Main

December 16, 2022

A garden of snakes

Thumbnail image for Thumbnail image for coyote-roadrunner-cliff.pngIt's hard to properly enjoy I-told-you-so schadenfreude when you know, from Juan Vargas (D-CA)'s comments this week, that disproportionately the people most affected by the latest cryptocurrency collapse are those who can least afford it. What began as a cultish libertarian desire to bypass the global financial system became a vector for wild speculation, and is now the heart of a series of collapsing frauds.

From the beginning, I've called bitcoin and its sequels as "the currency equivalent of being famous for being famous". Crypto(currency) fans like to claim that the world's fiat currencies don't have any underlying value either, but those are backed by the full faith and credit of governments and economies. Logically, crypto appeals most to those with the least reason to trust their governments: the very rich who resent paying taxes and those who think they have nothing to lose.

This week the US House and Senate both held hearings on the collapse of cryptocurrency exchange and hedge fund FTX and its deposed, arrested, and charged CEO Sam Bankman-Fried. The key lesson: we can understand the main issues surrounding FTX and its fellow cryptocurrency exchanges without understanding either the technical or financial intricacies.

A key question is whether the problem is FTX or the entire industry. Answers largely split along partisan lines. Republican member chose FTX, and tended to blame Securities and Exchange Commission chair Gary Gensler. Democrats were more likely to condemn the entire industry.

As Jesús G. "Chuy" García (D-IL) put it, "FTX is not an anomaly. It's not just one corrupt guy stealing money, it's an entire industry that refuses to comply with existing regulation that thinks it's above the law." Or, per Brad Sherman (D-CA), "My fear is that we'll view Sam Bankman-Fried as just one big snake in a crypto garden of Eden. The fact is, crypto is a garden of snakes."

When Sherrod Brown (D-OH) asked whether FTX-style fraud existed at other crypto firms, all four expert speakers said yes.

Related is the question of whether and how to regulate crypto, which begins with the problem of deciding whether crypto assets are securities under the decades-old Howey test. In its ongoing suit against Ripple, Gensler's SEC argues for regulation as securities. Lack of regulation has enabled crypto "innovation" - and let it recreate practices long banned in traditional financial markets. For an example see Ben McKenzie's and Jacob Silverman's analysis of leading crypto exchange Binance's endemic conflicts of interest and the extreme risks it allows customers to take that are barred under securities regulations.

Regulation could correct some of this. McKenzie gave the Senate committee numbers: fraudulent financier Bernie Madoff had 37,000 clients; FTX had 32 times that in the US alone. The collective lost funds of the hundreds of millions of victims worldwide could be ten times bigger than Madoff.

But: would regulating crypto clean up the industry or lend it legitimacy it does not deserve? Skeptics ask this about alt-med practitioners.

Some background. As software engineer Stephen Diehl explains in his new book, Popping the Crypto Bubble, securities are roughly the opposite of money. What you want from money is stability; sudden changes in value spark cost-of-living crises and economic collapse. For investors, stability is the enemy: they want investments' value to go up. The countervailing risk is why the SEC's requires companies offering securities to publish sufficient truthful information to enable investors to make a reasonable assessment.

In his book, Diehl compares crypto to previous bubbles: the Internet, tulips, the railways, the South Sea. Some, such as the Internet and the railways, cost early investors fortunes but leave behind valuable new infrastructure and technologies on which vast new industries are built. Others, like tulips, leave nothing of new value. Diehl, like other skeptics, believes cryptocurrencies are like tulips.

The idea of digital cash was certainly not new in 2008, when "Satoshi" published their seminal paper on bitcoin; the earliest work is usually attributed to David Chaum, whose 1982 dissertation contained the first known proposal for a blockchain protocol, proposed digital cash in a 1983 paper, and set up a company to commercialize digital cash in 1990 - way too early. Crypto's ethos came from the cypherpunks mailing list, which was founded in 1992 and explored the idea of using cryptography to build a new global financial system.

Diehl connects the reception of Satoshi's paper to its timing, just after the 2007-2008 financial crisis. There's some logic there: many have never recovered.

For a few years in the mid-2010s, a common claim was that cryptocurrencies were bubbles but the blockchain would provide enduring value. Notably disagreeing was Michael Salmony, who startled the 2016 Tomorrow's Transactions Forum by saying the blockchain was a technology in search of a solution. Last week, IBM and Maersk announced they are shutting down their enterprise blockchain because, Dan Robinson writes at The Register, despite the apparently idea use case, they couldn't attract industry collaboration.

More recently we've seen the speculative bubble around NFTs, but otherwise we've heard only about their wildly careening prices in US dollars and the amount of energy mining them consumes. Until this year, when escalating crashes and frauds are taking over. Distrust does not build value.


Illustrations: The Warner Brothers coyote, realizing he's standing on thin air.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

July 15, 2022

Online harms

boris-johnson-on-his-bike-European-Cycling-Federation-370.jpgAn unexpected bonus of the gradual-then-sudden disappearance of Boris Johnson's government, followed by his own resignation, is that the Online Safety bill is being delayed until after Parliament's September return with a new prime minister and, presumably, cabinet.

This is a bill almost no one likes - child safety campaigners think it doesn't go far enough; digital and human rights campaigners - Big Brother Watch, Article 19, Electronic Frontier Foundation, Open Rights Group, Liberty, a coalition of 16 organizations (PDF) - because it threatens freedom of expression and privacy while failing to tackle genuine harms such as the platforms' business model; and technical and legal folks because it's largely unworkable.

The DCMS Parliamentary committee sees it as wrongly conceived. The he UK Independent Reviewer of Terrorism Legislation, Jonathan Hall QC, says it's muzzled and confused. Index on Censorship calls it fundamentally broken, and The Economist says it should be scrapped. The minister whose job it has been to defend it, Nadine Dorries (C-Mid Bedfordshire), remains in place at the Department for Culture, Media, and Sport, but her insistence that resigning-in-disgrace Johnson was brought down by a coup probably won't do her any favors in the incoming everything-that-goes-wrong-was-Johnson's-fault era.

In Wednesday's Parliamentary debate on the bill, the most interesting speaker was Kirsty Blackman (SNP-Aberdeen North), whose Internet usage began 30 years ago, when she was younger than her children are now. Among passionate pleas that her children should be protected from some of the high-risk encounters she experienced, was: "Every person, nearly, that I have encountered talking about this bill who's had any say over it, who continues to have any say, doesn't understand how children actually use the Internet." She called this the bill's biggest failing. "They don't understand the massive benefits of the Internet to children."

This point has long been stressed by academic researchers Sonia Livingstone and Andy Phippen, both of whom actually do talk to children. "If the only horse in town is the Online Safety bill, nothing's going to change," Phippen said at last week's Gikii, noting that Dorries' recent cringeworthy TikTok "rap" promoting the bill focused on platform liability. "The liability can't be only on one stakeholder." His suggestion: a multi-pronged harm reduction approach to online safety.

UK politicians have publicly wished to make "Britain the safest place in the world to be online" all the way back to Tony Blair's 1997-2007 government. It's a meaningless phrase. Online safety - however you define "safety" - is like public health; you need it everywhere to have it anywhere.

Along those lines, "Where were the regulators?" Paul Krugman asked in the New York Times this week, as the cryptocurrency crash continues to flow. The cryptocurrency market, which is now down to $1 trillion from its peak of $3 trillion, is recapitulating all the reasons why we regulate the financial sector. Given the ongoing collapses, it may yet fully vaporize. Krugman's take: "It evolved into a sort of postmodern pyramid scheme". The crash, he suggests, may provide the last, best opportunity to regulate it.

The wild rise of "crypto" - and the now-defunct Theranos - was partly fueled by high-trust individuals who boosted the apparent trustworthiness of dubious claims. The same, we learned this week was true of Uber 2014-2017, Based on the Uber files,124,000 documents provided by whistleblower Mark MacGann, a lobbyist for Uber 2014-2016, the Guardian exposes the falsity of Uber's claims that its gig economy jobs were good for drivers.

The most startling story - which transport industry expert Hubert Horan had already published in 2019 - is the news that the company paid academic economists six-figure sums to produce reports it could use to lobby governments to change the laws it disliked. Other things we knew about - for example, Greyball, the company's technology denying regulators and police rides so they couldn't document Uber's regulatory violations and Uber staff's abuse of customer data - are now shown to have been more widely used than we knew. Further appalling behavior, such as that of former CEO Travis Kalanick, who was ousted in 2017, has been thoroughly documented in the 2019 book, Super Pumped, by Mike Isaac, and the 2022 TV series based on it, Super Pumped.

But those scandals - and Thursday/s revelation that 559 passengers are suing the company for failing to protect them from rape and assault by drivers - aren't why Horan described Uber as a regulatory failure in 2019. For years, he has been indefatigably charting Uber's eternal unprofitability. In his latest, he notes that Uber has lost over $20 billion since 2015 while cutting driver compensation by 40%. The company's share price today is less than half its 2019 IPO price of $45 - and a third of its 2021 peak of $60. The "misleading investors" kind of regulatory failure.

So, returning to the Online Safety bill, if you undermine existing rights and increase the large platforms' power by devising requirements that small sites can't meet *and* do nothing to rein in the platforms' underlying business model...the regulatory failure is built in. This pause is a chance to rethink.

Illustrations: Boris Johnson on his bike (European Cyclists Federation via Wikimedia).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

July 1, 2022

Negative externalities

There are plenty of readily available reasons why everything is suddenly so much more expensive: pandemic-blighted supply chains, staff shortages, rising energy prices that push everything else up, the war in Ukraine, monopolistic consolidation that has created a "profits-inflation spiral", per Matt Stoller, and, in the UK, Brexit. But there's another factor also at work: the rising cost of capital.

Throughout the last 15 years of low interest rates, venture capitalists have, by pouring funding into money-losing technology-adjacent companies, been funding what some have called the "millennial lifestyle". I doubt it's limited to millennials; people of all ages have taken advantage of what has been an era of predatory loss-leading pricing intended to undercut the competition until it goes away and they can raise prices.

Amazon did not invent this tactic, but it may have been the first web company to really exploit it. It lost money the first five years it was a public company, and again at other times in its history. Cheap prices were an important part of getting people to use the site; Bezos famously chose its Seattle location to avoid sales taxes on the books it began with. As long ago as 2014, however, people had begun warning that it was now often the more expensive option. And, these days, its search results are full of clutter, ads, "sponsored products", and weird brand names.

I began using Amazon so early in its history that I have an insulated mug the company sent its customers one mid-1990s Christmas. These days, I sometimes go for months at a time without using it.

It's not easy because, as "honest broker" Ted Gioia points out, the long tail Chris Anderson touted in 2004, first in a Wired article and then in a book, doesn't really work. Instead of niche products dominating the market, we continue to have blockbusters and what Gioia calls the "short tail". Companies like Netflix and Amazon, who made their names selling the widest possible range, have since narrowed their offerings. (As Gioia deoesn't say, in its early days Amazon didn't actually have warehouses full of every possible book title; it let the distributor Ingram do that, and sent runners over to collect copies of obscure titles when they were ordered. Now, the long tail is often handled by third-party merchants in its Marketplace.)

As Gioia concludes, the 80/20 rule won and kept winning - which also means that 20 percent of online retailers do 80 percent of the business, and occupy 80 percent of the search listings, and that 20 percent becomes harder and harder to find.

But back to the "millennial lifestyle". "If you wake up on a Casper mattress, work out with a Peloton before breakfast, Uber to your desk at a WeWork, order DoorDash for lunch, take a Lyft home, and get dinner through Postmates, you've interacted with seven companies that will collectively lose nearly $14 billion this year," Derek Thompson wrote at The Atlantic in 2019 just after the WeWork crash. Thompson went on to predict that WeWork's example was going to make venture capitalists much less willing to finance all that free living in future.

Last week, he published an update, noting that while the combination of spiking energy and labor costs is getting all the headlines, rising prices among the "millennial lifestyle" companies are also part of why life feels so much more expensive for urbanites. Tl;dr: those companies can't afford the subsidy any longer. Rising interest rates surely play a part, too, particularly for a company like Netflix, which used easy access to cheap money to acquire substantial debt with which to finance building its own content library. It didn't have much choice, since it was inevitable that eventually content producers like Disney and the legacy broadcast networks would want to reserve their content for their own streaming services. Now, however, with subscriber numbers under pressure from cost-of-living decisions, its prices are going up and it's adding an advertising-supported tier.

At the New York Times, Kevin Roose reports the same experience as Thompson: "For years, these subsidies allowed us to live Balenciaga lifestyles on Banana Republic budgets." Today...well, less $16 for an Uber ride across greater Los Angeles, more $250 to get from midtown Manhattan to JFK airport. (Pro tip: there's an express bus from just outside Grand Central station that runs every 30 minutes and gets you there in under an hour for $19.)

The startup extravagance Roose describes - his used car was delivered by a white-gloved valet and adorned with a giant bow - is utterly 1999, when startups recklessly burned through their all-too-easily-raised capital by installing in-office chefs and TGIF bartenders. We know what happened to that: market collapse, followed by more sensible burn rates. WeWork provided a similar, but much crazier, cautionary tale, which Stoller dubbed- counterfeit capitalism.

This approach was never going to be sustainable. So now these services - Stoller lists Bird, Lyft, and Uber (which transport industry expert Hubert Horan notes has lost $31 billion over its lifetime) - are being forced to adopt realistic pricing. In the long run, hopefully it will improve competition and be better for the workers in those industries. For right now, though, it's going to hurt.


Illustrations:

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

May 13, 2022

False economy

Thumbnail image for coyote-roadrunner-cliff.pngThis week, every cryptocurrency was unhappy in its own way. It has not been a good year for cryptocurrency speculators in general, but Wednesday was a disaster: almost all "major" cryptocurrencies crashed by about 25%, and even venerable bitcoin dropped by 14% (although it still is twice its 2017 peakl. Which sounds great until you realize that on November 10, 2021 people *bought* bitcoin for $68,789 and El Salvador has been "buying the dip" all year.

Especially notable were the losses among cryptocurrencies intended to stay pegged to the US dollar - "stablecoins" - which fell off a cliff, pricewise. One previously unfamiliar "stablecoin", Luna, dropped 99.7%, leading some posters in the Terraluna subReddit to post suicide helpline numbers.

Do not gloat. Heed Hamilton Nolan's warning at In These Times about the dangers when a class of young (mostly) men who hate government become angry, bitter, and hopeless.

First: what happened? You can value a company, as Warren Buffett does, by studying it: its business, market sector, competitors, financial stability, and prospects. There's always some element of uncertainty. New managers could derail the company (Boeing), new, well-funded competitors could enter the field (Netflix), new technology could overrun its business model, or it could be lying about its revenues - er, painting a rosier picture than is actually merited by the facts. If you have the mad skillz of Buffett (and his professor, Benjamin Graham), thinking through all that should lead you to a reasonable purchase price, and not overpaying allows you to profit from your investment at relatively modest risk.

However, a cryptocurrency is not a business, and it has no real-world usefulness. Like gold, which Buffett has never liked, it costs money to hold, it produces nothing, and, "You can fondle it, but it will not respond". But at least gold has some industrial uses. Cryptocurrencies have none; they are the currency equivalent of being famous for being famous, held aloft only through fear, greed, and mythology. In any crisis, toilet paper, chocolate, cigarettes, booze, or toothpaste are all more useful currencies.

Luna is the most interesting. Here's how Coindesk describes its collapse: "A change in market dynamics caused Luna prices to snap at a breakneck pace. Luna plummeted through several support levels as terraUSD (UST), a Terra-issued stablecoin that's meant to be priced 1:1 to the U.S. dollar, lost its peg."

Let's pick this apart. "Market dynamics" could simply mean "interest rates are going up", which drives money away from the riskiest assets, which sets off a cycle of selling.

"Support levels" is a term for a tealeaves-reading approach to stock market pricing called technical analysis. Proponents believe that the shapes of price charts over time have significance in and of themselves. It has nothing to do with underlying value, Effectively, the fundamental claim is that past performance predicts future results, the exact opposite of what every financial product is required to tell prospective buyers. It would be complete nonsense, *except* that so many people believe in it that those patterns really do move markets, at least short-term. So "breaking support levels" becomes "let's panic and sell, ferchrissake!"

HowToGeek tells us that UST is the stablecoin on the Terra blockchain. Terra is a company providing "programmable money for the Internet", and its blockchain "brings DeFi to the masses". DeFi is short for decentralized finance, and its appearance means we're entering web3 territory - the folks who want to reclaim the Internet through redecentralization. Let's leave that part aside for today.

Traditionally (!) what makes a stablecoin stable is that for every coin (for example, Tether, which also slipped, to $0.95) its issuer holds an actual $1 in its reserves. However, it turns out there is a *second* type of stablecoin, which is backed by an algorithm rather than an asset representing some government's full faith and credit.

So the UST "stablecoin" is pegged to Terra's Luna stablecoin, and the idea is that an algorithm - a smart contract - keeps them pegged to each other by buying, selling, and converting them so they both reliably stay at a value of about $1. This is the theory.

It *sounds* like a folie à deux - that is, a shared delusion in which the partners reinforce each other's belief but neither leads the other closer to any form of outside reality. Apparently enough people distrust governments so much that algorithm! seems appealing and five weeks ago Luna's market cap was $39 billion more than it is now. Yes, money is flowing away from stock market risk, too, but more slowly for the reasons outlined above. A chart at the Motley Fool shows clearly that cryptocurrencies aren't a useful hedge against this.

Bottom line: algorithms do not make a coin stable, and if you don't understand what you're buying, don't buy it.

None of this means cryptocurrencies are finished. It doesn't make them good "investments" to "buy on the dip", either. It's just one more piece of mess in an ongoing expanding experiment that has been highly profitable for a few people, and rife with fraud and market manipulation for many more. Just say no.


Illustrations: Wile E. Coyote makes the mistake of looking down as he runs off the edge of a cliff.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

April 15, 2022

The data of sport

vlcsnap-2022-04-15-13h01m46s668.pngIn 1989, at 5-6 in the third and final set of the French Open women's singles final, 20-year-old Steffi Graf abruptly ran off-court. Soon afterwards, her opponent, Arantxa Sanchez-Vicario, completed one of the biggest upsets in the history of women's tennis.

Why did Graf do it? the press demanded to know in the post-march interview. When Graf finally (and slightly crankily) explained that she had her period. some journalists - Michael Mewshaw cites Italian Hall of Fame journalist Gianni Clerici for one - followed up by printing her (presumably imagined) menstrual cycle in the newspapers.

Mewshaw recounted this incident in June 2021 to illustrate the unpleasantness that can attend sports press conferences, in sympathy with Naomi Osaka. However, he could as easily have been writing about the commodification of athletes and their personal information. Graf got no benefit from journalists' prurient curiosity. But bettors, obsessive fans, and commentators could imagine they were being sold insight into her on-court performance. Ick.

This week, the Australian Science Academy launched a discussion paper on the use of athlete data in professional sport, chaired by Julia Powles and Toby Walsh. Powles and Walsh have also provided a summary at The Conversation.

The gist: the amount and variety of data collected about athletes has exploded using the justification of improving athletic performance and reducing injury risk. It's being collected and saved with little oversight and no clarity about how it's being used or who gets access to it; the overriding approach is to collect everything possible and save it in case a use is found. "It's rare for sports scientists and support staff to be able to account for it, and rarer still for sports governing bodies and athletes themselves," they write.

In the ASA's launch panel, Powles commented that athletes are "at the forefront of data gathering and monitoring", adding that such monitoring will eventually be extended to the rest of us as it filters from professional sports to junior sports, and onward from there.

Like Britain's intensively monitored children, athletes have little power to object: they have already poured years of their own and their family's resources into their obsession. Who would risk the chance of big wins to argue when their coach or team manager fits them with sensors tracking their sleep, heart rate, blood oxygenation, temperature, and muscle twitches and says it will help them? The field, Kathryn Henne observed is just an athlete's workplace.

In at least one case - the concussion in American football - data analysis has proved the risk to athletes. But, Powles noted, the report finds that it's really the aggregate counts that matter: how many meters you ran, not what your muscles were doing while you ran them. Much of the data being collected lies fallow, and no theory exists for testing its value.

Powles' particular concern is twofold. First, the report finds that the data is not flowing to sports scientists and others who really understand athletes (and therefore does not actually further the goal of helping them) but toward data scientists and other dedicated data-crunchers who have no expertise in sports science. Second, she deplores the resulting opportunity costs.

"What else aren't we spending money on?" she asked. Healthier environments and providing support are things we know work; why not pursue them instead of "technology dreams"? Her biggest surprise, she said, was discovering how cash-strapped most sports are. Even tennis: the stars make millions, but the lower ranks starve.

Professional athletes have always had to surrender aspects of their privacy in order to play their sport, beginning with the long, unpleasant history of gender testing, which began with men-only games in which competitors appeared nude, and continued in 1968 with requiring athletes wishing to compete in women's sports to prove they qualify. Then came anti-doping, which presumes everyone is guilty except when testing finds them innocent: urine tests under observation and blood tests for more sophisticated doping agents like EPO. In 2004, the anti-doping authorities initiated the "Whereabouts rule", which requires athletes to provide their location every day to facilitate no-notice out-of-competition testing. More recently, sporting authorities have begun collecting and storing blood and other parameters to populate the "athlete biological passport" with the idea that longitudinal profiling will highlight changes indicative of doping. An athlete who objects to any of this is likely to be publicly accused of cheating; sympathy is in short supply.

The report adds to those obvious invasions the ongoing blurring of the line between health data - which apparently is determined by the involvement of a doctor - and what the authors call "performance data". This was raised as an issue at the Privacy Health Summit back in 2014, where panelists noted that the range of sensitive data being collected by then-new Fitbits, sleep apps, and period trackers wasn't covered by the US health information law, HIPAA.

Athletes are the commodities in all this. It's not a big stretch to imagine the use of this data turning hostile, particularly as it extends to junior sports, where it can be notoriously difficult to pic future winners. Sports hold our interest because they provide the unexpected. Data-crunching by its nature tries to eliminate it. As Powles put it, "The story of sport is not just the runs and the goals." But that's what data can count.


Illustrations: Arantxa Sanchez-Vicario holding the 1989 French Open women's singles trophy.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

March 11, 2022

The rhetoric meets the road

Thumbnail image for Bitcoin_Digital_Currency_Logo.pngOn February 28, at the same time as he called for blocking Russia's Internet connections, Ukrainian minister of digital transformation Mykhailo Fedorov called for cryptocurrency exchanges to block the addresses of Russian users as well as addresses officially tied to Russia and Belarus. Fedorov was not the only one: European Central Bank president Christine Lagarde called for regulations to stop cryptocurrencies from being used to bypass the economic sanctions being jointly applied against Russia by numerous countries, as has Estonian prime minister Kaja Kallas.

Their concern echoes the rhetoric that formed cryptocurrencies' origin story. Bitcoin's founding paper begins by saying that the system's main benefit is eliminating the need for financial institutions or trusted third parties because the blockchain replaces trust with cryptography and transparency. Eliminating governments' ability to interfere in financial transactions was definitely part of the plan. I can't help thinking that Satoshi's threat model was governments taken singly, not dozens of them acting in concert. Also, this was before Sarah Meiklejohn showed that bitcoin addresses are not anonymous.

The notion that cryptoccurrencies can build an independent global financial system outside of government regulation is even more overblown than 1999s claims that governments would not be able to control the Internet. Information can achieve an effect simply by transmitting from one individual to another. Money can't, at least not at current levels of non-adoption; if you want your bitcoin stash to be of use to buy stuff you have to connect it to state-backed currencies. Even stablecoins won't buy me groceries at the local shop. And that's the point where government regulation steps in - as, for example, this week, when the UK's Financial Conduct Authority ordered the shutdown of all 81 of the UK's bitcoin ATMs because they need to be registered and comply with anti-money-laundering regulations.

The responses to the above developments have exposed the extent to which the original bitcoin/blockchain design has been thwarted by centralization. As we've said before, any time something is complicated there's a business model for a third-party intermediary to make it simple. And so we have cryptocurrency exchanges like Coinbase, which make buying and transferring cryptocurrencies easy but far more controllable for governments. And indeed: a few days after sanctions were imposed, Coinbase had blocked 25,000 cryptocurrency addresses linked to Russian people or entities.

With the Moscow stock exchange closed for two weeks and counting, shares in Russian companies plummeting to zero on international exchanges, and the ruble collapsing, the motivations for individuals to use cryptocurrencies are inarguable. But an entire trillion-dollar economy?

Says Dave Birch, author of The Currency Cold War, "Cryptocurrency people think cryptocurrencies are more important than they actually are."

Changpeng Zhao, the founder of Binance, which in 2021 was investigated for money laundering by the US and ordered to cease operations in the UK, quickly refused to sanction Russians, arguing that cryptocurrencies are too small for Russian needs. Zhao estimated the value of all cryptocurrencies at less than 0.3% of global net worth - plus, it's too traceable to be useful for illicit activities. Coin Telegraph reports that Russians are estimated to hold more than $200 billion in cryptocurrencies as of February 2022; the country is Binance's second-biggest market after Turkey.

Many experts agree with Zhao. At last week's State of the Net conference, Bill Rockwood, the executive director of the Future Forum caucus in the US House of Representatives, argued that the unalterability of the blockchain creates truth an authoritarian state can't hide, making it unsuitable for a country trying to stealthily evade international sanctions. At the Atlantic Council, senior fellow JP Schnapper-Casteras agrees, pointing out that Russian authorities have considered either banning or regulating cryptocurrencies for the precise reason that they cannot be easily centrally controlled. In any case, Schnapper-Casteras adds, US-based cryptocurrency exchanges must legally comply with all US law, including sanctions, and law enforcement skills at tracing transactions on public blockchains have improved greatly, as the recent Bitfinex arrests showed. Plus, only two cryptocurrencies are big enough to help, and purchases of the necessary size would lead to unaffordable price spikes. Like many other countries, Russia intends to develop its own central bank digital currency - but that will take years.

In a Twitter thread, the Bitcoin Association's head of policy, Jake Chervinsky, explains all that in more detail, and also points out that in the years Russian president Vladimir Putin has spent building up his war chest, cryptocurrencies formed no part of the plan, as the New York Times has reported..

The more obvious use is for individual Russians to buy cryptocurrencies (using their own systems and hardware wallets, avoiding the exchanges) as a way of hedging against further collapse in the ruble. Bloomberg, however, finds that this isn't really happening much either. As of March 3, blockchain data was showing that Russian purchases have actually halved since February and is less than a fifth of what it was at its peak in May 2021. Also, we're talking millions, not the billions the war is costing Russia every day.

The more important cryptocurrency threat we should be considering, Reuters reports, is cyber attacks on cryptocurrency exchanges. If you have a bunch of cryptocurrency reposing in an online software wallet...buyer beware.


Illustrations: Bitcoin logo.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

February 4, 2022

Consent spam

openRTB.pngThis week the system of adtech that constantly shoves banners in our face demanding consent to use tracking cookies was ruled illegal by the Belgian Data Protection Authority, leading 28 EU data protection authorities. The Internet Advertising Bureau, whose Transparency and Consent Framework formed the basis of the complaint that led to the decision, now has two months to redesign its system to bring it into compliance with the General Data Protection Regulation.

The ruling marks a new level of enforcement that could begin to see the law's potential fulfilled.

Ever since May 2018, when GDPR came into force, people have been complaining that so far all we've really gotten from it is bigger! worse! more annoying! cookie banners, while the invasiveness of the online advertising industry has done nothing but increase. In a May 2021 report, for example, Access Now examined the workings of GDPR and concluded that so far the law's potential had yet to be fulfilled and daily violations were going unpunished - and unchanged.

There have been fines, some of them eye-watering, such as Amazon' s 2021 fine of $877 million for its failure to get proper consent for cookies. But even Austrian activist lawyer Max Schrems' repeated European court victories have so far failed to force structural change, despite requiring the US and EU to rethink the basis of allowing data transfers.

To "celebrate" last week's data protection day, Schrems documented the situation: since the first data protection laws were passed,enforcement has been rare. Schrems' NGO, noyb, has plenty of its own experience to drawn on. Of the 51 individual cases noyb has filed in Europe since its founding in 2018, only 15% have been decided wthin a year, none of them pan-European. Four cases filed with the Irish DPA in May 2018, the day after GDPR came into force, have yet to be given a final decision.

Privacy International, which filed seven complaints against adtech companies in 2018, also has an enforcement timeline. Only one, against Experian, resulted in an investigation, and even in that case no action has been taken since Experian's appeal in 2021. A recent study of diet sites showed that they shared the sensitive information they collect with unspecified third parties, PI senior tecnologist Eliot Bendinelli told last week's Privacy Camp. PI's complaint is yet to be enforced, though it has led some companies to change their practices.

Bendinelli was speaking on a panel trying to learn from GDPR's enforcement issues in order to ensure better protection of fundamental rights from the EU's upcoming Digital Services Act. Among the complaints with respect to GDPR: the lack of deadlines to spur action and inconsistencies among the different national authorities.

The complaint at the heart of this week's judgment began in 2018, when Open Rights Group director Jim Killock, UCL researcher Michael Veale, and Irish Council on Civil Liberties senior fellow Johnny Ryan took the UK Information Commissioner's Office to court over the ICO's lack of action regarding real-time bidding, which the ICO itself had found illegal under the UK's Data Protection Act (2018), the UK's post-Brexit GDPR clone. In real-time bidding, your visit to a participating web page launches an instant mini-auction to find the advertiser willing to pay the most to fill the ad space you're about to see. Your value is determined by crunching all the data the site and its external sources have or can get about you.

If all this sounds like it oughtta be illegal under GDPR, well, yes. Enter the IAB's TCF, which extracts your permission via those cookie consent banners. With many of these, dark patterns design make "consent" instant and rejection painfully slow. The Big Tech sites, of course, handle all this by using logins; you agree to the terms and conditions when you create your account and then you helpfully forget how much they learn about you every time you use the site.

In December 2021, the UK's Upper Tribunal refused to require the ICO to reopen the complaint, though it did award Killock and Veal concessions they hope will make the ICO more accountable in future.

And so back to this week's judgment that the IAB's TCF, which is used on 80% of the European Internet, is illegal. The Irish DPA is also investigating Google's similar system, as well as Quantcast's consent management system. On Twitter, Ryan explained the gist: cookie-consent pop-ups don't give publishers adequate user consent, and everyone must delete all the data they've collected.

Ryan and the Open Rights Group also point out that the judgment spikes the UK government's claim that revamping data protection law is necessary to get rid of cookie banners (at the expense of some of the human rights enshrined in the law). Ryan points to DuckDuckGo as an example of the non-invasive alternative: contextual advertising. He also observed that all that "consent spam" makes GDPR into merely "compliance theater".

Meanwhile, other moves are also making their mark. Also this week, Facebook (Meta)'s latest earnings showed that Apple's new privacy controls, which let users opt out of tracking, will cost it $10 billion this year. Apparently 75% of Apple users opt out.

Moral: given the tools and a supportive legal environment, people will choose privacy.

Illustrations: Diagram of OpenRTB, from the Belgian decision.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

December 9, 2021

"Crypto"

rotated-birch-contactlessmonopoly-ttf2016.jpgA few weeks ago, digital rights activist Amie Stepanovich was in the news for making a T-shirt objecting to the new abuse of "crypto" to mean "cryptocurrencies". As Stepanovich correctly says, "crypto" has meant "cryptography" for at least 30 years and old-timers do not appreciate its appropriation. I am enough of an oldtimer to agree with her, but fear she's fighting a losing battle. For decades "hackers" meant clever people who bent hardware and software systems to their will. Hackers built the first computers. Hackers made the Internet. "Hacker" was a term of honor, applied by others. And what happened circa the mid-1990s? It was repurposed for petty criminals running scripts to break into websites. Real hackers were furious. Did anyone respond sympathetically? They did not. Hackers are now criminals. So: "Crypto" is doomed. Exhibit A: Jeff John Roberts' 2020 history of Coinbase, Kings of Crypto.

This week, anti-monopolist author Matt Stoller unleashed a rant about "crypto", calling the whole shebang - which for him includes the non-fungible token (NFT) craze, cryptocurrencies, and the blockchain, as well as web3, which we tried to make sense of a couple of weeks ago - "a bunch of bullshit". The only use cases Stoller could find were speculation and money laundering; the tools that exist he dismissed as "don't work". He attributes its anti-monopoly zeitgeist to cryptocurrencies' emergence "out of the financial crisis", adding on Twitter that they were "invented about the same time as the iPhone".

This is when I realized: this use of "crypto" is less evolving language, more loss of culture. We all think the world started when we discovered it.

So.

"Crypto", as in cryptography, is probably as old as humanity, basically because every time someone figures out how to protect a secret someone else tries to crack it. For that history read Simon Singh's Cryptography. The development of the specific type of cryptography the nascent Internet needed, public key cryptography, is thoroughly documented in Steven Levy's Crypto. For cryptography in military communications try David Kahn's The Codebreakers.

Cryptocurrencies as a digital equivalent of cash, are usually traced to 1991, when David Chaum described ecash in Scientific American. In the mid-1990s, Chaum attempted to commercialize ecash via his company, Digicash.

Nothing was ready. Commercial traffic on the Internet began in 1994, soon followed by the first ecommerce companies: eBay, Amazon, and Paypal. Graphical web browsers were slow and bare-bones. People were afraid to use *credit cards* online. Yet Chaum hoped they would opt to turn their familiar, hard-earned money into his incomprehensible mathematical thing and bet they could find somewhere to buy something with it. The web was too small, the user base was too small, and it was all so strange and clever, way too soon. Chaum was not the only one to discover this sad reality.

This timing was due to the unexpected democratization of cryptography, which began in 1976, when Martin Hellman and Whitfield Diffie published the basis of public key cryptography (later, it emerged that the UK spy agency GCHQ had already developed it, but the mathematicians couldn't tell anybody). Besides allowing strangers to communicate spontaneously in a trustworthy way, Diffie's and Hellman's work pulled cryptography out of the spy agencies into entirely new communities. By 1991, a single programmer in his home with a personal computer was able to write a piece of powerful encryption software that anyone could use to protect their data and communications, setting off 30 years of crypto debates. Phil Zimmermann's program, PGP, is still in use today, having withstood the tests cryptoanalysts have thrown at it.

These technical developments inspired the beginnings of the movement and the anti-government motivations that Stoller identifies. To many of this crowd, finding easier and more efficient ways to move money around was only part of its appeal. Many embraced the idea of being able to bypass banks, governments, tax collectors, and all the other trappings of the regulated world by using encryption to create untraceable forms of money. In her 1997 book, Close to the Machine, Ellen Ullman tells the story of her close encounters with one of the 1990s movement's leads, and their inability to understand each other's world.

Throughout the 1990s these ideas were swapped back and forth on the Cypherpunks mailing list. You can get the gist from this CrypoInsider tribute to Timothy C. May or May's Cyphernomicon. At Computers, Freedom, and Privacy 1997, May outlined BlackNet, an anonymous market for everything from assassinations to government secrets, all enabled by untraceable digital cash. May's information market is so like early Wikileaks, that at its inception I failed to take it seriously (Julian Assange has said he read the Cypherpunks list).

However: blockhain-based cryptocurrencies are not untraceable. The 1997 Internet was also awash in libertarian predictions, too - and what got built and who's profiting? Sure, some cryptocurrency nuts want to bypass banks and play anti-regulatory games. But some of today's experimenters with cryptocurrencies are central banks, governments, and credit card companies, as fintech expert Dave Birch writes in his book The Cryptocurrency Cold War. If there are winners, they will be the ones claiming most of the spoils. Unless Web3 works out?


Illustrations: Dave Birch, trying to figure out how to play contactless Monopoly.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

November 19, 2021

Digital god squabble

Fighting_cocks -shree650.jpgOn Wednesday, Amazon customers in the UK woke up to an (in some cases, weirdly empty) email whose news was in the subject: Amazon will cease accepting Visa credit cards (but not debit cards) for payment as of January 19, 2022.

If your first reaction is, "What's the punchline?" I'm with you. What the hell kind of crazy business decision is that?

As Hilary Osborne reports at the Guardian, the email went on to explain that the decision is "due to the high fees Visa charges for processing credit card transactions."

Huh? Like most people, I remained under the impression that it's American Express, not Visa, that charges the highest commissions to merchants. On Twitter, Drew Graham offers a more interesting explanation: taxes. It's a *Brexit* thing. The UK's departure from the EU means that Amazon's habit of accepting payments via its no-tax Luxembourg subsidiary, means that UK shoppers' remittances are now cross-border payments subject to interchange fees. Both Visa and Mastercard, raised these earlier this year - now that EU regulation capping such fees no longer applies. Amazon *could* move its financial arrangements to the UK - but then (the theory continues) it would be hit with taxes. What's one of the biggest, most highly market-capped companies in the world supposed to do when mean, old Visa and national governments want to be paid?

Why Visa but not Mastercard? As several others pointed out, Amazon promotes a branded Mastercard in the UK and also has a deal with American Express. And so, only Visa credit cards take the hit. I find it all supremely weird: Amazon, which has made its name by espousing customer service to the max, is now going to make it less convenient for its UK customers to shop there? Does Amazon think that anyone who pays it with a Visa card probably *also* has a Mastercard? Is it hoping that its customers will rise up in anger and demand that Visa cut it a deal? Or rise up in protest against government taxation that pays for our schools, hospitals, and government corruption? Is it hoping that Visa will be persuaded by the share price drop the announcement occasioned (the day of the announcement, Visa dropped 6.7%)? Or is, it as seems more likely, we don't matter *at all* and this is one of those no-you're-the-chicken contests in which two bullies pretend they won't budge, leaving their customers to wait it out, annoyed, until they finally settle because less of something is better than all of nothing?

This is not a good look for a company trying to argue it's not a monopoly, nor a good look for a company that makes its money through usury.

The question being asked here is perennial, and more commonly found in the broadcasting and telecommunications industries: who owns the audience? This is part of what network neutrality is about. Periodically, TV channels disappear from US cable TV packages because of fights over who should pay more or less to access the audience (and who brings that audience). So here: do you buy from Amazon because you can pay with your Visa card, or do you have a Visa card because it lets you buy from Amazon (and thousands of other retailers)?

In past cases, technology giants have often pressed their users into service - see for example, Uber vs Transport for London. In this case, though, many users have alternatives available, either other credit cards (Mastercard, American Express, and so on) or debit cards (don't; in the UK, you're better protected against online fraud with a credit card). We also still have other suppliers, though they take time to locate and effort to set up new accounts.

According to Business Insider, the UK is Amazon's third-largest market, and represents one-tenth the sales of the US. At the Washington Post, Bloomberg opinion writer Paul J. Davies says industry data suggests that Visa credit cards represent only 7% of all card-based purchases in the UK. Extrapolated to Amazon's $26.5 billion 2020 UK net sales, that's a mere snip of $1.8 billion in sales. It's a reasonable bet that most people will simply choose an alternative method of payment - and, as Davies points out, new technology is offering consumers more and more alternatives that are faster and cheaper than Mastercard's and Visa's legacy networks. Calling Amazon's move "passive-aggressive", Davies adds that although Britain is hogging the headlines, users in Australia and Singapore are facing a 0.5% surcharge for using Visa cards there.

The whole thing is so many kinds of wrong. For the last several years, Amazon has been accused of using its data access to squeeze the small merchants that use its Marketplace platform, while . Now, both Amazon and Visa are so big that each thinks it can squeeze the other. What do we do if either turns out to be right?

At Telecom, Scott Bicheno correctly calls hogwash on Visa's plaint that it hates to see restrictions on consumer choice. "What we have here is an e-commerce near monopolist locking horns with a payment processing near-monopolist....we can but watch impotently as the digital gods squabble in the heavens over our hard-earned cash."

Unless we start reining in some of these companies, this is our future: fewer and fewer bigger and bigger companies fighting over an increasingly helpless us.

Illustrations: Cocks fighting (via shree650 at Wikimedia.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

October 8, 2021

The inside view

Facebook user revenue chart.pngSo many lessons, so little time.

We have learned a lot about Facebook in the last ten days, at least some of it new. Much of it is from a single source, the documents exfiltrated and published by Frances Haugen.

We knew - because Haugen is not the first to say so - that the company is driven by profits and a tendency to view its systemic problems as PR issues. We knew less about the math. One of the more novel points in Haugen's Senate testimony on Tuesday was her explanation of why Facebook will always be poorly moderated outside the US: safety does not scale. Safety costs the same for each new country Facebook adds - but each new country is also a progressively smaller market than the last. Consequence: the cost-benefit analysis fails. Currently, Haugen said, Facebook only covers 50 of the world's approximately 500 languages, and even in some of those cases the country does not have local experts to help understand the culture. What hope for the rest?

Additional data: at the New York Times, Kate Klonick checks Facebook's SEC filings to find that average revenue per North American user per *quarter* was $53.56 in the last quarter of 2020, compared to $16.87 for Europe, $4.05 for Asia, and $2.77 for the rest of the world. Therefore, Klonick said at In Lieu of Fun, most of its content moderation money is spent in the US, which has less than 10% of the service's users. All those revenue numbers dropped slightly in Q1 2021.

We knew that in some countries Facebook is the only Internet people can afford to access. We *thought* that it only represented a single point of failure in those countries. Now we know that when Facebook's routing goes down - its DNS and BGP routing were knocked out by a "maintenance error" - the damage can spread to other parts of the Internet. The whole point of the Internet was to provide communications in case of a bomb outage. This is bad.

As a corollary, the panic over losing connections to friends and customers even in countries where social pressure, not data plans, ties people to Facebook is a sign of monopoly. Haugen, like Kevin Roose in the New York Times, sees signs of desperation in the documents she leaked. This company knows its most profitable audiences are aging; Facebook is now for "old people". The tweens are over at Snapchat, TikTok, and even Telegram, which added 70 million signups in the six hours Facebook was out.

We already knew Facebook's business model was toxic, a problem it shares with numerous other data-driven companies not currently in the spotlight. A key difference: Zuckerberg's unassailable control of his company's voting shares. The eight SEC complaints Haugen has filed is the first potential dent in that.

Like Matt Stoller, I appreciate a lot of Haugen's ideas for remediation: pushing people to open links before sharing, and modifying Section 230 to make platforms responsible for their algorithmic amplification, an idea also suggested by fellow data scientist Roddy Lindsay and British technology journalist Charles Arthur in his new book, Social Warming. For Stoller, these are just tweaks to how Facebook works. Haugen says she wants to "save" Facebook, not harm it. Neither her changes nor Zuckerberg's call for government regulation touch its concentrated power. Stoller wants "radical decentralization". Arthur wants cap social network size.

One fundamental mistake may be to think of Facebook as *a* monopoly rather than several at once. As an economic monopoly, businesses all over the world depend on Facebook and subsidiaries to reach their customers, and advertisers have nowhere else to go. Despite last year's pledged advertising boycott over hate speech on Facebook, since Haugen's revelations began, advertisers have been notably silent. As a social monopoly, Facebook's outage was disastrous in regions where both humanitarians and vulnerable people rely on it for lifesaving connections; in richer countries, the inertia of established connections leaves Facebook in control of large swaths of our social and community networks. This week taught us that its size also threatens infrastructure. Each of these calls for a different approach.

Stoller has several suggestions for crashing Facebook's monopoly power, one of which is to ban surveillance advertising. But he rejects regulation and downplays the crucial element of interoperability; create a standard so that messaging can flow between platforms, and you've dismantled customer lock-in. The result would be much more like the decentralized Internet of the 1990s.

Greater transparency would help; just two months ago Facebook shut down independent research into content interactions and its political advertising - and tried to blame the Federal Trade Commission.

This is *not* a lesson. Whatever we have learned Mark Zuckerberg has not. At CNN, Donie O'Sullivan fact-checks Zuckerberg's response.

A day after Haugen's testimony, Zuckerberg wrote (on Facebook, requiring a login): "I think most of us just don't recognize the false picture of the company that is being painted." Cue Robert Burns: "O wad some Pow'r the giftie gie us | To see oursels as ithers see us!" But really, how blinkered do you have to be to not recognize that if your motto is Move fast and break things people are going to blame you for the broken stuff everywhere?


Illustrations: Slide showing revenue by Facebook user geography from its Q1 2021 SEC filing.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

September 3, 2021

The trial

Elizabeth_Holmes_at_TechCrunch_Disrupt_on_September_8,_2014_(14996937900).jpgThe trial of Theranos founder and former CEO Elizabeth Holmes, which began jury selection this week, offers a rare opportunity to understand in depth how lawyers select from and frame the available evidence to build and present a court case. The opportunity arises because investigative reporter John Carreyrou has both the mountains of evidence he uncovered over the last seven years, and because true crime podcasts are now a thing. Most people facing the reality of the case, he observes, would have taken a plea deal. Not Holmes, or not yet.

The story of Theranos is well-known: Holmes dropped out of studying chemical engineering at Stanford at 19 and used her tuition money as seed funding to pursue the idea of developing diagnostic tests based on much smaller amounts of blood than was currently possible - a finger stick rather than a venous blood draw and many tests conducted at once on those few drops. Expert medical professors told her it was impossible. She persisted, nonetheless.

Holmes's path through medicine and business seemed charmed. She populated the Theranos board with famous names: Henry Kissinger and former secretary of state George Shultz (who responded angrily when his Theranos employee grandson tried to warn him). She raised hundreds of millions of dollars from the Walmart family ($150 million), Rupert Murdoch ($125 million), Trump administration education secretary Betsy DeVos ($100 million), and the Cox family ($100 million). Then-boyfriend Sunny Balwani joined as chief operating officer. Theranos won contracts with Walgreen's and Safeway, both anxious about remaining competitive. By 2014 she was everywhere on TV shows and magazine covers wearing a Steve Jobs-like all-black outfit of turtleneck and trousers, famous as the world's youngest self-made female billionaire.

And then, in 2015, Wall Street Journal reporter John Carreyrou began blowing it all up with a series of investigative articles that eventually underpinned his 2018 book, Bad Blood: Secrets and Lies in a Silicon Valley Startup. The Securities and Exchange Commission charged Holmes and Theranos with fraud; Holmes settled the case by paying $500,000, giving up her voting control over the company and surrendering her 18.9 million shares. She was barred from serving as an officer or director of a public company for ten years, and she and Balwani were indicted on criminal fraud charges. This is the trial that began this week; Balwani will be tried later.

Twitter reports suggest that it hasn't been easy to find jurors in Santa Clara County, California, where the trial is taking place, who haven't encountered at least some of the extensive media coverage, read Carreyrou's book, or seen Alex Gibney's HBO documentary The Inventor: Out for Blood in Silicon Valley. Holmes remains a media magnet as a prospective felon.

With the case approaching, Carreyrou has released the first three of a planned dozen episodes of Bad Blood: The Final Chapter. These cover, in order: Holmes's trial strategy as revealed by the papers her lawyers have filed; Theranos' foray into testing for Ebola and Zika during those epidemics; and Holmes' relationship with Balwani. There is enough new material to make the podcast worth your time (though it's difficult not to wince when Carreyrou damages his credibility by delivering the requisite podcast ads for dubious health drinks and hair loss remedies, and endorses meal kits).

What makes this stand out is the near real-time critique of the case's construction. When Carreyrou thinks, for example, that the "Svengali defense" Holmes's lawyers have filed - Holmes apparently intends to claim that Balwani abuse and manipulation robbed her of personal choice - is a long shot, it's because he's seen extensive text messages between Holmes and Balwani (a selection are read out by actors). More speculative are his comments on the effect on the jury of Holmes's new persona: the Steve Jobs costume and stylized hair and makeup are replaced by a more natural look as a married woman and new mother. Carreyrou revisits Holmes and Balwani's relationship in more detail in the third episode.

The second episode offers a horrifying inside look at medical malfeasance. As explained here by microbiologist and former Theranos lab worker Lina Castro, neither Holmes nor Balwani understood the safety protocols necessary for handling infectious and lethal pathogens. Castro and Aaron Richardson, the scientist who led the effort to develop a test for Ebola, conclude that even if Theranos' "miniLab" testing device had worked, the company's culture was too dysfunctional to be able to create a successful Ebola test.

At the Washington Post, Rachel Lurman argues that the case puts Silicon Valley's culture on trial. Others argue that Theranos isn't *really* Silicon Valley at all, since neither its board nor its list of investors included Silicon Valley names. In fact, Theranos was a PR-friendly Silicon Valley copy: the eccentric but unvarying clothing (see also: Zuckerberg's hoodie), the emotive origin story (the beloved uncle who died too soon), and the enthusiastic promotion of vaporware until a real product can be demoed. In the days of pure software, bullshit could sort of work. But not in the medical context, where careful validation and clinical testing are essential, and it won't work in the future of hybrid cyber-physical systems, where safety and real world function matter.

"First they call you crazy, then they fight you, and then you change the world," Holmes frequently said in defending her company against Carreyrou's reporting. Only if you have the facts on your side.

Illustrations: Elizabeth Holmes at TechCrunch Disrupt in 2014 (via Wikimedia.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

July 9, 2021

The border-industrial complex*

Rohingya_Refugee_Camp_26_(sep_2020).jpgMost people do not realize how few rights they have at the border of any country.

I thought I did know: not much. EFF has campaigned for years against unwarranted US border searches of mobile phones, where "border" legally extends 100 miles into the country. If you think, well, it's a big country, it turns out that two-thirds of the US population lives within that 100 miles.

No one ever knows what the border of their own country is like for non-citizens. This is one reason it's easy for countries to make their borders hostile: non-citizens have no vote and the people who do have a vote assume hostile immigration guards only exist in the countries they visit. British people have no idea what it's like to grapple with the Home Office, just as most Americans have no experience of ICE. Datafication, however, seems likely to eventually make the surveillance aspect of modern border passage universal. At Papers, Please, Edward Hasbrouck charts the transformation of travel from right to privilege.

In the UK, the Open Rights Group and the3million have jointly taken the government to court over provisions in the post-Brexit GDPR-enacting Data Protection Act (2018) that exempted the Home Office from subject access rights. The Home Office invoked the exemption in more than 70% of the 19,305 data access requests made to its office in 2020, while losing 75% of the appeals against its rulings. In May, ORG and the3million won on appeal.

This week's announced Nationality and Borders Bill proposes to make it harder for refugees to enter the country and, according to analyses by the Refugee Council and Statewatch, make many of them - and anyone who assists them - into criminals.

Refugees have long had to verify their identity in the UK by providing biometrics. On top of that, the cash support they're given comes in the form of prepaid "Aspen" cards, which means the Home Office can closely monitor both their spending and their location, and cut off assistance at will, as Privacy International finds. Scotland-based Positive Action calls the results "bureaucratic slow violence".

That's the stuff I knew. I learned a lot more at this week's workshop run by Security Flows, which studies how datafication is transforming borders. The short version: refugees are extensively dataveilled by both the national authorities making life-changing decisions about them and the aid agencies supposed to be helping them, like the UN High Commissioner for Refugees (UNHCR). Recently, Human Rights Watch reported that UNHCR had broken its own policy guidelines by passing data to Myanmar that had been submitted by more than 830,000 ethnic Rohingya refugees who registered in Bangladeshi camps for the "smart" ID cards necessary to access aid and essential services.

In a 2020 study of the flow of iris scans submitted by Syrian refugees in Jordan, Aalborg associate professor Martin Lemberg-Pedersen found that private companies are increasingly involved in providing humanitarian agencies with expertise, funding, and new ideas - but that those partnerships risk turning their work into an experimental lab. He also finds that UN agencies' legal immunity coupled with the absence of common standards for data protection among NGOs and states in the global South leave gaps he dubs "loopholes of externalization" that allow the technology companies to evade accountability.

At the 2020 Computers, Privacy, and Data Protection conference a small group huddled to brainstorm about researching the "creepy" AI-related technologies the EU was funding. Border security represents a rare opportunity, invisible to most people and justified by "national security". Home Secretary Priti Patel's proposal to penalize the use of illegal routes to the UK is an example, making desperate people into criminals. People like many of the parents I knew growing up in 1960s New York.

The EU's immigration agencies are particularly obscure. I had encoutnered Warsaw-based Frontex, the European Border and Coast Guard Agency which manages operational control of the Schengen Area, but not of EU-LISA, which since 2012 has managed the relevant large-scale IT systems SIS II, VIS, EURODAC, and ETIAS (like the US's ESTA). Unappetizing alphabet soup whose errors few know how to challenge.

The behind-the-scenes the workshop described sees the largest suppliers of ICT, biometrics, aerospace, and defense provide consultants who help define work plans and formulate calls to which their companies respond. The list of vendors appearing in Javier Sánchez-Monedero's 2018 paper for the Data Justice Lab, begins to trace those vendors, a mix of well-known and unknown. A forthcoming follow-up focuses on the economics and lobbying behind all these databases.

In the recent paper on financing border wars, Mark Akkerman analyzes the economic interests behind border security expansion, and observes "Migration will be one of the defining human rights issues of the 21st century." We know it will increase, increasingly driven by climate change; the fires that engulfed the Canadian village of Lytton, BC on July 1 made 1,000 people homeless, and that's just the beginning.

It's easy to ignore the surveillance and control directed at refugees in the belief that they are not us. But take the UK's push to create a hostile environment by pushing border checks into schools, workplaces, and health services as your guide, and it's obvious: their surveillance will be your surveillance.

*Credit the phrase "border-industrial complex" to Luisa Izuzquiza.

Illustrations: Rohingya refugee camp in Bangladesh, 2020 (by Rocky Masum, via Wikimedia).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

February 5, 2021

Dead cat trampoline

If you want to understand the story of why a bunch of Redditors have used Gamestop shares to squeeze a load of profitability out of a couple of hedge funds you could do worse than to read the 1994 Wired article about the time the Usnet newsgroup alt.tasteless invaded rec.pets.cats, by Josh Quittner. A horde of "little guys" invading the protected territory of a handful of stodgy, entitled billionaires and hedge fund managers could be the Internet's origin story. For example: bitcoin.

In brief, for those who've missed the breathless coverage: the "troubled" retail chain Gamestop. whose share price opened 2021 at around $17 and which dropped as low as $2.57 during 2020, suddenly spiked (briefly) last week to $483. The technical explanation is that this is an extreme version of a short squeeze, a vicious spiral in which a company's rising share price forces traders who have bet that it will go down scramble to cover their losses before they can escalate further.

Rule of thumb: when your get-rich-quick strategy appears on CNBC, it's time to cash out.

Calling Gamestop "troubled" is polite. Offline retail in general and particularly malls, where Gamestop outlets are located, are struggling. The company's revenues slid badly in 2019. That December - still 2019 - the best suggestions for recovery were to leverage the company's 5,600 physical locations to create experiences that can't be replicated online and to build its own line of products while it waited for the launch of new game consoles to goose its business. *Then* came the pandemic and its shutdowns to accelerate the spiral downwards. The company seems unlikely to be able to mount a comeback. Terrible for its employees, terrible for the malls and towns that depended on sales and other taxes, terrible for other local dependent businesses, but an opportunity for short sellers who get their timing exactly right.

In January, a Reddit group (subReddit Wall Street Bets) spotted that short sellers' commitments amounted to more than double the number of outstanding Gamestop shares and correctly recognized that they were looking at a spring-loaded slingshot. Ordinary retail investors can't, individually, buy enough to set a squeeze in motion, but a crowdsourcing, coordinated through an online forum, could indeed move the needle. The Redditors were also aided by 2019's industry-wide elimination of commissions on retail stock trades, which makes very small trades newly viable. The persistence of friction-inducing costs is why the Reddit scenario is unlikely to be replicated in the UK: British brokers still charge commissions on trades and the government adds stamp duty.

The markets are broken, short seller Carson Block tells Julia LaRoche at Yahoo Finance, in response to this incident. Like many over the last four years, he notes the widening gap between fundamental value and market pricing, between the real economy in which millions of Americans were struggling to afford rent even before the pandemic and the market, where 84% of the value is held by 10% of Americans, a level of inequality seen in England in 1966. This is not good news. WallStreetBets may be a messenger telling us that things are worse than we thought, but decades of underlying trends have fueled today's overpriced market: the extraordinarily low interest rates since 2008, the lack of alternatives for small, ongoing savings, the decades of replacing pensions with shares-filled 401(k) plans, and most recently Trump's tax cuts. The result is distorting the entire economy and robbing working Americans of a decent living.

Much of the Reddit action centered on Robinhood, a brokerage that markets itself as democratizing finance. At Slate, Alex Kershner says no: Robinhood's retail investors are the product, and Robinhood's real customers are Wall Street's market makers, who pay for the privilege of executing its stock orders. This arcane subject is best explained by Michael Lewis in Flash Boys. Because of the way it reduced friction for small-time retail traders - free commissions, instant access to deposited money, margin trading - Robinhood contributed to the volatility, but it's not really the story by itself. It is merely the last stop on a decades-old journey toward making it possible for retail investors to take risks previously limited to people who could provably afford the losses. The good side of that approach is to protect ordinary people from losing their homes; the bad side is to reserve the biggest profits for people who don't really need them.

If past decades are any guide, breaking those protections will hurt people. On Monday, February 1, Gamestop dropped 75%; on Tuesday it dropped 60%. On Wednesday, it rose slightly - about 2.5% in what experienced investors would call a "dead cat bounce", as Thursday saw it drop another 42%. Price Thursday night: $53.33. No one who bought at $483 will get their money back. As Farhad Manjou warns at the New York Times, in the end the house always wins. In the long term, fundamentals *should* matter. because the value of having the market in the first place isn't to make people rich but to help channel investment to viable businesses. If it doesn't fulfill that function it's time for real reform.


Illustrations: Chart of Gamestop's share price for the three months ending close of business February 4, 2021 (from Big Charts.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

October 30, 2020

The reckoning

parliament-whereszuck.jpgIt seems clear that we're approaching a reckoning for Big Tech as the societal costs of their success keep becoming bigger and clearer. Like so many other things, the pandemic has made these issues more urgent, as the money these companies suck away from local businesses and communities is now badly needed to help rebuild suffering economies. Twenty-five years ago, some were celebrating the dawn of cyberspace as the approaching end of the nation-state. Today's crises remind that some problems only governments can solve.

In the US, two types of legal actions are heading GAFA's way, as suggested by the recent two-pronged antitrust hearing. The first, which led to the Democrat-led antitrust report of a few weeks ago, has spawned a lawsuit case against Google alleging anticompetitive behavior surrounding its search engine. The second, reflecting the Republican-led grievance that conservative voices are being suppressed, has led to this week's Commerce Committee hearing on platform censorship. Thoughts on that one, which will likely result in a push to reform S230, will have to wait for concrete proposals.

Pending elsewhere: both users and Epic Games are suing Apple over the 30% commissions charged by its App Store. Meanwhile, in France, a coalition of trade groups has filed an antitrust complaint ($) asking the French competition authority to stop Apple from following through on its plans to restrict mobile trackers for advertising. This is, as the FT puts it, "one of the first legal actions alleging that big tech groups are using privacy arguments to abuse their market power". On Twitter, Lukasz Olejnik rightly says that this case about "privacy-competition trade-off" will be fascinating. It will, not least because privacy has not in general been a market mover.

Tech-related antitrust suits are typically ten years late, largely because the industry's speed makes it hard to see where to push until the damage has become deeply entrenched. In 2014, I thought Google's purchase of Nest would be the antitrust case of 2024. Instead, Google is being accused of abusing its position by illegally tying its search engine, its main revenue source, to its Chrome browser and Android licensing agreements, and, paying other browser makers such as Apple for pole position as their default search engine. (Query: if Google search is so great, why do they need to do this? The steady degradation of the Google experience has been clearer to those of us who stopped using it.)

Both Sarah Miller and Matt Stoller see the Google case as a near-copy of the late 1990s case against Microsoft, which also focused on tying. In that case, Microsoft used its Windows dominance to make its Internet Explorer the default for browsing the web. The current complaint specifically references that case, calling Google's tactics "the same playbook". Privacy is not among its concerns, though it does at least note that the key to Google's success and scale is the data it collects as the price consumers pay for its "free" services.

It's rare that an antitrust case scores a hit on an entirely different company. Google pays Apple $8 to $12 billion a year - compared to Apple's Q4 2019 $13.7 billion in profits. Apple will survive if Google is enjoined from making such payments. Firefox, however, might not, since its Google contract represents most of its income. Diversifying the search market is good for competition; shrinking the browser market is not.

My suspicion is that an additional factor in the answer to "why now?" is the arrogance and indifference to complaints that these companies have often displayed. Facebook founder Mark Zuckerberg has been particularly resistant, refusing in 2018 to show up to testify in front of representatives of nine countries.

It's tempting to divide these companies into those still run by their founders - Amazon and Facebook - and those that are on their second (Google) or later (Apple) generation of leaders. But the better division is between normal share structures (Apple and Amazon) and kingmaker share structures. Google has ensured that founders Sergey Brin and Larry Page, along with original company chair Eric Schmidt, could never lose control of the company. Facebook's share structure is even more tightly controlled, giving Zuckerberg 60% of the voting rights; he is the company's king.

Neither hearings nor complaint mention this, but I think it's crucial. The benefit of these structures was supposed to be to keep the companies nimble and innovative. It's not clear it's worked. The downside is the showrunners can be unresponsive to complaints; Facebook will never change as long as Zuckerberg is in charge - and no one can push him out. For this reason, ownership structures should be a consideration in modernizing antitrust law/

In the end, the Microsoft case was largely abandoned - but it reportedly nonetheless left a mark by changing the company's culture into one vastly more cautious and risk-averse, like IBM before it. Today's biggest technology companies have been less easily intimidated by big and bigger fines or adverse decisions. But governments won't give up; these cases, like others before them are all part of the long arc of the power struggle between global technology and national governments. We are just at the beginning.


Illustrations: Mark Zuckerberg's empty chair in front of the Grand Committee.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

May 22, 2020

The pod exclusion

Vintage_Gloritone_Model_27_Cathedral-Tombstone_Style_Vacuum_Tube_Radio,_AM_Band,_TRF,_Circa_1930_(14663394535).jpgThis week it became plain that another bit of the Internet is moving toward the kind of commercialization and control the Internet was supposed to make difficult in the first place: podcasts. The announcement that one of the two most popular podcasts, the Joe Rogan Experience, will move both new episodes and its 11-year back catalogue to Spotify exclusively in a $100 million multiyear deal is clearly a step change. Spotify has also been buying up podcast networks, and at the Verge, Ashley Carman suggests the podcast world will bifurcate into twin ecosystems, Spotify versus Everyone Else.

Like a few hundred million other people, I am an occasional Rogan listener, my interest piqued by a web forum mention of his interview with Jeff Novitzky, the investigator in the BALCO doping scandal. Other worth-the-time interviews from his prolific output include Lawrence Lessig, epidemiologist Michael Osterholm (particularly valuable because of its early March timing), Andrew Yang, and Bernie Sanders. Parts of Twitter despise him; Rogan certainly likes to book people (usually, but not always, men - for example Roseanne Barr) who are being pilloried in the news and jointly chew over their situation. Even his highest-profile interviewees rarely find, anywhere else, the two to three hours Rogan spends letting them talk quietly about their thinking. He draws them out by not challenging them much, and his predilection for conspiracy theories and interest in unproven ideas about nutrition make it advisable to be selective and look for countervailing critiques.

It's about 20 years since I first read about Dave Winers early experiments in "audio blogging", renamed "podcast" after the 2001 release of the iPod eclipsed all previously existing MP3 players. The earliest podcasts tended to be the typical early-stage is-this-thing-on? that leads the unimaginative to dismiss the potential. But people with skills honed in radio were obviously going to do better, and within a few years (to take one niche example) the skeptical world was seeing weekly podcasts like Skepchick (beginning 2005) and The Pod Delusion (2009-2014). By 2014, podcast networks were forming, and an estimated 20% of Americans were listening to podcasts at least once a month.

That era's podcasts, although high-quality, were - and in some cases still are - produced by people seeking to educate or promote a cause, and were not generally money-making enterprises in their own right. The change seems to have begun around 2010, as the acclerating rise of smartphones made podcasts as accessible as radio for mobile listening. I didn't notice until late 2016, when the veteran screenwriter and former radio announcer and DJ Ken Levine announced on his daily 11-year-old blog that he was starting up Hollywood & Levine and I discovered the ongoing influx of professional comedians, actors, and journalists into podcasting. Notably, they all carried ads for the same companies - at the minimum, SquareSpace and Blue Apron. Like old-time radio, these minimal-production ads were read by the host, sometimes making the whole affair feel uncomfortably fake. Per the Wall Street Journal, US advertising revenue from podcasting was $678.7 million last year, up 42% over 2018.

No wonder advertisers like podcasts: users can block ads on a website or read blog postings via RSS, but no matter how you listen to a podcast the ads remain in place, and if you, like most people, listen to podcasts (like radio) when your hands are occupied, you can't easily skip past them. For professional communicators, podcasts therefore provide direct access to revenues that blogging had begun to offer before it was subsumed by social media and targeted advertising.

The Rogan deal seems a watershed moment that will take all this to a new level. The key element really isn't the money, as impressive as it sounds at first glance; it's the exclusive licensing. Rogan built his massive audience by publishing his podcast in both video and audio formats widely on multiple platforms, primarily his own websites and YouTube; go to any streaming site and you're likely to find it listed. Now, his audience is big enough that Spotify apparently thinks that paying for exclusivity will net the company new subscribers. If you prefer downloads to streaming, however, you'll need a premium subscription. Rogan himself apparently thinks he will lose no control over his show; he distrusts YouTube's censorship.

At his blog on corporate competition, Matt Stoller proclaims that the Rogan deal means the death of independent podcasting. While I agree that podcasts circa 2017-2020 are in a state similar to the web in the 2000s, I don't agree this means the death of all independent podcasting - but it will be much harder for their creators to find audiences and revenues as Spotify becomes the primary gatekeeper. This is what happened with blogs between 2008 and 2015 as social media took over.

Both Carman's and Stoller's predictions are grim: that podcasts will go the way of today's web and become a vector for data collection and targeted advertising. Carman, however, imagines some survival for a privacy-protecting, open ecosystem of podcasts. I want to believe this. But, like blogging now, that ecosystem will likely have to find a new business model.


Illustrations: 1930s vacuum tube radio (via Joe Haupte).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

October 18, 2019

I never paid for it in my life

lanier-lrm-2017.jpgSo Jaron Lanier is back, arguing that we should be paid for our data. He was last seen in net.wars two years back, arguing that if people had started by charging for email we would not now be the battery fuel for "behavior modification empires". In a 2018 TED talk, he continued that we should pay for Facebook and Google in order to "fix the Internet".

Lanier's latest disquisition goes like this: the big companies are making billions from our data. We should have some of it. That way lies human dignity and the feeling that our lives are meaningful. And fixing Facebook!

The first problem is that fixing Facebook is not the same as fixing the Internet, a distinction Lanier surely understands. The Internet is a telecommunications network; Facebook is a business. You can profoundly change a business by changing who pays for its services and how, but changing a telecommunications network that underpins millions of organizations and billions of people in hundreds of countries is a wholly different proposition. If you mean, as Lanier seems to, that what you want to change is people's belief that content on the Internet should be free, then what you want to "fix" is the people, not the network. And "fixing" people at scale is insanely hard. Just ask health professionals or teachers. We'd need new incentives,

Paying for our data is not one of those incentives. Instead of encouraging people to think more carefully about privacy, being paid to post to Facebook would encourage people to indiscriminately upload more data. It would add payment intermediaries to today's merry band of people profiting from our online activities, thereby creating a whole new class of metadata for law enforcement to claim it must be able to access.

A bigger issue is that even economists struggle to understand how to price data; as Diane Coyle asked last year, "Does data age like fish or like wine?" Google's recent announcement that it would allow users to set their browser histories to auto-delete after three or 12 months has been met by the response that such data isn't worth much three months on, though the privacy damage may still be incalculable. We already do have a class of people - "influencers" - who get paid for their social media postings, and as Chris Stokel-Walker portrays some of their lives, it ain't fun. Basically, while paying us all for our postings would put a serious dent into the revenues of companies like Google, and Facebook, it would also turn our hobbies into jobs.

So a significant issue is that we would be selling our data with no concept of its true value or what we were actually selling to companies that at least know how much they can make from it. Financial experts call this "information asymmetry". Even if you assume that Lanier's proposed "MID" intermediaries that would broker such sales will rapidly amass sufficient understanding to reverse that, the reality remains that we can't know what we're selling. No one happily posting their kids' photos to Flickr 14 years ago thought that in 2014 Yahoo, which owned the site from 2005 to 2015, was going to scrape the photos into a database and offer it to researchers to train their AI systems that would then be used to track protesters, spy on the public, and help China surveil its Uighur population.

Which leads to this question: what fire sales might a struggling company with significant "data assets" consider? Lanier's argument is entirely US-centric: data as commodity. This kind of thinking has already led Google to pay homeless people in Atlanta to scan their faces in order to create a more diverse training dataset (a valid goal, but oh,.the execution).

In a paywalled paper for Harvard Business Review, Lanier apparently argues that instead he views data as labor. That view, he claims, opens the way to collective bargaining via "data labor unions" and mass strikes.

Lanier's examples, however, are all drawn from active data creation: uploading and tagging photos, writing postings. Yet much of the data the technology companies trade in is stuff we unconsciously create - "data exhaust" - as we go through our online lives: trails of web browsing histories, payment records, mouse movements. At Tech Liberation, Will Rinehart critiques Lanier's estimates, both the amount (Lanier suggests a four-person household could gain $20,000 a year) and the failure to consider the differences between and interactions among the three classes of volunteered, observed, and inferred data. It's the inferences that Facebook and Google really get paid for. I'd also add the difference between data we can opt to emit (I don't *have* to type postings directly into Facebook knowing the company is saving every character) and data we have no choice about (passport information to airlines, tax data to governments). The difference matters: you can revise, rethink, or take back a posting; you have no idea what your unconscious mouse movements reveal and no ability to edit them. You cannot know what you have sold.

Outside the US, the growing consensus is that data protection is a fundamental human right. There's an analogy to be made here between bodily integrity and personal integrity more broadly. Even in the US, you can't sell your kidney. Isn't your data just as intimate a part of you?


Illustrations: Jaron Lanier in 2017 with Luke Robert Mason (photo by Eva Pascoe).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

August 23, 2019

Antepenultimate

rotated-gchq-secure-phone.jpegFor many reasons, I've never wanted to use my mobile phone for banking. For one thing, I have a desktop machine with three 24-inch monitors and a full-size functioning keyboard; why do I want to poke at a small screen with one finger?

Even if I did, the corollary is that mobile phones suck for typing passwords. For banking, you typically want the longest and most random password you can generate. For mobile phone use, you want something short, easy to remember and type. There is no obvious way to resolve this conflict, particularly in UK banking, where you're typically asked to type in three characters chosen from your password. It is amazingly easy to make mistakes counting when you're asked to type in letter 18 of a 25-character random string. (Although: I do admire the literacy optimism one UK bank displays when it asks for the "antepenultimate" character in your password. It's hard to imagine an American bank using this term.)

Beyond that, mobile phones scare me for sensitive applications in general; they seem far too vulnerable to hacking, built-in vulnerabilities, SIM swapping, and, in the course of wandering the streets of London, loss, breakage, or theft. So mine is not apped up for social media, ecommerce, or anything financial. I accept that two-factor authentication is a huge step forward in terms of security, but does it have to be on my phone? In this, I am, of course, vastly out of step with the bulk of the population, who are saying instead: "Can't it be on my phone?" What I want, however, is a 2FA device I can turn off and stash out of harm's way in a drawer at home. That approach would also mean not having to give my phone number to an entity that might, like Facebook has in the past, coopt it into their marketing plans.

So, it is with great unhappiness that I discover that the combination of the incoming Payment Services Directive 2 and the long-standing effort to get rid of cheques are combining to force me to install a mobile banking app.

PSD2 possibly will may perhaps not have been the antepenultimate gift from the EU28. At Wired, Laurie Clark explains the result of the directive's implementation, which is that ecommerce sites, as well as banks, must implement two-factor authentication (2FA) by September 14. Under this new regime, transactions above £30 (about $36.50, but shrinking by the Brexit-approaching day) will require customers to prove at least two of the traditional three security factors: something they have (a gadget such as a smart phone, a specific browser on a specific machine, or a secure key,, something they know (passwords and the answers to secondary questions), and something they are (biometrics, facial recognition). As Clark says, retailers are not going to love this, because anything that adds friction costs them sales and customers.

My guess is that these new requirements will benefit larger retailers and centralized services at the expense of smaller ones. Paypal, Amazon, and eBay already have plenty of knowledge about their customers to exploit to be confident of the customer's identity. Requiring 2FA will similarly privilege existing relationships over new ones.

So far, retail sites don' t seem to be discussing their plans. UK banking sites, however, began adopting 2FA some years ago, mostly in the form of secure keys that they issued and replaced as needed - credit card-sized electronic one-time pads. Those sites now are simply dropping the option of logging on with limited functionality without the key. These keys have their problems - especially non-inclusive design with small, fiddly keys and hard-to-read LCD screens - but I liked the option.

Ideally, this would be a market defined by standards, so people could choose among different options - such as the Yubikey, Where the banks all want to go, though, is to individual mobile phone apps that they can also use for marketing and upselling. Because of the broader context outlined above, I do not want this.

One bank I use is not interested in my broader context, only its own. It has ruled: must download app. My first thought was to load the app onto my backup, second-to-last phone, figuring that its unpatched vulnerabilities would be mitigated by its being turned off, stuck in a drawer, and used for nothing else. Not an option: its version of Android is two decimal places too old. No app for *you*!

At Bentham's Gaze, Steven Murdoch highlights a recent Which? study that found that those who can't afford, can't use, or don't want smartphones or who live with patchy network coverage will be shut out of financial services.

Murdoch, an expert on cryptography and banking security, argues that by relying on mobile apps banks are outsourcing their security to customers and telephone networks, which he predicts will fail to protect against criminals who infiltrate the phone companies and other threats. An additional crucial anti-consumer aspect is the refusal of phone manufacturers to support ongoing upgrades, forcing obsolescence on a captive audience, as we've complained before. This can only get worse as smartphones are less frequently replaced while being pressed into use for increasingly sensitive functions.

In the meantime, this move has had so little press that many people are being caught by surprise. There may be trouble ahead...

Illustrations:

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

July 26, 2019

Hypothetical risks

Great Hack - data connections.png"The problem isn't privacy," the cryptography pioneer Whitfield Diffie said recently. "It's corporate malfeasance."

This is obviously right. Viewed that way, when data profiteers claim that "privacy is no longer a social norm", as Facebook CEO Mark Zuckerberg did in 2010, the correct response is not to argue about privacy settings or plead with users to think again, but to find out if they've broken the law.

Diffie was not, but could have been, talking specifically about Facebook, which has blown up the news this week. The first case grabbed most of the headlines: the US Federal Trade Commission fined the company $5 billion. As critics complained, the fine was insignificant to a company whose Q2 2019 revenues were $16.9 billion and whose quarterly profits are approximately equal to the fine. Medium-term, such fines have done little to dent Facebook's share prices. Longer-term, as the cases continue to mount up...we'll see. Also this week, the US Department of Justice launched an antitrust investigation into Apple, Amazon, Alphabet (Google), and Facebook.

The FTC fine and ongoing restrictions have been a long time coming; EPIC executive director Marc Rotenberg has been arguing ever since the Cambridge Analytica scandal broke that Facebook had violated the terms of its 2011 settlement with the FTC.

If you needed background, this was also the week when Netflix released the documentary, The Great Hack, in which directors Karim Amer and Jehane Noujairn investigate the role Cambridge Analytica and Facebook played in the 2016 EU referendum and US presidential election votes. The documentary focuses primarily on three people: David Carroll, who mounted a legal action against Facebook to obtain his data; Brittany Kaiser, a director of Cambridge Analytica who testified against the company; and Carole Cadwalladr, who broke the story. In his review at the Guardian, Peter Bradwell notes that Carroll's experience shows it's harder to get your "voter profile" out of Facebook than from the Stasi, as per Timothy Garton Ash. (Also worth viewing: the 2006 movie The Lives of Others.)

Cadwalladr asks in her own piece about The Great Hack and in her 2019 TED talk, whether we can ever have free and fair elections again. It's a difficult question to answer because although it's clear from all these reports that the winning side of both the US and UK 2016 votes used Facebook and Cambridge Analytica's services, unless we can rerun these elections in a stack of alternative universes we can never pinpoint how much difference those services made. In a clip taken from the 2018 hearings on fake news, Damian Collins (Conservative, Folkstone and Hythe), the chair of the Digital, Culture, Media, and Sport Committee, asks Chris Wylie, a whistleblower who worked for Cambridge Analytica, that same question (The Great Hack, 00:25:51). Wylie's response: "When you're caught doping in the Olympics, there's not a debate about how much illegal drug you took or, well, he probably would have come in first, or, well, he only took half the amount, or - doesn't matter. If you're caught cheating, you lose your medal. Right? Because if we allow cheating in our democratic process, what about next time? What about the time after that? Right? You shouldn't win by cheating."

Later in the film (1:08:00), Kaiser, testifying to DCMS, sums up the problem this way: "The sole worth of Google and Facebook is the fact that they own and possess and hold and use the personal data from people all around the world.". In this statement, she unknowingly confirms the prediction made by the veteran Australian privacy advocate Roger Clarke,who commented in a 2009 interview about his 2004 paper, Very Black "Little Black Books", warning about social networks and privacy: "The only logical business model is the value of consumers' data."

What he got wrong, he says now, was that he failed to appreciate the importance of micro-pricing, highlighted in 1999 by the economist Hal Varian. In his 2017 paper on the digital surveillance economy, Clarke explains the connection: large data profiles enable marketers to gauge the precise point at which buyers begin to resist and pitch their pricing just below it. With goods and services, this approach allows sellers to extract greater overall revenue from the market than pre-set pricing would; with politics, you're talking about a shift from public sector transparency to private sector black-box manipulation. Or, as someone puts it in The Great Hack, a "full-service propaganda machine". Load, aim at "persuadables", and set running.

Less noticed than either of these is the Securities and Exchange Commission settlement with Facebook, also announced this week. While the fine is relatively modest - a mere $100 million - the SEC has nailed the company's conflicting statements. On Twitter, Jason Kint has helpfully highlighted the SEC's statements laying out the case that Facebook knew in 2016 that it had sold Cambridge Analytica some of the data underlying the 30 million personality profiles CA had compiled - and then "misled" both the US Congress and its own investors. Besides the fine, the SEC has permanently enjoined Facebook from further violations of the laws it broke in continuing to refer to actual risks as "hypothetical". The mills of trust have been grinding exceeding slow; they may yet grind exceeding small.


Illustrations: Data connections in The Great Hack.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

May 10, 2019

Slime trails

ghostbusters-murray-slime.pngIn his 2000 book, Which Lie Did I Tell?, the late, great screenwriter William Goldman called the brilliant 1963 Stanley Donen movie Charade a "money-loser". Oh, sure, it was a great success - for itself. But it cost Hollywood hundreds of millions of dollars in failed attempts to copy its magical romantic-comedy-adventure-thriller mixture. (Goldman's own version, 1992's The Year of the Comet, was - his words - "a flop".) In this sense, Amazon may be the most expensive company ever launched in Silicon Valley because it encouraged everyone to believe losing money in 17 of its first 18 years doesn't matter.

Uber has been playing up this comparison in the run-up to its May 2019 IPO. However, two things make it clear the comparison is false. First - duh - losing money just isn't a magical sign of a good business, even in the Internet era. Second, Amazon had scale on its side, as well as a pioneering infrastructure it was able later to monetize. Nothing about transport scales, as Hubert Horan laid out in 2017; even municipalities can't make Uber cheaper than public transit. Horan's analysis of Uber's IPO filing is scathing. Investment advisers love to advise investing in companies that make popular products, but *not this time*.

Meanwhile, network externalities abound. The Guardian highlights the disparity between Uber's drivers, who have been striking this week, and its early investors, who will make billions even while the company says it intends to continue slicing drivers' compensation. The richest group, says the New York Times, have already decamped to lower-tax states.

If Horan is right, however, the impending shift of billions of dollars from drivers and greater fools to already-wealthy early investors will arguably be a regulatory failure on the part of the Securities and Exchange Commission. I know the rule of the stock market is "buyer beware", but without the trust conferred by regulators there will *be* no buyers, not even pension funds. Everyone needs government to ensure fair play.

Somewhere in one of his 500-plus books, the science/fiction writer Isaac Asimov commented that he didn't like to fly because in case of a plane crash his odds of survival were poor. "It's not sporting." In fact, most passengers survive, unharmed, but not, obviously, in the recent Boeing crashes. Blame, as Madeline Elish correctly predicted in her paper on moral crumple zones, is being sprayed widely, particularly among the humans who build and operate these things: faulty sensors, pilots, and software issues.

The reality seems more likely to be a perfect storm comprising numerous components: 1) the same kind of engineering-management disconnect that doomed Challenger in 1986, 2) trying to compensate with software for a hardware problem, 3) poorly thought-out cockpit warning light design, 4) the number and complexity of vendors involved, and 5) receding regulators. As hybrid cyber-physical systems become more pervasive, it seems likely we will see many more situations where small decisions made by different actors will collide to create catastrophes, much like untested drug interactions.

Again, regulatory failure is the most alarming. Any company can screw up. The failure of any complex system can lead to companies all blaming each other. There are always scapegoats. But in an industry where public perception of safety is paramount, regulators are crucial in ensuring trust. The flowchart at the Seattle Times says it all about how the FAA has abdicated its responsibility. It's particularly infuriating because many in the cybersecurity industry cite aviation as a fine example of what an industry can do to promote safety and security when the parties recognize their collective interests are best served by collaborating and sharing data. Regulators who audit and test provide an essential backstop.

The 6% of the world that flies relies on being able to trust regulators to ensure their safety. Even if the world's airlines now decide that they can't trust the US system, where are they going to go for replacement aircraft? Their own governments will have to step in where the US is failing, as the EU already does in privacy and antitrust. Does the environment win, if people decide it's too risky to fly? Is this a plan?

I want regulators to work. I want to be able to fly with reasonable odds of survival, have someone on the job to detect financial fraud, and be able to trust that medical devices are safe. I don't care how smart you are, no consumer can test these things for themselves, any more than we can tell if a privacy policy is worth the electrons it's printed on.

On that note, last week on Twitter Demos researcher Carl Miller, author of The Death of the Gods, made one of his less-alarming suggestions. Let's replace "cookie": "I'm willing to bet we'd be far less willing to click yes, if the website asked if we [are] willing to have a 'slime trail', 'tracking beacon' or 'surveillance agent' on our browser."

I like "slime trail", which extends to cover the larger use of "cookie" in "cookie crumbs" to describe the lateral lists that show the steps by which you arrived at the current page. Now, when you get a targeted ad, people will sympathize as you shout, "I've been slimed!"


Illustrations: Bill Murray, slimed in Ghostbusters (1984).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

February 22, 2019

Metropolis

Metropolis-openingshot.png"As a citizen, how will I know I live in a smarter city, and how will life be different?" This question was probably the smartest question asked at yesterday's Westminster Forum seminar on smart cities (PDF); it was asked by Tony Sceales, acting as moderator.

"If I feel safe and there's less disruption," said Peter van Manen. "You won't necessarily know. Thins will happen as they should. You won't wake up and say, 'I'm in the city of the future'," said Sam Ibbott. "Services become more personalized but less visible," said Theo Blackwell the Chief Digital Office for London.

"Frictionless" said Jacqui Taylor, offering it as the one common factor she sees in the wildly different smart city projects she has encountered. I am dubious that this can ever be achieved: one person's frictionless is another's desperate frustration: streets cannot be frictionless for *both* cars and cyclists, just as a city that is predicted to add 2 million people over the next ten years can't simultaneously eliminate congestion. "Working as intended" was also heard. Isn't that what we all wish computers would do?

Blackwell had earlier mentioned the "legacy" of contactless payments for public transport. To Londoners smushed into stuffed Victoria Line carriages in rush hour, the city seems no smarter than it ever was. No amount of technological intelligence can change the fact that millions of people all want to go home at the same time or the housing prices that force them to travel away from the center to do so. We do get through the ticket barriers faster.

"It's just another set of tools," said Jennifer Schooling. "It should feel no different."

The notion of not knowing as the city you live in smartens up should sound alarm bells. The fair reason for that hiddenness is the reality that, as Sara Degli Esposti pointed out at this year's Computers, Privacy, and Data Protection, this whole area is a business-to-business market. "People forget that, especially at the European level. Users are not part of the picture, and that's why we don't see citizens engaged in smart city projects. Citizens are not the market. This isn't social media."

She was speaking at CPDP's panel on smart cities and governance, convened by the University of Stirling's William Webster, who has been leading a research project, CRISP, to study these technologies. CRISP asked a helpfully different question: how can we use smart city technologies to foster citizen engagement, coproduction of services, development of urban infrastructure, and governance structures?

The interesting connection is this: it's no surprise when CPDP's activists, regulators, and academics talk about citizen engagement and participation, or deplore a model in which smart cities are a business-led excuse for corporate and government, surveillance. The surprise comes when two weeks later the same themes arise among Westminster Forum's more private and public sector speakers and audience. These are the people who are going to build these new programs and services, and they, too, are saying they're less interested in technology and more interested in solving the problems that keep citizens awake at night: health, especially.

There appears to be a paradigm shift beginning to happen as municipalities begin to seriously consider where and on what to spend their funds.

However, the shift may be solely European. At CPDP, Canadian surveillance studies researcher David Murakami Wood told the story of Toronto, where (Google owner) Alphabet subsidiary Sidewalk Labs swooped in circa 2014 with proposals to redevelop the Quayside area of Toronto in partnership with Waterfront Toronto. The project has been hugely controversial - there were hearings this week in Ottawa, the provincial capital.

As Murakami Wood's tells it, for Sidewalk Labs the area is a real-world experiment using real people's lives as input to create products the company can later sell elsewhere. The company has made clear it intends to keep all the data the infrastructure generates on its servers in the US as well as all the intellectual property rights. This, Murakami Wood argued, is the real cost of the "free" infrastructure. It is also, as we're beginning to see elsewhere, the extension of online tracking or, as Murakami Wood put it, surveillance capitalism into the physical world: cultural appropriation at municipal scale from a company that has no track record in building buildings, or even publishing detailed development plans. Small wonder that Murakami Wood laughed when he heard Sidewalk Labs CEO Dan Doctoroff impress a group of enthusiastic young Canadian bankers with the news that the company had been studying cities for *two years*.

Putting these things together, we have, as Andrew Adams suggested, three paradigms, which we might call US corporate, Chinese authoritarian, and, emerging, European participatory and cooperative. Is this the choice?

Yes and no. Companies obviously want to develop systems once, sell them everywhere. Yet the biggest markets are one-off outliers. "Croydon," said Blackwell, "is the size of New Orleans." In addition, approaches vary widely. Some places - Webster mentioned Glasgow - are centralized command and control; others - Brazil - are more bottom-up. Rick Robinson finds that these do not meet in the middle.

The clear takeaway overall is that local context is crucial in shaping smart city projects and despite some common factors each one is different. We should built on that.


Illustrations: Fritz Lang's Metropolis (1927).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

November 30, 2018

Digital rights management

parliament-whereszuck.jpg"I think we would distinguish between the Internet and Facebook. They're not the same thing." With this, the MP Damian Collins (Conservative, Folkstone and Hythe) closed Tuesday's hearing on fake news, in which representatives of nine countries, combined population 400 million, posed questions to Facebook VP for policy Richard Allan, proxying for non-appearing CEO Mark Zuckerberg.

Collins was correct when you're talking about the countries present: UK, Ireland, France, Belgium, Latvia, Canada, Argentina, Brazil, and Singapore. However, the distinction is without a difference in numerous countries where poverty and no-cost access to Facebook or its WhatsApp subsidiary keeps the population within their boundaries. Foreseeing this probable outcome, India's regulator banned Facebook's Free Basics on network neutrality grounds.

Much less noticed, the nine also signed a set of principles for governing the Internet. Probably the most salient point is the last one, which says technology companies "must demonstrate their accountability to users by making themselves fully answerable to national legislatures and other organs of representative democracy". They could just as well have phrased it, "Hey, Zuckerberg: start showing up."

This was, they said, the first time multiple parliaments have joined together in the House of Commons since 1933, and the first time ever that so many nations assembled - and even that wasn't enough to get Zuckerberg on a plane. Even if Allan was the person best-placed to answer the committee's questions, it looks bad, like you think your company is above governments.

The difficulty that has faced would-be Internet regulators from the beginning is this: how do you get 200-odd disparate cultures to agree? China would openly argue for censorship; many other countries would openly embrace freedom of expression while happening to continue expanding web blocking, filtering, and other restrictions. We've seen the national disparities in cultural sensitivities played out for decades in movie ratings and TV broadcasting rules. So what's striking about this declaration is that nine countries from three continents have found some things they can agree on - and that is that libertarian billionaires running the largest and most influential technology companies should accept the authority of national governments. Hence, the group's first stated principle: "The internet is global and law relating to it must derive from globally agreed principles". It took 22 years, but at last governments are responding to John Perry Barlow's 1996 Declaration of the Independence of Cyberspace: "Not bloody likely."

Even Allan, a member of the House of Lords and a former MP (LibDem, Sheffield Hallam), admitted, when Collins asked how he thought it looked that Zuckerberg had sent a proxy to testify, "Not great!"

The governments' principles, however, are a statement of authority, not a bill of rights for *us*, a tougher proposition that many have tried to meet. In 2010-2012, there was a flurry of attempts. Then-US president Barack Obama published a list of privacy principles; the 2010 Computers, Freedom, and Privacy conference, led by co-chair Jon Pincus, brainstormed a bill of rights mostly aimed at social media; UK deputy Labour leader Tom Watson ran for his seat on a platform of digital rights (now gone from his website); and US Congressman Darrell Issa (R-OH) had a try.

Then a couple of years ago, Cybersalon began an effort to build on all these attempts to draft a bill of rights hoping it would become a bill in Parliament. Labour drew on it for its Digital Democracy Manifesto (PDF) in 2016 - though this hasn't stopped the party from supporting the Investigatory Powers Act.

The latest attempt came a few weeks ago, when Tim Berners-Lee launched a contract for the web, which has been signed by numerous organizations and individuals. There is little to object to: universal access, respect for privacy, free expression, and human rights, civil discourse. Granted, the contract is, like the Bishop of Oxford's ten commandments for artificial intelligence, aspirational more than practically prescriptive. The civil discourse element is reminiscent of Tim O'Reilly's 2007 Code of Conduct, which many, net.wars included, felt was unworkable.

The reality is that it's unlikely that O'Reilly's code of conduct or any of its antecedents and successors will ever work without rigorous human moderatorial intervention. There's a similar problem with the government pledges: is China likely to abandon censorship? Next year half the world will be online - but alongside the Contract a Web Foundation study finds that the rate at which people are getting online has fallen sharply since 2015. Particularly excluded are women and the rural poor, and getting them online will require significant investment in not only broadband but education - in other words, commitments from both companies and governments.

Popular Mechanics calls the proposal 30 years too late; a writer on Medium calls it communist; and Bloomberg, among others, argues that the only entities that can rein in the big technology companies is governments. Yet the need for them to do this appears nowhere in the manifesto. "...The web is long past attempts at self-regulation and voluntary ethics codes," Bloomberg concludes.

Sadly, this is true. The big design error in creating both the Internet and the web was omitting human psychology and business behavior. Changing today's situation requires very big gorillas. As we've seen this week, even nine governments together need more weight.


Illustrations: Zuckerberg's empty chair in the House of Commons.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

November 23, 2018

Phished

cupidsmessage-missourihistoricalsociety.jpgI regularly get Friend requests on Facebook from things I doubt are real people. They are always male and, at a guess, 40-something, have no Friends in common with me, and don't bother to write a message explaining how I know them. If I take the trouble to click through to their profiles, their Friends lists are empty. This week's request, from "Smith Thomson", is muscled, middle-aged, and slightly brooding. He lists his workplace as a US Army base and his birthplace as Houston. His effort is laughably minimal: zero Friends and the only profile content is the cover photograph plus a second photo with a family in front of a Disney castle, probably Photoshopped. I have a nasty, suspicious mind, and do not accept the request.

One of the most interesting projects under the umbrella of the Research Institute for Science of Cyber Security is Detecting and Preventing Mass-Marketing Fraud, led from the University of Warwick by Monica Whitty, and explained here. We tend to think of romance scams in particular, less so advance-fee fraud, as one-to-one rip-offs. Instead, the reality behind them is highly organized criminals operating at scale.

This is a billion-dollar industry with numerous victims. On Monday, the BBC news show Panorama offered a carefully worked example. The journalists followed the trail of these "catfish" by setting up a fake profile and awaiting contact, which quickly arrived. Following clues and payment instructions led the journalists to the scammer himself, in Lagos, Nigeria. One of the victims in particular displays reactions Whitty has seen in her work, too: even when you explain the fraud, some victims still don't recognize the same pattern when they are victimized again. Panorama's saddest moment is an older man who was clearly being retargeted after having already been fleeced of £100,000, his life savings. The new scammer was using exactly the same methodology, and yet he justified sending his new "girlfriend" £500 on the basis that it was comparatively modest, though at least he sounded disinclined to send more. He explained his thinking this way: "They reckon that drink and drugs are big killers. Yeah, they are, but loneliness is a bigger killer than any of them, and trying to not be lonely is what I do every day."

I doubt Panorama had to look very hard to find victims. They pop up a lot at security events, where everyone seems to know someone who's been had: the relative whose computer they had to clean after they'd been taken in by a tech support scam, the friend they'd had to stop from sending money. Last year, one friend spent several months seeking restitution for her mother, who was at least saved from the worst by an alert bank teller at her local branch. The loss of those backstops - people in local bank branches and other businesses who knew you and could spot when you were doing something odd - is a largely unnoticed piece of why these scams work.

In a 2016 survey, Microsoft found that two-thirds of US consumers had been exposed to a tech support scam in the previous year. In the UK in 2016, a report by the US Better Business Bureau says (PDF) , there were more than 34,000 complaints about this type of fraud alone - and it's known that less than 10% of victims complain. Each scam has its preferred demographic. Tech support fraud doesn't typically catch older people, who have life experience and have seen other scams even if not this particular one. The biggest victims of this type of scam are millennials aged 18 to 34 - with no gender difference.

DAPM's meeting mostly focused on dating scams, a particular interest of Whitty's because the emotional damage, on top of the financial damage, is so fierce. From her work, I've learned that the military connection "Smith Thomson" claimed is a common pattern. Apparently some people are more inclined to trust a military background, and claiming that they're located on a military base makes it easy for scammers to dodge questions about exactly what they're doing and where they are and resist pressure to schedule a real-life meeting.

Whitty and her fellow researchers have already discovered that the standard advice we give people doesn't work. "If something looks too good to be true it usually is" is only meaningful at the beginning - and that's not when the "too good to be true" manifests itself. Fraudsters know to establish trust before ratcheting up the emotions and starting to ask - always urgently - for money. By then, requests that would raise alarm flags at the beginning seem like merely the natural next steps in a developed relationship. Being scammed once gets you onto a "suckers list", ripe for retargeting - like Panorama's victim. These, too, are not new; they have been passed around among fraudsters for at least a century.

The point of DAPM's research is to develop interventions. They've had some statistically significant success with instructions teaching people to recognize scams. However, this method requires imparting a lot of information, which means the real conundrum is how you motivate people to participate when most believe they're too smart to get caught. The situation is very like the paranormal claims The Skeptic deals with: no matter how smart you are or how highly educated, you, too, can be fooledz. And, unlike in other crimes, DAPM finds, 52% of these victims blame themselves.


Illustrations: Cupid's Message (via Missouri Historical Society.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

November 2, 2018

The Brother proliferation

Thumbnail image for Security_Monitoring_Centre-wikimedia.jpgThere's this about having one or two big threats: they distract attention from the copycat threats forming behind them. Unnoticed by most of us - the notable exception being Jeff Chester and his Center for Digital Democracy, the landscape of data brokers is both consolidating and expanding in new and alarming ways. Facebook and Google remain the biggest data hogs, but lining up behind them are scores of others embracing the business model of surveillance capitalism. For many, it's an attempt to refresh their aging business models; no one wants to become an unexciting solid business.

The most obvious group is the telephone companies - we could call them "legacy creepy". We've previously noted their moves into TV. For today's purposes, Exhibit A is Verizon's 2015 acquisition of AOL, which Fortune magazine attributed to AOL's collection of advertising platforms, particularly in video, as well as its more visible publishing sites (which include the Huffington Post, Engadget, and TechCrunch). Verizon's 2016 acquisition of Yahoo! and its 3 billion user accounts and long history also drew notice, most of it negative. Yahoo!, the reasoning went, was old and dying, plus: data breaches that were eventually found to have affected all 3 billion Yahoo! accounts. Oath, Verizon's name for the division that owns AOL and Yahoo!, also owns MapQuest and Tumblr. For our purposes, though, the notable factor is that with these content sites Verizon gets a huge historical pile of their users' data that it can combine with what it knows about its subscribers in truly disturbing ways. This is a company that only two years ago was fined $1.35 million for secretly tracking its customers.

Exhibit B is AT&T, which was barely finished swallowing Time-Warner (and presumably its customer database along with it) when it announced it would acquire the adtech company AppNexus, a deal Forrester's Joanna O'Connell calls a material alternative to Facebook and Google. Should you feel insufficiently disturbed by that prospect, in 2016 AT&T was caught profiting from handing off data to federal and local drug officials without a warrant. In 2015, the company also came up with the bright idea of charging its subscribers not to spy on them via deep packet inspection. For what it's worth, AT&T is also the longest-serving campaigner against network neutrality.

In 2017, Verizon and AT&T were among the biggest lobbyists seeking to up-end the Federal Communications Commission's privacy protections.

The move into data mining appears likely to be copied by legacy telcos internationally. As evidence, we can offer Exhibit C, Telenor, which in 2016 announced its entry into the data mining business by buying the marketing technology company Tapad.

Category number two - which we can call "you-thought-they-had-a-different-business-model creepy" - is a surprise, at least to me. Here, Exhibit A is Oracle, which is reinventing itself from enterprise software company to cloud and advertising platform supplier. Oracle's list of recent acquisitions is striking: the consumer spending tracker Datalogix, the "predictive intelligence" company DataFox, the cross-channel marketing company Responsys, the data management platform BlueKai, the cross-channel machine learning company Crosswise, and audience tracker AddThis. As a result, Oracle claims it can link consumers' activities across devices, online and offline, something just about everyone finds creepy except, apparently, the people who run the companies that do it. It may surprise you to find Adobe is also in this category.

Category number three - "newtech creepy" - includes data brokers like Acxiom, perhaps the best-known of the companies that have everyone's data but that no one's ever heard of. It, too, has been scooping up competitors and complementary companies, for example LiveRamp, which it acquired from fellow profiling company RapLeaf, and which is intended to help it link online and offline identities. The French company Criteo uses probabilistic matching to send ads following you around the web and into your email inbox. My favorite in this category is Quantcast, whose advertising and targeting activities include "consent management". In other words, they collect your consent or lack thereof to cookies and tracking at one website and then follow you around the web with it. Um...you have to opt into tracking to opt out?

Meanwhile, the older credit bureaus Experian and Equifax - "traditional creepy" - have been buying enhanced capabilities and expanded geographical reach and partnering with telcos. One of Equifax's acquisitions, TALX, gave the company employment and payroll information on 54 million Americans.

The detail amounts to this: big companies with large resources are moving into the business of identifying us across devices, linking our offline purchases to our online histories, and packaging into audience segments to sell to advertisers. They're all competing for the same zircon ring: our attention and our money. Doesn't that make you feel like a valued member of society?

At the 2000 Computers, Freedom, and Privacy conference, the science fiction writer Neal Stephenson presciently warned that focusing solely on the threat of Big Brother was leaving us open to invasion by dozens of Little Brothers. It was good advice. Now, Very Large Brothers are proliferating all around us. GDPR is supposed to redress this imbalance of power, but it only works when you know who's watching you so you can mount a challenge.


Illustrations: "Security Monitoring Centre" (via Wikimedia).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

August 17, 2018

Redefinition

Robber-barons2-bosses-senate.pngOnce upon a nearly-forgotten time, the UK charged for all phone calls via a metered system that added up frighteningly fast when you started dialing up to access the Internet. The upshot was that early Internet services like the now-defunct Demon Internet could charge a modest amount (£10) per month, secure that the consciousness of escalating phone bills would drive subscribers to keep their sessions short. The success of Demon's business model, therefore, depended on the rapaciousness of strangers.

I was reminded of this sort of tradeoff by a discussion in the LA Times (proxied for EU visitors) of cable-cutters. Weary of paying upwards of $100 a month for large bundles of TV channels they never watch, Americans are increasingly dumping them in favor of cheaper streaming subscriptions. As a result, ISPs that depend on TV package revenues are raising their broadband prices to compensate, claiming that the money is needed to pay for infrastructure upgrades. In the absence of network neutrality requirements, those raised prices could well be complemented by throttling competitors' services.

They can do this, of course, because so many areas of the US are lucky if they have two choices of Internet supplier. That minimalist approach to competition means that Americans pay more to access the Internet than many other countries - for slower speeds. It's easy to raise prices when your customers have no choice.

The LA Times holds out hope that technology will save them; that is, the introduction of 5G, which promises better speeds and easier build-out, will enable additional competition from AT&T, Verizon, and Sprint - or, writer David Lazarus adds, Google, Facebook, and Amazon. In the sense of increasing competition, this may be the good news Lazarus thinks it is, even though he highlights AT&T's and Verizon's past broken promises. I'm less sure: physics dictates that despite its greater convenience the fastest wireless will never be as fast as the fastest wireline.

5G has been an unformed mirage on the horizon for years now, but apparently no longer: CNBC says Verizon's 5G service will begin late this year in Houston, Indianapolis, Los Angeles, and Sacramento and give subscribers TV content in the form of an Apple TV and a YouTube subscription. A wireless modem will obviate the need for cabling.

The potential, though, is to entirely reshape competition in both broadband and TV content, a redefinition that began with corporate mergers such as Verizon's acquisition of AOL and Yahoo (now gathered into its subsidiary, "Oath") and AT&T's whole-body swallowing of Time Warner, which includes HBO. Since last year's withdrawal of privacy protections passed during the Obama administration, ISPs have greater latitude to collect and exploit their customers' online data trails. Their expansion into online content makes AT&T and Verizon look more like competitors to the online behemoths. For consumers, greater choice in bandwidth provider is likely to be outweighed by the would-you-like-spam-with-that complete lack of choice about data harvesting. If the competition 5G opens up is provided solely by avid data miners who all impose the same terms and conditions...well, which robber baron would you like to pay?

There's a twist. The key element that's enabled Amazon and, especially, Netflix to succeed in content development is being able to mine the data they collect about their subscribers. Their business models differ - for Amazon, TV content is a loss-leader to sell subscriptions to its premium delivery service; for Netflix, TV production is a bulwark against dependence on third-party content creators and their licensing fees - but both rely on knowing what their customers actually watch. Their ambitions, too, are changing. Amazon has canceled much of its niche programming to chase HBO-style blockbusters, while Netflix is building local content around the world. Meanwhile, AT&T wants HBO to expand worldwide and focus less on its pursuit of prestige; Apple is beginning TV production; and Disney is pulling its content from Netflix to set up its own streaming service.

The idea that many of these companies will be directly competing in all these areas is intriguing, and its impact will be felt outside the US. It hardly matters to someone in London or Siberia how much Internet users in Indianapolis pay for their broadband service or how good it is. But this reconfiguration may well end the last decade's golden age of US TV production, particularly but not solely for drama. All the new streaming services began by mining the back catalogue to build and understand an audience and then using creative freedom to attract talent frustrated by the legacy TV networks' micromanagement of every last detail, a process the veteran screenwriter Ken Levine has compared to being eaten to death by moths.

However, one last factor could provide an impediment to the formation of this landscape: on June 28, California adopted the Consumer Privacy Act, which will come into force in 2020. As Nick Confessore recounts in the New York Times Magazine, this "overnight success" required years of work. Many companies opposed the bill: Amazon, Google, Microsoft, Uber, Comcast, AT&T, Cox, Verizon, and several advertising lobbying groups; Facebook withdrew its initial opposition.. EFF calls it "well-intentioned but flawed", and is proposing changes. ISPs and technology companies also want (somewhat different) changes. EPIC's Mark Rotenberg called the bill's passage a "milestone moment". It could well be.


Illustrations: Robber barons overseeing the US Congress (via Wikimedia).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

July 20, 2018

Competing dangerously

Thumbnail image for Conversation_with_Margrethe_Vestager,_European_Commissioner_for_Competition_(17222242662).jpgIt is just over a year since the EU fined Google what seemed a huge amount, and here we are again: this week the EU commissioner for competition Margrethe Vestager levied an even bigger €4.34 billion fine over "serious illegal behavior". At issue was Google's licensing terms for its Android apps and services, which essentially leveraged its ownership of the operating system to ensure its continued market dominance in search as the world moved to mobile. Google has said it will appeal; it is also appealing the 2017 fine. The present ruling gives the company 90 days to change behaviour or face further fines of up to 5% of daily worldwide turnover.

Google's response is to say that Google's rules have enabled it not to charge manufacturers to use Android, made Android phones easier to use, and are efficient for both developers and consumers. The ruling, writes CEO Sundar Pichai, will "upset the balance of the Android ecosystem".

Google's claim that users are free to install other browsers and search engines and are used to downloading apps is true but specious. It's widely known that 95% of users never change default settings. Defaults *matter*, and Google certainly knows this. When you reach a certain size - Android holds 80% of European and worldwide smart mobile devices, and 95% of the licensable mobile market outside of China - the decisions you make about choice architecture determine the behavior of large populations.

Also, the EU's ruling isn't about a user's specific choice on their individual smartphone. Instead, it's based on three findings: 1) Google's licensing terms made access to the Play Store contingent on pre-installing Google's search app and Chrome; 2) Google paid some large manufacturers and network operators to exclusively pre-install Google's search app; 3) Google prevented manufacturers that pre-install Google apps from selling *any* devices using non-Google-approved ("forked") versions of Android. It puts the starting date at 2011, "when Google became dominant".

There are significant similarities here to the US's 1998 ruling against Microsoft over tying Internet Explorer to Windows. Back then, Microsoft was the Big Evil on the block, and there were serious concerns that it would use Internet Explorer as a vector for turning the web into a proprietary system under its control. For a good account, see Charles H. Ferguson's 1999 book, High St@kes, No Prisoners. Ferguson would know: his web page design start-up, Vermeer, was the subject of an acquisition battle between Microsoft and Netscape. Google, which was founded in 1998, ultimately benefited from this ruling, because it helped keep the way open for "alternative" browsers such as Google's own Chrome.

There are also similarities to the EU's 2004 ruling against Microsoft, which required the company to stop bundling its media player with Windows and to disclose the information manufacturers needed to integrate non-Microsoft networking and streaming software. The EU's fine was the largest-ever at the time: €497 million. At that point, media players seemed like important gateways to content. The significant gateway drug turned out to be Web browsers; either way, Microsoft and streaming have both prospered.

Since 1998, however, in another example of EU/US divergence, the US has largely abandoned enforcing anti-competition law. As Lina M. Khan pointed out last year, it's no longer the case that waiting will produce two guys in a garage with a new technology that up-ends the market and its biggest players. The EU explains carefully in its announcement that Android is different from Apple's iOS or Blackberry because as vertically integrated companies that do not license their products they are not part of the same market. In the Android market, however, it says, "...it was Google - and not users, app developers, and the market - that effectively determined which operating systems could prosper."

Too little, too late, some are complaining, and more or less correctly: the time for this action was 2009; even better, says the New York Times, block in advance the mergers that are creating these giants. Antitrust actions against technology companies are almost always a decade late. Others buy Google's argument that consumers will suffer, but Google is a smart company full of smart engineers who are entirely capable of figuring out well-designed yet neutral ways to present choices, just as Microsoft did before it.

There's additional speculation that Google might have to recoup lost revenues by charging licensing fees; that Samsung might be the big winner, since it already has its own full competitive suite of apps; and that the EU should fine Apple, too, on the basis that the company's closed system bars users from making *any* unapproved choices.

Personally, I wish the EU had applied more attention to the ways Google leverages the operating system to enable user tracking to fuel its advertising business. The requirement to tie every phone to a Gmail address is an obvious candidate for regulatory disruption; so is the requirement to use it to access the Play Store. The difficulty of operating a phone without being signed into Google has ratcheted up over time - and it seems wholly unnecessary *unless* the purpose is to make it easier to do user tracking. This issue may yet find focus under GDPR.

Illustrations: Margrethe Vestager.


Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

December 15, 2017

Bitcoin for dummies

Thumbnail image for Bitcoin_Digital_Currency_Logo.pngThe writers of the sitcom The Big Bang Theory probably thought they were on safe ground in early November when (at a guess) they pegged the price of bitcoin at $5,000 for the episode that had its first airing in the US on November 30 (Season 11, episode 9, "The Bitcoin Entanglement"). By then, it had doubled. This week, it neared $17,500, according to Coindesk. In between, it's dropped as much as 25% in a single day.

All of which explains why I've had numerous conversations this week in which I tried to talk people out of feeling bad that they didn't buy bitcoin back when it was cheap. Mortgaging your house or opening up credit card debt in order to buy bitcoin, as CNBC reports some people are doing, is a disastrously bad idea.

Bitcoin is at the stage where a sense of proportion is in short supply. You've got Deutsche Bank claiming that a bitcoin crash would endanger global markets, the Bank of England saying it's no threat, and Andrew Weilbacher at btcmanager.com arguing in return that the euro will be far more destructive. The Bank of England likely has it right: bitcoin is too small - at its $17,000 peak the whole market is $300 billion - to cause a global crash, even at current prices and volatility. It can certainly crash personal economies quite effectively, though.

But why stop Weilbacher when he's having fun? "Bitcoin is poised to overtake current technology for the internet and finance, not considering all of the other blockchain protocols. If and when this technology passes more archaic versions, it will begin to take on the total market valuation of the internet - $19 trillion - and the financial industry as a whole," he writes. Stuff like this always makes me think of this quote from Wall Street giant (and Warren Buffett teacher) Benjamin Graham: "Bright young men have been promising to work miracles with other people's money since time immemorial."

The dot-com bust was a great example. And yet, at its height in 2000 when even the most insistent dot-com boosters were admitting it was a bursting bubble, even the most skeptical believed that ten years later the internet would be much bigger. Many of those early internet companies never recovered, of course - but the internet still hasn't stopped growing.

So is bitcoin like an internet company or like the internet?

Bitcoin was conceived as two things: a cryptocurrency and a payment system. At the beginning people who mined or bought it were mostly curious and wanted to experiment. It was technically challenging, but cheap. A couple of years ago, we were hearing a lot about its potential for cutting costs out of financial transactions.

That dream is in trouble: the rapid rise in prices is killing bitcoin as a cost-cutter because as bitcoin's exchange rate goes up, so do its transaction costs. About 100,000 outlets worldwide accept payment in bitcoin, but there are also many private uses, particularly in areas where trust in government and the financial system is collapsing. The reality, though, is that very few people seriously use bitcoin as a currency and some of them are reconsidering. Steam, for example, announced on December 6 that it was ceasing to accept bitcoin payments partly because of pricing volatility but mostly because the fees are nearing $20 per transaction, 100 times what it cost when Steam started accepting it.

There's another problem, too: recent calculations say that the bitcoin transaction network is hideously energy-intensive, and even if miners derive all their power from renewables, if prices continue to rise it won't be sustainable. Even if it is, Visa is vastly faster and vastly more energy-efficient.

Those involved in fintech have been saying for some time that whatever happens to bitcoin, the blockchain, which records transactions in secure but verifiable blocks, is really significant (although older industry guys call it a "distributed ledger" and wonder why all the fuss over a 30-year-old technology). I see no reason not to believe them. However, you can't invest in the blockchain by buying bitcoin. Instead, the people investing in exploiting this are banks, other financial institutions, and large and small technology companies. That being the case, the idea that the power of the system lies in its decentralized peer-to-peer nature that requires no central authority seems likely to die even faster than the same idea about the internet itself. Get your libertarian rhetoric while you can. And your crypto kittens.

Bitcoin is not scaling. That doesn't mean other cryptocurrencies can't, but it does make Derek Thompson, who, writing for The Atlantic, called bitcoin a digital baseball card, without the faces or stats", even more likely to be right.

So, at present, most bitcoin owners are speculators hoping to cash out by selling to a greater fool. Over the time of bitcoin's existence, mining has moved from ordinary laptops to GPUs, to purpose-built ASICs. Today, most mining is controlled by a relative handful of players with giant clusters. If you are really insistent upon trying to make some money out of the bitcoin bubble, your best bet is the old picks and shovels approach. Needless to say, others have already thought of this.

Bottom line: you may regret missed opportunities but they don't make you feel nearly as stupid as the ones you took but wish you hadn't.


Illustrations: Bitcoin logo.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

November 10, 2017

Regulatory disruption

Thumbnail image for Northern_Rock_Queue.jpgThe financial revolution due to hit Britain in mid-January has had surprisingly little publicity and has little to do with the money-related things making news headlines over the last few years. In other words, it's not a new technology, not even a cryptocurrency. Instead, this revolution is regulatory: banks will be required to open up access to their accounts to third parties.

The immediate cause of this change is two difficult-to-distinguish pieces of legislation, one UK-specific and one EU-wide. The EU piece is Payment Services Directive 2, which is intended to foster standards and interoperability in payments across Europe. In the UK, Open Banking requires the nine biggest retail banks to create APIs that, given customer consent, will give third parties certified by the Financial Conduct Authority direct access to customer accounts. Account holders have begun getting letters announcing new terms and conditions, although recipients report that the parts that refer to open banking and consent are masterfully vague.

Thumbnail image for rotated-birch-contactlessmonopoly-ttf2016.jpgAs anyone attending the annual Tomorrow's Transactions Forum knows, open banking has been creeping up on us for the last few years. Consult Hyperion's Tim Richards has a good explanation of the story so far. At this year's event, Dave Birch, who has a blog posting outlining PSD2's background and context, noted that in China, where the majority of non-cash payments are executed via mobile, Alipay and Tencent are already executing billions of transactions a year, bypassing banks entirely. While the banks aren't thrilled about losing the transactions and their associated (dropping) revenue, the bigger issue is that they are losing the data and insight into their customers that traditionally has been exclusively theirs.

We could pick an analogy from myriad internet-disrupted sectors, but arguably the best fit is telecoms deregulation, which saw AT&T (in the US) and BT (in the UK) forced to open up their networks to competitors. Long distance revenues plummeted and all sorts of newcomers began leaching away their customers.

For banks, this story began the day Elon Musk's x.com merged with Peter Thiel's money transfer business to create the first iteration of Paypal so that anyone with an email address could send and receive money. Even then, the different approach of cryptocurrencies was the subject of experiments, but for most people the rhetoric of escaping government was less a selling point than being able to trade small sums with strangers who didn't take credit cards. Today's mobile payment users similarly don't care whether a bank is involved or not as long as they get their money.

Part of the point is to open up competition. In the UK, consumer-bank relationships tend to be lifelong, partly because so much of banking here has been automated for decades. For most people, moving their account involves not only changing arrangements for inbound payments like salary, but also also all the outbound payments that make up a financial life. The upshot is to give the banks impressive customer lock-in, which the Competition and Markets Authority began trying to break with better account portability.

The larger point of Open Banking, however, is to drive innovation in financial services. Why, the reasoning goes, shouldn't it be easier to aggregate data from many sources - bank and other financial accounts, local transport, government benefits - and provide a dashboard to streamline management or automatically switch to the cheapest supplier of unavoidable services? At Wired, Rowland Manthorpe has a thorough outline of the situation and its many uncertainties. Among these are the impact on the banks themselves - will they become, as the project's leader and the telecoms analogy suggest, plumbing for the financial sector or will they become innovators themselves? Or, despite the talk of fintech startups, will the big winners be Google and Facebook?

The obvious concerns in all this are security and privacy. Few outside the technology sector understand what an API is; how do we explain it to the broad range of the population so they understand how to protect themselves? Assuming that start-ups emerge, what mechanisms will we have to test how well our data is secured or trace how it's being used? What about the potential for spoof apps that steal people's data and money?

It's also easy to imagine that "consent" may be more than ordinarily mangled, a problem a friend calls the "tendency to mandatory". It's easy to imagine that the companies to whom we apply for insurance, a loan, or a job may demand an opened gateway to account data as part of the approvals process, which is extortion rather than consent.

This is also another situation where almost all of "my" data inevitably involves exposing third parties, the other halves of our transactions who have never given consent for that to happen. Given access to a large enough percentage of the population's banking data, triangulation should make it possible to fill in a fair bit of the rest. Amazon already has plenty of this kind of data from its own customers; for Facebook and Google this must be an exciting new vista.

Understanding what this will all mean will take time. But it represents a profound change, not only in the landscape of financial services but in the area of technical innovation. This time, those fusty old government regulators are the ones driving disruption.


Illustrations: Northern Rock in 2007 (Dominic Alves); Dave Birch.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

November 9, 2012

The billion-dollar spree

"This will be the grossest money election we've seen since Nixon," Lawrence Lessig predicted earlier this year. And the numbers are indeed staggering.

Never mind the 1%. In October, Lessig estimated that 42 percent of the money spent so far in the 2012 election cycle had come from just 47 Americans - the .000015 percent. At this rate, politicians - congressional as well as presidential - are perpetual candidates; fundraising leaves no time to do anything else. By comparison, the total UK expenditure by all candidates in the last general election (PDF) was £31 million - call it $50 million. A mere snip.

Some examples. CNN totals up $506,417,910 spent on advertising in just the eight "battleground" states - since April 10, 2012. Funds raised - again since April 10, 2012 - $1,021,265,691, much of it from states not in the battleground category - like New York, Texas, and California. In October, the National Record predicted that Obama's would be the first billion-dollar campaign.

The immediate source of these particular discontents is the 2010 Supreme Court decision in Citizens United v. Federal Election Commission that held that restricting political expenditure on "electioneering communications" by organizations contravened the First Amendment's provisions on freedom of expression. This is a perfectly valid argument if you accept the idea that organizations - corporations, trade unions, and so on - are people who should not be checked from spending their money to buy themselves airtime in which to speak freely.

An earlier rule retained in Citizens United was that donors to so-called SuperPACs (that is, political action committees that can spend unlimited amounts on political advertising as long as their efforts are independent of those of the campaigns) must be identified. That's not much of a consolation: just like money laundering in other contexts, if you want to buy yourself a piece of a president and don't want to be identified, you donate to a non-profit advocacy group and they'll spend or donate it for you and you can remain anonymous, at least to the wider public outside the SuperPAC..

And they worry about anonymous trolling on the Internet.

CNN cites Public Citizen as the source of the news that 60 percent of PACS spend their funds on promoting a single candidate, and that often these are set up and run by families, close associates, or friends of the politicians they support. US News has a handy list of the top 12 donors willing to be identified. Their interests vary; it's not like they're all ganging up on the rest of us with a clear congruence of policy desires; similarly, SuperPACs cover causes I like as well as causes I don't. And even if they didn't, it's not the kind of straightforward corruption where there is an obvious chain where you can say, money here, policy there.

If securing yourself access to put your views is your game, donating huge sums of money to a single candidate or party traditionally you want to donate to both sides, so that no matter who gets into office they'll listen to you. It's equally not a straightforward equation of more money here, victory there, although it's true: Obama outcompeted Romney on the money front, perhaps because so many Democrats were so afraid he wouldn't be able to keep up. But, as Lessig, has commented, even if the direct corrupt link is not there, the situation breeds distrust, doubt, and alienation in voters' minds.

The Washington Post argues that the big explosion of money this time is at least partly due to the one cause most rich people can agree on: tax policy. Some big decisions - the fiscal cliff - lie ahead in the next few months, as tax cuts implemented during the Bush (II) administration automatically expire. When those cuts were passed, the Republicans must have expected the prospect would push the electorate to vote them back in. Oops.

Some more details. Rootstrikers, the activist group Lessig founded to return the balance of power in American politics to the people, has a series of graphics intended to illustrate the sources of money behind superPACs; the president; and their backers. The Sunlight Foundation has an assessment of donors' return on investment

An even better one comes from the Federal Election Commission via Radio Boston, showing the distribution of contributions. The pattern is perfectly clear: the serious money is coming from the richer, more populated, more urbanized states. The way this can distort policy is also perfectly clear.

One of the big concerns in this election was that measures enacted in the name of combating voter fraud (almost non-existent) would block would-be voters from being able to cast ballots. Instead, it seems that Obama was more successful in getting out the vote.

The conundrum I'd like answered is this. Money is clearly a key factor in US elections - it can't get you elected, but the lack of it can certainly keep you out of office. It's clearly much less so elsewhere. So, if the mechanism by which distorted special-interest policies get adopted in the US is money, then what's the mechanism in other countries? I'd really like to know.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series.

August 3, 2012

Social advertising

It only takes two words to sum up Facebook's sponsored stories, the program under which you click the "Like" button on a brand's page and the system picks up your name and photograph and includes it in ads seen by your friends. The two words: social engineering.

The cooption of that phrase into the common language and the workings of time mean that the origins of that phrase are beginning to be lost. In fact, it came from 1980s computer hacking, and was, to the best of my knowledge, created by Kevin Mitnick in the days when he was the New York Times's most dangerous hacker. (Compared to today's genuinely criminal hacking enterprises, Mitnick was almost absurdly harmless; but he scared the wrong people at the wrong time.) The thing itself, of course, is basically the confidence game that is probably as old as consciousness: you, the con man, get the mark to trust you so you can then manipulate that trust to your benefit. By the time the mark figures out the game, you yourself expect to be long gone and out of reach. Trust can be abruptly severed, but the results of having granted it in the first place can't be so easily undone.

Where Facebook messed up was in that last bit: it's hard for a company to leave town, opening the way for the inevitable litigation. Naturally, there was litigation, and now there's a settlement under consideration that would require the company to pay millions to privacy advocacy organisations.

This hasn't, of course, been a good week for Facebook for other reasons: it released its first post-IPO financial statements last week. And, for the same reasons we gave when the IPO failed to impress us, as predicted, those earnings were disappointing, At the same time, the company admitted that 83 million of its user accounts are fakes or duplicates (so the service's user base is maybe 912 million instead of 995 million). And, a music company complains that it was paying for ads clicked on by bots, a claim Facebook says it can't substantiate. Small wonder the shares have halved in price since the IPO - and I'd say they're still too expensive.

The comment that individuals whose faces and names were used were being used as spokespeople without being paid, however, sparks some interesting thoughts about the democratization of celebrity endorsements and product placement. Ever since I first encountered MIT's work on wearable computing in the mid 1990s, I've wondered when we would start seeing people wearing clothing that's not just branded but displaying video ads. In the early 2000s, I recall attending an Internet Advertising Bureau event, where one of the speakers talked baldly about the desirability of getting messages into the workplace, which until then had been a no-go area. Well, I say no-go; to them I think it seemed more like a green field or an unbroken pasture of fresh snow.

Spammers were way ahead on this one, invading people's email inboxes and instant messaging and then, when filtering got good, spoofing the return addresses of people you know and trust in order to get you to click on the bad stuff. It's hard not to see Facebook's sponsored stories as the corporate version of this.

But what if they did pay, as that blog posting suggested? What if instead of casually telling your friends how great Lethal Police Hogwarts XXII is, you could get paid to do so? You wouldn't get much, true, but if sports stars can be paid millions of dollars to endorse tennis racquets (which are then customized to the point where they bear little resemblance to the mass market product sold to the rest of us) why shouldn't we be paid a few cents? Of course, after a while you wouldn't be able to trust your friends' opinions any more, but is that too high a price?

Recently, I've spent some time corresponding with a couple of people from Premiumlinkadvertising.com, who contacted me with the offer to pay me to insert a link to Musician's Friend into one of the music pages on my Web site. Once I realized that the deal was that the link could not be identified in any way as a paid link - it couldn't be put in a box, or a different font, or include the text, paid for, or anything like that - I bailed. They then offered more money. Last offer was $250 for a year, I think. I do allow ads on my site - a few pages have AdSense, and in the past a couple had paid-for text ads clearly labeled as such - but not masquerading as personal recommendations. I imagine there's some price at which I could be bought, but $250 is several orders of magnitude too low.


Week links:

- Excellent debunking of the "cybercrime costs $1 trillion" urban legend (is that including Facebook's vanishing market cap?)

- The Federated Artists Coalition has an interesting proposal to give artists and creators some rights in the proposed Universal/EMI merger.

- Wouldn't you think people would test their software before unleashing it on an unsuspecting stock market?


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.


June 15, 2012

A license to print money

"It's only a draft," Julian Huppert, the Liberal Democrat MP for Cambridge, said repeatedly yesterday. He was talking about the Draft Communications Data Bill (PDF), which was published on Wednesday. Yesterday, in a room in a Parliamentary turret, Hupper convened a meeting to discuss the draft; in attendance were a variety of Parliamentarians plus experts from civil society groups such as Privacy International, the Open Rights Group, Liberty, and Big Brother Watch. Do we want to be a nation of suspects?

The Home Office characterizes the provisions in the draft bill as vital powers to help catch criminals, save lives, and protect children. Everyone else - the Guardian, ZDNet UK, and dozens more - is calling them the "Snooper's charter".

Huppert's point is important. Like the Defamation Bill before it, publishing a draft means there will be a select committee with 12 members, discussion, comments, evidence taken, a report (by November 30, 2012), and then a rewritten bill. This draft will not be voted on in Parliament. We don't have to convince 650 MPs that the bill is wrong; it's a lot easier to talk to 12 people. This bill, as is, would never pass either House in any case, he suggested.

This is the optimistic view. The cynic might suggest that since it's been clear for something like ten years that the British security services (or perhaps their civil servants) have a recurring wet dream in which their mountain of data is the envy of other governments, they're just trying to see what they can get away with. The comprehensive provisions in the first draft set the bar, softening us up to give away far more than we would have in future versions. Psychologists call this anchoring, and while probably few outside the security services would regard the wholesale surveillance and monitoring of innocent people as normal, the crucial bit is where you set the initial bar for comparison for future drafts of the legislation. However invasive the next proposals are, it will be easy for us to lose the bearings we came in with and feel that we've successfully beaten back at least some of the intrusiveness.

But Huppert is keeping his eye on the ball: maybe we can not only get the worst stuff out of this bill but make things actually better than they are now; it will amend RIPA. The Independent argues that private companies hold much more data on us overall but that article misses that this bill intends to grant government access to all of it, at any time, without notice.

The big disappointment in all this, as William Heath said yesterday, is that it marks a return to the old, bad, government IT ways of the past. We were just getting away from giant, failed public IT projects like the late unlamented NHS platform for IT and the even more unlamented ID card towards agile, cheap public projects run by smart guys who know what they're doing. And now we're going to spend £1.8 billion of public money over ten years (draft bill, p92) building something no one much wants and that probably won't work? The draft bill claims - on what authority is unclear - that the expenditure will bring in £5 to £6 billion in revenues. From what? Are they planning to sell the data?

Or are they imagining the economic growth implied by the activity that will be necessary to build, install, maintain, and update the black boxes that will be needed by every ISP in order to comply with the law. The security consultant Alec Muffet has laid out the parameters for this SpookBox 5000: certified, tested, tamperproof, made by, say, three trusted British companies. Hundreds of them, legally required, with ongoing maintenance contracts. "A license to print money," he calls them. Nice work if you can get it, of course.

So we're talking - again - about spending huge sums of government money on a project that only a handful of people want and whose objectives could be better achieved by less intrusive means. Give police better training in computer forensics, for example, so they can retrieve the evidence they need from the devices they find when executing a search warrant.

Ultimately, the real enemy is the lack of detail in the draft bill. Using the excuse that the communications environment is changing rapidly and continuously, the notes argue that flexibility is absolutely necessary for Clause 1, the one that grants the government all the actual surveillance power, and so it's been drafted to include pretty much everything, like those contracts that claim copyright in perpetuity in all forms of media that exist now or may hereinafter be invented throughout the universe. This is dangerous because in recent years the use of statutory instruments to bypass Parliamentary debate has skyrocketed. No. Make the defenders of this bill prove every contention; make them show the evidence that makes every extra bit of intrusion necessary.


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.


May 18, 2012

A thousand new millionaires

"But what if the numbers ever start going down?"

The speaker was the managing director of CompuServe UK in approximately 1991. And I had just suggested putting a banner on the CompuServe login page announcing the number of users, at the time growing rapidly. Well, you know the rest.

I'm not alone in comparing Facebook, which went public yesterday, to past online social venues, and I won't review my reasons here. As I wrote in January when Ramnit surfaced, were I an early investor in Facebook I'd be wanting to cash out now.

As I write this, the market hasn't opened yet in the US, so this is just fun-with-numbers. Facebook's 421.2 million shares at $38 raised $16 billion, a nice war chest to go shopping with. The company's new $104 billion market cap, the Wall Street Journal tweeted yesterday, tops Yahoo!, Groupon, LinkedIn, Netflix, IAC/Interactive Corporate, Zynga, and Pandora Media - combined. It's slightly above Amazon, more than double eBay, about half of Microsoft, almost double Cisco or Boeing. More soberly, it's 50 times CompuServe acquirer AOL's market cap today - but less than half of AOL's $222 billion in December 1999.

I'll blame some of the Facebook IPO madness on the 2010 release of The Social Network: a mainstream movie is fabulous publicity for a five-year-old company. Throw in widespread familiarity and the all those stories about the Arab Spring, and you have a company of apparently vast social significance - but not necessarily good business. The size of the hype has lots of financial pundits trying to sober people up. With reason: the buying frenzy suggests that expectations are so high that a disappointment is almost inevitable.

Warren Buffett, and his legendary mentor, Benjamin Graham, espouse(d) two enduring principles: a "moat" protecting a business from copycats and competitors, and a "margin of safety". The latter is simple enough: buy undervalued companies. If the company makes a misstep, you are somewhat protected against losing your investment. So the statistic that gives real pause is this one: if Apple were valued (price to sales) the way Facebook is at $38 a share, Apple's market cap would be six times what it is now: $3 trillion.

A quick round-up of other issues, beginning with the huge size of the float coupled with a lower - and slower - growth rate than Apple, Google, or LinkedIn. Seeking Alpha directly compares Facebook and Google at IPO time; The Motley Fool compares Facebook to giant Internet IPOs of the past; its graphs show just how hard it will be for Facebook to live up to the track records of Google, Amazon, and Apple. Minyanville has ten more negative perspectives, even including the guy who can't get his teenaged daughter to stop spending all her time on the system. The New York Times's Dealbook has plenty more. Disappointed investors can, however, lie back and think of California, which desperately needs the tax money from those thousand new millionaires.

With respect to Facebook's ongoing business - because guessing at the company's future earnings is really what this is all about - others have cast doubt on its mobile prospects, its advertising model, especially in the light of GM's very public withdrawal, its prospects for diversifying its revenue streams, its trust issues, and Mark Zuckerberg's stated claim that the company's goal is not really to make money. With respect to the latter, the argument goes that either he means it and may shaft his shareholders from time to time in service of his vision, or he will be gradually weaned away from it under the pressure of running a public company. And Zuckerberg, more than most, has retained single-handed control over what the company does. Arguing about the hoodie is just silly; it's branding; get over it.

That's the valuation, but what about that moat? The number of users and market dominance was a very big asset for eBay because it's clear that the bigger the pool of buyers to whom you can offer "long tail" goods for sale the more likely you are to find a match. In hindsight, for eBay and Amazon, first-mover advantage really was key. But whereas people go to Google to fulfill the essential need of finding things online, Facebook usage is discretionary. People don't join Facebook for itself; the real appeal is the presence of their friends, even if once there they get obsessed with Farmville. And Facebook will never be the only way - or even the most fun way - to hang out with your friends.

In 2000, when the dot-com bust hit, the one thing almost everyone knew was that in five years the Internet would be much, much bigger than it was then. Many had bet too much, too soon on the wrong companies, but the premise was right. That's less clear now: Facebook's 900 million (or whatever) is a staggering number, but the company's growth has been driven by increasing user numbers. How long can it keep on doing that? Its biggest challenge will be keeping those users interested enough to stay on the site.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

May 4, 2012

A matter of degree

What matters about a university degree? Is it the credential, the interaction with peers and professors, the chance to play a little while longer before turning adult, or the stuff you actually learn? Given how much a degree costs, these are pressing questions for the college-bound and their parents.

This is particularly true in the US, where today's tuition fees at Cornell University's College of Arts and Sciences, are 14 times what they were when I started there as a freshman in 1971. This week, CNBC highlighted the costs of liberal arts colleges such as Colorado's Pepperdine, where tuition, housing, and meals add up to $54,000 a year. Hah, said friends: it's $56,000 at Haverford, where their son is a sophomore.

These are crazy numbers even if you pursue a "sensible" degree, like engineering, mathematics, or a science. In fact, it's beginning to approach the level after which a top-class private university degree no longer makes the barest economic sense. A Reuters study announced this week found that the difference between a two-year "associate" degree and a four-year BA or BSc over the course of a 30-year career is $500,000 to $600,000 (enough to pay for your child's college degree, maybe). Over a career a college degree adds about $1 million over a high school diploma, depending on the major you pick and the field you go into. An accountant could argue that there's still some room for additional tuition increases - but then, even if that accountant has teenaged kids his earnings are likely well above average.

Anthony Carnevale, the director of the center that conducted this research, tells Reuters this is a commercialization of education. Yes, of course - but if college costs as much per child as the family home inevitably commercial considerations will apply even if you don't accept Paypal founder Peter Thiel's argument about a higher education bubble.

All this provides context for this week's announcement that Harvard and MIT are funding a $60 million initiative, EDx, to provide online courses for all and sundry. Given that Britain's relatively venerable Open University was set up in 1969 to bring university-level education to a wide range of non-traditional students, remote learning is nothing new. Still, EDx is one of a number of new online education initiatives.

Experimentation with using the Internet as a delivery medium for higher education began in the mid 1990s (TXT). The Open University augmented the ability for students to interact with each other by adding online conferencing to its media mix, and many other institutions began offering online degrees. Almost the only dissenting voice at the time was that of David F. Noble, a professor at Canada's York University. In a series of essays written from 1997 to 2001, Digital Diploma Mills he criticized the commercialization of higher education and the move toward online instruction. Coursework that formerly belonged to professors and teachers, he argued, would now become a product sold by the university itself; copyright ownership would be crucial. By 2001, he was writing about the failure of many of the online ventures to return the additional revenues their institutions had hoped for.

When I wrote about these various concerns in 1999 for Scientific American (TXT) reader email accused me of being an entitled elitist and gleefully threatened me with a wave of highly motivated, previously locked-out students who would sweep the world. The main thing I hoped I highlighted, however, was the comparatively high drop-out rate of online students. This is a pattern that has continued through to mid-2000s today with little change. This seems to me a significant problem for the industry - but explains why MIT and Harvard, like some other recent newcomers, are talking about charging for exams or completion certificates rather than the courses themselves. Education on the shareware model: certainly fairer for students hoping for career advancement and great for people who just want to learn from the best brands. (Not, thankfully, the future envisaged by one of the interviewees in those articles, who feared online education would be dominated by Microsoft and Disney).

In an economic context, the US's endemic credentialism means it's the certificate that has economic value, not necessarily the learning itself. But across the wider world, it's easy to imagine local authorities taking advantage of the courses that are available and setting their own exams and certification systems. For Harvard and MIT, the courses may also provide a way of spotting far-flung talent to scoop up and educate more traditionally.

Of course, economics are not the only reason to go to college: it may make other kinds of sense. Today's college-educated parents often want their kids to go to college for more complex reasons to do with quality of life, adaptability to a changing future, and the kind of person they would like their kids to be. In my own case, the education I had gave me choices and the confidence that I could learn anything if I needed to. That sort of motivation, sadly, is being priced out of the middle class. Soon it will be open only to the very talented and poor who qualify for scholarships, and the very wealthy who can afford the luxury. No wonder the market sees an opportunity.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.


April 28, 2012

Interview with Lawrence Lessig

This interview was originally intended for a different publication; I only discovered recently that it hadn't run. Lessig and I spoke in late January, while the fate of the Research Works Act was still unknown (it's since been killed.

"This will be the grossest money election we've seen since Nixon," says the law professor Lawrence Lessig, looking ahead to the US Presidential election in November. "As John McCain said, this kind of spending level is certain to inspire a kind of scandal. What's needed is scandals."

It's not that Lessig wants electoral disaster; it's that scandals are what he thinks it might take to wake Americans up to the co-option of the country's political system. The key is the vast, escalating sums of money politicians need to stay in the game. In his latest book, Republic, Lost, Lessig charts this: in 1982 aggregate campaign spending for all House and Senate candidates was $343 million; in 2008 it was $1.8 billion. Another big bump upward is expected this year: the McCain quote he references was in response to the 2010 Supreme Court decision in Citizens United legalising Super-PACs. These can raise unlimited campaign funds as long as they have no official contact with the candidates. But as Lessig details in Republic, Lost, money-hungry politicians don't need things spelled out.

Anyone campaigning against the seemingly endless stream of anti-open Internet, pro-copyright-tightening policies and legislation in the US, EU, and UK - think the recent protests against the US's Stop Internet Piracy (SOPA) and Protect Intellectual Property (PIPA) Acts and the controversy over the Digital Economy Act and the just-signed Anti-Counterfeiting Trade Agreement (ACTA) treaty - has experienced the blinkered conviction among many politicians that there is only one point of view on these issues. Years of trying to teach them otherwise helped convince Lessig that it was vital to get at the root cause, at least in the US: the constant, relentless need to raise escalating sums of money to fund their election campaigns.

"The anti-open access bill is such a great example of the money story," he says, referring to the Research Works Act (H.R. 3699), which would bar government agencies from mandating that the results of publicly funded research be made accessible to the public. The target is the National Institutes of Health, which adopted such a policy in 2008; the backers are journal publishers.

"It was introduced by a Democrat from New York and a Republican from California and the single most important thing explaining what they're doing is the money. Forty percent of the contributions that Elsevier and its senior executives have made have gone to this one Democrat." There is also, he adds, "a lot to be done to document the way money is blocking community broadband projects".

Lessig, a constitutional scholar, came to public attention in 1998, when he briefly served as a special master in Microsoft's antitrust case. In 2000, he wrote the frequently cited book Code and Other Laws of Cyberspace, following up by founding Creative Commons to provide a simple way to licence work on the Internet. In 2002, he argued Eldred v. Ashcroft against copyright term extension in front of the Supreme Court, a loss that still haunts him. Several books later - The Future of Ideas, Free Culture, and Remix - in 2008, at the Emerging Technology conference, he changed course into his present direction, "coding against corruption". The discovery that he was writing a book about corruption led Harvard to invite him to run the Edmond J. Safra Foundation Center for Ethics, where he fosters RootStrikers, a network of activists.

Of the Harvard centre, he says, "It's a bigger project than just being focused on Congress. It's a pretty general frame for thinking about corruption and trying to think in many different contexts." Given the amount of energy and research, "I hope we will be able to demonstrate something useful for people trying to remedy it." And yet, as he admits, although corruption - and similar copyright policies - can be found everywhere his book and research are resolutely limited to the US: "I don't know enough about different political environments."

Lessig sees his own role as a purveyor of ideas rather than an activist.

"A division of labour is sensible," he says. "Others are better at organising and creating a movement." For similar reasons, despite a brief flirtation with the notion in early 2008, he rules out running for office.

"It's very hard to be a reformer with idealistic ideas about how the system should change while trying to be part of the system," he says. "You have to raise money to be part of the system and engage in the behaviour you're trying to attack."

Getting others - distinguished non-politicians - to run on a platform of campaign finance reform is one of four strategies he proposes for reclaiming the republic for the people.

"I've had a bunch of people contact me about becoming super-candidates, but I don't have the infrastructure to support them. We're talking about how to build that infrastructure." Lessig is about to publish a short book mapping out strategy; later this year he will update incorporating contributions made on a related wiki.

The failure of Obama, a colleague at the University of Illinois at Chicago in the mid-1990s, to fulfil his campaign promises in this area is a significant disappointment.

"I thought he had a chance to correct it and the fact that he seemed not to pay attention to it at all made me despair," he says.

Discussion is also growing around the most radical of the four proposals, a constitutional convention under Article V to force through an amendment; to make it happen 34 state legislatures would have to apply.

"The hard problem is how you motivate a political movement that could actually be strong enough to respond to this corruption," he says. "I'm doing everything I can to try to do that. We'll see if I can succeed. That's the objective."


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this seriesand one of other interviews.


April 6, 2012

I spy

"Men seldom make passes | At girls who wear glasses," Dorothy Parker incorrectly observed in 1937. (How would she know? She didn't wear any). You have to wonder what she could have made of Google Goggles which, despite the marketing-friendly alliterative name, are neither a product (yet) nor a new idea.

I first experienced the world according to a heads-up display in 1997 during a three-day conference (TXT) on wearable computing at MIT ($). The eyes-on demonstration was a game of pool with the headset augmenting my visual field with overlays showing cuing angles. (Could be the next level of Olympic testing: checking athletes for contraband contract lenses and earpieces for those in sports where coaching is not allowed.)

At that conference, a lot of ideas were discussed and demonstrated: temperature-controlling T-shirts, garments that could send back details of a fallen soldier's condition, and so on. Much in evidence were folks like Thad Starner, who scanned my business card and handed it back to me and whose friends commented on the way he'd shift his eyes to his email mid-conversation, and Steve Mann, who turned himself into a cyborg experiment as long ago as the 1980s. Checking their respective Web pages, I see that Mann hasn't updated the evolution of wearables graphic since the late 1990s, by which time the headset looked like an ordinary pair of sunglasses; in 2002, when airport security forced him to divest his gear, he had trouble adjusting to life without it. Starner is on leave to work at...Project Glass, the home of Google Goggles.

The problem when a technological dream spans decades is that between conception and prototype things change. In 1997, that conference seemed to think wearable computing - keyboards embroidered in conductive thread, garments made of cloth woven from copper-covered strands, souped-up eyeglasses, communications-enabled watches, and shoes providing from the energy generated in walking - surely was a decade or less away.

The assumptions were not particularly contentious. People wear wrist watches and jewelry, right? So they'll wear things with the same fashion consciousness, but functional. Like, it measures and displays your heart rhythms (a woman danced wearing a light-flashing pendant that sped up with her heart rate), or your moods (high-tech mood rings), or acts as the controller for your personal area network.

Today, a lot of people don't *wear* wrist watches any more.

For wearable guys, it's good progress. The functionality that required 12 pounds of machinery draped about your person - I see from my pieces linked above and my contemporaneous notes, that the rig I tried felt like wearing a very heavy, inflexible sandwich board - is an iPhone or Android. Even my old Palm Centro comes close. As Jack Schofield writes in the Guardian, the headset is really all that's left that we don't have. And Google has a lot of competition.

What interests me is let's say these things do take off in a big way. What then? Where will the information come from to display on those headsets? Who will be the gatekeepers? If we - some of us - want to see every building decorated with outsized female nudes, will we have to opt in for porn?

My speculation here is surely not going to be futuristic enough, because like most people I'm locked into current trends. But let's say that glasses bolt onto the mobile/Internet ecologies we have in place. It is easy to imagine that, if augmented reality glasses do take off, they will be an important gateway to the next generation of information services. Because if all the glasses are is a different way of viewing your mobile phone, then they're essentially today's ear pieces - surely not sufficient motivation for people with good vision to wear glasses. So, will Apple glasses require an iTunes account and an iOS device to gain access to a choice of overlays to turn on and off that you receive from the iTunes store in real time? Similarly, Google/Android/Android marketplace. And Microsoft/Windows Mobile/Bing or something. And whoever.

So my questions are things like: will the hardware and software be interoperable? Will the dedicated augmented reality consumer need to have several pairs? Will it be like, "Today I'm going mountain climbing. I've subscribed to the Ordnance Survey premium service and they have their own proprietary glasses, so I'll need those. And then I need the Google set with the GPS enhancement to get me there in the car and find a decent restaurant afterwards." And then your kids are like, "No, the restaurants are crap on Google. Take the Facebook pair, so we can ask our friends." (Well, not Facebook, because the kids will be saying, "Facebook is for *old* people." Some cool, new replacement that adds gaming.)

What's that you say? These things are going to collapse in price so everyone can afford 12 pairs? Not sure. Prescription glasses just go on getting more expensive. I blame the involvement of fashion designers branding frames, but the fact is that people are fussy about what they wear on their faces.

In short, will augmented reality - overlays on the real world - be a new commons or a series of proprietary, necessarily limited, world views?


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.


March 30, 2012

The ghost of cash

"It's not enough to speak well of digital money," Geronimo Emili said on Wednesday. "You must also speak negatively of cash." Emili has a pretty legitimate gripe. In his home country, Italy, 30 percent of the economy is black and the gap between the amount of tax the government collects and the amount it's actually owed is €180 billion. Ouch.

This sets off a bit of inverted nationalist competition between him and the Greek lawyer Maria Giannakaki, there to explain a draft Greek law mandating direct payment of VAT from merchants' tills to eliminate fraud: which country is worse? Emili is sure it's Italy.

"We invented banks," he said. "But we love cash." Italy's cash habit costs the country €10 billion a year - and 40 percent of Europe's bank robberies.

This exchange took place at this year's Digital Money Forum, an annual event that pulls together people interested in everything from the latest mobile technology to the history of Anglo-Saxon coinage. Their shared common interest: what makes money work? If you, like most of this group, want to see physical cash eliminated, this is the key question.

Why Anglo-Saxon coinage? Rory Naismith explains that the 8th century began the shift from valuing coins merely for their metal content and assigning them a premium for their official status. It was the beginning of the abstraction of money: coins, paper, the elimination of the gold standard, numbers in cyberspace. Now, people like Emili and this event's convenor, David Birch, argue it's time to accept money's fully abstract nature and admit the truth: it's a collective hallucination, a "promise of a promise".

These are not just the ravings of hungry technology vendors: Birch, Emili, and others argue that the costs of cash fall disproportionately on the world's poor, and that cash is the key vector for crime and tax evasion. Our impressions of the costs are distorted because the costs of electronic payments, credit cards, and mobile wallets are transparent, while cash is free at the point of use.

When I say to Birch that eliminating cash also means eliminating the ability to transact anonymously, he says, "That's a different conversation." But it isn't, if eliminating crime and tax evasion are your drivers. In the two days only Bitcoin offers anonymity, but it's doomed to its niche market, for whatever reason. (I think it's too complicated; Dutch financial historian Simon Lelieveldt says it will fail because it has no central bank.)

I pause to be annoyed by the claim that cash is filthy and spreads disease. This is Microsoft-level FUD, and not worthy of smart people claiming to want to benefit the poor and eliminate crime. In fact, I got riled enough to offer to lick any currency (or coins; I'm not proud) presented. I performed as promised on a fiver and a Danish note. And you know, they *kept* that money?

In 1680, says Birch, "Pre-industrial money was failing to serve an industrial revolution." Now, he is convinced, "We are in the early part of the post-industrial revolution, and we're shoehorning industrial money in to fit it. It can't last." This is pretty much what John Perry Barlow said about copyright in 1993, and he was certainly right.

But is Birch right? What kind of medium is cash? Is it a medium of exchange, like newspapers, trading stored value instead of information, or is it a format, like video tape? If it's the former, why shouldn't cash survive, even if only as a niche market? Media rarely die altogether - but formats come and go with such speed that even the more extreme predictions at this event - such as Sandra Alzetta, who said that her company expects half its transactions to be mobile by 2020 -seem quite modest. Her company is Visa International, by the way.

I'd say cash is a medium of exchange, and today's coins and notes are its format. Past formats have included shells, feathers, gold coins, and goats; what about a format for tomorrow that printed or minted on demand, at ATMs? I ask the owner of the grocery shop around the corner if his life would be better if cash were eliminated, and he shrugs no. "I'd still have to go out and get the stuff."

What's needed is low-cost alternatives that fit in cultural contexts. Lydia Howland, whose organization IDEO works to create human-centered solutions to poverty, finds the same needs in parts of Britain that exist in countries like Kenya, where M-Pesa is succeeding in bringing access to banking and remote payments to people who have never had access to financial services before.

"Poor people are concerned about privacy," she said on Wednesday. "But they have so much anonymity in their lives that they pay a premium for every financial service." Also, because they do so much offline, there is little understanding of how they work or live. "We need to create a society where a much bigger base has a voice."

During a break, I try to sketch the characteristics of a perfect payment mechanism: convenient; transparent to the user; universally accepted; universally accessible and usable; resistant to tracking, theft, counterfeiting, and malware; and hard to steal on a large scale. We aren't there yet.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

December 23, 2011

Duck amuck

Back in about 1998, a couple of guys looking for funding for their start-up were asked this: How could anyone compete with Yahoo! or Altavista?

"Ten years ago, we thought we'd love Google forever," a friend said recently. Yes, we did, and now we don't.

It's a year and a bit since I began divorcing Google. Ducking the habit is harder than those "They have no lock-in" financial analysts thought when Google went public: as if habit and adaptation were small things. Easy to switch CTRL-K in Firefox to DuckDuckGo, significantly hard to unlearn ten years of Google's "voice".

When I tell this to Gabriel Weinberg, the guy behind DDG - his recent round of funding lets him add a few people to experiment with different user interfaces and redo DDG's mobile application - he seems to understand. He started DDG, he told The Rise to the Top last year, because of Google's increasing amount of spam. Frustration made him think: for many queries wouldn't searching just Delicio.us and Wikipedia produce better results? Since his first weekend mashing that up, DuckDuckGo has evolved to include over 50 sources.

"When you type in a query there's generally a vertical search engine or data source out there that would best serve your query," he says, "and the hard problem is matching them up based on the limited words you type in." When DDG can make a good guess at identifying such a source - such as, say, the National Institutes of Health - it puts that result at the top. This is a significant hint: now, in DDG searches, I put the site name first, where on Google I put it last. Immediate improvement.

This approach gives Weinberg a new problem, a higher-order version of the Web's broken links: as companies reorganize, change, or go out of business, the APIs he relies on vanish.

Identifying the right source is harder than it sounds, because the long tail of queries require DDG to make assumptions about what's wanted.

"The first 80 percent is easy to capture," Weinberg says. "But the long tail is pretty long."

As Ken Auletta tells it in Googled, the venture capitalist Ram Shriram advised Sergey Brin and Larry Page to sell their technology to Yahoo! or maybe Infoseek. But those companies were not interested: the thinking then was portals and keeping site visitors stuck as long as possible on the pages advertisers were paying for, while Brin and Page wanted to speed visitors away to their desired results. It was only when Shriram heard that, Auletta writes, that he realized that baby Google was disruptive technology. So I ask Weinberg: can he make a similar case for DDG?

"It's disruptive to take people more directly to the source that matters," he says. "We want to get rid of the traditional user interface for specific tasks, such as exploring topics. When you're just researching and wanting to find out about a topic there are some different approaches - kind of like clicking around Wikipedia."

Following one thing to another, without going back to a search engine...sounds like my first view of the Web in 1991. But it also sounds like some friends' notion of after-dinner entertainment, where they start with one word in the dictionary and let it lead them serendipitously from word to word and book to book. Can that strategy lead to new knowledge?

"In the last five to ten years," says Weinberg, "people have made these silos of really good information that didn't exist when the Web first started, so now there's an opportunity to take people through that information." If it's accessible, that is. "Getting access is a challenge," he admits.

There is also the frontier of unstructured data: Google searches the semi-structured Web by imposing a structure on it - its indexes. By contrast, Mike Lynch's Autonomy, which just sold to Hewlett-Packard for £10 billion, uses Bayesian logic to search unstructured data, which is what most companies have.

"We do both," says Weinberg. "We like to use structured data when possible, but a lot of stuff we process is unstructured."

Google is, of course, a moving target. For me, its algorithms and interface are moving in two distinct directions, both frustrating. The first is Wal-Mart: stuff most people want. The second is the personalized filter bubble. I neither want nor trust either. I am more like the scientists Linguamatics serves: its analytic software scans hundreds of journals to find hidden links suggesting new avenues of research.

Anyone entering a category that's as thoroughly dominated by a single company as search is now, is constantly asked: How can you possibly compete with ? Weinberg must be sick of being asked about competing with Google. And he'd be right, because it's the wrong question. The right question is, how can he build a sustainable business? He's had some sponsorship while his user numbers are relatively low (currently 7 million searches a month) and, eventually, he's talked about context-based advertising - yet he's also promising little spam and privacy - no tracking. Now, that really would be disruptive.

So here's my bet. I bet that DuckDuckGo outlasts Groupon as a going concern. Merry Christmas.


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.


November 25, 2011

Paul Revere's printing press

There is nothing more frustrating than watching smart, experienced people reinvent known principles. Yesterday's Westminster Forum on cybersecurity was one such occasion. I don't blame them, or not exactly: it's just maddening that we have made so little progress, while the threats keep escalating. And it is from gatherings like this one that government policy is made.

Rephrasing Bill Clinton's campaign slogan, "It's the people, stupid," said Philip Virgo, chairman of the security panel of the IT Livery Company, to kick off the day, a sentiment echoed repeatedly by nearly every other speaker. Yes, it's the people - who trust when they shouldn't, who attach personal devices to corporate networks, who disclose passwords when they shouldn't, who are targeted by today's Facebook-friending social engineers. So how many people experts on the program? None. Psychologists? No. Nor any usability experts or people whose jobs revolve around communication, either. (Or women, but I'm prepared to regard that as a separate issue.)

Smart, experienced guys, sure, who did a great job of outlining problems and a few possible solutions. Somewhere toward the end of the proceedings, someone allowed in passing that yes, it's not a good idea to require people to use passwords that are too complex to remember easily. This is the state of their art? It's 12 years since Angela Sasse and Anne Adams covered this territory in Users Are Not the Enemy. Sasse has gone on to help found the field of security economics, which seeks to quantify the cost of poorly designed security - not just in data breaches and DoS attacks but in the lost productivity of frustrated, overburdened users. Sasse argues that the problem isn't so much the people as user-hostile systems and technology.

"As user-friendly as a cornered rat," Virgo says he wrote of security software back in 1983. Anyone who's looked at configuring a firewall lately knows things haven't changed that much. In a world of increasingly mass-market software and devices, security software has remained resolutely elitist: confusing error messages, difficult configuration, obscure technology. How many users know what to do when their browser says a Web site certificate is invalid? Or how to answer anti-virus software that asks whether you want to authorise HIPS/RegMod-007?

"The current approach is not working," said William Beer, director of information security and cybersecurity for PriceWaterhouseCoopers. "There is too much focus on technology, and not enough focus from business and government leaders." How about academics and consumers, too?

There is no doubt, though, that the threats are escalating. Twenty years ago, the biggest worry was that a teenaged kid would write a virus that spread fast and furious in the hope of getting on the evening news. Today, an organized criminal underground uses personal information to target a small group of users inside RSA, leveraging that into a threat to major systems worldwide. (Trend Micro CTO Andy Dancer said the attack began in the real world with a single user befriended at their church. I can't find verification, however.)

The big issue, said Martin Smith, CEO of The Security Company, is that "There's no money in getting the culture right." What's to sell if there's no technical fix? Like when your plane is held to ransom by the pilot, or when all it takes to publish 250,000 US diplomatic cables is one alienated, low-ranked person with a DVD burner and a picture of Lady Gaga? There's a parallel here to pharmaceuticals: one reason we have few weapons to combat rampaging drug resistance is that for decades developing new antibiotics was not seen as a profitable path.

Granted, you don't, as Dancer said afterwards, want to frame security as an issue of "fixing the people" (but we already know better than that). Nor is it fair to ban company employees from social media lest some attacker pick it up and use it to create a false sense of trust. Banning the latest new medium, said former GCHQ head John Bassett, is just the instinctive reaction in a disturbance; in 1775 Boston the "problem" was Paul Revere's printing press stirring up trouble.

Nor do I, personally, want to live in a trust-free world. I'm happy to assume the server next to me is compromised, but "Trust no one" is a lousy way to live.

Since perfect security is not possible, Dancer advised, organizations should plan for the worst. Good advice. When did I first hear it? Twenty years ago and most months since, by Peter Neumann in his RISKS Forum. It is depressing and frustrating that we are still having this conversation as if it were new - and that we will have it all over again over the next decade as smart meters roll out to 26 million British households by 2020, opening up the electrical grid to attacks that are already being predicted and studied.

Neumann - and Dancer - is right. There is no perfect security because it's in no one's interest to create it. Plan for the worst.

To Gene Spafford, 1989: "The only truly secure system is one that is powered off, cast in a block of concrete, and sealed in a lead-lined room protected by armed guards - and even then I have my doubts."

For everything else, there's a stolen Mastercard.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

September 30, 2011

Trust exercise

When do we need our identity to be authenticated? Who should provide the service? Whom do we trust? And, to make it sustainable, what is the business model?

These questions have been debated ever since the early 1990s, when the Internet and the technology needed to enable the widespread use of strong cryptography arrived more or less simultaneously. Answering them is a genuinely hard problem (or it wouldn't be taking so long).

A key principle that emerged from the crypto-dominated discussions of the mid-1990s is that authentication mechanisms should be role-based and limited by "need to know"; information would be selectively unlocked and in the user's control. The policeman stopping my car at night needs to check my blood alcohol level and the validity of my driver's license, car registration, and insurance - but does not need to know where I live unless I'm in violation of one of those rules. Cryptography, properly deployed, can be used to protect my information, authenticate the policeman, and then authenticate the violation result that unlocks more data.

Today's stored-value cards - London's Oyster travel card, or Starbucks' payment/wifi cards - when used anonymously do capture some of what the crypto folks had in mind. But the crypto folks also imagined that anonymous digital cash or identification systems could be supported by selling standalone products people installed. This turned out to be wholly wrong: many tried, all failed. Which leads to today, where banks, telcos, and technology companies are all trying to figure out who can win the pool by becoming the gatekeeper - our proxy. We want convenience, security, and privacy, probably in that order; they want security and market acceptance, also probably in that order.

The assumption is we'll need that proxy because large institutions - banks, governments, companies - are still hung up on identity. So although the question should be whom do we - consumers and citizens - trust, the question that ultimately matters is whom do *they* trust? We know they don't trust *us*. So will it be mobile phones, those handy devices in everyone's pockets that are online all the time? Banks? Technology companies? Google has launched Google Wallet, and Facebook has grand aspirations for its single sign-on.

This was exactly the question Barclaycard's Tom Gregory asked at this week's Centre for the Study of Financial Innovation round-table discussion (PDF) . It was, of course, a trick, but he got the answer he wanted: out of banks, technology companies, and mobile network operators, most people picked banks. Immediate flashback.

The government representatives who attended Privacy International's 1997 Scrambling for Safety meeting assumed that people trusted banks and that therefore they should be the Trusted Third Parties providing key escrow. Brilliant! It was instantly clear that the people who attended those meetings didn't trust their banks as much as all that.

One key issue is that, as Simon Deane-Johns writes in his blog posting about the same event, "identity" is not a single, static thing; it is dynamic and shifts constantly as we add to the collection of behaviors and data representing it.

As long as we equate "identity" with "a person's name" we're in the same kind of trouble the travel security agencies are when they try to predict who will become a terrorist on a particular flight. Like the browser fingerprint, we are more uniquely identifiable by the collection of our behaviors than we are by our names, as detectives who search for missing persons know. The target changes his name, his jobs, his home, and his wife - but if his obsession is chasing after trout he's still got a fishing license. Even if a link between a Starbucks card and its holder's real-world name is never formed, the more data the card's use enters into the system the more clearly recognizable as an individual he will be. The exact tag really doesn't matter in terms of understanding his established identity.

What I like about Deane-Johns' idea -

the solution has to involve the capability to generate a unique and momentary proof of identity by reference to a broad array of data generated by our own activity, on the fly, which is then useless and can be safely discarded"

is two things. First, it has potential as a way to make impersonation and identity fraud much harder. Second is that implicit in it is the possibility of two-way authentication, something we've clearly needed for years. Every large organization still behaves as though its identity is beyond question whereas we - consumers, citizens, employees - need to be thoroughly checked. Any identity infrastructure that is going to be robust in the future must be built on the understanding that with today's technology anyone and anything can be impersonated.

As an aside, it was remarkable how many people at this week's meeting were more concerned about having their Gmail accounts hacked than their bank accounts. My reasoning is that the stakes are higher: I'd rather lose my email reputation than my house.. Their reasoning is that the banking industry is more responsive to customer problems than technology companies. That truly represents a shift from 1997, when technology companies were smaller and more responsive.

More to come on these discussions...


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

August 26, 2011

Master of your domain

net.wars: Master of your domain
The IANA is not responsible for deciding what is and what is not a country, wrote Jon Postel in 1994, in the Request for Comments document (RFC 1591) explaining the structure of the domain name system. At the time, the domain name system consisted of seven "generic" top-level domains (gTLDs: .edu, .com, .net, .org, .gov, .mil, and .int), plus the set of two-letter country codes, which Postel took from the ISO-3166 list. "It is extremely unlikely that any other TLDs will be created."

As Buffy said when she aimed the rocket launcher at the Judge, "That was then."

In late June the Internet Corporation for Assigned Names and Numbers announced its program to create new gTLDs, in the process entirely redefining the meaning of "generic", which used to mean a category type. What ICANN is really proposing are big-brand TLDs - because with an application fee of $185,000 and an annual subscription of $25,000 who else can afford one? In Internet terms, the new system will effectively give any company that signs up for one of these things - imagine .ibm, .disney, or .murdochsempire - the status of a country. Given recent reports that Apple has more cash on hand than the US government, that may merely reflect reality. But still.

Postel was writing in the year that the Internet was opened to commercial traffic. By 1995, with domain name registrations flooding into .com and trademark collisions becoming commonplace, discussions began about how to expand the namespace. These discussions eventually culminated in ICANN's creation.

A key element of the competing proposals of the mid-1990s was to professionalize the way the DNS was managed. Everyone trusted Postel, who had managed the DNS since its creation in 1983, but an international platform of the scope the Internet was attaining clearly could not be a one-man band, no matter how trustworthy. And it had become obvious that there was money in selling domain name registrations: formerly a free service, in 1995 registering in .com cost $50. ICANN's creation opened the way to create competing registrars under the control of each top-level domain's registry. As intended, prices dropped.

The other key element was the creation of new gTLDs. Between 2001 and 2003, ICANN introduced 13 hew gTLDs. And I will bet that, like me, you will never have seen most of them in the wild. Because: everyone still wants to be in .com.

Proposal for creating new gTLDs always attract criticism, and usually on the same grounds: the names are confusing, overlapping, and poorly chosen, and do not reflect any clear idea about what the DNS is *for*. "What is the problem we are trying to solve?" Donna Hoffman, an early expert on the commercialization of the Internet asked me in 1997 when I was first writing about the DNS debates. No one has ever proposed a cogent answer. Is the DNS a directory (the phone book's white pages), a system of categories (the yellow pages), a catalogue, or a set of keywords? This is not just a matter of abstruse philosophy, because how that question is answered helps determine the power balance between big operators and the "little guys" Internet pioneers hoped to empower.

You can see this concern in the arguments Esther Dyson makes at Slate opposing the program. But even the commercial interests this proposal is supposed to serve aren't happy. If you're Coca-Cola, can you afford to risk someone else's buying up your trademarked brand names? How many of them do you have to register to feel safe? Coca-Cola, for example, has at least half a dozen variants of its name that all converge on its main Web site: Coca-Cola with and without the hyphen, under .com and .biz, and also coke.com. Many other large companies have done the same kind of preemptive registrations. It may assist consumers who type URLs into their browsers' address bars (a shrinking percentage of Internet users), but otherwise the only benefits of this are financial and accrue to the registries, registrars, and ICANN itself.

All of that is why Dyson calls the new program a protection racket: companies will feel compelled to apply for their own namespaces in order to protect their brands. For it, they will gain nothing: neither new customers nor innovative technologies. But the financial gains to ICANN are substantial. Its draft budget for 2011-2012 (PDF) shows that the organization expects the new gTLD program to add more than $18 million to its bottom line if it goes ahead.

As net.wars has pointed out for some years now the DNS matters less than once it did. Without the user-friendly layer of the DNS email and the Web would never have taken off the way they did. But later technologies such as instant messaging, mobile networks, and many social networks do not require it once you've set up your account (although you use the DNS to find the Web site where you sign up in the first place). And, increasingly, as ReadWriteWeb noted in 2008, users automatically fire up a search engine rather than remember a URL and type it into the address bar. ICANN's competition is...Google. No wonder they need money,

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

August 19, 2011

Back to school

Is a university education worth paying for? the Guardian asked this week on the day A-level results came out. This question is doing the rounds. The Atlantic figures the next big US economic crash will be created by defaults on student loans. The Chicago Tribune panics about students' living expenses. The New York Times frets that you need a Master's degree to rise above minimum wage in a paper hat and calculates the return on investment of that decision. CNN Money mulls the debt load of business school.

The economic value of a degree is a good question with many variables, and one I was lucky not to have to answer from 1971 to 1975, when my parents paid Cornell $3,000, rising to $5,000, a year in tuition fees, plus living expenses. What's happened since is staggering (and foreseen). In 2011-2012, the equivalent tuition fee is $41,325. Plus living expenses. A four-year degree now costs more than most people pay for a house. A friend sending his kid to Columbia estimates the cost, all-in, for nine months per year at $60,000 (Manhattan is expensive). Times four. Eight, if his other kid chooses a similar school. And in ten years we may think these numbers are laughable, too: university endowments have fallen in value like everyone else's savings; the recession means both government grants and alumni donations are down; and costs are either fixed or continue to rise.

At Oxford, the tuition fees vary according to what you're studying. A degree comparable to mine starts at £3,375 for EU students and tops out at £12,700 for overseas students. Overseas students are also charged a "college fee" of nearly £6,000. Next year, it seems most universities will be charging home students the government-allowed maximum of £9,000. Even though these numbers look cheap to an American, I understand the sticker shock: as recently as 1998 university tuition was free. My best suggestion to English 13-year-olds is to get your parents to move to Scotland as soon as possible.

These costs, coupled with the recession, led Paypal founder Peter Thiel to suggest that the US is in the grip of an about-to-burst education bubble.

Business school was always a numbers proposition: every prospective student has always weighed up the costs of tuition and a two-year absence from their paid jobs against the improved career prospects they hoped to acquire. But those pursuing university degrees were always more of a mixed bag big enough to include those who wanted to put off becoming adults and who liked learning and being surrounded by smart people to do it with.

Is the Net the solution, as some suggest? A Russian at a party once explained her country's intellectual achievements to me: anyone, no matter how poor, could take pride in learning and improving their mind. Why couldn't we do the same? Certainly, the Net is a fantastic resource for the pursuit of learning for its own sake, particularly in the sciences. MIT led the way in putting its course materials online, and even without paying journal subscriptions there are full libraries ready for perusal.

It's a lovely thought, but I suspect it works best for those who are surrounded by or at least come from a culture that respects intellectual pursuits and that kind of self-disciplined application. My parents came from immigrant families and fervently believed in education as a way to a better life. Even though they themselves lacked formal education past high school they read a great deal of high-quality material throughout their lives; their house was full of newspapers, books, and magazines on almost every topic. My parents certainly saw a degree as a kind of economic passport, but that clearly wasn't the only reason they valued education. My mother was so ashamed that she hadn't finished high school that she spent her late 60s getting a GED and completing a college degree. At that age, she certainly wasn't doing a degree for its economic benefits.

The Net is a trickier education venue if you really do value learning solely in economic terms and what you need is the credential. If it's to become a substitute for today's university system, a number of things will have to change. Home higher education in at least some fields will need to go through the same process as home schooling has in order to establish itself as a viable alternative. Employers will need to find ways for people to prove their knowledge and ability. Universities will have to open up to the idea of admitting home-study students for a single, final year (distance learning specialists like the Open University ought to have a leg up here). Prestigious institutions will survive; cheap institutions will survive. At the biggest risk are the middle ones with good-but-not-great reputations and high costs.

Popular culture likes to depict top universities as elite clubs filled with arrogant, entitled snobs. The danger this will become true. If it does, as long as they continue to fill the ranks of politicians, CEOs, and the rest of the "great and good", that group will become ever more remote from the people they govern and employ. Bad news, all round.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

June 24, 2011

Bits of the realm

Money is a collective hallucination. Or, more correctly, money is an abstraction that allows us to exchange - for example - writing words for food, heat, or a place to live. Money means the owner of the local grocery store doesn't have to decide how many pounds of flour and Serrano ham 1,000 words are worth, and I don't have to argue copyright terms while paying my mortgage.

But, as I was reading lately in The Coming Collapse of the Dollar and How to Profit From It by James Turk, the owner of GoldMoney, that's all today's currencies are: abstractions. Fiat currencies. The real thing disappeared when we left the gold standard in 1972. Accordingly none of the currencies I regularly deal with - pounds, dollars, euros - are backed by anything more than their respective governments' "full faith and credit". Is this like Tinker Bell? If I stop believing will they cease to exist? Certainly some people think so, and that's why, as James Surowiecki wrote in The New Yorker in 2004, some people believe that gold is the One True Currency.

"I've never bought gold," my father said in the late 1970s. "When it's low, it's too expensive. When it's high, I wish I'd bought it when it was low." Gold was then working its way up to its 1980 high of $850 an ounce. Until 2004 it did nothing but decline. Yesterday, it closed at $1518.

That's if you view the world from the vantage point of the dollar. If gold is your sun and other currencies revolve around it like imaginary moths, nothing's happened. An ounce just buys a lot more dollars now than it did and someday will be tradable for wagonloads of massively devalued fiat currencies. You don't buy gold; you convert your worthless promises into real stored value.

Personally, I've never seen the point of gold. It has relatively few real-world uses. You can't eat it, wear it, or burn it for heat and light. But it does have the useful quality of being a real thing, and when you could swap dollars for gold held in the US government's vault, dollars, too, were real things.

The difficulty with Bitcoins is that they have neither physical reality nor a long history (even if that history is one of increasing abstraction). Using them requires people to make the jump from the national currency they know straight into bits of code backed by a bunch of mathematics they don't understand.

Alternative currencies have been growing for some time now - probably the first was Ithaca Hours, which are accepted by many downtown merchants in my old home town of Ithaca, NY. What gives Ithaca Hours their value is that you trade them with people you know and can trust to support the local economy. Bitcoins up-end that: you trade them with strangers who can't find out who you are. The big advantage, as Bitcoin Consultancy co-founder Amir Taaki explains on Slashdot, is that their transaction costs are very, very low.

The idea of cryptographic cash is not new, though the peer-to-peer implementation is. Anonymous digital cash was first mooted by David Chaum in the 1980s; his company Digicash, began life in 1990 and by 1993 had launched ecash. At the time, it was widely believed that electronic money was an inevitable development. And so it likely is, especially if you believe e-money specialist Dave Birch, who would like nothing more than to see physical cash die a painful death.

But the successful electronic transaction systems are those that build on existing currencies and structures. Paypal, founded in 1998, achieved its success by enabling online use of existing bank accounts and credit cards. M-pesa and other world-changing mobile phone schemes are enabling safe and instant transactions to the developing world. Meanwhile, Digicash went bankrupt in 1999 and every other digital cash attempt of the 1990s also failed.

For comparison, ten-year-old GoldMoney's latest report says it's holding $1.9 billion in precious metals and currencies for its customers - still tiny by global standards. The most interesting thing about GoldMoney, however, is not the gold bug aspect but its reinvention of gold as electronic currency: you can pay other GoldMoney customers in electronic shavings of gold (minimum one-tenth of a gram) at a fraction of international banking costs.

"Humans will trade anything," writes Danny O'Brien in his excellent discussion of Bitcoin. Sure: we trade favors, baseball cards, frequent flyer miles, and information. But Birch is not optimistic about Bitcoin's long-term chances, and neither am I, though for different reasons. I believe that people are very conservative about what they will take in trade for the money they've worked hard to earn. Warren Buffett and his mentor, Benjamin Graham, typically offer this advice about investing: don't buy things you don't understand. By that rule, Bitcoins fail. Geeks are falling on them like any exciting, new start-up, but I'll guess that most people would rather bet on horses than take Bitcoins. There's a limit to how abstract we like our money to be.


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

June 10, 2011

The creepiness factor

"Facebook is creepy," said the person next to me in the pub on Tuesday night.

The woman across from us nodded in agreement and launched into an account of her latest foray onto the service. She had, she said uploaded a batch of 15 photographs of herself and a friend. The system immediately tagged all of the photographs of the friend correctly. It then grouped the images of her and demanded to know, "Who is this?"

What was interesting about this particular conversation was that these people were not privacy advocates or techies; they were ordinary people just discovering their discomfort level. The sad thing is that Facebook will likely continue to get away with this sort of thing: it will say it's sorry, modify some privacy settings, and people will gradually get used to the convenience of having the system save them the work of tagging photographs.

In launching its facial recognition system, Facebook has done what many would have thought impossible: it has rolled out technology that just a few weeks ago *Google* thought was too creepy for prime time.

Wired UK has a set of instructions for turning tagging off. But underneath, the system will, I imagine, still recognize you. What records are kept of this underlying data and what mining the company may be able to do on them is, of course, not something we're told about.

Facebook has had to rein in new elements of its service so many times now - the Beacon advertising platform, the many revamps to its privacy settings - that the company's behavior is beginning to seem like a marketing strategy rather than a series of bungling missteps. The company can't be entirely privacy-deaf; it numbers among its staff the open rights advocate and former MP Richard Allan. Is it listening to its own people?

If it's a strategy it's not without antecedents. Google, for example, built its entire business without TV or print ads. Instead, every so often it would launch something so cool everyone wanted to use it that would get it more free coverage than it could ever have afforded to pay for. Is Facebook inverting this strategy by releasing projects it knows will cause widely covered controversy and then reining them back in only as far as the boundary of user complaints? Because these are smart people, and normally smart people learn from their own mistakes. But Zuckerberg, whose comments on online privacy have approached arrogance, is apparently justified, in that no matter what mistakes the company has made, its user base continues to grow. As long as business success is your metric, until masses of people resign in protest, he's golden. Especially when the IPO moment arrives, expected to be before April 2012.

The creepiness factor has so far done nothing to hurt its IPO prospects - which, in the absence of an actual IPO, seem to be rubbing off on the other social media companies going public. Pandora (net loss last quarter: $6.8 million) has even increased the number of shares on offer.

One thing that seems to be getting lost in the rush to buy shares - LinkedIn popped to over $100 on its first day, and has now settled back to $72 and change (for a Price/Earnings ratio 1076) - is that buying first-day shares isn't what it used to be. Even during the millennial technology bubble, buying shares at the launch of an IPO was approximately like joining a queue at midnight to buy the new Apple whizmo on the first day, even though you know you'll be able to get it cheaper and debugged in a couple of months. Anyone could have gotten much better prices on Amazon shares for some months after that first-day bonanza, for example (and either way, in the long term, you'd have profited handsomely).

Since then, however, a new game has arrived in town: private exchanges, where people who meet a few basic criteria for being able to afford to take risks, trade pre-IPO shares. The upshot is that even more of the best deals have already gone by the time a company goes public.

In no case is this clearer than the Groupon IPO, about which hardly anyone has anything good to say. Investors buying in would be the greater fools; a co-founder's past raises questions, and its business model is not sustainable.

Years ago, Roger Clarke predicted that the then brand-new concept of social networks would inevitably become data abusers simply because they had no other viable business model. As powerful as the temptation to do this has been while these companies have been growing, it seems clear the temptation can only become greater when they have public markets and shareholders to answer to. New technologies are going to exacerbate this: performing accurate facial recognition on user-uploaded photographs wasn't possible when the first pictures were being uploaded. What capabilities will these networks be able to deploy in the future to mine and match our data? And how much will they need to do it to keep their profits coming?


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.


April 8, 2011

Brought to book

JK Rowling is seriously considering releasing the Harry Potter novels as ebooks, while Amanda Hocking, who's sold a million or so ebooks has signed a $2 million contract with St. Martin's Press. In the same week. It's hard not to conclude that ebooks are finally coming of age.

And in many ways this is a good thing. The economy surrounding the Kindle, Barnes and Noble's Nook, and other such devices is allowing more than one writer to find an audience for works that mainstream publishers might have ignored. I do think hard work and talent will usually out, and it's hard to believe that Hocking would not have found herself a good career as a writer via the usual routine of looking for agents and publishers. She would very likely have many fewer books published at this point, and probably wouldn't be in possession of the $2 million it's estimated she's made from ebook sales.

On the other hand, assuming she had made at least a couple of book sales by now, she might be much more famous: her blog posting explaining her decision notes that a key factor is that she gets a steady stream of complaints from would-be readers that they can't buy her books in stores. She expects to lose money on the St. Martin's deal compared to what she'd make from self-publishing the same titles. To fans of disintermediation, of doing away with gatekeepers and middle men and allowing artists to control their own fates and interact directly with their audiences, Hocking is a self-made hero.

And yet...the future of ebooks may not be so simply rosy.

This might be the moment to stop and suggest reading a little background on book publishing from the smartest author I know on the topic, science fiction writer Charlie Stross. In a series of blog postings he's covered common misconceptions about publishing, why the Kindle's 2009 UK launch was bad news for writers, and misconceptions about ebooks. One of Stross's central points: epublishing platforms are not owned by publishers but by consumer electronics companies - Apple, Sony, Amazon.

If there's one thing we know about the Net and electronic media generally it's that when the audience for any particular new medium - Usenet, email, blogs, social networks - gets to be a certain size it attracts abuse. It's for this reason that every so often I argue that the Internet does not scale well.

In a fascinating posting on Patrick and Theresa Nielsen-Hayden's blog Making Light, Jim Macdonald notes the case of Canadian author S K S Perry, who has been blogging on LiveJournal about his travails with a thief. Perry, having had no luck finding a publisher for his novel Darkside, had posted it for free on his Web site, where a thief copied it and issued a Kindle edition. Macdonald links this sorry tale (which seems now to have reached a happy-enough ending) with postings from Laura Hazard Owen and Mike Essex that predict a near future in which we are awash in recycled ebook...spam. As all three of these writers point out, there is no system in place to do the kind of copyright/plagiarism checking that many schools have implemented. The costs are low; the potential for recycling content vast; and the ease of gaming the ratings system extraordinary. And either way, the ebook retailer makes money.

Macdonald's posting primarily considers this future with respect to the challenge for authors to be successful*: how will good books find audiences if they're tiny islands adrift in a sea of similar-sounding knock-offs and crap? A situation like that could send us all scurrying back into the arms of people who publish on paper. That wouldn't bother Amazon-the-bookseller; Apple and others without a stake in paper publishing are likely to care more (and promising authors and readers due care and diligence might help them build a better, differentiated ebook business).

There is a mythology that those who - like the Electronic Frontier Foundation or the Open Rights Group - oppose the extension and tightening of copyright are against copyright. This is not the case: very few people want to do away with copyright altogether. What most campaigners in this area want is a fairer deal for all concerned.

This week the issue of term extension for sound recordings in the EU revived when Denmark changed tack and announced it would support the proposals. It's long been my contention that musicians would be better served by changes in the law that would eliminate some of the less fair terms of typical contracts, that would provide for the reversion of rights to musicians when their music goes out of commercial availability, and that would alter the balance of power, even if only slightly, in favor of the musicians.

This dystopian projected future for ebooks is a similar case. It is possible to be for paying artists and even publishers and still be against the imposition of DRM and the demonization of new technologies. This moment, where ebooks are starting to kick into high gear, is the time to find better ways to help authors.

*Successful: an author who makes enough money from writing books to continue writing books.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

March 4, 2011

Tax returns

In 1994, when Jeff Bezos was looking for a place to put the online bookseller he intended to grow into the giant, multi-faceted online presence it is today, he began with a set of criteria that included, high up on the list, avoiding liability for sales tax as much as possible. That meant choosing a small state, so that the vast majority of the new site's customers would be elsewhere.

Bezos could make this choice because of the 1992 Supreme Court decision in Quill Corp v. North Dakota, blocking states from compelling distance sellers to collect sales tax from customers unless the seller had a substantial physical operation (a "nexus") in the customer's state. Why, the reasoning went, should a company be required to pay taxes in a state where it receives no benefit in the form of public services? The decision helped fuel the growth of first mail-order sales and then ecommerce.

And so throughout the growth of electronic commerce Americans have gone along taking advantage of the relief from sales tax afforded by online sales. This is true despite the fact that many states have laws requiring their residents to declare and pay the sales tax on purchases over a certain amount. Until the current online tax disputes blew up, few knew about these laws - I only learned of them from a reader email some years ago - and as far as I'm aware it isn't enforced. Doing so would require comprehensive surveillance of ecommerce sites.

But this is the thing when something is new: those setting up businesses can take advantage of loopholes created for very different markets and conditions. A similar situation applies in the UK with respect to DVD and CD sales. Fulfilled by subsidiaries or partners based in the Channel Islands, the DVD and CD sales of major retailers such as Amazon, Tesco, and others take advantage of tax relief rules intended to speed shipments of agricultural products. Basically, any package valued under £18 is exempt from VAT. For consumers, this represents substantial savings; for local shops, it represents a tough challenge.

Even before that, in the early 1990s, CompuServe and AOL, as US-based Internet service providers, were able to avoid charging VAT in the UK based on a rule making services taxable based on their point of origin. That gave those two companies a significant - 17.5 percent - advantage over native ISPs like Demon and Pipex. There were many objections to this situation, and eventually the loophole was closed and both CompuServe and AOL began charging VAT.

You can't really blame companies for taking advantage of the structures that are there. No one wants to pay more tax - or pay for more administration - than is required by law, and anyone running those companies would make the same decisions. But as the recession continues to bite and state, federal, and central governments are all scrambling to replace lost revenues from a tax base that's been , the calls to level the playing field by closing off these tax-advantage workarounds are getting louder.

This type of argument is as old as mail order. But in the beginning there was a general view - implemented also in the US as a moratorium on taxing Internet services that was renewed as recently as 2007 - that exempting the Internet from as many taxes as possible would help the new medium take root and flourish. There was definitely some truth to the idea that this type of encouragement helped; an early FCC proposal to surcharge users for transmitting data was dropped after 10,000 users sent letters of complaint. Nonetheless, the FCC had to continue issuing denials for years as the dropped proposal continued to make the rounds as the "modem tax" hoax spam.

The arguments for requiring out-of-state sellers to collect and remit sales taxes (or VAT) are fairly obvious. Local retailers, especially small independents, are operating at a price disadvantage (even though customers must pay shipping and delivery charges when they buy online). Governments are losing one of their options for raising revenues to pay for public services. In addition, people buy online for many more reasons than saving money. Online shopping is convenient and offers greater choice. It is also true, though infrequently remembered, that the demographics of online shopping skew toward the wealthier members of our society - that is, the people who best afford to pay the tax.

The arguments against largely boil down to the fact that collecting taxes in many jurisdictions is administratively burdensome. There are some 8,000 different tax rates across the US's 50 states, and although there are many fewer VAT rates across Europe, once your business in a country has reached a certain threshold the rules and regulations governing each one can be byzantine and inconsistent. Creating a single, simple, and consistent tax rule to apply across the board to distance selling would answer these.

No one likes paying taxes (least of all us). But the fact that Amazon would apparently rather jettison the associates program that helped advertise and build its business than allow a state to claim those associates constitute a nexus exposing it to sales tax liability says volumes about how far we've come. And, therefore, how little the Net's biggest businesses now need the help.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

February 25, 2011

Wartime economy

Everyone loves a good headline, and £27 billion always makes a *great* one. In this case, that was the sum that a report written by the security consultancy firm Detica, now part of BAE Systems and issued by the Office of Cyber Security and Information Assurance (PDF) estimates that cybercrime is costing the UK economy annually. The claim was almost immediately questioned by ZDNet's Tom Espiner, who promptly checked it out with security experts. Who complained that the report was full of "fake precision" (LSE professor Peter Sommer), "questionable calculations" (Harvard's Tyler Moore), and "nonsense" (Cambridge's Richard Clayton).

First, some comparisons.

Twenty-seven billion pounds (approximately $40 billion) is slightly larger than a year's worth of the International Federation of the Phonographic Industry's estimate of the cumulative retail revenue lost to piracy by the European creative industries from 2008 to 2015 (PDF) (total €240 billion, about £203 million, eight years, £25.4 billion a year). It is roughly the estimated cost of the BP oil spill, the amount some think Facebook will be worth at an IPO, and noticeably less than Apple's $51 billion cash hoard. But: lots smaller than the "£40 billion underworld" The Times attributed to British gangs in 2008.

Several things baffle about this report. The first is that so little information is given about the study's methodology. Who did the researchers talk to? What assumptions did they make and what statistical probabilities did they assign in creating the numbers and charts? How are they defining categories like "online scams" or "IP theft" (they're clear about one thing: they're not including file-sharing in that figure)? What is the "causal model" they developed?

We know one person they didn't talk to: Computer Weekly notes the omission of Detective superintendent Charlie McMurdie, head of the Metropolitan Police's Central e-Crime Unit, who you'd' think would be one of the first ports of call for understanding the on-the-ground experience.

One issue the report seems to gloss over is how very difficult it is to define and categorize cybercrime. Last year, the Oxford Internet Institute conducted a one-day forum on the subject, out of which came the report Mapping and Measuring Cybercrime (PDF) , published in June 2010. Much of this report is given over to the difficulty of such definitions; Sommer, who participated in the forum, argued that we shouldn't worry about the means of commission - a crime is a crime. More recently - perhaps a month ago - Sommer teamed up with the OII's Ian Brown to publish a report for an OECD project on future global shocks, Reducing Systemic Cybersecurity Risk (PDF). The authors' conclusion: "very few single cyber-related events have the capacity to cause a global shock". This report also includes considerable discussion of cybercrime in assessing whether "cyberwarfare" is a genuine global threat. But the larger point about both these reports is that they disclose their methodology in detail.

And as a result, they make much more modest and measured claims, which is one reason that critics have looked at the source of the OCSIA/Detica report - BAE - and argued that the numbers are inflated and the focus largely limited to things that fit BAE's business interests (that is, IP theft and espionage; the usual demon, abuse of children, is left untouched).

The big risk here is that this report will be used in determining how policing resources are allocated.

"One of the most important things we can do is educate the public," says Sommer. "Not only about how to protect themselves but to ensure they don't leave their computers open to be formed into botnets. I am concerned that the effect of all these hugely military organizations lobbying for funding is that in the process things like Get Safe Online will suffer."

There's a broader point that begins with a personal nitpick. On page four, the report says this: "...the seeds of criminality planted by the first computer hackers 20 years ago." Leaving aside the even smaller nitpick that the *real*, original computer hackers, who built things and spent their enormous cleverness getting things to work, date to 40 and 50 years ago, it is utterly unfair to compare today's cybercrime to the (mostly) teenaged hackers of 1990, who spent their Saturday nights in their bedrooms war-dialling sites and trying out passwords. They were the computer equivalent of joy-riders, caused little harm, and were so disproportionately the targets of freaked-out, uncomprehending law enforcement that the the Electronic Frontier Foundation was founded to spread some sanity on the situation. Today's cybercrime underground is composed of professional criminals who operate in an organized and methodical way. There is no more valid comparison between the two than there is between Duke Nukem and al-Qaeda.

One is not a gateway to the other - but the idea that criminals would learn computer techniques and organized crime would become active online was repeatedly used as justification for anti-society legislation from cryptographic key escrow to data retention and other surveillance. The biggest risk of a report like this is that it will be used as justification for those wrong-headed policies rather than as it might more rightfully be, as evidence of the failure of no less than five British governments to plan ahead on our behalf.


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

January 14, 2011

Face time

The history of the Net has featured many absurd moments, but this week was some sort of peak of the art. In the same week I read that a) based a $450 million round of investment from Goldman Sachs Facebook is now valued at $50 billion, higher than Boeing's market capitalization and b) Facebook's founder, Mark Zuckerberg, is so tired of the stress of running the service that he plans to shut it down on March 15. As I seem to recall a CS Lewis character remarking irritably, "Why don't they teach logic in these schools?" If you have a company worth $50 billion and you don't much like running it any more, you sell the damn thing and retire. It's not like Zuckerberg even needs to wait to be Time's Man of the Year.

While it's safe to say that Facebook isn't going anywhere soon, it's less clear what its long-term future might be, and the users who panicked at the thought of the service's disappearance would do well to plan ahead. Because: if there's one thing we know about the history of the Net's social media it's that the party keeps moving. Facebook's half-a-billion-strong user base is, to be sure, bigger than anything else assembled in the history of the Net. But I think the future as seen by Douglas Rushkoff, writing for CNN last week is more likely: Facebook, he argued based on its arguably inflated valuation, is at the beginning of its end, as MySpace was when Rupert Murdoch bought it in 2005 for $580 million. (Though this says as much about Murdoch's Net track record as it does about MySpace: Murdoch bought the text-based Delphi, at its peak moment in late 1993.)

Back in 1999, at the height of the dot-com boom, the New Yorker published an article (abstract; full text requires subscription) comparing the then-spiking stock price of AOL with that of the Radio Corporation of America back in the 1920s, when radio was the hot, new democratic medium. RCA was selling radios that gave people unprecedented access to news and entertainment (including stock quotes); AOL was selling online accounts that gave people unprecedented access to news, entertainment, and their friends. The comparison, as the article noted, wasn't perfect, but the comparison chart the article was written around was, as the author put it, "jolly". It still looks jolly now, recreated some months later for this analysis of the comparison.

There is more to every company than just its stock price, and there is more to AOL than its subscriber numbers. But the interesting chart to study - if I had the ability to create such a chart - would be the successive waves of rising, peaking, and falling numbers of subscribers of the various forms of social media. In more or less chronological order: bulletin boards, Usenet, Prodigy, Genie, Delphi, CompuServe, AOL...and now MySpace, which this week announced extensive job cuts.

At its peak, AOL had 30 million of those; at the end of September 2010 it had 4.1 million in the US. As subscriber revenues continue to shrink, the company is changing its emphasis to producing content that will draw in readers from all over the Web - that is, it's increasingly dependent on advertising, like many companies. But the broader point is that at its peak a lot of people couldn't conceive that it would shrink to this extent, because of the basic principle of human congregation: people go where their friends are. When the friends gradually start to migrate to better interfaces, more convenient services, or simply sites their more annoying acquaintances haven't discovered yet, others follow. That doesn't necessarily mean death for the service they're leaving: AOL, like CIX, the The WELL, and LiveJournal before it, may well find a stable size at which it remains sufficiently profitable to stay alive, perhaps even comfortably so. But it does mean it stops being the growth story of the day.

As several financial commentators have pointed out, the Goldman investment is good for Goldman no matter what happens to Facebook, and may not be ring-fenced enough to keep Facebook private. My guess is that even if Facebook has reached its peak it will be a long, slow ride down the mountain and between then and now at least the early investors will make a lot of money.

But long-term? Facebook is barely five years old. According to figures leaked by one of the private investors, its price-earnings ratio is 141. The good news is that if you're rich enough to buy shares in it you can probably afford to lose the money.

As far as I'm aware, little research has been done studying the Net's migration patterns. From my own experience, I can say that my friends lists on today's social media include many people I've known on other services (and not necessarily in real life) as the old groups reform in a new setting. Facebook may believe that because the profiles on its service are so complex, including everything from status updates and comments to photographs and games, users will stay locked in. Maybe. But my guess is that the next online party location will look very different. If email is for old people, it won't be long before Facebook is, too.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

December 31, 2010

Good, bad, ugly...the 2010 that was

Every year deserves its look back, and 2010 is no exception. On the good side, the younger generation beginning to enter politics is bringing with it a little more technical sense than we've had in government before. On the bad side, the year's many privacy scandals reminded us all how big a risk we take in posting as much information online as we do. The ugly...we'd have to say the scary new trends in malware. Happy New Year.

By the numbers:

$5.3 billion: the Google purchase offer that Groupon turned down. Smart? Stupid? Shopping and social networks ought to mix combustibly (and could hit local newspapers and their deal flyers), but it's a labor-intensive business. The publicity didn't hurt: Groupon has now managed to raise half a billion dollars on its own. They aren't selling anything we want to buy, but that doesn't seem to hurt Wal-Mart or McDonalds.

$497 million: the amount Harvard scientists Tyler Moore and Benjamin Edelman estimate that Google is earning from "typosquatting". Pocket change, really: Google's 2009 revenues were $23 billion. But still.

15 million (estimated): number of iPads sold since its launch in May. It took three decades of commercial failures for someone to finally launch a successful tablet computer. In its short life the iPad has been hailed and failed as the savior of print publications, and halved Best Buy's laptop sales. We still don't want one - but we're keyboard addicts, hardly its target market.

250,000: diplomatic cables channeled to Wikileaks. We mention this solely to enter The Economist's take on Bruce Sterling's take into the discussion. Wikileaks isn't at all the crypto-anarchy that physicist Timothy C. May wrote about in 1992. May's essay imagined the dark uses of encrypted secrecy; Wikileaks is, if anything, the opposite of it.

500: airport scanners deployed so far in the US, at an estimated cost of $80 million. For 2011, Obama has asked for another $88 million for the next round of installations. We'd like fewer scanners and the money instead spent on...well, almost anything else, really. Intelligence, perhaps?

65: Percentage of Americans that Pew Internet says have paid for Internet content. Yeah, yeah, including porn. We think it's at least partly good news.

58: Number of investigations (countries and US states) launched into Google's having sniffed approximately 600Gb of data from open WiFi connections, which the company admitted in May. The progress of each investigation is helpfully tallied by SearchEngineLand. Note that the UK's ICO's reaction was sufficiently weak that MPs are complaining.

24: Hours of Skype outage. Why are people writing about this as though it were the end of Skype? It was a lot more shocking when it happened to AT&T in 1990 - in those days, people only had one phone number!

5: number of years I've wished Google would eliminate useless shopping aggregator sites from its search results listings. Or at least label them and kick them to the curb.

2: Facebook privacy scandals that seem to have ebbed leaving less behavorial change than we'd like in their wake. In January, Facebook founder and CEO Mark Zuckerberg opined that privacy is no longer a social norm; in May the revamped its privacy settings to find an uproar in response (and not for the first time). Still, the service had 400 million users at the beginning of 2010 and has more than 500 million now. Resistance requires considerable anti-social effort, though the cool people have, of course, long fled.

1: Stuxnet worm. The first serious infrastructure virus. You knew it had to happen.

In memoriam:

- Kodachrome. The Atlantic reports that December 30, 2010 saw the last-ever delivery of Kodak's famous photographic film. As they note, the specific hues and light-handling of Kodachrome defined the look of many decades of the 20th century. Pause to admire The Atlantic's selection of the 75 best pictures they could find: digital has many wonderful qualities, but these seem to have a three-dimensional roundness you don't see much any more. Or maybe we just forget to look.

- The 3.5in floppy disk. In April, Sony announced it would stop making the 1.4Mb floppy disk that defined the childhoods of today's 20-somethings. The first video clip I ever downloaded, of the exploding whale in Oregon (famed of Web site and Dave Barry column), required 11 floppy disks to hold it. You can see why it's gone.

- Altavista: A leaked internal memo puts Altavista on Yahoo!'s list of services due for closure. Before Google, Altavista was the best search engine by a long way, and if it had focused on continuing to improve its search algorithms instead of cluttering up its front page in line with the 1995 fad for portals it might be still. Google's overwhelming success had as much to do with its clean, fast-loading design as it did with its superior ability to find stuff. Altavista also pioneered online translation with its Babelfish (and don't you have to love a search engine that quotes Douglas Adams?).

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

July 2, 2010

Pay per view

There are journalists who make money, but not many and not often. Newspaper owners, however, have traditionally been in better shape, as the cynical, experienced reporter Richard Wagner observes in Tom Stoppard's 1978 play Night and Day, "We're working to keep richer men than us richer than us." (He is, of course, countered later in the play by the photographer George Guthrie, who marks his final exit with, "Information, in itself, about anything, is light.")

But we live in strange and disturbing times, and the question of how to stay richer than journalists has been exercising a lot of newspaper owners lately. With advertising revenues dropping, circulation dropping, classifieds vanishing online, and online readership proving less profitable, clearly something has to give. In October, the Evening Standard began giving away its print run, right around the same time that Rupert Murdoch announced he would begin charging online readers.

Well, today's the day: as of this morning The Times is behind a paywall. You can read the front page, but click on a story and you're asked to pay £1 for 24-hour access or pay £1 for a 30-day trial after which you pay £2 a week. The paper's articles have already been blocked from appearing on Google News for more than a month. The joint effect, as Search Engine Watch memorably says, is that Rupert Murdoch has turned The Times into a newsletter.

Based on the figures SEW cites from Hitwise and if the trend continues, that's about right.

Although paywalls - or, in Variety's case, a velvet rope - are the fashionable must-have for newspapers in 2010 that portals were to ISPs in 1995, they're not a new concept. People have been trying paywalls for years; they've been going up and down as often as the proverbial whore's knickers.

I think the first was either Slate (dropped after a year or few) or the New York Times, more than 15 years ago. The latter's paywall had a twist: the site was free to US residents but international readers had to pay - the justification was that advertisers weren't interested in paying to reach non-US readers. It came down with the rise of the search engines; a few years ago the paper tried charging for its star colunnists' output (thereby marginalizing them), and now plans a new paywall structure for next year, although people arriving at stories by following links from other sites will still have free access. Nieman Labs has an interesting game to let you try the effect on revenues of varying subscriber levels.

Long before Murdoch's acquisition, the Wall Street Journal was also an early paywall adopter - with some, unusual, success, although as time has gone on more and more of the paper has been freely accessible online.

Murdoch is likely to be about to discover that his newspapers are not exempt from what many other newspapers and weeklies have already found out: the subscriber numbers are, in general, awful to terrible.

The key contrast here is with the Guardian, which is willing - and able because of its ownership by a trust - to measure its success in influence as well as money. Editor Alan Rusbridger, outlined in January the extent to which the Internet has made the paper a global voice.

The answer to the question of what people will pay for seems to me straightforward: people will pay, even online, for publications that save them time, save them money, or provide information they have to have that they can't easily get elsewhere. People will not, particularly in this economic climate with so many other things clamoring for their limited financial resources, pay for things that are easily replaced with free content. It's unsurprising that the business and financial papers have had the longest and most successful paywall runs: their constituency had to read them (and could expense or tax-deduct them), and it took their subscribers a long time to recognize how much of their information had become directly available. In the 1980s, subscribing to Standard & Poor's quarterly reports on ten companies cost something like $250 a year; today, you can get more detailed information than that service provided daily for free.

In the US, what's happened to newspapers seems to me a direct consequence of chain ownership and Clear Channel thinking: dropping local news and commentary in favor of national wire service stories seems doomed to make your paper interchangeable with Google News. In the UK, the situation seems more simply one of changing business models, and in my view Rusbridger's entangle-yourself-in-the-Net approach is the preferable one, certainly so if you see journalism as a more than just a product.

But as much as I hate paywalls - and I think if they become widespread they will pose a serious problem for the economic viability of freelance writing - I have to hope that they succeed at least partially. Because if they don't, then the only sources of income for journalism will be advertising, sponsorship, and patronage (in which I'm including bloggers whose day jobs support their blogging habit). To get a full range of voices and stories you need a balance of financial and commercial pressures. And advertising support can be even more fragile than fickle consumers who abandon their newspapers for quick scans of Google News and their RSS feeds.


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

June 25, 2010

New money

It seems that the Glastonbury Festival, which I tend to sniffily dismiss as a Woodstock wannabe, is to get rid of cash. I can understand their thinking: cash is expensive for the festival to transport, store, and guard and creates security problems for individual festival-goers, too. Mr Cashless himself, James Allan, will be pleased. Although, given his squirming reaction to being offered cash at a conference a few months ago, it's hard to believe he'd regard an outdoor festival as sufficiently hygienic to attend.

But here is the key bit:

As well as convenience and security issues, Barclaycard's Mr Mathieson said that information gathered from transactions could be valuable for future marketing. "For example if the system knows what time you went and bought a beer and at which bar, it can make a guess which band you were about to see," he said. "Then the organizers could send you information about upcoming tours. The opportunities are exciting."

Talk about creepy! Your £5 notes do not climb out of your wallet to chirp eagerly about what they'd like to be spent on.

One of the things we talked about in the history of cypherpunks session at CFP last week (the video recording is online) was what ever happened to digital cash, something often discussed in the early 1990s, when cryptography was the revolution. First proposed by David Chaum in an influential Scientific American article in 1992, it was meant to be genuinely the equivalent of anonymous cash.

Chaum's scheme was typically brilliant but typically facing a hard road to acceptance (he has since come up with a clever cryptographic scheme to secure electronic voting). Getting it widely deployed required two things: the cooperation of banks and the willingness of consumers to transfer what they see as "real money" into an unfamiliar currency with uncertain backing. Consumers have generally balked at this kind of thing; the early days of the Net saw a number of attempts at new forms of payment, and the only ones that have succeeded are those that, like Paypal, build on existing and familiar currencies and structures. You could argue that frequent flyer miles are currency and they are, but they generally come free with purchases; when people do buy them with what they perceive as "real" money it's to acquire a tangible near-term benefit such as a cheap ticket, elite status for their next flight, or a free upgrade.

Chaum understood correctly, however, that the future would hold some form of digital cash, and the anonymous version he was proposing was a deliberately chosen alternative to the future he saw unfolding as computerized transactions took hold.

"If the trend toward identifier-based smart cards continues, personal privacy will be increasingly eroded," he wrote in 1992. And so it has proved: credit cards, debit cards, mobile phone and online payments are all designed to make every transaction traceable.

"The banking industry has a vested interest in not providing anonymous payment mechanisms," said Lance Cottrell at CFP, "because they really like to know as much information as they can about you." Combine that with money-laundering laws and increased government surveillance, and anonymous digital cash seems pretty well dead. The one US bank that tried offering DigiCash, the St Louis, Missouri-based Mark Twain bank, dropped the offering in September 1998 because of low take-up; shortly afterwards DigiCash went into liquidation.

Before heading out to CFP, my bedtime reading was Dave Birch's Digital Money Reader 2010, a compilation of all his digital money blog postings, with attached comments, from the past year. Birch is seriously at war with physical cash, which he seems to perceive as the equivalent of an unfair tax on people like him, who would rather do everything electronically. Because the costs of cash aren't visible to consumers at point of use, he argues, people are taught to think of it as free, where electronic transactions have clearly delineated costs. If people were charged the true cost of paying with cash, surely the percentage of cash payments - still around 80 percent in Europe - would begin to drop precipitously.

But it seems clear that the hidden cost of electronic payments as they are presently constituted is handing over tracking data. A truly anonymous Oyster card costs nothing extra in financial terms, but you pay with convenience: you must put down a £5 deposit for a prepaid card at a tube station, and you must always remember to top it up with notes at station machines. Similarly, you can have an anonymous Paypal account in the sense that you can receive funds via a throwaway email address and use them only to buy digital goods that do not require a delivery address. But after the first $500 or so you'll have to set up another account or provide Paypal with verifiable banking information. Because we have so far not come up with a good way to estimate the value of such personal data, we have no way to calculate the true cost of trackable electronic payments.

Still, it occurs to me writing this that if cash ever does die under the ministrations of Birch and his friends, the event will open up new possibilities for struggling post offices everywhere. Stamps, permanently redeemable for at least their face value, could become the new cash.


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

March 12, 2010

The cost of money

Everyone except James Allan scrabbled in the bag Joe DiVanna brought with him to the Digital Money Forum (my share: a well-rubbed 1908 copper penny). To be fair, Allan had already left by then. But even if he hadn't he'd have disdained the bag. I offered him my pocketful of medium-sized change and he looked as disgusted as if it were a handkerchief full of snot. That's what living without cash for two years will do to you.

Listen, buddy, like the great George Carlin said, your immune system needs practice.

People in developed countries talk a good game about doing away with cash in favor of credit cards, debit cards, and Oyster cards, but the reality, as Michael Salmony pointed out, is that 80 percent of payments in Europe are...cash. Cash seems free to consumers (where cards have clearer charges), but costs European banks €84 billion a year. Less visibly banks also benefit (when the shadow economy hoards high-value notes it's an interest-free loan), and governments profit from Seigniorage (when people buy but do not spend coins).

"Any survey about payment methods," Salmony said Wednesday, "reveals that in all categories cash is the preferred payment method." You can buy a carrot or a car; it costs you nothing directly; it's anonymous, fast, and efficient. "If you talk directly to supermarkets, they all agree that cash is brilliant - they have sorting machines, counting machines...It's optimized so well, much better than cards."

The "unbanked", of course, such as the London migrants Kavita Datta studies, have no other options. Talk about the digital divide, this is the digital money divide: the cashless society excludes people who can't show passports, can't prove their address, or are too poor to have anything to bank with.

"You can get a job without a visa, but not without a bank account," one migrant worker told her. Electronic payments, ain't they grand?

But go to Africa, Asia, or South America, and everything turns upside down. There, too, cash is king - but there, unlike here with banks and ATMs on every corner and a fully functioning system of credit cards and other substitutes, cash is a terrible burden. Of the 2.6 billion people living on less than $2 a day, said Ignacio Mas, fewer than 10 percent have access to formal financial services. Poor people do save, he said, but their lack of good options means they save in bad ways.

They may not have banks, but most do have mobile phones, and therefore digital money means no long multi-bus rides to pay bills. It means being able to send money home at low cost. It means saving money that can't be easily stolen. In Ghana 80 percent of the population have no access to financial services - but 80 percent are covered by MTN, which is partnering with the banks to fill the gap. In Pakistan, Tameer Microfinance Bank partnered with Telenor to launch Easy-Peisa, which did 150,000 transactions its first month and expects a million by December. One million people produce milk in Pakistan; Nestle pays them all painfully by check every month. The opportunity in these countries to leapfrog traditional banking and head into digital payments is staggering, and our banks won't even care. The average account balance of customers for Kenya's M-Pesa customers is...$3.

When we're not destroying our financial system, we have more choices. If we're going to replace cash, what do we replace it with and what do we need? Really smart people to figure out how to do it right - like Isaac Newton, said Thomas Levenson. (Really. Who knew Isaac Newton had a whole other life chasing counterfeiters?) Law and partnership protocols and banks to become service providers for peer-to-peer finance, said Chris Cook. "An iTunes moment," said Andrew Curry. The democratization of money, suggested conference organizer David Birch.

"If money is electronic and cashless, what difference does it make what currency we use?" Why not...kilowatt hours? You're always going to need to heat your house. Global warming doesn't mean never having to say you're cold.

Personally, I always thought that if our society completely collapsed, it would be an excellent idea to have a stash of cigarettes, chocolate, booze, and toilet paper. But these guys seemed more interested in the notion of Facebook units. Well, why not? A currency can be anything. Second Life has Linden dollars, and people sell virtual game world gold for real money on eBay.

I'd say for the same reason that most people still walk around with notes in their wallet and coins in their pocket: we need to take our increasing abstraction step by step. Many have failed with digital cash, despite excellent technology, because they asked people to put "real" money into strange units with no social meaning and no stored trust. Birch is right: storing value in an Oyster card is no different than storing value in Beenz. But if you say that money is now so abstract that it's a collective hallucination, then the corroborative details that give artistic verisimilitude to an otherwise bald and unconvincing currency really matter.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of the earlier columns in this series.

February 5, 2010

Getting run down on the infobahn

It's not going out on much of a limb to predict that 2010 is, finally, the year of the ebook. A lot of electrons are going to be spilled trying to predict the winners on this frontier; the most likely, I think, are Apple (iPhone, iPad), Amazon (Kindle), Google (Books), and Ray Kurzweil (Blio). Note something about all those guys? Yes: none of them are publishers. Just like the music industry, publishers have left it to technology companies to invent their new medium for them.

Note something else about what those guys are not? Authors. Almost everything that's created in this world - books, newspapers, magazines, movies, games, advertising, music, even some industrially designed products - eventually goes back to one person sitting in a room with a blank sheet of paper trying to think up a compelling story.

Authors - and writers generally - used to have a hard but easy job: deliver a steady stream of publishable work, and remuneration will probably happen. Publishers sold books; authors just wrote them. One of my friends, a science fiction writer contractually bound to HarperCollins, used to refer to Rupert Murdoch as "the little man who publishes my books for me". That happy division of labor did not, of course, provide all, or even most writers with a full-time living. But the most important thing authors want is for their work to be noticed; publishers could make that happen.

Things have been changing for some time. It's fifteen years since authors of my acquaintance began talking about the need to hire your own publicist because unless you had a very large (six figures and up) advance most mainstream publishers would not consider your book worth spending money and effort to market it much beyond sending out a press release. Even copy-editing is falling by the wayside, as a manuscript submitted electronically can now feed straight into a typesetting system without the human intervention that gave pause for rethought.

"Everyone's been seeing their royalty statements shrink," a friend observed gloomily last week. He made, 20 years ago, what then seemed an intelligent career decision: to focus on writing reference books because they had a consistent market among people who really needed them, and they would have a continuing market in regular updates. And that worked great until along came Wikipedia online dictionaries and translation engines and government agency Web sites and blogs and picture galleries, and now, he says, "People don't buy reference books any more." I am no exception: all the reference books on the shelves behind my desk are at least 15 years old. About 10 percent are books I'd buy today if I didn't already have them.

So this is also the year in which the more far-seeing authors get to figure out what their future business models are going to be. An author with a business plan? Who ever heard of such a thing? The nearest thing to that in my acquaintance is the science fiction writer Charles Stross; he is smarter about the economic and legal workings of publisher than anyone I've ever met or heard speak at a conference. And even he is asking for suggestions.

First of all, there's the Google Books settlement, which is so complicated that I imagine hardly any of the authors whose works the settlement is a settlement of can stand to read the whole thing. The legal scholar and MacArthur award winner Pamela Samuelson has written a fine explanation of the problems; authors had until January 28 to opt out or object. This isn't over yet: the US Justice Department still doesn't like the terms.

We can also expect more demarcation disputes like this week's spat between Amazon and Macmillan, discussed intelligently by Stross here, here, and here, with an analysis of the scary economics of the Kindle here. The short version: Macmillan wants Amazon to pay more for the Kindle versions of its books, and Amazon threw Macmillan's books out of its .com pram. Caught in the middle are a bunch of very pissed-off authors, who are exercising their rights in the only way they can: by removing links to Amazon and substituting links to the competition: Barnes and Noble and independent booksellers including the wonderful Portland, Oregon stalwart, Powells.

To be fair, removing the "buy new" button from all of the Macmillan listings on Amazon.com (Amazon.co.uk seems to be unaffected) doesn't mean you can't buy the books. In general, you simply click on a different link and buy the book from a marketplace seller rather than Amazon itself. Amazon doesn't care: according to its SEC filings, the company makes roughly the same profit whoever sells the book via its site.

It's times like these when you want to remember the Nobel Laureate author Doris Lessing's advice to all writers: "And it does no harm to repeat, as often as you can, 'Without me, the literary industry would not exist: the publishers, the agents, the sub-agents, the sub-sub agents, the accountants, the libel lawyers, the departments of literature, the professors, the theses, the books of criticism, the reviewers, the book pages - all this vast and proliferating edifice is because of this small, patronized, put-down, and underpaid person.'"

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of the earlier columns in this series.

January 29, 2010

Game night

Why can't computer games get any serious love? The maverick Labour MP Tom Watson convened a meeting this week to ask just that. (Watson is also pushing for the creation of an advocacy group, Gamers' Voice (Facebook).) From the dates, the meeting is not in response to claims that playing computer games causes rickets.

Pause to go, "Huh?"

We all know what causes rickets in the UK. Winter at these crazy high latitudes causes rickets in the UK. Given the amount of atmosphere and cloud it has to get through in the darker months, sunlight can't muster enough oomph to make Vitamin D on the skins of the pasty, blue-white people they mostly have here. The real point of the clinical review paper that kicked off this round of media nonsense, Watson rants, is that half of all UK adults are deficient in Vitamin D in the winter and spring. Well, duh. Wearing sunscreen has made it worse. So do clothes. And this: to my vast astonishment on arrival here they don't put Vitamin D in the milk. But, hey, let's blame computer games!

And yet: games are taking over. In December Chart-Track market researchfound that the UK games industry is now larger than its film industry. Yesterday's game-playing kids are today's game-playing parents. One day we'll all be gamers on this bus. Criminals pay more for stolen World of Warcraft accounts than for credit card accounts (according to Richard Bartle), and the real-money market for virtual game world props is worth billions (PDF). But the industry gets no government support. Hence Watson's meeting.

At this point, I must admit that net.wars, too, has been deficient: I hardly ever cover games. As a freelance, I can't afford to be hooked on them, so I don't play them, so I don't know enough to write about them. In the early-to-mid 1990s I did sink hours into Hitchhiker's Guide to the Galaxy, Minesweeper, Commander Keen, Lemmings, Wolfenstein 3D, Doom, Doom 2, and some of Duke Nukem. At some point, I decided it was a bad road. When I waste time unproductively I need to feel that I'm about to do something useful. I switched the mouse to the left hand, mostly for ergonomic reasons, and my slightly lower competence with it was sufficient to deter further exploration. The other factor: Quake made it obvious that I'd reached my theoretical limit.

I know games are different now. I've watched a 20-something friend play World of Warcraft and Grand Theft Auto; I've even traded deaths with him in one of those multiplayer games where your real-life best friends are your mortal enemies. Watching him play The Sims as a recalcitrant teenager (is there any other kind?) was the most fun. It seemed like Cosmic Justice to see him shriek in frustration at the computer because the adults in his co-op household were *refusing to wash the dishes*. Ha!

For people who have jobs, games are a (sometimes shameful) hobby; for people who are self-employed they are a dangerous menace. Games are amateur sports without the fresh air. And they are today's demon medium, replacing TV, comic books (my parents believed these rotted the brain), and printed multi-volume novels. All of that contributes to why games get relatively little coverage outside of specialist titles and writers such as Aleks Krotoski and are studied by rare academics like Douglas Thomas and Richard Bartle.

Except: it's arguable that the structure of games and the kind of thinking they require - logical, problem-solving, exploratory, experimental - does in fact inspire a kind of mental fitness that is a useful background skill for our computer-dominated world. There are, as Tom Chatfield, one of the evening's three panelists and an editor at Prospect, says in his new book Fun, Inc, many valuable things people can and do learn from games. (I once watched an inveterate game-playing teen extract himself from the maze at Hampton Court in 15 seconds flat.)

And in fact, that's the thought with which the seminal game cum virtual world was started: in writing MUD, Bartle wanted to give people the means to explore their identities by creating different ones.

It's also fun. And an escape from drab reality. And a challenge. And active, rather than passive, entertainment. The critic Sam Leith (who has compared World of Warcraft to Chartres Cathedral) pointed out that the violent shoot-'em-up games that get the media attention are a small, stereotyped sector of the market that deliberately insert shocking violence recursively to get media attention and increase sales. Limiting the conversation to one stereotypical theme is the problem, not games themselves.

Philip Oliver, founder and CEO of the UK's large independent games developer, Blitz Games, listed some cases in point: in their first 12 weeks of release his company sold 500,000 copies of its The Biggest Loser TV and 3.8 million copies of its Burger King advertising game. And what about that wildly successful Wii Fit?

If you say, "That's different", there is the problem.

Still, if game players are all going to be stereotyped as violent players shooting things...I'm not sure who pointed out that the Houses of Parliament are a fabulous gothic castle in which to set a shoot-'em-up, but it's a great idea. Now, that would really be government support!

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, follow on , or send email to netwars@skeptic.demon.co.uk (but please turn off HTML).

January 15, 2010

The once and future late-night king

On the face of it, the unexpected renewal of the late-night TV wars is a pretty trivial matter. As The Tonight Show with Conan O'Brien itself points out, there is a lot of real news that's a lot more important - health care, Haiti, Google versus China, network neutrality, and discussions of the Digital Economy bill (my list, not theirs). O'Brien wrote in an open letter a couple of days ago that he has been "absurdly lucky". Even so.

But Conan-versus-Leno is personalization; at heart this story is about the future of broadcasting and its money. Given today's time-shifting choices, few things lure viewers to a particular TV channel at a precise time. Two are live sports and breaking news. A third is the run of talk-variety shows that start in most parts of the US at 11:35pm (10:35 Central) and run until around 2am.

The kingpin of all of these is The Tonight Show, broadcast on NBC every night following the 11 o'clock news for nearly 60 years. For 30 of those years it was presented by a single host, Johnny Carson, probably the biggest star television has ever had - and quite possibly the biggest television ever will have. They make talent like Carson's very infrequently; they don't make broadcasting like that any more. According to Bill Carter in his book The Late Shift: Letterman, Leno, and the Network Battle for the Night, many years Carson's apparently effortless comedy and guest interviews generated 15 to 20 percent of the network's profits.

Every one of today's late-night hosts grew up watching Carson, and probably all of them dreamed of one day having his job. Carson's job, on The Tonight Show on NBC, not a similar job on a similar show at the same time on another network.

The roots of today's mess go back to 1991, when Carson announced he would retire in May 1992. At the time, David Letterman was hosting NBC's 12:30 show, while Jay Leno was Carson's regular substitute host. In a move that seemed to surprise everyone, NBC appointed Leno Carson's successor, fatally assuming that Letterman wouldn't mind. He did mind. The net result was months of uncertainty, politics, and legal wrangling, not least because Leno's early months in the job were unpromising. By 1993, Letterman had begun a competing show at CBS and every other network had tried putting up an 11:30 talk-variety show, most of them dreadful and quickly canned. Since then, Leno has usually won the ratings - but Letterman the awards. Arguably the biggest beneficiary was O'Brien, who landed Letterman's old 12:30 job with barely any performing experience. After following Leno for 16 years, late last year, as per an agreement announced in 2005 and intended to avoid a repeat of 1992, O'Brien got The Tonight Show.

Now, NBC is doing to O'Brien almost exactly what it did to Letterman, apparently filled with panic over declining revenues and shrinking ratings and completely self-destructing (just as Comcast is trying to buy it from GE). As Kansas City critic Aaron Barnhart writes, late-night is about the long haul. In restoring Leno, NBC is hanging onto its past and at best a couple of years of present at the expense of its future. All hosts - almost all entertainers - eventually find their audience is aging along with them. Even Carson seemed old-fashioned to younger viewers by the time he retired at 66: my parents watched Carson; I watch Letterman and Conan; my 20-something friends watch Conan and Jon Stewart.

In his letter, O'Brien says holding The Tonight Show to 11:35 is vital. He is almost certainly right: people go to bed, watch the news and the opening monologue, and progressively drift off to sleep during the guests. By midnight, half of the Tonight Show's viewers are gone; the latest shows are seen by insomniacs and people without kids and early-morning commutes.

Most likely NBC will shortly find out there is no way back to Leno's ratings of 2008. Diehard Leno fans will stick with him but Conan fans will tune out in protest; if they watch anyone it will be Letterman or Stewart. The younger people the network needs for the future watch online.

You may think none of this matters very much outside the US. The shows themselves have never traveled very well, though the format has been widely copied throughout the world. But of all the businesses having to cope with the digital revolution, in television it may be the broadcast networks who are most under threat. Those who copy and share TV shows buy DVDs; they do not return to watch the broadcast versions or consume advertising. Shows have fans; networks don't. The focus on file-sharing ignores the wide variety of streams copied live from broadcasters all over the world that are readily accessible if you know where to look. It is far cheaper to subscribe directly to the tennis tours than to pay Sky Sports or Eurosport, for example - and often free to pick up a stream.

When the history of the digital revolution is written, historians may pinpoint the day Carson announced his retirement as the broadcasting equivalent of Peak Oil.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, follow on Twitter, or send email to netwars@skeptic.demon.co.uk.

October 9, 2009

Phantom tollbooths

This was supposed to be the week that the future of Google Books became clear or at least started to; instead, the court ordered everyone to go away and come up with a new settlement (registration required). The revised settlement is due by November 9; the judge will hear objections probably around the turn of the year.

Instead this turned into the Week of the Postcode, after the Royal Mail issued cease-and-desist letters to the postcode API service Ernest Marples (built by Richard Pope and Open Rights Group advisory council member Harry Metcalfe). Marples' sin: giving away postcode data without a license (PDF).

At heart, the Postcode spat and the Google Books suit are the same issue: information that used to be expensive can now be made available on the Internet for free, and people who make money from the data object.

We all expect books to be copyrighted; but postcodes? When I wrote about it, astonished, in 1993 for Personal Computer World, the spokesperson explained that as an invention of the Royal Mail of course they were the Royal Mail's property (they've now just turned 50). There are two licensed services, the Postcode Address File (automates filling in addresses) and PostZon, the geolocator database useful for Web mashups. The Royal Mail says it's currently reviewing its terms and licensing conditions for PostZon; based on the recent similar exercise for PAF (PDF) we'll guess that the biggest objections to giving it away will come from people who are already paying for it and want to lock out competitors.

There's just a faint hint that postcodes could become a separate business; the Royal Mail does not allow the postcode database and mail delivery to cross-subsidize (to mollify competitors who use the database). Still, Charles Arthur, in the Guardian, estimates that licensing the postcode database costs us more than it makes.

This is the other sense in which postcodes are like Google Books: it costs money to create and maintain the database. But where postcodes are an operational database for the Royal Mail, books may not be for Google Wired UK has shown what happens when Google loses economic interest in a database, in this case Google Groups (aka, the Usenet archive).

But in the analogy Google plays the parts of both the Royal Mail (investing in creating a database from which it hopes to profit) and the geeks seeking to liberate the data (locked-up, out-of-print books, now on the Web! Yeah!). The publishers are merely an intervening toll booth. This is one reason reactions to Google Books have been so mixed and so confusing: everyone's inner author says, "Google will make money. I want some," while their inner geek says, "Wow! That is so *cool*! I want that!".

The second reason everyone's so confused, of course, is that the settlement is 141 pages of dense legalese with 15 appendices, and nobody can stand to read it. (I'm reliably told that the entire basis for handling non-US authors' works is one single word: "If".) This situation is crying out for a wiki where intellectual property lawyers, when they have a moment, can annotate and explain. The American Library Association has bravely managed a two-page summary (PDF).

What's really at stake, as digital library expert Karen Coyle explained to me this week, is orphan works, which could have long ago been handled by legislation if everyone hadn't gotten all wrapped up in the Google Books settlement. Public domain works are public domain (and you will find many of those Google has scanned in quietly available at the Internet Archive, where someone has been diligently uploading them. Works whose authorship is known have authors and publishers to take charge. But orphan works...the settlement would give a Book Rights Registry two-thirds of the money Google pays out to distribute to authors of orphan works. This would be run by the publishers, who I'm sure would put as much effort into finding authors to pay as, as, as...the MPAA@@. It was on this basis that the Department of Justice objected to the settlement.

The current situation with postcodes shows us something very important: when the Royal Mail invented them, 50 years ago, no one had any idea what use they might have outside of more efficiently delivering the mail. In the intervening time, postcodes have enabled the Royal Mail to automate sorting and slim down its work force (while mysteriously always raising postage); but they have also become key data points on which to hang services that have nothing to do with mail but everything to do with location: job seeking, political protest, property search, and quick access to local maps.

Similarly: we do not know what the future might hold for a giant database of books. But the postcode situation reminds us what happens when one or two stakeholders are allowed to own something that has broader uses than they ever imagined. Meanwhile, if you'd like to demand a change in the postcode situation this petition is going like gangbusters.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of the earlier columns in this series. Readers are welcome to post here, follow on Twitter, or send email to netwars@skeptic.demon.co.uk.

September 4, 2009

Nothing ventured, nothing lost

What does a venture capitalist do in a recession?

"Panic." Hermann Hauser says, then laughs. It is, in fact, hard to imagine him panicking if you've heard the stories he tells about his days as co-founder of Acorn Computers. He's quickly on to his real, more measured, view.

"It's just the bottom of the cycle, and people my age have been through this a number of times before. Though many people are panicking, I know that normally we come out the other end. If you just look at the deals I'm seeing at the moment, they're better than any deals I've seen in my entire life." The really positive thing, he says, is that, "The speed and quality of innovation are speeding up and not slowing down. If you believe that quality of innovation is the key to a successful business, as I do, then this is a good era. We have got to go after the high end of innovation - advanced manufacturing and the knowledge-based economy. I think we are quite well placed to do that." Fortunately, Amadeus had just raised a fund when the recession began, so it still has money to invest; life is, he admits, less fun for "the poor buggers who have to raise funds."

Among the companies he is excited about is Plastic Logic, which is due to release its first product next year, a competitor to the Kindle that will have a much larger screen, be much lighter, and will also be a computing platform with 3g, Bluetooth, and Wi-fi all built in, all built on plastic transistors that will be green to produce, more responsive than silicon - and sealed against being dropped in the bath water. "We have the world beat," he says. "It's just the most fantastic thing."

Probably if you ask any British geek above the age of 39, an Acorn BBC Micro figured prominently in their earliest experiences with computing. Hauser was and is not primarily a technical guy - although his idea of exhilarating vacation reading is Thermal Physics, by Charles Kittel and Herbert Kroemer - but picking the right guys to keep supplied with tea and financing is a rare skill, too.

"As I go around the country, people still congratulate me on the BBC Micro and tell me how wonderful it was. Some are now professors in computer science and what they complain about is that as people switched over to PCs - on the BBC Micro everybody knew how to program. The main interface was a programming interface, and it was so easy to program in BASIC everybody did it. Kids have no clue what programming is about - they just surf the Net. Nobody really understands any more what a computer does from the transistor up. It's a dying breed of people who actually know that all this is built on CMOS gates and can build it up from there."

Hauser went on to found an early effort in pen computing - "the technology wasn't good enough" and "the basic premise that I believed in, that pen computing would be important because everybody knew how to wield a pen just wasn't true" - and then the venture capital fund Amadeus, through which he helped fund, among others, leading Bluetooth chip supplier CSR. Britain, he says, is a much more hospitable environment now than it was when he was trying to make his Cambridge bank manager understand Acorn's need for a £1 million overdraft. Although, he admits now, "I certainly wouldn't have invested in myself." And would have missed Acorn's success.

"I think I'm the only European who's done four billion-dollar companies," he says. "Of course I've failed a lot. I assume that more of my initiatives that I've founded finally failed than finally succeeded."

But times have changed since consultants studied Acorn's books and told them to stop trading immediately because they didn't understand how technology companies worked. "All the building blocks you need to have to have a successful technology cluster are now finally in place," he says. "We always that the technology, but we always lacked management, and we've grown our own entrepreneurs now in Britain." He calls Stan Boland, CEO of 3g USB stock manufacturer Icera and Acorn's last managing director a "rock star" and "one of the best CEOs I have come across in Europe or the US." In addition, he says, "There is also a chance of attracting the top US talent, for the first time." However, "The only thing I fear and that we have to be careful about is that the relative decline doesn't turn into an absolute decline."

One element of Britain's changing climate with respect to technology investment that Hauser is particularly proud of is helping create tax credits and taper relief for capital gains through his work on Leon Mandelson's advisory panel on new industry and new jobs. "The reason I have done it is that I don't believe in the post-industrial society. We have to have all parts of industry in our country."

Hauser's latest excitement is stem cells; he's become the fourth person in the world to have his entire genome mapped. "It's the beginning of personal medicine."

The one thing that really bemuses him is being given lifetime achievement awards. "I have lived in the future all my life, and I still do. It's difficult to accept that I've already created a past. I haven't done yet the things I want to do!"


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, follow on Twitter, or send email to netwars@skeptic.demon.co.uk.

August 21, 2009

This means law

You probably aren't aware of this, but there's a consultation going on right now about what to do about illegal peer-to-peer file-sharing; send in comments by September 15. Tom Watson, the former minister for digital engagement, has made some sensible suggestions for how to respond in print and blog.

This topic has been covered pretty regularly in net.wars, but this is different and urgent: this means law.

Among the helpful background material provided with the consultation document are an impact assessment and a financial summary. The first of these explains that there were two policy options under consideration: 1) Do nothing. 2) (Preferred) legislate to reduce illegal downloading "by making it easier and cheaper for rightsholders to bring civil actions against suspected illegal file-sharers". Implementing that requires ISPs to cooperate by notifying their subscribers. There will be a code of practice (less harsh than this one, we trust) including options such as bandwidth capping and traffic shaping, which Ofcom will supervise, at least for now (there may yet be a digital rights agency).

The document is remarkably open about who it's meant to benefit - and it's not artists.

Government intervention is being proposed to address the rise in unlawful P2P file-sharing which can reduce the incentive for the creative industries to invest in the development, production and distribution of new content. Implementation of the proposed policy will allow right [sic] holders to better appropriate returns on their investment.

The included financial assessment, which in this case is the justification for the entire exercise (p 40), lays out the expected benefits: BERR expects rightsholders to pick up £1,700 million by "recovering displaced sales", at a cost to ISPs and mobile network operators of £250 to £500 million over ten years. Net benefit: £1.2 billion. Wha-hey!

My favorite justification for all this is the note that because that are an estimated 6.5 million file-sharers in the UK there are *too many* of us to take us all to court, rightsholders' preferred deterrence method up until now. Rightsholders have marketing experts working for them; shouldn't they be getting some message from these numbers?

There are some things that are legitimately classed as piracy and that definitely cost sales. Printing and selling counterfeit CDs and DVDs is one such. Another is posting unreleased material online without the artist's or rightsholder's permission; that is pre-empting their product launch, and whether you wind up having done them a favor or not, there's no question that it's simply wrong. The answer to the first of these is to shut down pirate pressing operations; the answer to the second is to get the industry to police its own personnel and raise the penalties for insider leaks. Neither can be solved by harassing file-sharers.

It's highly questionable whether file-sharing costs sales; the experience of most of us who have put our work online for free is that sales increase. However, there is no doubt in my mind that there are industries file-sharing hurts. Two good examples in film are the movie rental business and the pay TV broadcasters, especially the premium TV movie channels.

As against that, however, the consultation notes but dismisses the cost to consumers: it estimates that ISPs' costs, when passed on to consumers, will reduce the demand for broadband by 10,000 to 40,000 subscribers, representing lost revenue to ISPs of between £2 and £9 million a year (p50). The consultatation goes on to note that some consumers will cease consuming content altogether and that therefore the policy will exacerbate existing inequality since those on the lowest incomes will likely lose the most.

It is not possible to estimate such welfare loss with current data availability, but estimates for the US show that this welfare loss could be twice as large as the benefit derived from reducing the displacement effect to industry revenues.

Shouldn't this be incorporated into the financial analysis?

We must pause to admire the way the questions are phrased. Sir Bonar would be proud: ask if your proposals are implementing what you want to do in the right way. In other words, ask if three is the right number of warning letters to send infringers before taking stronger action (question 9), or whether it's a good idea to leave exactly how costs are to be shared between rightsholders and ISPs flexible rather than specifying (question 6). The question I'd ask, which has not figured in any of the consultations I've seen would be: is this the best way to help artists navigate the new business models of the digital age?

Like Watson, my answer would be no.

Worse, the figures do not take into account the cost to the public, analyzed last year in the Netherlands.

And the assumptions seem wrong. The consultation document claims that research shows that approximately 70 percent of infringers stop when they receive a warning letter, at least in the short term. But do they actually stop? Or do they move their file-sharing to different technologies? Does it just become invisible to their ISP?

So far, file-sharers have responded to threats by developing new technologies better at obfuscating users' activities. Napster...Gnutella...eDonkey...BitTorrent. Next: encrypted traffic that looks just like a VPN connection.

I remain convinced that if the industry really wants to deter file-sharing it should spend its time and effort on creating legal, reliable alternatives. Nothing less will save it. Oh, yeah, and it would be a really good idea for them to be nice to artists, too. Without artists, rightsholders are nothing.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, follow on , or send email to netwars@skeptic.demon.co.uk.

June 19, 2009

Star system

In all the discussions I've seen about the mass extinction of newspapers and worries about where people, particularly elderly people, will get their news, I've seen little about the impact of the death of newspapers on the ecology of industries that have traditionally depended on them. At Roger Ebert's film festival there was some discussion about this with regard to movies. Reading critics is an important way people decide whether they can afford two hours of scarce leisure time and $20 to $50 of hard-earned money (tickets, babysitters, travel costs) to see a particular movie. As newspapers shrink, die, and fire their movie critics, the result, a panel concluded, is death to the chances of arthouse and independent movies.

Away from the glamor event that is Wimbledon, which starts Monday, the same concerns can be applied to the future of the two professional tennis tours, run by the WTA (women) and the ATP (men). This week's Eastbourne tournament - this year known as the AEGON International - began the week with seven of the world's top ten female players, plus the 2006 Wimbledon champion (Amelie Mauresmo) and the 2007 Wimbledon finalist (Marion Bartoli). By the semifinals, all of those but Bartoli were gone (and she retired, limping, from her semi against Virginie Razzano), and the survivors, while fine and accomplished players and diligent hard workers, are not the kinds of names whose exploits can be easily sold to editors. The national interest is in British players, who had all lost by the second round; the international interest is limited to Wimbledon contenders. You know it's a bad situation when journalists start going home before the quarterfinals.

To some extent, it's arguable that professional tennis writers are not as essential as they were. In 1989, say, if you wanted to follow the tour year-round you had to scour the sports pages for box scores and terse match write-ups. Today the Net is awash in tennis reporting: player sites, fan sites, official and unofficial blogs, Facebook pages and groups, Twitter, news wires, and official releases from the tours, the national federations, individual tournaments, and the overall governing body, the International Tennis Federation. It's a rare match whose report you can't find online within half an hour, and even if you don't sleep you probably couldn't read all of it.

In addition, the matches themselves are far more accessible than ever before: Europe has Eurosport; the US has The Tennis Channel. And if you can wait a day, more and more tennis matches are being posted online for download, legally or otherwise.

A couple of decades ago, the famed American sportscaster Howard Cosell wrote a book complaining that sports journalism was failing the public, that to cover sports properly journalists should have a working knowledge of economics, labor law, business, and medical science. You could see his point, especially over the last decade in baseball, where a bitter players' strike was followed by steroid scandals. Go back to the beginning of the Open Era of tennis, which began in 1968, and you'll find long-serving commentators like Richard Evans writing books about the considerable complexities of tennis politics. But that kind of coverage has largely shrunk: this week what you can sell a newspaper is either 1) local players or 2) Wimbledon contenders - that is, the stars. You hear many complaints among the tennis press about how little access they now have to the players, but they have even less access to the game's controllers.

Tennis is not alone in this: stars in every area from technology to movies would rather sequester themselves than answer too many unpleasant questions. And I can't always blame them. Explaining a bad loss to the media while the disappointment is still raw must be one of the most unpleasant moments for a player, almost up there with having your physique closely inspected and criticized. That sort of thing was something stars put up with when their industry was young and struggling to establish itself; the early pioneers of the women's tour did 5am talk radio, appeared in shopping malls - whatever it took.

We are not in those times any more. But as newspapers fail and lay off staff and reduce their expenditure on coverage of minority interests - which include tennis - both tours, and the movie industry, and many other industries that rely on sponsorship for fuel should be asking themselves how they're going to keep their public profile high enough to stay funded. The Slams - Wimbledon, the US Open, the Australian Open, and the French Open - will most likely survive (although the Australian has already announced the loss of several important sponsors). But creating the field of high-quality players for these events requires a healthy ecosystem of feed-up events that keep coaches, juniors, and amateurs engaged and involved. New media may sometime fill the gap, but not yet; no single outlet has a big enough megaphone. (And Wimbledon, apparently living in the past, does not accredit online-only writers.)

You may not feel that losing tennis as a spectacle would be much of a loss, and I'm sure you're right that the world would continue to turn. But the principle that the loss of traditional media disrupts many more industries than just its own applies to many more industries than just the one that will dominate the BBC for the coming fortnight.


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Readers are welcome to post here, follow on Twitter, or send email to netwars@skeptic.demon.co.uk.

January 23, 2009

Will tweet for food

So we were at a thing in London this week where practically everyone was a Twitter user. Not surprising, since Twitter use has gone up nearly 1000 percent in the UK in the last year. As you do, we rehearsed various dissatisfactions with the service and wishes for feature improvements. Among them: people wished they could actually pay for the service so they could get it to do more of the stuff they want. There's something very odd about a company that people are so devoted to that they actually spend recreational time in a pub debating its business model. People were in love with Google in its early days, too, yet I don't remember pub chats about it.

That 1000 percent still makes Twitter tiny in context: it lags way behind Facebook, YouTube, Bebo, MySpace, and even Yahoo! Answers, as weirdly chaotic as that list is. YouTube compared with Twitter? As that article points out, the ecology of third-party software built around Twitter and automated feeds from Twitter into other sites like Facebook mean that many people use the service without ever accessing its Web site or even necessarily knowing they're reading a Twitter feed.

The existence of the third-party ecology is both a good and a bad sign. Good that people find the blogging-for-the-mobile-phone-generation platform so useful that they are willing to put in the effort. Bad, in the sense that it makes clear how utterly unusable Twitter is on its own. I've had an account for nearly two years, but left it mostly dormant until someone recommended Tweetdeck.

The whole conversation started because I was trying to find a tactful way of asking one of those present whether she could divide her Twitter feed into two: one for the really interesting work type stuff she does, and the other for the..."crap?" she said helpfully.

"It would be great if you could filter the feed by putting on "stop" words," someone said. Yes, and "go" words, too, so you could select what kind of thing you wanted to get when. You don't need many Twits on your list for the tweet stream to become unmanageable. Others have had this same thought and there is in fact something that does it.

Filtering would be a great thing because it's the lack of it that is the reason I've never dared turn on the switch that has Twitter send updates to my mobile phone. In the UK now, however, that element of the service is turned off. All to do with money, which mobile network operators tend to insist on and Internet users don't like to spend, leaving service providers squeezed in the middle.

"I'd pay for that," said one of the group. "The service is that useful to me."

"So would I," said someone else.

"Can't we make ask them?"

"Lots of people have tried."

Twitter's business model has in fact been the subject of some speculation even outside of pubs, and even ideas how to turn it into a billion-dollar company. It has, apparently, enough money to go on with from its funding rounds.

No one's actually sure exactly what Twitter's business model is, but it seems clear that charging for SMS updates isn't it. The site has no advertising (not even on its blog or home pages), and even if it did that ecology of desktop clients would render it moot anyway. It also seems that making life easy for third-party developers isn't necessarily it either. Twitter so far seems to be following in the footsteps of the early Web: if they come in sufficient numbers and you keep control a business model will present itself.

It worked for Google, the last successful company that fed a lot of similar speculation in its early days. Another parallel: those stories were written about Google in 2001-2002, just after the dot-com bust, when it was fashionable among Old Media to opine that New Media would never be able to grow up, move out, and make a living. Now, in this much worse economic crash, how will Twitter ever be able to leave home?

Some things clearly won't work. No matter how small, there is probably no number of ads that wouldn't send users fleeing to a Twitter competitor without them. Google locked in its users by being better than its competitors, by offering added services, and by acculturation: the more you learn about constructing good searches on Google the less you want to repeat the learning curve elsewhere. Social networks have proved in the long term to be more fungible: look at what happened to the well established discussion groups on early online services once everyone had access to the Internet.

More likely is the idea of marketing accounts, which is already happening anyway, built on the interests users indicate via their choices of whom to follow.

Our idea, which seemed logical in the pub: Twitter users start sending money to one of the company's email addresses using Paypal and force them to accept payment. Take control. Force a business model on them. Yeah!

It would be a great hack.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

January 16, 2009

Health watch

We'll have to wait some months to find out what Steve Jobs' health situation really is, just as investors will have to wait to find out how well Apple is prepared to handle his absence. But that doesn't stop rampant speculation about both things, or discussion about whether Jobs owes it to the public to disclose his health problems.

As an individual, of course not. We write - probably too often for some people's tastes - about privacy with respect to health matters. But Jobs isn't just a private individual, and he isn't an average CEO. Like Warren Buffett, who saw his company's share price decline noticeably some years back during a scare over his health, Jobs's presence as CEO is a noticeable percentage of Apple's share price. That means that shareholders - and therefore by extension the Securities and Exchange Commission - have some legitimate public interest in his state of health.

That doesn't mean that all the speculation going on is a good thing. If Jobs is smart, he doesn't read news stories about himself; in normal times no one needs their sense of self-importance inflated that much, and in a health crisis the last thing you need is to read dozens of people speculating that you're on the way out. The pruriently curious may like to know that there is some speculation that the weight loss is the result of the Whipple procedure Jobs reportedly had in 2004 to treat his islet cell neuroendocrine tumor (a less aggressive type of pancreatic cancer); or that it's a thyroid disorder. No one wants to just write a post that says simply, "I don't know."

It would not matter if Jobs and Apple did not so conspicuously embrace the cult of personality. The downside of having a celebrity CEO is that when that CEO is put out of action the company struggles to keep its market credibility. The more the CEO takes credit - and Jobs is indelibly associated with each of Apple's current products - the less confidence people have in the company he runs.

To a large extent, it's absurd. No one - not even Jobs - can run a tech company the size of Apple by himself. Jobs may insist on signing off on every design detail, but let's face it, he's not the one working evenings and weekends to write the software code and run bug testing and run a final polishing cloth over the shinies before they hit the stores. Apple definitely lost his way during the period he wasn't at the helm - that much is history. But Jobs helped recruit John Sculley, the CEO who ran Apple during those lost years. And Jobs's next company, NeXT, was a glossy, well-designed, technically sophisticated market failure whose biggest success came when Apple bought it (and Jobs) and incorporated some of the company's technology into its products. Jobs had far more success with Pixar, now part of Disney; but accounts of the company's early history suggest was the company's founders who did the heavy lifting.

Unfortunately, if you're a public company you don't get to create public confidence by pointing out the obvious: that even with Jobs out of action there's a lot of company left for the managers he picked to run in the direction's he's chosen. Apple, whose relations with the press seem to be a dictionary definition of "arrogant", has apparently never cared to create a public image for itself that suggests it's a strong company with or without Jobs.

Compare and contrast to Buffett, who has been a rock star CEO for far longer than Jobs has. Buffett is 78, and Berkshire Hathaway's success is universally associated almost solely with him; yet every year he reminds shareholders that he has three or four candidates to succeed him who are chosen and primed and known to his board of directors. His annual shareholder's letters, too, are filled with praise for the managers and directors of the many subsidiaries Berkshire owns. Based on all that, it is clear that Buffett has an eye to ensuring that his company will retain its value and culture with or without him. That so many Berkshire Hathaway millionaires are his personal friends and neighbors, who staked money in the company decades ago at some personal risk, may have something to do with it.

Apple has not done anything like the same, which may have something to do with the personality of its CEO. Jobs's health troubles of 2004 should have been a wakeup call; if Buffett can understand that his age is a concern for shareholders, why can't Jobs understand that his health is, too? If he doesn't want people prying into his medical condition, that's understandable. But then the answer is to loosen his public identification with the company. As long as the perception is that Jobs is Apple and Apple is Jobs, the company's fortunes and share price will be inextricably linked to the fragility of his aging human body. Show that the company has a plan for succession, give its managers and product developers public credit, and identify others with its most visible products, and Jobs can go back to having some semblance of a private medical record.


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

September 12, 2008

Slow news

It took a confluence of several different factors for a six-year-old news story to knock 75 percent off the price of United Airlines shares in under an hour earlier this week. The story said that United Airlines was filing for bankruptcy, and of course was true - in 2002. Several media owners are still squabbling about whose fault it was. Trading was halted after that first hour by the systems put in place after the 1987 crash, but even so the company's shares closed 10 percent down on the day. Long-term it shouldn't matter in this case, but given a little more organization and professionalism that sort of drop provides plenty of opportunities for securities fraud.

The factor the companies involved can't sue: human psychology. Any time you encounter a story online you make a quick assessment of its credibility by considering: 1) the source; 2) its likelihood; 3) how many other outlets are saying the same thing. The paranormal investigator and magician James Randi likes to sum this up by saying that if you claimed you had a horse in your back yard he might want a neighbor's confirmation for proof, but if you said you had a unicorn in your back yard he'd also want video footage, samples of the horn, close-up photographs, and so on. The more extraordinary the claim, the more extraordinary the necessary proof. The converse is also true: the less extraordinary the claim and the better the source, the more likely we are to take the story on faith and not bother to check.

Like a lot of other people, I saw the United story on Google News on Monday. There's nothing particularly shocking these days about an airline filing for bankruptcy protection, so the reaction was limited to "What? Again? I thought they were doing better now" and a glance underneath the headline to check the source. Bloomberg. Must be true. Back to reading about the final in prospect between Andy Murray and Roger Federer at the US Open.

That was a perfectly fine approach in the days when all content was screened by humans and media were slow to publish. Even then there were mistakes, like the famous 1993 incident when a shift worker at Sky News saw an internal rehearsal for the Queen Mother's death on a monitor and mentioned it on the phone to his mother in Australia, who in turn passed it on to the media, which took it up and ran with it.

But now in the time that thought process takes daytraders have clicked in and out of positions and automated media systems have begun republishing the story. It was the interaction of several independently owned automated systems made what ought to have been a small mistake into one that hit a real company's real financial standing - with that effect, too, compounded by automated systems. Logically, we should expect to see many more such incidents, because all over the Web 2.0 we are building systems that talk to each other without human intervention or oversight.

A lot of the Net's display choices are based on automated popularity contests: on-the-fly generated lists of the current top ten most viewed stories, Amazon book rankings, Google's page rank algorithm that bumps to the top sites with the most inbound links for a given set of search terms. That's no different from other media: Jacqueline Kennedy and Princess Diana were beloved of magazine covers for the most obvious sale-boosting reasons. What's different is that on the Net these measurements are made and acted upon instantaneously, and sometimes from very small samples, which is why in a very slow news hour on a small site a single click on a 2002 story seems to have bumped it up to the top, where Google spotted it and automatically inserted it into its feed.

The big issue, really - leaving aside the squabble between the Tribune and Google over whether Google should have been crawling its site at all - is the lack of reliable dates. It's always a wonder to me how many Web sites fail to anchor their information in time: the date a story is posted or a page is last updated should always be present. (I long, in fact, for a browser feature that would display at the top of a page the last date a page's main content was modified.)

Because there's another phenomenon that's insufficiently remarked upon: on the Internet, nothing ever fully dies. Every hour someone discovers an old piece of information for the first time and thinks it's new. Most of the time, it doesn't matter: Dave Barry's exploding whale is hilariously entertaining no matter how many times you've read it or seen the TV clip. But Web 2.0 will make new money for endless recycling part of our infrastructure rather than a rare occurrence.

In 1998 I wrote that crude hacker defacement of Web sites was nothing to worry about compared to the prospect of the subtle poisoning of the world's information supply that might become possible as hackers became more sophisticated. This danger is still with us, and the only remedy is to do what journalists used to be paid to do: check your facts. Twice. How do we automate that?


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

August 1, 2008

All paid up

"His checks keep bouncing because his signature varies," says a CIA operative (Sam Waterston) admiringly of the movie's retired spy hero Miles Kendig (Walter Matthau) in the 1980 movie Hopscotch. "He's a class act."

These days, Kendig would be using credit cards. And he'd be having the same problem: the part of his signature would be played by his usage patterns as seen by the credit card company's computers.

This would be doubly true if he used Amazon's Marketplace sellers. It seems - or so Barclaycard tells me every time they block my card - that putting through several purchases through Amazon Marketplace and then, a few days later, buying something larger like a plane ticket or a digital recorder exactly fits one of the fraud patterns their computers are programmed to look for.

Buy a dozen items in a day on eBay (go on, I dare you), and your statement will show a dozen transactions - but they'll all be from Paypal. Buy a dozen items in a single shopping basket on Amazon, and you'll get a dozen transactions all from different unknown sellers. To the computer what seems to you to be a single Amazon purchase looks exactly like someone testing the card with a dozen small transactions to see if it's a) live and b) possessed of available credit. Then, y'see, when the card has passed the test, the fraudster goes for the big one - that airplane ticket or digital recorder.

It's not clear to me why Barclaycard's computer doesn't recognize this pattern as typical after the first outing or two. (I fly one route, but my Barclaycard will not buy me a plane ticket.) Nor is it clear to me why it doesn't occur to the Barclaycard computer that as frauds go buying a digital recorder or a plane ticket for delivery to the cardholder's name and address ranks as fairly incompetent. Why doesn't it check that point before causing trouble?

You might ask a similar question of one of my US cards, which trips the fraud meter any time it's used outside the US. Even though they know I live in...London.

This week Amazon announced that it's offering its payment system, including One-Click, to third party sellers as one of its Web services offerings.

Much of the early press coverage of Amazon's decision seems to be characterizing Amazon Checkout, along with Google Checkout, as a competitor to Paypal. In fact, things are more complicated than that. Paypal, before it was bought by eBay, was one of the oldest businesses on the Net. Its roots, which still show every time you go through the intricate procedure of opting to use a credit card instead of a bank transfer, are in making it possible for anyone to send cash to anyone with an email address. Its first competitor was Western Union; its long tail business opportunity was online sellers who couldn't get credit card authorizations because they were too small. For eBay, buying Paypal meant being able to integrate payments into its ecology with some additional control over fraud while making extra money off each transaction.

Paypal is being adopted as an alternative payment method by all sorts of third parties, and as much of a pain as Paypal is (it can't cope with multinational people and you cannot opt out of giving it a bank account to verify) this is useful for consumers. Its security is generally well regarded by both banks and credit card companies and surely it's better to store financial details with one known company than with dozens of less familiar ones you may only trade with once. Given the choice, I'd far rather that single account were with the much-pleasanter-to-use Amazon. It's clear, though, that if you're offering a platform for others to build businesses on, as Amazon is, payment services are an obvious tool you want to include. Most likely, just as many stores now display multiple credit and debit card logos, many Web sellers will offer users a choice among multiple payment aggregators. Who wants to call the whole thing off because you say Google and I say Paypal?

Unfortunately, none of this solves my actual problem, those damn fraud-detecting algorithms. If Amazon actually aggregated payments into a single transaction - which is actually what you imagine it's doing the first time you buy from Marketplace - and spit the money back out to the intended destinations, there'd be no problem. For you: for Amazon, of course, it would raise a host of questions about whether it's a financial service, and how much responsibility it should assume for fraud. Those are, of course, very much the reasons why Paypal is so unpleasant - and yet also why it offers eBay buyers insurance.

What is clear is that this is yet another step that brings Amazon and eBay into closer competiton with each other: they are increasingly alike. Amazon's recent quarterly statement notes that about 30 percent of its revenues come from Marketplace sellers - and that the profitability of a sale is roughly the same whether it's direct or indirect. On eBay 42 percent of items now are straightforward sales, not auctions, and the changes it's made that favor its biggest sellers are making it more Wal-Mart than flea market.


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

May 2, 2008

Bet and sue

Most net.wars are not new. Today's debates about free speech and censorship, copyright and control, nationality and disappearing borders were all presaged by the same discussions in the 1980s even as the Internet protocols were being invented. The rare exception: online gambling. Certainly, there were debates about whether states should regulate gambling, but a quick Usenet search does not seem to throw up any discussions about the impact the Internet was going to have on this particular pastime. Just sex, drugs, and rock 'n' roll.

The story started in March, when the French Tennis Federation (FFT - Fédération Française de Tennis) filed suit in Belgium against Betfair, Bwin, and Ladbrokes to prevent them from accepting bets on matches played at the upcoming French Open tennis championships, which start on May 25. The FFT's arguments are rather peculiar: that online betting stains the French Open's reputation; that only the FFT has the right to exploit the French Open; that the online betting companies are parasites using the French Open to make money; and that online betting corrupts the sport. Bwin countersued for slander.

On Tuesday of this week, the Liège court ruled comprehensively against the FFT and awarded the betting companies costs.

The FFT will still, of course, control the things it can: fans will be banned from using laptops and mobile phones in the stands. The convergence of wireless telephony, smart phones, and online sites means that in the second or two between the end of a point and the electronic scoreboard updating, there's a tiny window in which people could bet on a sure thing. Why this slightly improbable scenario concerns the FFT isn't clear; that's a problem for the betting companies. What should concern the FFT is ensuring a lack of corruption within the sport. That means the players and their entourages.

The latter issue has been a touchy subject in the tennis world ever since last August, when Russian player Nikolay Davydenko, currently fourth in the world rankings, retired in the third and final set of a match in Poland against 87th ranked Marin Vassallo Arguello, citing a foot injury. Davydenko was accused of match-fixing; the investigation still drags on. In the resulting publicity, several other players admitted being approached to fix matches. As part of subsequent rule-tightening by the Association of Tennis Professionals, the governing body of men's professional tennis, three Italian players were suspended briefly late last year for betting on other players' matches.

Probably the most surprising thing is that tennis, along with soccer and horse racing, is actually among the most popular sports for betting. A minority sport like tennis? Yet according to USA Today, the 2007 Paris Masters event saw $750 million to $1.5 billion in bets. I can only assume that the inverted pyramid of matches every week involving individual players fits well with what bettors like to do.

Fixing matches seems even more unlikely. The best payouts come from correctly picking upsets, the bigger the better. But top players are highly unlikely to throw matches to order. Most of them play a relatively modest number of events (Davydenko is admittedly the exception) and need all the match wins and points from those events to sustain their rankings. Plus, they're just too damn rich.

In 2007, Roger Federer, the ultra-dominant number one player since the end of 2003, earned upwards of $10 million in prize money alone; Davydenko picked up over $2 million (and has already won another $1 million in 2008). All of the top 12 earned over $1 million. Add in endorsements, and even after you subtract agents' fees, tax, and travel costs for self and entourage, you're still looking at wealthy guys. They might tank matches at events where they're being paid appearance fees (which are legal on the men's tour at all but the top 14 events, but proving they've done so is exceptionally difficult. Fixing matches, which could cost them in lost endorsements on top of the tour's own sanctions, surely can't be worth it.

There are several ironies about the FFT's action. First of all (something most of the journalists covering this story don't mention, probably because they don't spend a lot of time watching tennis on TV), Bwin has been an important advertiser sponsoring tennis on Eurosport. It's absolutely typical of the counter-productive and intricately incestuous politics that characterize the tennis world that one part of the sport would sue someone who pays money into another part of the sport.

Second of all, as Betfair and Bwin pointed out, all three of these companies are highly regulated European licensed operations. Ruling them out of action would mean shift online betting to less well regulated offshore companies. They also pointed out the absurdity of the parasites claim: how could they accept bets on an event without using its name? Betfair in particular documented its careful agreements with tennis's many governing bodies.

Third of all, the only reason match-fixing is an issue in the tennis world right now is that Betfair spotted some unusual betting patterns during that Polish Davydenko match, cancelled all the bets, and went public with the news. Without that, Davydenko would have avoided the fight over his family's phone records. Come to think of it, making the issue public probably explains the FFT's behavior: it's revenge.


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

March 28, 2008

Leaving Las Vegas

Las Vegas shouldn't exist. Who drops a sprawling display of electric lights with huge fountains and luxury hotels that into the best desert scenery on the planet during an energy crisis? Indoors, it's Britain in mid-winter; outdoors you're standing in a giant exhaust fan. The out-of-proportion scale means that everything is four times as far away as you think, including the jackpot you're not going to win at one of its casinos. It's a great place to visit if you enjoy wallowing in self-righteous disapproval.

This all makes it the stuff of song, story, and legend and explains why Jeff Jonas's presentation at etech was packed.

The way Jonas tells it in his blog and at his presentation, he got into the gaming industry by driving through Las Vegas in 1989 idly wondering what was going on behind the scenes at the casinos. A year later he got the tiny beginnings of an answer when he picked up a used couch he'd found in the newspaper classified ads (boy, that dates it, doesn't it?) and found that its former owner played blackjack "for a living". Jonas began consulting to the gaming industry in 1991, helping to open Treasure Island, Bellagio, and Wynn.

"Possibly half the casinos in the world use technology we created," he said at etech.

Gaming revenues are now less than half of total revenues, he said, and despite the apparent financial win they might represent problem gamblers are in fact bad for business. The goal is for people to have fun. And because of that, he said, a place like the Bellagio is "optimized for consumer experience over interference. They don't want to spend money on surveillance."

Jonas began with a slide listing some common ideas about how Las Vegas works, culled from movies like Ocean's 11 and the TV show Las Vegas. Does the Bellagio have a vault? (No.) Do casinos perform background checks on guests based on public records? (No.) Is there a gaming industry watch list you can put yourself on but not take yourself off? (Yes, for people who know they have a gambling addiction.) Do casinos deliberately hire ex-felons? (Yes, to rehabilitate them.) Do they really send private jets for high rollers? (Cue story.)

There was, he said, a casino high roller who had won some $18 million. A win like that is going to show up in a casino's quarterly earnings. So, yes, they sent a private jet to his town and parked a limo in front of his house for the weekend. If you've got the bug, we're here for you, that kind of thing. He took the bait, and lost $22 million.

Do they help you create cover stories? (Yes.) "What happens in Vegas stays in Vegas" is an important part of ensuring that people can have fun that does not come back to bite them when they go home. The casinos' problem is with identity, not disguises, because they are required by anti-money laundering rules to report it any time someone crosses the $10,000 threshold for cash transactions. So if you play at several different tables, then go upstairs and change disguises, and come back and play some more, they have to be able to track you through all that. ID, therefore, is extremely important. Disguises are welcome; fake ID is not.

Do they use facial recognition to monitor the doors to spot cheaters on arrival? (Well...)

Of course technology-that-is-indistinguishable-from-magic-because-it-actually-is-magic appears on every crime-solving TV show these days. You know, the stuff where Our Heroes start with a fuzzy CCTV image and they punch in on a tiny piece of it and blow it up. And then someone says, "Can you enhance that?" and someone else says, "Oh, yes, we have new software," and a second later a line goes down the picture filling in detail. And a second after that you can read the brand on the face of a wrist watch (Numb3rs or the manufacturer's coding on a couple of pills (Las Vegas. Or they have a perfect matching system that can take a partial fingerprint lifted off a strand of hair or something and bang! the database can find not only the person's identity but their current home address and phone number (Bones). And who can ever forget the first episode of 24, when Jack Bauer, alarmed at the disappearance of his daughter, tosses his phone number to an underling and barks, "Find me all the Internet passwords associated with this phone number."

And yet...a surprising number of what ought to be the technically best-educated audience on the planet thought facial recognition was in operation to catch cheaters. Folks, it doesn't work in airports, either.

Which is the most interesting thing Jonas said: he now works for IBM (which bought his company) on privacy and civil liberties issues, including work on software to help the US government spot terrorists without invading privacy. It's an interesting concept, partly because security at airports and other locations is now so invasive. But also because if Las Vegas can find a way to deploy surveillance such that only the egregious problems are caught and everyone else just has a good time...why can't governments?

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

March 7, 2008

Techitics

This year, 2008, may go down in history as the year geeks got politics. At etech this week I caught a few disparaging references to hippies' efforts to change politics. Which, you know, seemed kind of unfair, for two reasons. First: the 1960s generation did change an awful lot of things, though not nearly as many as they hoped. Second: a lot of those hippies are geeks now.

But still. Give a geek something that's broken and he'll itch to fix it. And one thing leads to another. Which is why on Wednesday night Lawrence Lessig explained in an hour-long keynote that got a standing ovation how he plans to fix what's wrong with Congress.

No, he's not going to run. Some 4,500 people on Facebook were trying to push him into it, and he thought about it, but preliminary research showed that his chances of beating popular Silicon Valley favorite, Jackie Speier, were approximately zero.

"I wasn't afraid of losing," he said, noting ruefully that in ten years of copyfighting he's gotten good at it. Instead, the problem was that Silicon Valley insiders would have known that no one was going to beat Jackie Speier. But outsiders would have pointed, laughed, and said, "See? The idea of Congressional reform has no legs." And on to business as usual. So, he said, counterproductive to run.

Instead, he's launching Change Congress. "Obama has taught us that it's possible to imagine many people contributing to real change."

The point, he said, will be to provide a "signalling function". Like Creative Commongs, Change Congress will give candidates an easy way to show what level of reform they're willing to commit tto. The system will start with three options: 1) refusing money from lobbyists and political action committees (private funding groups); 2) ban earmarks (money allocated to special projects in politicians' home states); 3) commit to public financing for campaigns. Candidates can then display the badge generated from those choices on their campaign materials.

From there, said Lessig, layer something like Emily's List on top, to help people identify candidates they're willing to suppot with monthly donations, thereby subsidizing reform.

Money, he admitted, isn't the entire problem. But, like drinking for an alcoholic, it's the first problem you must solve to be able to tackle any of the others with any hope of success.

In a related but not entirely similar vein, the guys who brought us They Work For You nearly four years ago are back with UN democracy, an attempt to provide a signalling function to the United Nations> by making it easy to find out how your national representatives are voting in UN meetings. The driving force behind UNdemocracy.com is Liverpool's Julian Todd, who took the UN's URL obscurantism as a personal challenge. Since he doesn't fly, presenting the new service were Tom Loosemore, Stefan Mogdalinski, and Danny O'Brien, who pointed out that when you start looking at the decisions and debates you start to see strange patterns: what do the US and Israel have in common with Palau and Micronesia?

The US Congress and the British Parliament are all, they said, now well accustomed to being televised, and their behaviour has adapted to the cameras. At the UN, "They don't think they're being watched at all, so you see horse trading in a fairly raw form."

The meta-version they believe can be usefully and widely applied: 1) identify broken civic institution; 2) liberate data from said institution. There were three more ingredients, but they vanished the slide too quickly. But Mogdalinski noted that where in the past they have said "Ask forgiveness, not permission", alluding to the fact that most institutions if approached will behave as though they own the data. He's less inclined to apologise now. After all, isn't it *our* data that's being released in the public interest?

Data isn't everything. But the Net community has come a long way since the early days, when the prevailing attitude was that technological superiority would wash away politics-as-usual by simply making an end run around any laws governments tried to pass. Yes, technology can change the equation a whole lot. For example, once PGP escaped laws limiting the availability of strong encryption were pretty much doomed to fail (though not without a lot of back-and-forth before it became official). Similarly, in the copyright wars it's clear that copyrighted material will continue to leak out no matter how hard they try to protect it.

But those are pretty limited bits of politics. Technology can't make such an easy end run around laws that keep shrinking the public domain. Nor can it by itself solve policies that deny the reality of global climate change or that, in one of Lessig's examples, back government recommendations off from a daily caloric intake of 10 percent sugar to one of 25 percent. Or that, in another of his examples, kept then Vice-President Al Gore from succeeding with a seventh part to the 1996 Communications Act deregulating ADSL and cable because without anything to regulate what would Congressmen do without the funds those lobbyists were sending their way? Hence, the new approach.

"Technology," Lessig said, "doesn't solve any problems. But it is the only tool we have to leverage power to effect change."

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

February 29, 2008

Phormal ware

In the last ten days or so a stormlet has broken out about the announcement that BT, Carphone Warehouse, and TalkTalk, who jointly cover about 70 percent of British Internet subscribers, have signed up for a new advertising service. The supplier, Phorm (previously, 121Media), has developed Open Internet Exchange (OIX), a platform to serve up "relevant" ads to ISPs' customers. Ad agencies and Web sites also sign up to the service which, according to Phorm's FAQ, can serve up ads to any Web site "in the regular places the website shows ads". Partners include most British national newspapers, iVillage, and MGM OMD.

A brief chat with BT revealed that the service, known to consumers as Webwise, will apply only to BT's retail customers, not its wholesale division. Consumers will be able to opt out, and BT is planning an educational exercise to explain the service.

Obviously all concerned hope Webwise will be acceptable to consumers, but to make it a little more palatable, not signing out of it gets you warnings if you land on suspected phishing sites. I don't think improved security should, ethically, be tied to a person's ad-friendliness, but this is the world we live in.

"We've done extensive research with our customer base," says BT's spokesman, "and it's very clear that when customers know what is happening they're overwhelmingly in favor of it, particularly in terms of added security."

But the Net folk are suspicious folk, and words like "spyware" and "adware" are circling, partly because Phorm's precursor, 121Media, was blocked by Symantec and F-Secure as spyware. Plus, The Register discovered that BT had been sharing data with Phorm as long ag as last summer, and, apparently, lying about it.

Phorm's PR did not reply to a request for an interview, but a spokeswoman contacted briefly last week defended the company. "We are absolutely not and in no way an adware product at all."

The overlooked aspect: Phorm called in Privacy International's new commercial arm, 80/20, to examine its system.

PI's executive director, Simon Davies, one of the examiners, says, "Phorm has done its very best to eliminate and minimise the use of personal information and build privacy into the core of the technology. In that sense, it's a privacy-friendly technology, but that does not get us away from the intrusion aspect." In general, the principle is that ads shouldn't be served on an opt-out basis; users should have to opt in to receive them.

Tailoring advertising to the clickstream of user interests is of course endemic online now; it's how Google does AdSense, and it's why that company bought DoubleClick, which more or less invented the business of building up user profiles to create personalized ads. Phorm's service, however, does not build user profiles.

A cookie with a unique ID is stored on the user's system - but does not associate that ID with an individual or the computer it's stored on. Say you're browsing car sites like Ford and Nissan. The ISP does not give Phorm personally identifiable information like IP addresses, but does share the information that the computer this cookie is on is looking at car sites right now. OIX serves up car ads. The service ignores niche sites, secure sites (HTTPS), and low-traffic sites. Firewalling between Phorm and the ISP means that the ISP doesn't know and can't deduce the information that the OIX platform knows about what ads are being served. Nothing is stored to create a profile. Phorm instead offers advertisers instead is the knowledge that they are serving ads that reflect users' interests in real time.

The difference to Davies is that Google, which came last in Privacy International's privacy rankings, stores search histories and browsing data and ties them to personal identifiers, primarily login IDs and IP addresses. (Next month, the Article 29 Group will report its opinion as to whether IP addresses are personal information, so we will know better then which way the cookie crumbles.)

"The potential to develop a profile covertly is extremely limited, if not eliminated," says Davies.

Phorm itself says, "We really think what our stuff does dispells the myth that in order to provide relevance you have to store data."

I hate advertising as much as the next six people. But most ISPs are operating on razor-thin margins if they make money at all, and they're looking at continuously increasing demand for bandwidth. That demand can only get worse as consumers flock to the iPlayer and other sources of streaming video. The pressure on pricing is steadily downward with people like TalkTalk and O2 offering free or extremely cheap broadband as an add-on to mobile phone accounts. Meanwhile, the advertising revenues go to everyone but them. Is it surprising that they'd leap at this? Analysts estimate that BT will pick up £85 million in the first year. Nice if you can get it.

We all want low-cost broadband and free content. None of us wants ads. How exactly do we propose all this free stuff is going to be paid for?

As for Phorm, it's going to take a lot to make some users trust them. I'd say, though, that the jury is still out. Sometimes people do learn from past mistakes.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

February 1, 2008

Microhoo!

Large numbers are always fun, and $44.6 billion is a particularly large number. That's how much Microsoft has offered to pay, half cash, half stock, for Yahoo!

Before we get too impressed, we should remember two things: first, half of it is stock, which isn't an immediate drain on Microsoft's resources. Second, of course, is that money doesn't mean the same thing to Microsoft as it does to everyone else. As of last night, Microsoft had $19.09 billion in a nice cash heap, with more coming in all the time. (We digress to fantasise that somewhere inside Microsoft there's a heavily guarded room where the cash is kept, and where Microsoft employees who've done something particularly clever are allowed to roll naked as a reward.)

Even so, the bid is, shall we say, generous. As of last night, Yahoo!'s market cap was $25.63 billion. Yahoo!'s stock has dropped more than 32 percent in the last year, way outpacing the drop of the broader market. When issued, Microsoft's bid of $31 a share represented a 62 percent premium. That generosity tells us two things. First, since the bid was, in the polite market term, "unsolicited", that Microsoft thought it needed to pay that much to get Yahoo!'s board and biggest shareholders to agree. Second, that Microsoft is serious: it really wants Yahoo! and it doesn't want to have to fight off other contenders.

In some cases – most notably Google's acquisition of YouTube – you get the sense that the acquisition is as much about keeping the acquired company out of the hands of competitors as it is about actually wanting to own that company. If Google wanted a slice of whatever advertising market eventually develops around online video clips, it had to have YouTube. Google Video was too little, too late, and if anyone else had bought YouTube Google would never have been able to catch up.

There's an element of that here, in that MSN seems to have no immediate prospect of catching up with Google in the online advertising market. Last May, when a Microsoft-Yahoo! merger was first mooted, CNN noted that even combined MSN and Yahoo! would trail Google in the search market by a noticeable margin. Google has more than 55 percent of the search market; Yahoo! trails distantly with 17 percent and MSN is even further behind with 13 percent. Better, you can hear Microsoft thinking, to trail with 30 percent of the market than 13 percent; unlike most proposals to merge the numbers two and three players in a market, this merger would create a real competitor to the number one player.

In addition, despite the fact that Yahoo!'s profits dropped by 4.6 percent in the last quarter (year on year), its revenues grew in the same period by 11.8 percent. If Microsoft thought about it like a retail investor (or Warren Buffett), it would note two things: the drop in Yahoo!'s share prices make it a much more attractive buy than it was last May; and Yahoo!'s steady stream of revenues makes a nice return on Microsoft's investment all by itself. One analyst on CNBC estimated that return at 5 percent annually – not bad given today's interest rates.

Back in 2000, at the height of the bubble, when AOL merged with Time-Warner (a marriage both have lived to regret), I did a bit of fantasy matchmaking that regrettably has vanished off the Telegraph's site, pairing dot-coms and old-world companies for mergers. In that round, Amazon.com got Wal-Mart (or, more realistically, K-Mart), E*Trade passed up Dow-Jones, publisher of the Wall Street Journal (and may I just say how preferable that would have been to Rupert Murdoch's having bought it) in favor of greater irony with the lottery operator G-Tech, Microsoft got Disney (to split up the ducks), and Yahoo! was sent off to buy Rupert Murdoch's News International.

Google wasn't in the list; at the time, it was still a privately held geeks' favorite, out of the mainstream. (And, of course, some companies that were in the list – notably eToys and QXL – don't exist any more.) The piece shows off rather clearly, however, the idea of the time, which was that online companies could use their ridiculously inflated stock valuations to score themselves real businesses and real revenues. That was before Google showed the way to crack online advertising and turn visitor numbers into revenues.

It's often said that the hardest thing for a new technology company is to develop a second product. Microsoft is one of the few who succeeded in that. But the history of personal computing is still extremely short, and history may come to look at DOS, Windows, and Office as all one product: commercial software. Microsoft has seen off its commercial competitors, but open-source is a genuine threat to drive the price of commodity software to zero, much like the revenues from long distance telephone calls. Looked at that way, there is no doubt that Microsoft's long-term survival as a major player depends on finding a new approach. It has kept pitching for the right online approach: information service, portal, player/DRM, now search/advertising. And now we get to find out whether Google, like very few companies before it, really can compete with Microsoft. Game on.


Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).