McKinsey: MBAs Are a Fascinating Group to Observe

February 5, 2021

Watching blue chip consulting firms is more enjoyable than visiting a zoo. Here’s a good example of the entertainment value of individuals who strive to apply logic to business. Logic is definitely good, right?

AP Source: McKinsey to Pay $573M for Role in Opioid Crisis” explains that the McKinsey wizards somehow became involved in the “opioid crisis.” Crisis is self explanatory because most people have been ensnared in the Covid Rona thing. But opioid is difficult to appreciate. Think of addiction, crime, prostitution, trashed families, abandoned children, etc. You get the idea.

How could a blue chip consulting firm become involved in crimes which do not appear in the McKinsey collateral, on its Web site, or in its presentations to potential and current clients?

The write up says in the manner of “real” news outfits:

The global business consulting firm McKinsey & Company has agreed to a $573 million settlement over its role in advising companies on how to “supercharge” opioid sales amid an overdose crisis…

I interpret this to mean that the MBAs used their expertise to incentivize those in the legal pharma chain to move product. “Moving product” is a phrase used by narcotics dealers and MBAs alike, I believe.

The “real” news item reports:

McKinsey provided documents used in legal proceedings regarding OxyContin maker Purdue Pharma, including some that describe its efforts to help the company try to “supercharge” opioid sales in 2013, as reaction to the overdose crisis was taking a toll on prescribing. Documents made public in Purdue proceedings last year include include emails among McKinsey.

A wonderful engagement until it wasn’t. Blue chip consulting firms like to write checks to those who generate billable hours. My understanding is that writing checks for unbillable work irritates partners who expect bonuses and adulation for their business acumen.

An allegation of “supercharging” addictive products and producing the secondary effects itemize by me in paragraph two of this post is a bit of a negative. Even worse, the desired secondary effect like a zippy new Porsche conjured up on the Porsche Car Configurator, a position in a new investment fund, or a nice house and land in New Zealand does not arrive.

No word on jail time, but there’s a new administration now. The prostitution, child abandonment, and crime issues may become more consequential now.

Will this become a Harvard case? Who am I kidding? McKinsey in numero uno. Do los narcotraficantes operate with McKinsey’s acumen, logic, and efficiency. Good question.

Stephen E Arnold, February 5, 2021

Security Vendors: Despite Marketing Claims for Smart Software Knee Jerk Response Is the Name of the Game

December 16, 2020

Update 3, December 16, 2020 at 1005 am US Eastern, the White House has activate its cyber emergency response protocol. Source: “White House Quietly Activates Cyber Emergency Response” at The directive is located at this link and verified at 1009 am US Eastern as online.

Update 2, December 16, 2020 at 1002 am US Eastern. The Department of Treasury has been identified as a entity compromised by the SolarWinds’ misstep. Source: US “Treasury, Commerce Depts. Hacked through SolarWinds Compromise” at

Update 1, December 16, 2020, at 950 am US Eastern. The SolarWinds’ security misstep may have taken place in 2018. Source: “SolarWinds Leaked FTP Credentials through a Public GitHub Repo “mib-importer” Since 2018” at

I talked about security theater in a short interview/conversation with a former CIA professional. The original video of that conversation is here. My use of the term security theater is intended to convey the showmanship that vendors of cyber security software have embraced for the last five years, maybe more. The claims of Dark Web threat intelligence, the efficacy of investigative software with automated data feeds, and Bayesian methods which inoculate a client from bad actors— maybe this is just Madison Avenue gone mad. On the other hand, maybe these products and services don’t work particularly well. Maybe these products and services are anchored in what bad actors did yesterday and are blind to the here and now of dudes and dudettes with clever names?

Evidence of this approach to a spectacular security failure is documented in the estimable Wall Street Journal (hello, Mr. Murdoch) and the former Ziff entity ZDNet. Numerous online publications have reported, commented, and opined about the issue. One outfit with a bit of first hand experience with security challenges (yes, I am thinking about Microsoft) reported “SolarWinds Says Hack Affected 18,000 Customers, Including Two Major Government Agencies.”

One point seems to be sidestepped in the coverage of this “concern.” The corrective measures kicked in after the bad actors had compromised and accessed what may be sensitive data. Just a mere 18,000 customers were affected. Who were these “customers”? The list seems to have been disappeared from the SolarWinds’ Web site and from the Google cache. But Newsweek, an online information service, posted this which may, of course, be horse feathers (sort of like security vendors’ security systems?):

Read more

Google Issues Apology To Timnit Gebru

December 15, 2020

Timnit Gebru is one of the world’s leading experts on AI ethics. She formerly worked at Google, where she assembled one of the most diverse Google Brain research teams. Google decided to fire her after she refused to rescind a paper she wrote concerning about risks deploying large language models. Venture Beat has details in the article: “Timnit Gebru: Google’s ‘Dehumanizing’ Memo Paints Me As An Angry Black Woman” and The Global Herald has an interview with Gebru: “Firing Backlash Led To Google CEO Apology: Timnit Gebru.”

Gebru states that the apology was not meant for her, but for the reactions Google received from the fallout of her firing. Gebru’s entire community of associates and friends stay behind her stance of not rescinding her research. She holds her firing up as an example of corporate censorship of unflattering research as well as sexism and racism.

Google painted Gebru as a stereotypical angry black woman and used her behavior as an excuse for her termination. I believe Gebru’s firing has little to do with racism and sexism. Google’s response has more to do with getting rid of an noncompliant cog in their machine, but in order to oust Gebru they relied on stereotypical means and gaslighting.

Google’s actions are disgusting. Organizations treat all types of women and men like this so they can save face and remove unsavory minions. Gaslighting is a typical way for organizations to downplay their bad actions and make the whistleblower the villain.

Gebru’s unfortunate is typical for many, but she offered this advice:

“What I want these women to know is that it’s not in your head. It’s not your fault. You are amazing, and do not let the gaslighting stop you. I think with gaslighting the hardest thing is there’s repercussions for speaking up, but there’s also shame. Like a lot of times people feel shame because they feel like they brought it upon themselves somehow.”

There are better options out there for Gebru and others in similar situations. Good luck to Gebru and others like her!

Whitney Grace, December 15, 2020

Google Allegedly Sucking User Data: Some Factoids from the Taylor Legal Filing

November 16, 2020

I read the legal filing by Taylor et al v. Google. The case is related to Google’s use of personal data for undisclosed reasons without explicit user permission to consume the user’s bandwidth on a mobile network. You can download the 23 page legal document from this link, courtesy of The Register, a UK online information service. Here’s a rundown a few of the factoids  in the document which I found interesting:

  • Google’s suck hundreds of megabytes of data is characterized as a “dirty little secret.” Hundreds of megabytes of data does not seem to me to be “little.”
  • Google allegedly conducts “passive information transfers which are not initiated by any action of the user and are performed without their knowledge.” I think this means taking data surreptitiously.
  • Taking the data uses for fee network connections. I think this means that the user foots the bill for the data sucking.
  • Android has a 54.4 percent of the US smartphone market.
  • The volume of data “transferred” is about nine megabytes per 24 hours when an Android device is stationary and not in active use.

This graphic appears in the filing on page 11:


The big bar shows Google’s data sucking compared to Apple’s.

The document states:

Google has concealed its misappropriate of Plaintiffs’ cellular data.

I wonder if Google’s senior executives are aware of what the Android phones are allegedly doing. Google was not aware of a number of employee activities, most recently the leak of ideas for thwarting EU regulators.

Is this another example of entitlement management; that is, acting in a manner of a high school science club confident in its superiority over lesser mortals?

Stephen E Arnold, November 16, 2020

Amazon Twitch: Inappropriate Behavior? Shocking

October 19, 2020

Gamers are stereotypically portrayed as immature, racist, sexist, and antisocial males. There is truth behind this stereotype, because many gamers are immature, racist, sexist, and antisocial males, but it does not speak for the entire community. The problem with this gamer “archetype” is that the industry does not fall from from this image.

The newest gaming company to be called out for inappropriate behavior is video streaming platform Twitch. has the scoop on Twitch’s poor behavior in the article: “Twitch Staff Call The Company Out On Sexual Assault, Racism, More.”

The Twitch CEO Emmett Shear denounced inappropriate behavior and demanded industry wide change. Despite this supportive bravado, Shear’s company has its own share of poor actions. interviewed former Twitch employees for the article on the condition they remain anonymous. The stories at Twitch echo many toxic workplace stories, but one of the saddest recollections comes from a former HR representative:

“ ‘I’d seen many people go to HR and HR ultimately would not resolve things in favor of the complainant,’ they said. ‘They weren’t a source of support for employees. If anything, they just worked to minimize the complaining person and their complaint. They were always in favor of and working for the person with the most power.’”

Since Twitch began as, abusive behavior has run rampant. Women were not the only victims, ethnic minorities were frequent targets as were LGTBQA members. The problem resides in the typical bro culture atmosphere, where misogyny and racism are deemed as okay. Victim blaming is another aspect of Twitch’s toxic workplace as well as the demand to make more money.

Most, if not all, of these incidents were KOed, because Twitch did not want to lose face or revenue opportunities. Many of the perpetrators were leaders or held important company roles, so they could get away with anything. The company as a whole is a black mark on the gaming industry, but individual employees demonstrated humanity:

“It should be noted that several people we talked to spoke highly of Twitch staffers helping vulnerable co-workers, streamers, or viewers, but all were seen to be acting as individuals going above and beyond rather than acting at the behest of the company or in their role as Twitch employees.”

Twitch’s company culture might have changed since its beginning, but many of the perpetrators still hold leadership roles.

Things might be changing slowly in Silicon Valley as people demand accountability and better work environments. In the meantime, potential victims please do what you can to stay safe. Twitch is Amazon after all.

Whitney Grace, October 19, 2020

Financial Crime: Business As Usual?

September 22, 2020

DarkCyber noted “HSBC Moved Vast Sums of Dirty Money after Paying Record Laundering Fine.” The article makes clear that banks do what banks do: Move money. Why? To make money, earn bonuses, and become a master of the banking universe.

Is anyone surprised? The authors of the write up seem to be. We noted this passage:

The FinCEN Files investigation found that HSBC’s highly profitable branch in Hong Kong played a key role in keeping the dirty money flowing. Although providing only a partial view of HSBC’s suspicious activity reports, the records show that between 2013 and 2017, HSBC’s U.S. compliance staff, who are charged with monitoring customer activity, filed reports lacking crucial customer information on 16 shell companies that had processed nearly $1.5 billion in more than 6,800 transactions through the bank’s Hong Kong operations alone. More than $900 million of that total involved shell companies linked to alleged criminal networks…

Institutions have processes. Once processes kick in, the paper pushing and the employees keep the wheels turning. The “work” is following the “rules” in order to complete tasks. Changing work processes in a large organization is difficult, often impossible. Quibi makes videos few watch. Facebook sells targeted ads across borders based on free flowing data. Successful organizations are successful because individuals find ways to generate profit from tasks others find giant money losers.

The write up hits the problem right between the eyes, stating:

Compliance officers said that the bank did not give them enough time to meaningfully investigate suspicious transactions and that branches outside the U.S. often ignored requests for crucial customer information. They said they were treated as a second-class workforce within the bank, with little power to shut down problematic accounts.

The exposition about the HSBC big bank is a reminder that institutions are, supercharged with online systems, smart software, and people who follow prescribed work procedures. In these efficient organizations, making money is the driver.

Regulators, compliance officers, and employees are unable to take meaningful action. Is it a surprise that “The Risk Makers: Viral Hate, Election Interference, and Hacked Accounts: Inside the Tech Industry’s Decades-Long Failure to Reckon with Risk” reaches an obvious conclusion: Money is the driver.

Consider the question, “What’s gone wrong?”

The answer is, “Nothing.” The system is what regulators, employees, and people want it seems.


  1. A new definition of “crime” may be needed to embrace the reality of institutional behavior
  2. Regulatory authorities struggle to deal with corporate entities which are more impactful than governments
  3. Individuals appear willing to skirt social norms in order to feather their nest and craft a life outside of certain institutions.

Intriguing challenges for the institutions, their employees, and the governments charged with enforcing rules, laws, and mandated behaviors.

Stephen E Arnold, September 23, 2020

Palantir: Planning Ahead

September 4, 2020

I read “In Amended Filing, Palantir Admits It Won’t Have Independent Board Governance for Up to a Year.” The legal tap dancing is semi-interesting. Palantir wants money and control. I understand that motive. The company — despite its sudden interest in becoming a cowboy — has Silicon Valley roots.


What’s fascinating is that the company was founded in 2004, although I have seen references to 2003. No big deal. Just a detail. The key point is that the company has been talking about an initial public offering for years.

The write up explains that after submitting an S-1 form to the Securities & Exchange Commission, Palantir submitted a revised  or amended S-1. For a firm which provides intelware and policeware to government agencies, planning and getting one’s ducks in a row seem to be important attributes.

Did Palantir just dash off the first S-1 at Philz Coffee? Then did some bright young stakeholder say, “Yo, dudes, we need to make sure we keep control. You know like the Zuck.”

After 16 years in business and burning through a couple of tractor trailers filled with cash, it seems untoward to submit a revision hard on the heels of an SEC S-1 filing.

Careless, disorganized, or what the French call l’esprit d’escalier strikes me as telling.


  1. The resubmission suggests carelessness and flawed management processes
  2. The action raises the question, “Are these Silicon Valley cowboys getting desperate for an exist?”
  3. For a low profile outfit engaged in secret work for some of its clients, public actions increase the scrutiny on a company which after a decade and a half is not profitable.

Interesting behavior from from Palantirians. Did the seeing stone suffer a power outage?

Stephen E Arnold, September 4, 2020

Facebook: High School Science Club Management in Action

September 3, 2020

The online information service Mashable published a headline which tells the story. And the story is a Dusie if accurate: “Mark Zuckerberg Blames Facebook Contractors for Kenosha Militia Fiasco.” The article states:

When it comes to mistakenly allowing a militia’s event page to remain on Facebook, even after concerned users reported it at least 455 times, Mark Zuckerberg wants you to know that the buck stops with his contractors.

The essence of the high school science club management method is to infuse entitlement and arrogance with a pinch of denial. The write up notes:

According to Zuckerberg, the reason Facebook chose to tacitly approve an event page that, by his own admission, violated the site’s own rules, is because the non-Facebook employees tasked with enforcing his company’s Byzantine policies didn’t understand them well enough.

The HSSC approach to management may be institutionalized in some Silicon Valley type outfits. That’s super, right? The elite science club is never wrong; for example, “It is not our fault that the stink bomb triggered smoke alarms and two students were hurt rushing from the building.”

Stephen E Arnold, September 3, 2020

Smart Software: Automating Duplicitous Behavior

August 31, 2020

Dark patterns in software can be found. What about dark patterns in artificial intelligence libraries and apps? The problem is likely to be difficult if not impossible, particularly if those trying to figure out the AI’s process are not well informed.

All That Glitters Is Not Gold: Misuse of AI by Big Tech Can Harm Developing Countries” provides some information into a facet of smart software not often considered by users, API users, or regulators. The write up states:

The biggest concern with AI is a lack of governance, which gives large companies (popularly called as the “Big Tech”) unlimited access to private data.

That’s a safe statement. The write up continues:

In his study, Dr, Truby [Qatar University] discusses three examples to show how unregulated AI can be detrimental to SDGs. To begin with, he focuses on SDG 16, a goal that was developed to tackle corruption, organized crime, and terrorism. He explains that because AI is commonly used in national security databases, it can be misused by criminals to launder money or organize crime. This is especially relevant in developing countries, where input data may be easily accessible because of poor protective measures. Dr Truby suggests that, to prevent this, there should be a risk assessment at each stage of AI development. Moreover, the AI software should be designed such that it is inaccessible when there is a threat of it being hacked. Such restrictions can minimize the risk of hackers obtaining access to the software.

According to the write up, Dr. Truby asserts:

He concludes, “The risks of AI to the society and the possible detriments to sustainable development can be severe if not managed correctly. On the flip side, regulating AI can be immensely beneficial to development, leading to people being more productive and more satisfied with their employment and opportunities.”

Scrutiny is likely in some countries. In others, the attitude is, “How are my investments doing today?”

Stephen E Arnold, August 31, 2020

Hippy Dippy New Age Insight: Ads Are Numerous

July 30, 2020

I want to keep this brief. The number of ads is increasing. Avoiding them is difficult. Why? Zero controls, zero social responsibility, and zero regulatory oversight.

I Was Horrified at How Many Ads the New Brave Browser and VPN for iOS Blocked” is amusing because it reveals the lack of awareness of the zip zip mobile world in which some hippy dippy New Age “real” news publications thrive.

The article states:

I visited a few of my favorite sites and then was promptly horrified when it told me that in about 3 minutes of browsing, it had blocked 107 ads and trackers and given me 2 HTTPS upgrades. Supposedly, this saved me five seconds of my life.

Not for long. Online advertisers share some DNA with bad actors creating novel malware. One difference: Law enforcement pursues the malware wizards. Online advertising outfits get invited to testify to a Congressional committee.

Stephen E Arnold, July 30, 2020

Next Page »

  • Archives

  • Recent Posts

  • Meta