" /> net.wars: June 2006 Archives

« May 2006 | Main | July 2006 »

June 30, 2006

Technical enough for government work

Wednesday night was a rare moment of irrelevant glamor in my life, when I played on the Guardian team in a quiz challenge grudge match.

In March, Richard Sarson (intriguingly absent, by the way) accused MPs of not knowing which end was up, technically speaking, and BT funded a test. All good fun.

But Sarson had a serious point: MPs are spending billions and trillions of public funds without the technical knowledge to them. His particular focus was the ID card, which net.wars has written about so often. Who benefits from these very large IT contracts besides, of course, the suppliers and contractors? It must come down to Yes, Minister again: commissioning a huge, new IT system gives the Civil Service a lot of new budget and bureaucracy to play with, especially if the ministers don't understand the new system. Expanded budgets are expanded power, we know this, and if the system doesn't work right the first time you need an even bigger budget to fix them with.

And at that point, the issue collided in my mind with this week's other effort, a discussion of Vernor Vinge's ideas of where our computer-ridden world might be going. Because the strangest thing about the world Vernor Vinge proposes in his new book, Rainbows End, is that all the technology pretty much works as long as no one interferes with it. For example: this is a world filled with localizer sensors and wearable computing; it's almost impossible to get out of view of a network node. People decide to go somewhere and snap! a car rolls up and pops open its doors.

I'm wondering if Vinge has ever tried to catch a cab when it was raining in Manhattan.

There are two keys to this world. First: it is awash in so many computer chips that IPv6 might not have enough addresses (yeah, yeah, I know, no electron left behind and all that). Second: each of these chips has a little blocked off area called the Secure Hardware Environment (SHE), which is reserved for government regulation. SHE enables all sorts of things: detailed surveillance, audit trails, the blocking of undesirable behavior. One of my favorite of Vinge's ideas about this is that the whole system inverts Lawrence Lessig's idea of code is law into "law is code". When you make new law, instead of having to wait five or ten years until all the computers have been replaced so they conform to the new law, you can just install the new laws as a flash regulatory update. Kind of like Microsoft does now with Windows Genuine Advantage. Or like what I call "idiot stamps" – today's denominationless stamps, intended for people who can never remember how much postage is.

There are a lot of reasons why we don't want this future, despite the convenience of all those magically arriving cars, and despite the fact that Vinge himself says he thinks frictional costs will mean that SHE doesn't work very well. "But it will be attempted, both by the state and by civil special interest petitioners." For example, he said, take the reaction of a representative he met from a British writers' group who thought it was a nightmare scenario – but loved the bit where microroyalties were automatically and immediately transmitted up the chain. "If we could get that, but not the monstrous rest of it…"

For another, "You really need a significant number of people who are willing to be Amish to the extent that they don't allow embedded microprocessors in their lifestyle." Because, "You're getting into a situation where that becomes a single failure point. If all the microprocessors in London went out, it's hard to imagine anything short of a nuclear attack that would be a deadlier disaster."

Still, one of the things that makes this future so plausible is that you don't have to posit the vast, centralized expenditure of these huge public IT projects. It relies instead on a series of developments coming together. There are examples all around us. Manufacturers and retailers are leaping gleefully onto RFID in everything. More and more desktop and laptop computers are beginning to include the Trusted Computing Module, which is intended to provide better security through blocking all unsigned programs from running but as a by-product could also allow the widescale, hardware-level deployment of DRM. The business of keeping software updated has become so complex that most people are greatly relieved to be able to make it automatic. People and municipalities all over the place are installing wireless Internet for their own use and sharing it. To make Vinge's world, you wait until people have voluntarily bought or installed much of the necessary infrastructure and then do a Project Lite to hook it up to the functions you want.

What governments would love about the automatic regulatory upgrade is the same thing that the Post Office loves about idiot stamps: you can change the laws (or prices) without anyone's really being aware of what you're doing. And there, maybe, finally, is some real value for those huge, failed IT projects: no one in power can pretend they aren't there. Just, you know, God help us if they ever start being successful.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

June 23, 2006

Suvival of the piratest

What with one thing and another, we didn't get around to documenting the brief vanishment, a few weeks ago, of The Pirate Bay, one of the leading torrent index sites. Based in Sweden, The Pirate Bay has a kind of McMurphy thing going, in that it seems to keep surviving while the other sites around it are chewed up by the system (we note that the eDonkey site Sharereactor's trial begins today..

So the other week when it went down, everyone kind of held their breath. Probably not least the fine people (and sometime employers) at Wired News, who had just a little while previously run a piece about The Pirate Bay's in-the-MPAA's-face resilience. Is the curse of Wired News death by legal action? The Pirate Bay itself ran a page on its site saying it would be back in a couple of days, but you hardly knew whether to believe that – it's what they all say in their first flush of defiance. (The five stages of P2P site closure: denial, defiance, settlement, redirection, and someone else starting up somewhere else.) But sure enough, a couple of days later, back it was. At this point, you'd never know it was gone except for the news stories.

The Pirate Bay has another unusual characteristic: it's loosely associated with a political party whose platform is to change the copyright laws to make sure that file-sharing is and remains legal in its home country. We could use more of this. I'm sure if you asked around the Net you'd find a grand consensus that file-sharing should be legal. I'm sure you'd also find plenty of people prepared to make electron-splitting arguments about whether posting a torrent is a copyright violation (the torrent is not the copyrighted material, just a pointer to same), or whether an indexing site (pointers to the pointers) is a copyright violation, and so on into the reflections of the boy on a bottle holding a bottle with a picture of a boy on a bottle holding a bottle…

Sure, you can pile up the layers of abstraction. But in the end, although there is absolutely no question that file-sharing technology has significant non-infringing uses and should not be made illegal in and of itself, a site that has a search engine with a category for "TV shows" basically knows that some of the material it enables users to find is going to violate someone's copyright. On the other hand, this is the nature of search engines, and no one is proposing to take down Google for copyright violations (despite some complaints). The only way you could limit the material search engines found to material that is either authorized or public domain would be to wrap everything in metadata. Good luck getting the entire planet to agree with and then accurately use your system.

But here's the thing. The MPAA has been on the attack for probably a year now (and the RIAA has been at it for more like seven years), and what is the upshot? Some sites have vanished – Lokitorrent, Grokster, Napster 1.0, Suprnova. Some of the closed sites have reinvented themselves either as legal services (Napster 2.0) or as replacement sites doing exactly the same thing as the old one. But the bottom line question the **AAs should be asking themselves is: have these actions made coyprighted material any less available through file-sharing or made file-sharing any less popular?

The answer is no.

The RIAA is apparently in denial about this.

But the answer is still no: over the last year file-sharing is up by 12.4 percent according to the P2P tracking firm Big Champagne (or ask any ISP).

More stuff comes online every day, and not only more stuff but more kinds of stuff. It's long been true that almost any broadcast show could be found online in a day or two. But six months ago you'd have been hard pressed to find a tennis match online. Maybe one or two. Now, if you miss a final or semifinal or it isn't broadcast near you, there's a reasonable chance you'll be able to download it in a day or two. And not just recent matches: people are beginning to post their favorite classic matches, too. And no, they're not all Kournikova.

Obscure movies you couldn't find a year ago are turning up (sometimes because between then and now they've been released on DVD). There are a few things that were listed on some of the more interesting edonkey sites that I can honestly say I haven't been able to find since those sites vanished a year or two ago. But those were almost entirely material that is not commercially available – such as 1960s American TV comedies – not material that you could perfectly well buy. So the only material they've succeeded in getting offline is stuff that the industry is either unable or unwilling to sell for profit. Some days, ya gotta love the logic of the War on Files.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

June 16, 2006

Security vs security, part II

It's funny. Half the time we hear that the security of the nation depends on the security of its networks. The other half the time we're being told by governments that if the networks are too secure the security of the nation is at risk.

This schizophrenia was on display this week in a ruling by the US Court of Appeals in the District of Columbia, which ruled in favor of the Federal Communications Commission: yes, the FCC can extend the Communications Assistance for Law Enforcement Act to VoIP providers. Oh, yeah, and other people providing broadband Internet access, like universities.

Simultaneously, a clutch of experts – to wit, Steve Bellovin (Columbia University), Matt Blaze (University of Pennsylvania), Ernest Brickell (Intel), Clinton Brooks (NSA, retired), Vinton Cerf (Google), Whifield Diffie (Sun), Susan Landau (Sun), Jon Peterson (NeuStar), and John Treichler (Applied Signal Technology) – released a paper explaining why requiring voice over IP to accommodate wiretapping is dangerous. Not all of these folks are familiar to me, but the ones who are could hardly be more distinguished, and it seems to me when experts on security, VOIP, Internet protocols, and cryptography all get together to tell you there's a problem, you (as in the FCC) should listen. Together, this week they released Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP (PDF), which carefully documents the problems.

First of all – and they of course aren't the only ones to have noticed this – the Internet is not your father's PSTN. On the public switched telephone network, you have fixed endpoints, you have centralized control, and you have a single, continuously open circuit. The whole point of VoIP is that you take advantage of packet switching to turn voice calls into streams of data that are more or less indistinguishable from all the other streams of data whose packets are flying alongside. Yes, many VoIP services give you phone numbers that sound the same as geographically fixed numbers – but the whole point is that neither caller nor receiver need to wait by the phone. The phone is where your laptop is. Or, possibly, where your secretary's laptop is. Or you're using Skype instead of Vonage because your contact also uses Skype.

Nonetheless, as the report notes, the apparent simplicity of VoIP, its design that makes it look as though it functions the same as old-style telephones, means that people wrongly conclude that anything you can do on the PSTN you should be able to do just as easily with VoIP.

But the real problems lie in security. There's no getting round the fact that when you make a hole in something you've made a hole through which stuff leaks out. And where in the PSTN world you had just a few huge service providers and a single wire you could follow along and place your wiretap wherever was most secure, in the VoIP world you have dozens of small providers, and an unpredictable selection of switching and routing equipment. You can't be sure any wiretap you insert will be physically controlled by the VoIP provider, which may be one of dozens of small operators. Your targets can create new identities at no cost faster than you can say "pre-pay mobile phone". You can't be sure the signals you intercept can be securely transported to Wiretap Central. The smart terminals we use have a better chance of detecting the wiretap – which is both good and bad, in terms of civil liberties. Under US law, you're supposed to tap only the communications pertaining to the court authorization; difficult to do because of the foregoing. And then, there's a hole, as the IETF observed in 2000, which could be exploited by someone else. Whom do you fear more will gain access to your communications: government, crook, hacker, credit reporting agency, boss, child, parent, or spouse? Fun, isn't it?

And then there's the money. American ISPs can look forward to the cost of CALEA with all the enthusiasm that European ISPs had for data retention. Here, the government helpfully provided its own data: a VoIP provider paid $100,000 to a contractor to develop its CALEA solution, plus a monthly fee of $14,000 to $15,000 and, on top of that, $2,000 for each intercept.

Two obvious consequences. First: VoIP will be primarily sold by companies overseas into the US because in general the first reason people buy VoIP is that it's cheap. Second: real-time communications will migrate to things that look a lot less like phone calls. The report mentions massively multi-player online role-playing games and instant messaging. Why shouldn't criminals adopt pink princess avatars and kill a few dragons while they plot?

It seems clear that all of this isn't any way to run a wiretap program, though even the report (two of whose authors, Landau and Diffie, have written a history of wiretapping) allows that governments have a legitimate need to wiretap, within limits. But the last paragraph sounds like a pretty good way to write a science fiction novel. In fact, something like the opening scenes of Vernor Vinge's new Rainbows End.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

June 9, 2006

So long, and thanks for all the pink wishes

I thought for a long time she was a man. No real-life woman, I thought, could possibly be so absurd, even as an ironic joke, as to refer to herself as The Pink Princess.

"Dahling," she posted in 1999 when I (accurately) stated my age as 45 on the newsgroup alt.showbiz.gossip, "I think counting *every* birthday is un-necessesarily greedy, and quite vulgar."

I figured she was as female as Dame Edna Everidge, but so what? It was Usenet as performance theater. So there was a Pink Princess who lived in a castle (Havencrest, in Savanna, Illinois) and claimed to give sumptuous dinner parties. Sure.

What did give me pause in the blithe assumption that she had to be fake was the pictures on her (pink, of course) Web page, which she had described to me as "about my RL". It featured her and her Prince in a series of pictures of quite excotic and lavish-looking interiors: here and here. Even assuming you could get a friend, actor, or husband to do a photo shoot, where would you get those interiors? Yes, all right, filmmakers dress sets all the time, but that seems like an awful lot of work just to make an impression on Usenet.

I see, searching through old email, that in 1999, around the time she published her book on etiquette, Millennial Manners, in fact I told her that I had always assumed she was male. The relaxed nature of her response was an important reason why I eventually decided she probably wasn't.

"I think that is rather common, especially considering the group, and its population," she replied by email. "My autobiography, published in 1984, has pictures of me from the age of three days, so, while it would have increased my ASG/ACF stock considerably, it would have been too easy for a troll to shatter that illusion. Amusingly, many think that LCM [a fellow poster and apparently a good friend of hers in real life] is a girl, I never let him forget that, teehee!" And she signed it, like all her messages, "Pink Wishes". I didn't have many emailed exchanges with her, but in one of the others I asked her about her "fantasy persona", noting that I didn't intend the characterization to be offensive.

"Oh, dahling, I don't find that offensive," she replied. "I mean how seriously can one take flying monkeys and a diet of Godiva and pink champagne?" She added the URLs above and a note, "Although my RL has a good bit of fantasy in it, too, teehee!" This was, I think, the message that made me believe she had to be, utterly counterintuitively, exactly who she said she was, with only a modest garnish of poetic license. Someone acting a part – say, Mae West – would have responded in character, avoiding displaying this consciousness behind it. A psycho would have protested angrily. Or so it seemed to me.

It was rare for me to have this kind of suspicion. Oprah, sometime in the late 1990s, did one of those mainstream-meets-the-terrible-Internet programs, in which she casually tossed off the remark that "90 percent of the time people online aren't what they seem". I remember reacting with some outrage: my experience was that 90 percent of the time people were exactly who they said they were, though sometimes who they said they were was…unusual. Larry Gelbart, the creator of MASH, hangs out on Usenet; so did one of the Frasier producers. The Pink Princess obviously didn't have their achievements; but her presence was no more or less improbable.

Anyone who knows me will tell you that there are few things more likely to annoy me than flamboyant, classic femininity. I hate pink. I loathe the attitude that says women do or should lie about their ages. (In fact, almost all the people I've known who lied about their ages have been men.) I can't stand frills, non-functional garments, make-up, hair care that takes more than five minutes, and overly ornate jewelry.

And yet her combination of malicious wit and kindness made it forgivable.

Google records that our first exchange on the newsgroup alt.showbiz.gossip was on October 6, 1997, around the time when Drudge was getting his Drudge Report going. But the first exchange I remember was asking why everyone said "l___", as if lesbian had become a swear word. She responded, by email, with a full explanation. She didn't berate that "l____" was explained in the group's Anti-FAQ. She was welcoming.

Her real name, I know now, was Adrianne Blue Wakefield-St George. The castle was real, the dinner parties were real, and the business she and her husband ran manufacturing mascot costumes was seriously real. The old-timers in alt.showbiz.gossip report sending her their real-life addresses so they could get one of her (they say) lavishly ornate Christmas cards. An astonishing number of people remember her as "really sweet" and "an original".

And so, one of the great characters of Usenet becomes a search item in Google Groups. She lived the way she wanted to live, and she entertained others with it. How many people can say that? As the Princess was signing her postings recently, *Live, live live!

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

June 2, 2006

Boob job

Back in about 1978, the wonderful actress Diana Rigg did a full half-hour with the American talk show interviewer Dick Cavett, during which she told the story of the Avengers episode in which she had to do a belly dance (Honey for the Prince). The American network executives reacted with some of the horror with which Oscar Wilde's Lady Bracknell said, "A handbag?"

The problem was navels. You can't, the network executives told Diana Rigg, show your navel on television. They insisted she wear a jewel to cover up her navel, and it had to be glued in place, and the glue didn't work…but I digress. "Where did that come from, I wonder?" Cavett asked, speculating that somewhere back in the mists of time some executive had decreed, "I don't want navels!" I'm working from memory here, but I think Rigg replied, "I think it's a lot of men who don't want to know where they come from."

Apparently even if the navel reference is just a black dot: the press barons who ran the comic strip Beetle Bailey, kept erasing the navels off Miss Buxley, the blonde, bikini-clad secretary whose job it was to be ogled by the general.

Eventually, the navelphobics lost. Enter their descendants, the nipplephobics (there's apparently an entire department on Desperate Housewives whose job it is to blur the actresses' nipples), some of whom are running things at LiveJournal, which recently declared some kind of war on icons depicting breastfeeding mothers. Even if those mothers are medieval paintings.

That is, of course, a vast over-simplification. According to a comment in Teresa Nielsen Hayden's blog by a member of LiveJournal's abuse team, in fact no rules have changed. LiveJournal always banned nipples (and areolae) in default icons in its terms and conditions. All that happened recently was that the site altered its FAQ to reflect that ban – which is when people noticed. That's online community for you. Things are going fine until suddenly someone reads an FAQ, at which point they behave as though you've just shot their mother.

What is a default icon? Well you may ask. When you search LiveJournal you get pages showing user profiles. Each of these has a small, square picture depicting…anything the user happens to like. One of my friends has a picture of something that looks like a ferret holding a rifle. Another has a picture of herself piloting a boat. Many users have a clutch of these pictures, and attach one to every blog entry.

The default icon is the picture that by default shows up on one of those profile pages. Banning nipples from default icons in no way stops users from putting up pictures of nipples with their postings, or linking to pictures of nipples, or talking about nipples, or even having nipples in real life. The idea, I guess, is that people should be able to conduct searches in the complete confidence that they will not see anything that offends them. Like nipples. It's the same reasoning by which the Federal Communications Commission bans terrestrial broadcast television from showing nudity, pornography, extreme violence, and swearing: someone could turn on their TV and accidentally see something that offends them. We can't have that.


So some people got cease and desist notices from the LiveJournal abuse team asking them to remove their lactating mother default icons. They took umbrage. There was discussion. And now there's going to be a protest: on 6/6/6, that is, Tuesday, when an indeterminate number of people are going to delete their LiveJournals to protest this discrimination against nipples, or at least against the ones that are in babies' mouths, and a fine, old time is going to be had by all. There is a subset of protesters who believe they are striking a blow for breastfeeding and against bottle feeding, but this is clearly a confusion between cyberspace and real life and beyond the reach of LiveJournal rules. They plan to restore their LiveJournals 24 hours later, since deletions are not permanent for 30 days.

My guess is that the number of protesters won't even make a dent in LiveJournal's 10 million bloggers. But the complaint isn't, ultimately, really trivial: the underlying reality is that LiveJournal isn't a small, open-source cooperative whose rules and standards are formed by the community any more. It's a business with a venture capital-funded owner that is trying to figure out how to "monetize" what it's bought. There will be many more disputes like this as the business develops, because the dispute is really about who owns LiveJournal: the users or the business. Every online community goes through this, and some even survive. Groups who really can't stand it break off and form their own spaces, such as free-association.net, which broke off from The Tribe when that service abruptly changed its terms and conditions.

One of the big adjustments the US is going through is that sometime in the last century it stopped being possible to deal with disagreements with your neighbors by moving 20 miles up the road and starting your own new town. But cyberspace is infinite. We can do the town right here. Posters, unite! You have nothing to lose but your nipples.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars' home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).