" /> net.wars: December 2010 Archives

« November 2010 | Main | January 2011 »

December 31, 2010

Good, bad, ugly...the 2010 that was

Every year deserves its look back, and 2010 is no exception. On the good side, the younger generation beginning to enter politics is bringing with it a little more technical sense than we've had in government before. On the bad side, the year's many privacy scandals reminded us all how big a risk we take in posting as much information online as we do. The ugly...we'd have to say the scary new trends in malware. Happy New Year.

By the numbers:

$5.3 billion: the Google purchase offer that Groupon turned down. Smart? Stupid? Shopping and social networks ought to mix combustibly (and could hit local newspapers and their deal flyers), but it's a labor-intensive business. The publicity didn't hurt: Groupon has now managed to raise half a billion dollars on its own. They aren't selling anything we want to buy, but that doesn't seem to hurt Wal-Mart or McDonalds.

$497 million: the amount Harvard scientists Tyler Moore and Benjamin Edelman estimate that Google is earning from "typosquatting". Pocket change, really: Google's 2009 revenues were $23 billion. But still.

15 million (estimated): number of iPads sold since its launch in May. It took three decades of commercial failures for someone to finally launch a successful tablet computer. In its short life the iPad has been hailed and failed as the savior of print publications, and halved Best Buy's laptop sales. We still don't want one - but we're keyboard addicts, hardly its target market.

250,000: diplomatic cables channeled to Wikileaks. We mention this solely to enter The Economist's take on Bruce Sterling's take into the discussion. Wikileaks isn't at all the crypto-anarchy that physicist Timothy C. May wrote about in 1992. May's essay imagined the dark uses of encrypted secrecy; Wikileaks is, if anything, the opposite of it.

500: airport scanners deployed so far in the US, at an estimated cost of $80 million. For 2011, Obama has asked for another $88 million for the next round of installations. We'd like fewer scanners and the money instead spent on...well, almost anything else, really. Intelligence, perhaps?

65: Percentage of Americans that Pew Internet says have paid for Internet content. Yeah, yeah, including porn. We think it's at least partly good news.

58: Number of investigations (countries and US states) launched into Google's having sniffed approximately 600Gb of data from open WiFi connections, which the company admitted in May. The progress of each investigation is helpfully tallied by SearchEngineLand. Note that the UK's ICO's reaction was sufficiently weak that MPs are complaining.

24: Hours of Skype outage. Why are people writing about this as though it were the end of Skype? It was a lot more shocking when it happened to AT&T in 1990 - in those days, people only had one phone number!

5: number of years I've wished Google would eliminate useless shopping aggregator sites from its search results listings. Or at least label them and kick them to the curb.

2: Facebook privacy scandals that seem to have ebbed leaving less behavorial change than we'd like in their wake. In January, Facebook founder and CEO Mark Zuckerberg opined that privacy is no longer a social norm; in May the revamped its privacy settings to find an uproar in response (and not for the first time). Still, the service had 400 million users at the beginning of 2010 and has more than 500 million now. Resistance requires considerable anti-social effort, though the cool people have, of course, long fled.

1: Stuxnet worm. The first serious infrastructure virus. You knew it had to happen.

In memoriam:

- Kodachrome. The Atlantic reports that December 30, 2010 saw the last-ever delivery of Kodak's famous photographic film. As they note, the specific hues and light-handling of Kodachrome defined the look of many decades of the 20th century. Pause to admire The Atlantic's selection of the 75 best pictures they could find: digital has many wonderful qualities, but these seem to have a three-dimensional roundness you don't see much any more. Or maybe we just forget to look.

- The 3.5in floppy disk. In April, Sony announced it would stop making the 1.4Mb floppy disk that defined the childhoods of today's 20-somethings. The first video clip I ever downloaded, of the exploding whale in Oregon (famed of Web site and Dave Barry column), required 11 floppy disks to hold it. You can see why it's gone.

- Altavista: A leaked internal memo puts Altavista on Yahoo!'s list of services due for closure. Before Google, Altavista was the best search engine by a long way, and if it had focused on continuing to improve its search algorithms instead of cluttering up its front page in line with the 1995 fad for portals it might be still. Google's overwhelming success had as much to do with its clean, fast-loading design as it did with its superior ability to find stuff. Altavista also pioneered online translation with its Babelfish (and don't you have to love a search engine that quotes Douglas Adams?).

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

December 24, 2010

Random acts of security

When I was in my 20s in the 1970s, I spent a lot of time criss-crossing the US by car. One of the great things about it, as I said to a friend last week, was the feeling of ownership that gave me wherever I was: waking up under the giant blue sky in Albuquerque, following the Red River from Fargo to Grand Forks, or heading down the last, dull hour of New York State Thruway to my actual home, Ithaca, NY, it was all part of my personal backyard. This, I thought many times, is my country!

This year's movie (and last year's novel) Up in the Air highlighted the fact that the world's most frequent flyers feel the same way about airports. When you've traversed the same airports so many times that you've developed a routine it's hard not to feel as smug as George Clooney's character when some disorganized person forgets to take off her watch before going through the metal detector. You, practiced and expert, slide through smoothly without missing a beat. The check-in desk staff and airline club personnel ask how you've been. You sit in your familiar seat on the plane. You even know the exact moment in the staff routine to wander back to the galley and ask for a mid-flight cup of tea.

Your enemy in this comfortable world is airport security, which introduces each flight by putting you back in your place as an interloper.

Our equivalent back then was the Canadian border, which we crossed in quite isolated places sometimes. The border highlighted a basic fact of human life: people get bored. At the border crossing between Grand Forks, ND and Winnipeg, Manitoba, for example, the guards would keep you talking until the next car hove into view. Sometimes that was one minute, sometimes 15.

We - other professional travelers and I - had a few other observations. If you give people a shiny, new toy they will use it, just for the novelty. One day when I drove through Lewiston-Queenston they had drug-sniffing dogs on hand to run through and around the cars stopped for secondary screening. Fun! I was coming back from a folk festival in a pickup truck with a camper on the back, so of course I was pulled over. Duh: what professional traveler who crosses the border 12 times a year risks having drugs in their car?

Cut to about a week ago, at Memphis airport. It was 10am on a Saturday, and the traffic approaching the security checkpoint was very thin. The whole body image scanners - expensive, new, the latest in cover-your-ass-ness - are in theory only for secondary screening: you go through them if you alarm the metal detectors or are randomly selected.

How does that work? When there's little traffic everyone goes through the scanner. For the record, I opted out and was given an absolutely professional and courteous pat-down, in contrast to the groping reports in the media for the last month. Yes: felt around under my waistband and hairline. No: groping. You've got to love the Net's many charming inhabitants: when I posted this report to a frequent flyer forum a poster hazarded that I was probably old and ugly.

My own theory is simply that it was early in the day, and everyone was rested and fresh and hadn't been sworn at a whole lot yet. So no one was feeling stressed out or put-upon by a load of uppity, obnoxious passengers.

It seems clear, however, that if you wanted to navigate security successfully carrying items that are typically unwanted on a flight, your strategy for reducing the odds of attracting extra scrutiny would be fairly simple, although the exact opposite of what experienced (professional) travelers are in the habit of doing:

- Choose a time when it's extremely crowded. Scanners are slower than metal detectors, so the more people there are the smaller the percentage going through them. (Or study the latest in scanner-defeating explosives fashions.)

- Be average and nondescript, someone people don't notice particularly or feel disposed to harass when they're in a bad mood. Don't be a cute, hot young woman; don't be a big, fat, hulking guy; don't wear clothes that draw the eye: expensive designer fashions, underwear, Speedos, a nun's habit (who knows what that could hide? and anyway isn't prurient curiosity about what could be under there a thing?).

- Don't look rich, powerful, special, or attitudinous. The TSA is like a giant replication of Stanley Milgram's experiment. Who's the most fun to roll over? The business mogul or the guy just like you who works in a call center? The guy with the video crew spoiling for a fight, or the guy who treats you like a servant? The sexy young woman who spurned you in high school or the crabby older woman like your mean second-grade teacher? Or the wheelchair-bound or medically challenged who just plain make you uncomfortable?

- When you get in line, make sure you're behind one or more of the above eye-catching passengers.

Note to TSA: you think the terrorists can't figure this stuff out, too? The terrorist will be the last guy your agents will pick for closer scrutiny.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

December 17, 2010

Sharing values

And then they came for Google...

The notion that the copyright industries' war on file-sharing would eventually rise to the Google level of abstraction used to be a sort of joke. It was the kind of thing the owners of torrent search sites (and before them, LimeWire and Gnutella nodes) said as an extreme way of showing how silly the whole idea was that file-sharing could be stamped out by suing people. It was the equivalent in airport terms of saying, "What are they going to do? Have us all fly naked?"

This week, it came true. You can see why: the British Phonographic Institute's annual report cites research it commissioned from Harris Interactive showing that 58 percent of "illegal downloaders" used Google to find free music. (Of course, all free music is not unauthorized copies of music, but we'll get to that in a minute.)

The rise of Google in particular (it has something like 90 percent of the UK market, somewhat less in the US) and search engines in general as the main gateway through which people access the Internet made it I think inevitable that at some point the company would become a focus for the music industry. And Google is responding, announcing on December 2 that it would favor authorized content in its search listings and remove prevent "terms closely related with piracy" from appearing in AutoComplete.

Is this censorship? Perhaps, but I find it hard to get too excited about, partly because Autocomplete is the annoying boor who's always finishing my sentences wrongly, partly because having to type "torrent" doesn't seem like much of a hardship, and partly because I don't believe this action will make much of a difference. Still, as Google's design shifts more toward the mass market, such subtle changes will create ever-larger effects.

I would be profoundly against demonizing file-sharing technology by making it technically impossible to use Google to find torrent/cyber locker/forum sites - because such sites are used for many other things that have nothing to do with distributing music - but that's not what's being talked about here. It's worth noting, however, that this is (yet another) example of Google's double standards when it comes to copyright. Obliging the music industry's request costs them very little and also creates the opportunity to nudge its own YouTube a little further up the listings. Compare and contrast, however, to the company's protracted legal battle over its having digitized and made publicly available millions of books without the consent of the rights holders.

If I were the music industry I think I'd be generally encouraged by the BPI's report. It shows that paid, authorized downloads are really beginning to take off; digital now accounts for nearly 25 percent of UK record industry revenues. Harris Interactive found that approximately 7.7 million people in the UK continue to download music "illegally". Jupiter Research estimated the foregone revenues at £219 million. The BPI's arithmetic estimates that paid, authorized downloads represent about a quarter of all downloads. Seems to me that's all moving in the right direction - without, mind you, assistance from the draconian Digital Economy Act.

The report also notes the rise of unauthorized, low-cost pay sites that siphon traffic away from authorized pay services. These are, to my view, the equivalent of selling counterfeit CDs, and I have no problem with regarding them as legitimately lost sales or seeing them shut down.

Is the BPI's glass half-empty or half-full? I think it's filling up, just like we told them it would. They are progressively competing successfully with free, and they'd be a lot further along that path if they had started sooner.

As a former full-time musician with many friends still in the trade, it's hard to argue that encouraging people towards services that pay the artist at the expense of those that don't is a bad principle. What I really care about is that it should be as easy to find Andy Cohen playing "Oh, Glory" as it is to find Lady Gaga singing anything. And that's an area where the Internet is the best hope for parity we've ever had; as a folksinger friend of mine said a couple of years back, "The music business never did anything for us."

I've been visiting Cohen this week, and he's been explicating the German sociologist Ferdinand Tönnies' structure, with the music business as gesellschaft (society) versus folk music as community (gemeinschaft)

"Society has rules, communities have customs," he said last night. "When a dispute over customs has to be adjudicated, that's the border of society." Playing music for money comes under society's rules - that is, copyright. But for Cohen, a professional musician for more than 40 years with multiple CDs, music is community.

We've been driving around Memphis visiting his friends, all of whom play themselves, some easily, some with difficulty. Music is as much a part of their active lives as breathing. This is a fundamental disconnect from the music industry, which sees us all as consumers and every unpaid experience of music as a lost sale, This is what "sharing music" really means: playing and singing together - wherever.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

December 10, 2010

Payback

A new word came my way while I was reviewing the many complaints about the Transportation Security Administration and its new scanner toys and pat-down procedures: "Chertoffed". It's how "security theater" (Bruce Schneier's term) has transformed the US since 2001.

The description isn't entirely fair to Chertoff, who was only the *second* head of the Bush II-created Department of Homeland Security and has now been replaced: he served from 2005-2009. But since he's the guy who began the scanner push and also numbers scanner manufacturers among the clients of his consultancy company, The Chertoff Group - it's not really unfair either.

What do you do after defining the travel experience of a generation? A little over a month ago, Chertoff showed up at London's RSA Data Security conference to talk about what he thought needed to happen in order to secure cyberspace. We need, he said, a doctrine to lay out the rules of the road for dealing with cyber attacks and espionage - the sort of thing that only governments can negotiate. The analogy he chose was to the doctrine that governed nuclear armament, which he said (at the press Q&A) "gave us a very stable, secure environment over the next several decades."

In cyberspace, he argued, such a thing would be valuable because it makes clear to a prospective attacker what the consequences will be. "The greatest stress on security is when you have uncertainty - the attacker doesn't know what the consequences will be and misjudges the risk." The kinds of things he wants a doctrine to include are therefore things like defining what is a proportionate response: if your country is on the receiving end of an attack from another country that's taking out the electrical power to hospitals and air traffic control systems with lives at risk, do you have the right to launch a response to take out the platform they're operating from? Is there a right of self-defence of networks?

"I generally take the view that there ought to be a strong obligation on countries, subject to limitations of practicality and legal restrictions, to police the platforms in their own domains," he said.

Now, there are all sorts of reasons many techies are against government involvement - or interference - in the Internet. First and foremost is time: the World Summit on the Information Society and its successor, the Internet Governance Forum, have taken years to do...no one's quite sure what, while the Internet's technology has gone on racing ahead creating new challenges. But second is a general distrust, especially among activists and civil libertarians. Chertoff even admitted that.

"There's a capability issue," he said, "and a question about whether governments put in that position will move from protecting us from worms and viruses to protecting us from dangerous ideas."

This was, of course, somewhat before everyone suddenly had an opinion about Wikileaks. But what has occurred since makes that distrust entirely reasonable: give powerful people a way to control the Net and they will attempt to use it. And the Net, as in John Gilmore's famous aphorism, "perceives censorship as damage and routes around it". Or, more correctly, the people do.

What is incredibly depressing about all this is watching the situation escalate into the kind of behavior that governments have quite reasonably wanted to outlaw and that will give ammunition to those who oppose allowing the Net to remain an open medium in which anyone can publish. The more Wikileaks defenders organize efforts like this week's distributed denial-of-service attacks, the more Wikileaks and its aftermath will become the justification for passing all kinds of restrictive laws that groups like the Electronic Frontier Foundation and the Open Rights Group have been fighting against all along.

Wikileaks itself is staying neutral on the subject, according to the statement on its (Swiss) Web site: Wikileaks spokesman Kristinn Hrafnsson said: "We neither condemn nor applaud these attacks. We believe they are a reflection of public opinion on the actions of the targets."

Well, that's true up to a point. It would be more correct to say that public opinion is highly polarized, and that the attacks are a reflection of the opinion of a relatively small section of the public: people who are at the angriest end of the spectrum and have enough technical expertise to download and install software to make their machines part of a botnet - and not enough sense to realize that this is a risky, even dangerous, thing to do. Boycotting Amazon.com during its busiest time of year to express your disapproval of its having booted Wikileaks off its servers would be an entirely reasonable protest. Vandalism is not. (In fact the announced attack on Amazon's servers seems not to have succeeded, though others have.

I have written about the Net and what I like to call the border wars between cyberspace and real life for nearly 20 years. Partly because it's fascinating, partly because when something is new you have a real chance to influence its development, and partly because I love the Net and want it to fulfill its promise as a democratic medium. I do not want to have to look back in another 20 years and say it's been "Chertoffed". Governments are already mad about the utterly defensible publication of the cables; do we have to give them the bullets to shoot us with, too?

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

December 3, 2010

Open diplomacy

Probably most people have by now lived through the embarrassment of having a (it was intended to be) private communication made public. The email your fingers oopsishly sent to the entire office instead of your inamorata; the drunken Usenet postings scooped into Google's archive; the direct Tweet that wound up in the public timeline; the close friend your cellphone pocket-dialed while you were trashing them.

Most of these embarrassments are relatively short-lived. The personal relationships that weren't already too badly damaged recover, if slowly. Most of the people who get the misdirected email are kind enough to delete it and never mention it again. Even the stock market learns to forgive those drunken Usenet postings; you may be a CEO now but you were only a frat boy back then.

But the art of government-level diplomacy is creating understanding, tolerance, and some degree of cooperation among people who fundamentally distrust each other and whose countries may have substantial, centuries-old reasons why that is utterly rational. (Sometimes these internecine feuds are carried to extremes: would you buy from a store that filed Greek and Turkish DVDs in the same bin?) It's hardly surprising if diplomats' private conversations resemble those of Hollywood agents, telling each person what they want to hear about the others and maneuvering them carefully to get the desired result. And a large part of that desired result is avoiding mass destruction through warfare.

For that reason, it's hard to simply judge Wikileaks' behavior by the standard of our often-expressed goal of open data, transparency, accountability, and net.freedoms. Is there a line? And where do you draw it?

In the past, it was well-established news organizations who had to make this kind of decision - the New York Times and the Washington Post regarding the Pentagon Papers, for example. Those organizations, rooted in a known city in a single country, knew that mistakes would see them in court; they had reputations, businesses, and personal liberty to lose. As Jay Rosen: the world's first stateless news organization. (culture, laws, norms) - contract with those who have information that can submit - will encrypt to disguise source from us as well as others - and publish - can't subpoena because stateless. Failure of the watchdog press under George Bush and anxiety on part of press derived from denial of their own death.

Wikileaks wasn't *exactly* predicted by Internet pioneers, but it does have its antecedents and precursors. Before collaborative efforts - wikis - became commonplace on the Web there was already the notion of bypassing the nation-state to create stores of data that could not be subjected to subpoenas and other government demands. There was the Sealand data bunker. There was physicist Timothy May's Crypto Anarchist Manifesto, which posited that, "Crypto anarchy will allow national secrets to be trade freely and will allow illicit and stolen materials to be traded."

Note, however, that a key element of these ideas was anonymity. Julian Assange has told Guardian readers that in fact he originally envisioned Wikileaks as an anonymous service, but eventually concluded that someone must be responsible to the public.

Curiously, the strand of Internet history that is the closest to the current Wikileaks situation is the 1993-1997 wrangle between the Net and Scientology, which I wrote about for Wired in 1995. This particular net.war did a lot to establish the legal practices still in force with respect to user-generated content: notice and takedown, in particular. Like Wikileaks today, those posting the most closely guarded secrets of Scientology found their servers under attack and their material being taken down and, in response, replicated internationally on mirror sites to keep it available. Eventually, sophisticated systems were developed for locating the secret documents wherever they were hosted on a given day as they bounced from server to server (and they had to do all that without the help of Twitter. Today, much of the gist is on Wikipedia. At the time, however, calling it a "flame war with real bullets" wasn't far wrong: some of Scientology's fiercest online critics had their servers and/or homes raided. When Amazon removed Wikileaks from its servers because of "copyright", it operated according to practices defined in response to those Scientology actions.

The arguments over Wikileaks push at many other boundaries that have been hotly disputed over the last 20 years. Are they journalists, hackers, criminals, or heroes? Is Wikileaks important because, as NYU professor Jay Rosen points out, journalism has surrendered its watchdog role? Or because it is posing, as Techdirt says, the kind of challenge to governments that the music and film industries have already been facing? On a technical level, Wikileaks is showing us the extent to which the Internet can still resist centralised control.

A couple of years ago, Stefan Magdalinski noted the "horse-trading in a fairly raw form" his group of civic hackers discovered when they set out to open up the United Nations proceedings - another example of how people behave when they think no one is watching. Utimately governments will learn to function in a world in which they cannot trust that anything is secret, just as they had to learn to cope with CNN (PDF)

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.