? How can our two crooks stay out of jail? These are the central questions of negotiation - once answered, they allow a selection of tactics and process that helps achieve the best payoff.
Before we can achieve the best payoff, we must know in which square of the Prisoner's Dilemma we find ourselves. Let's imagine we have decided to go for a group benefit -- the common good. How do two crooks ensure that neither blabs?
Several ways! They could work together and establish trust, by doing lots of heists, one after the other. Alternatively, the two crooks could employ revenge - if Joe blabs and Fred goes to jail, Joe will find the mob chasing him later on. This expands the basic game into a more complex form of game involving external payoffs. Another way is to establish trust via bonds. Maybe marry each other's sister, or owe each other a bounty?
The key then is to create an external context and to add something else to the game. In the first suggestion above, the two crooks expect to do many jobs in the future. So, their combined payoff in the future depends on doing many jobs together, and they can only do that if they keep together as a team. In the second suggestion, they add a future punishment, so that the rules of the game, and the consequent payoffs, are modified to ensure the cheater loses his incentive (see Stag hunt). Finally, they create Family - which is an extended, powerful relationship. Just like a company, or a tribe, or a football team, our two crooks can bond together in a group that carries them past today's challenges.
In simple terms, they can change the payoffs. The more complex solution is to make the game a repeating game. That is, to make each dilemma one of many, so that each cheating payoff has to balance the loss of potential future shared benefits.
And, that is the key to understanding whether one is in a win-win scenario or a win-lose scenario:
Is this the only time we negotiate? Is this the end of the game? Is there another round?
If there is more to come, then you are, basically, in a win-win negotiation session. If there is no more to come, then you are in win-lose.
That's the first and most basic lesson of negotiation.
Am I in win-win or win-lose?
You must ask yourself this question so frequently it becomes second nature. And, this question is often the same as asking
Is this the only time we negotiate, or do we have a future?
As much second nature is your assessment as to whether you, or your negotiating partner, is considering the future or not.
From here, the world forks. You go to either the relationship process of win-win or, you go to the best payoff of win-lose.
Which are you in? If it is not obvious, you will find out if I post again.
Over on Guy's blog I noticed his "The Art of Schmoozing" which concludes with these two crossovers to our local work on favour currencies:
#8 Give favors. One of my great pleasures in life is helping other people; I believe there's a big Karmic scoreboard in the sky. God is keeping track of the good that you do, and She is particularly pleased when you give favors without the expectation of return from the recipient. The scoreboard always pays back. You can also guess that I strongly believe in returning favors for people who have helped you.#9 Ask for the return of favors. Good schmoozers give favors. Good schmoozers also return favors. However, great schmoozers ask for the return of favors. You may find this puzzling: Isn't it better to keep someone indebted to you? The answer is no, and this is because keeping someone indebted to you puts undue pressure on your relationship. Any decent person feels guility and indebted. By asking for, and receiving, a return favor, you clear the decks, relieve the pressure, and set up for a whole new round of give and take. After a few rounds of give and take, you're best friends, and you have mastered the art of schmoozing.
These two points are actually related in game theory. It works like this: negotiation is split into two separate sides (by what is called the prisoner's dilemma, but please save that for another day). These sides are known as win/win and win/lose, and they are like yin and yang.
Most people can figure out what that means just from the titles - when in a win/win we are looking for how we benefit from each other and both come out ahead in the long run. When in win/lose, I try to win at your expense.
Our problem is focussed then on knowing whether we are in win/win or in win/lose. If we are in win/lose, then we definately should walk away from any deal. Schmoozing, in Guy's terms, is pointless in win/lose, because this just gets you deeper into a potential loss. One day, if not today, when you might win.
So how do we determine which we are in? It's not as easy as one would think.
The answer is definately not in words; and in my experience, if someone attempts to impress you with statements like "let's search for the win/win," it's as good a signal that they may be thinking win/lose as win/win. Be careful not to be lulled in by such mere words, as they are stock in trade for the win/loser.
One way to determine is what I think of as the rule of three favours. In this tactic, you offer three unrelated favours to your counter-schmoozer (Guy's #8), and you also put yourself in the position of desiring the return of those favours (see Guy's #9).
But don't desire it too aggresively - the essence here is to see whether the person will accept the favours, and naturally return same when given the opportunity.
Why does this work? It works because win/win and win/lose are very very deep-seated human patterns of behaviour. People are generally either one way or the other. Most people naturally fall into win/lose, probably from childhood battles and the general darwinian environment of the kindergarten. As we grow older and mature some, a lucky few of us discover the higher plain of win/win, and we work hard to develop that attitude.
So if you offer three nice juicy favours to a normal, natural win/lose schoolyard bully, it will be beyond their ability and their understanding to avoid abusing the offering. Which means they will take the favours and not return them. Even if a natural win/loser understands the theory of win/win, he has a choice - either practice win/win at some short term practical and emotional cost, or go with his gut instincts. Either way, he reveals to you whether he is ready for some serious business.
And thus you differentiate your partner. We need to try three times, as one test can be accidental, either way. Two can be a pattern, but three is consensus.
A final tip - don't forget to uncorrelate the favours, so don't mark them all with a pressed flower!