" /> net.wars: January 2014 Archives

« December 2013 | Main | February 2014 »

January 31, 2014

Voice of five generations

It is almost impossible to overstate the influence of Pete Seeger, who died early this week at 94. Take just my family: my mother (b. 1913) loved listening to his records; my oldest sister (b. 1937) learned banjo from him at a summer camp; I (b. 1954) learned banjo first from her and then from his banjo book. One of my closest friends, Bill Steele, counts Seeger's recording his song "Garbage" as one of his proudest achievements.

Probably the first thing anyone thinks of when Seeger is called to mind is the voice. The image I will always think of first, however, is Pete Seeger at 92, performing a concert and then marching through Manhattan to support Occupy Wall Street.

The Cornell Folk Song Club (now Society), for which I served as president from 1973-1975, owes him a great debt for his long memory. In the 1950s, when the McCarthy era blacklist kept many places from hiring him, one or more of my predecessors (most likely including Peter Yarrow) went ahead and booked him anyway. Seeger never forgot, and for many years CFSC was able to finance booking many smaller, unknown artists simply because he regularly sold out concerts for us on very generous financial terms. I'm sure there are thousands more stories like that.

Recent movies about the 1960s Greenwich Village folk scene - the Coen Brothers' Inside Llewyn Davis, the Christopher Guest brothers' A Mighty Wind - have focused on the music and musicians and left out the politics. This may be why they seem to lack energy: politics and passion for fairness were as much drivers as sheer love of the music.

No one has been quite able to leave politics out of the many tributes to Seeger that have been published this week, though as early as the 1960s the songwriter Phil Ochs nailed the extent to which people tried. As you'd expect, Mother Jones looked at both protest songs and politics; elsewhere, there's this discussion of Seeger's association with the American Communist Party.

Several of the obits marvel at the chutzpah of one of Seeger's biggest projects: cleaning up the Hudson River, starting in 1966 with a few friends and a boat. So get this: with a load of corporations dumping pollution, and the city, state, and federal governments not much interested, a guy says, "We're going to fix this." It sounds impossible. Kind of like a few programmer guys in a lab somewhere saying, "I know. Let's write an operating system and take on Microsoft." These things happen gradually, as each tiny bit of success attracts more participants - participants, not followers.

Hundreds, maybe thousands, of folksingers, both amateur and professional, survive Seeger as living parts of his legacy. What's less recognized is that a whole different group are also inheritors of his mantle who themselves may not recognize it: the open-source community. Throughout his life, Seeger took the view that everyone can sing and that public singing builds community, and community builds protest. Isn't that what today's activist programming is all about?

Sixty years from now, the movies filmed about the early years of the Internet probably will also gloss over the politics. We'll see sad little movies about the people who failed to build their start-ups into giant companies and happy little movies about the people who went to ComicCon. Yet what I see around me every day - the fuel for net.wars - is the people who code as a way of promoting social justice. Sure, they may be mistaken: about what the effects of their work will eventually be, about the motives of those working with them, about how easy it will be for their work to be diverted in a direction they don't approve. But the community surrounding technology and activism is the closest thing to the folk scene of any subculture I've encountered.

These things can be fragile. The folk scene of protest and engagement required access to travel and performance venues - though one lesson of the 17-year blacklist ban that kept Seeger off TV is that a sufficiently talented musician can succeed without it. The coding scene of protest and engagement requires general-purpose hardware that can be programmed at will. Access to tools is critical: everyone can learn to program at least a little bit. We must keep those possibilities open so that when the true geniuses emerge can they have an ecosystem in which they can do the stuff no one else can.

If any of us is ever called in front of a latter-day recreation of the House Un-American Activities Committee, as Seeger was in 1955, I hope we are able to say something like what he said:

I have sung for Americans of every political persuasion, and I am proud that I never refuse to sing to an audience, no matter what religion or color of their skin, or situation in life. I have sung in hobo jungles, and I have sung for the Rockefellers, and I am proud that I have never refused to sing for anybody.

What a life.

Wendy M. Grossman is the 2013 winner of the Enigma award Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

January 24, 2014

Starting over

"Would you rather have privacy or the right to privacy?" Mireille Hildebrandt asked on Wednesday morning. She coupled it with this analogy: "Would you rather have food or the right to food?"

The second one's easy: how hungry am I?

Her questions were posed on the first day of the Computers, Privacy, and Data Protection, the Brussels event that attracts privacy theorists and regulators from all over Europe (mostly) and the rest of the world (somewhat). It's often described as the European equivalent of Computers, Freedom, and Privacy - but the difference between "data protection" and "freedom" seems to be the difference between activism as expressed by NGO activists and campaigners and activism as expressed by earnestly serious people trying to construct an international regulatory system within government.

Americans-who-are-not-privacy-advocates have a tendency to claim that the US has just as strong - no! stronger! because everything in America is bigger! - privacy protections as Europe does. We can blame this misconception, Bob Gellman noted in a question, on President Reagan. And it cannot possibly be true: if it were, why would big, data-driven US companies be pushing so hard to derail data protection reform?

Two key themes dominated the week: the details of and prospects for getting data protection reform through on schedule, and considering the appropriate response to pervasive global mass surveillance. Peter Hustinx, the departing European data protection supervisor, wrapped up the conference (for the last time) with a burst of optimism: "I strongly believe that change and the outcome of this reform is unavoidable," he said, "and that the review is far from dead even though some commentators wish it were."

A panel on Wednesday morning was much more divided. The Polish regulator, Wojciech WiewiĆ³rowski, outlined worse and worst scenarios of non-passage; others remained optimistic. So the best conclusion one can draw is that they don't know. In itself, that's deeply disturbing because of the week's other main theme, on which everyone was in agreement. If seven months of revelations of mass surveillance via the giant spying-as-a-service platform much of the Internet has become can't get the EU solidly behind increased privacy protection, what can?

Traditionally, the US approach is driven by consumer protection; the EU's is driven by data protection. But the underlying point these days is broader than Justices Warren and Brandeis's 1890 citation of Judge Cooley's right to be let alone. than creating a fair balance of power between citizens/consumers and the governments/large companies we all have to deal with. A government or a company like Google does not have to become evil to squash someone's rights like a bug; it may fail at individual rights simply because each individual is too small for its in-house microscope.

Except in its absence, privacy is so slippery to grasp that everyone tries to find workable analogies. Christophe Lazaro tried driving a car, since both that and consent to data use operate in a particular environment, have external social consequences, and become routine enough to take place in only partial awareness. You can extend the analogy as he did, and ask whether insurance to distribute the risk of poor choices should be mandatory. And there it fails: the consequences of driving badly are relatively predictable and bounded by physics. The consequences of mistaken consent - or violated consent - are unknowable and may not even be finite.

This is especially true because of the findings of Meg Leta Ambrose, who studies digital decay. The Internet's memory is like William Gibson's future: unevenly distributed. She finds that only 10 to 15 percent of Web content lasts a year. The half-life of sites is 556 days, of URLs two months, of content two days. Put that in your right to be forgotten.

That's why Hildebrandt's question perfectly captured the zeitgeist. The general rule is that technology is fast, but law is slow. In this business, Phil Zimmermann is the archetype: working on a PC in 1991, he wrote and released PGP, pre-empting the possibility of a legal ban on domestic use of strong encryption. Two generations (counting idiosyncratically) of privacy-enhancing technologies later, and what do we have? SSL (hacked by the NSA). Encrypted email (shut down rather than grant law enforcement demanded back door access). Tor (hacked by the NSA, albeit with difficulty). And so on.

The 1995 data protection principles have held up remarkably well considering how visibly and how profoundly "data" has changed in the interval. Yet the big change snuck up on us unawares, it occurred to me during a panel on social networks. The line that was easily drawn between data controllers and data subjects since 1995 has blurred exactly like the copyright industries' imaginary line between consumers and creators.

Granted, Zimmermann's PGP (and its GPG counterpart) still function as well as they ever did. But they protect content, not today's bigger threat, metadata. Technology can enable us to claim our privacy, but only temporarily partially, until the technology is cracked or bypassed. Technology wins battles. To win the war, we need law as well.

Wendy M. Grossman Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

January 17, 2014


For the last couple of years, as Google's self-driving cars have racked up increasing numbers of safely driven miles on the public roads, people have wondered why Google was interested. What do cars have to do with search or advertising?

I always saw it as a logical extension into the suburban American lifestyle that casts the car as a gateway to the physical world. More recently, it's become clearer - from, for example, the research I did for a piece on car hacking last year for Infosecurity magazine - that Google had already understood something that the rest of us have been slower to grasp. Namely: modern cars are computers on wheels. In fact, modern cars are multiple computers on wheels, anywhere from ten to as many as 70 for a luxury car. The people commuting in these things are trapped in traffic and bored for as long as it takes them to travel between home and work. Small wonder that car manufacturers are beginning to think like TV manufacturers and mobile network operators: apps are golden, baby!

Buying Nest Labs, maker of the most fashionable "smart" thermostat, even for as exaggerated a sum as $3.2 billion (what's a few extra zeroes?), seems like, again, Google seeing a chance to mediate a relationship that until now has been solely between householders and their retail suppliers. Google's stated mission is to organize all the world's information; Nest's thermostat brings that mission into the realm of information that never existed until now. We usually talk about the security issues surrounding such changes of use, but just as important is the power of even seemingly small, by themselves insignificant, bits of data, such as the ons and offs of a burglar alarm. Thermostat data is differently revealing: not the pattern of when and for how long people are at home or away, but charting movements around the house that might give clues about who wants what when.

Personally, Nest's thermostat isn't something I covet. My general experience is that supposedly "smart" systems guess wrong about my intentions. Which is fine with me: guessing accurately would be creepy enough to encourage someone as perverse as I am to deliberately go some other way, even if it's uncomfortable, just to prove a point. I see, however, that I'm not alone. Frankly, a programmable thermostat seems a simpler and more effective way to get the temperature in a given room is into the desired range.

As that article adds, there's the issue of upgrades and patches, which I'm hearing more and more about these days. It's one thing to find that Firefox has updated itself overnight and in the process killed your most important add-on doesn't work, quite another to do without heat during a polar vortex because someone a bit reckless authorized the roll-out of an upgrade without sufficient testing or provisions for fallback.

Many people don't patch or update their computer systems out of inertia. A fair number, though, don't do it - or do it only cautiously, days late, after checking the update in the complaints forums - because they fear that either the upgrade will fail or that it will remove or change some constantly used feature in unacceptable ways. Worse is the mismatch between the expectation in the computer world, where gadgets are replaced every time someone comes up with a new twist, and the rest of the world, where major purchases like refrigerators and cars are expected to last a decade or two, and something like a thermostat is expected to remain in place until the heating system is overhauled. It's considerations like this that led Peter Bright at Ars Technica to write about the Internet of unmaintained, insecure, and dangerously hackable things.

There's been lots of speculation about just what Google wants Nest for: patents perhaps. Here's my thought.

Nest Labs co-founder Tony Fadell likes to talk about reinventing unloved but important household gadgets (PDF), but, as Quentin Hardy points out in the New York Times, Nest's real technology isn't its Apple-cheeked designs but "communications, algorithms, sensors and user experience, running over a network to the cloud". Now, who does that sound like?

Then think about the way technology changes, its own wonders to disrupt. There have been visions of smart homes for decades, from IBM to Microsoft (to name two), just as there are myriad data brokers that maintain profiles on all of us. But Google is in the unique position of being able to link what it already knows from how we behave online to what we do with our mobile phones (via online behavioral patterns), and link from those phones - and then cars - to where we live and the very personal choices we make about what used to be our castles. If we buy into this, the result will be a classic case of leveraging dominance in one market to create a monopoly in another. This could be the antitrust case of 2024. And all built by a race of techies so primitive that they still think cloud computing is a pretty neat idea.

Wendy M. Grossman Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

January 10, 2014

The enclosures

England has an odd tradition that startles foreigners: when you walk cross-country, much as Jane Austen and her character did, you can walk across farmers' fields. There are fences marking boundaries, and gates to open and close that keep cows and sheep in their allocated places, and stiles to climb over where gates aren't sufficient. On one such walk in Derbyshire a few years ago while visiting a friend, I developed a new appreciation for the athleticism of Elizabeth Bennet ("Elizabeth continued her walk alone, crossing field after field at a quick pace, jumping over stiles and springing over puddles...").

This right to roam is what's left of what used to be a public commons. In England, as I understand it, children were tortured for years by having to learn about the Enclosures, a series of 16th to 19th century acts that turned the public commons into a nation-sized collection of private holdings.

These days, in matters relating to the Internet the Enclosures are most often used as an analogy for copyright law: the enclosure of the cultural commons has obvious resonance with the enclosure of public land. But the Internet as a collaboratively - or even collectively - built resource, has even more resonance with surfacing trends toward greater control of the traffic that crosses it.

This week, for example, AT&T announced a sort of equivalent of 800 numbers, a sponsored data scheme. In this scenario, companies pay so that their traffic does not count against a subscriber's data cap. On the one hand, that sounds like a good deal for subscribers: free stuff! On the other hand, it sounds like a great set of incentives for further centralization, which we already have argued is the enemy. If Google, with its googolicious pockets, sponsors a fat four-lane highway to YouTube, how does a newcomer video streaming entry compete when all it can afford is the free dirt path? What if Amazon, to promote its streaming service, demands a non-compete clause in which it sponsors free data for its customers on condition that Netflix and Hulu are locked out?

This was, of course, the whole point about network neutrality, which AT&T has long hated. In this battle, the wireless networks have long had a free pass. Telecommunications rules were written to regulate incumbents; wireless, as challengers, keep being exempted from obeying the same rules. This duality is biting more and more, as mobile phones and tablets become the primary gateway to the Internet for many, even most, people.

AT&T's move is only one sign of the times,. In other news this week, Google apparently removed the "bug" that enabled a nifty-sounding bit of privacy protection, App Ops, to give direct access to hidden privacy settings, with, apparently, no likelihood of restoring it any time soon. The Electronic Frontier Foundation is appropriately dismayed. It's stuff like this that makes people stop updating and patching their software.

Earlier this week, I discovered that The New Yorker, to whose print edition I subscribe, has turned its Web archives from ordinary HTML into a ghastly Flash thing which can only be loaded by the pair of pages. On a netbook, you can't read comfortably: the whole-page version is too tiny, and zoom only gives you a paragraph at a time (with no scrolling). Given that their app has refused to download for non-US-based readers and their customer service has ignored complaints, I can only view this as yet another step toward what Pamela Samuelson calls copyright maximalistscopyright maximalism, where it is impossible to save a copy of an article to reread (if you can navigate the interface, you can print a copy, just about; picking the right pages to print is impossible on a small screen).

All these things add up to a very different Internet than the one that was opened to the public in 1994: a set of channels delivering tightly controlled "user experiences" rather than a shared commons. Even the most commercial Web site can be made to show you its source code (CTRL-U in most cases if you can't find it on your browser menu); even the most altruistically designed app can't be. Which leads me to a point I've long wanted to make. People watch kids expertly manipulate their phones and think they're "digital natives". Nonsense. The digital natives are the fogeys, old and young, with general-purpose laptops, who built the thing and know from the bottom up the plain-text pathways that make the Internet run. Those fast-typing searchers and app devotees know how to access the bits they're familiar with but their knowledge is shallow. That in turn makes it hard to explain just what is being lost in these various cases. And what's the alternative? The Pirate Bay?

Unfortunately, the Web, too, is becoming enclosed. The many people for whom Facebook or Google is their "Internet" is an obvious example. A right to roam on tiny paths across privately owned fields won't be enough in this case. We need to keep building the public commons.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

January 3, 2014

Twenty-three skidoo

One of the more interesting and well-reported stories this week came from Kira Peikoff, who had multiple DNA tests for the New York Times and compared the results. The upshot: they were all different. Peikoff's experience indicates that the US Food and Drug Administration had a point in late November when it told the personal genetics company 23andMe to stop marketing its saliva test product, calling the company's product a diagnostic device (and therefore subject to regulation) and requiring the company to prove its claims. The company has pulled its health-related test; it still offers ancestry-related tests and raw genetic data.

As the FDA explained in the letter it sent 23andMe CEO Ann Wojcicki, the risk is that people will make serious decisions about their health based on the information they receive. After many interactions with the company, FDA deputy director James woods wrote, "we still do not have any assurance that the firm has analytically or clinically validated the PGS for its intended uses, which have expanded from the uses that the firm identified in its submissions."

Wired, predictably, seems to find the whole thing pointless as an intervention in the unstoppable flow of progress toward cheap, accurate genetic testing. In an op-ed that ran on New Year's Day, Larry Downes and Paul Nunes concluded, "Regulators and medical practitioners must focus their attention not on raising temporary obstacles, but on figuring out how they can make the best use of this inevitable tidal wave of information."

This statement reminds me of the things people defending homeopathy say: that the medical establishment opposes any treatment they can't profit from. Sure, doctors might have both bad and good reasons for balking when patients demand that they interpret the results of genetic tests. But the bottom line with medical treatments, devices, and tests has to be evidence that they work as advertised - which in the case of personal genomics is massively incomplete. As a golden rule, independently conducted tests should produce the same results, the same thing we expect of any real science. This is why the New York Times piece is so powerful; it clearly shows the flaws in the state of the art. There is, as Peikoff points out, "a lack of industry standards for weighing risk factors and defining terminology". In that case, even smart people will indeed make hasty and dangerous mistakes.

The other argument, that this is the future so it cannot be stopped, is specious. On Dave Farber's mailing list, John Bosley compared the Silicon Valley habit of speaking of the future as an unstoppable force to the passive bureaucratic tense beloved of Donald Rumsfeld and President Richard Nixon. As per this last link, Bosley credits Language Log, but I believe the use of the passive voice to abdicate responsibility was first highlighted in Richard Mitchell's Underground Grammarian. Mitchell called it "the Divine Passive and likened it to a worm in the brain.

In more immediately relevant terms, say you're living at the tail end of the horse-and-buggy era, and a buggy manufacturer points out that these new-fangled motorcars have a tendency to explode. Do you say, "Look who's talking; automobiles are the future; accept your fate"? Or do you say, "Automobiles are the future, but not this design at this time"? We have the FDA and analogues in every country because people are terribly vulnerable easy prey for charlatans when they're sick and scared. Fake medicines are where "snake oil" comes from.

Myriad failed first-mover companies in a variety of fields will tell you that being early to market is not always an advantage. Sometimes your product really just wasn't ready, and while you had the right vision of the future it's someone else who's going to be the one to make it really happen. Wojcicki herself sounds more grown-up about the whole thing than her company's fans.

Peikoff's story is unsurprising to anyone who read Danish author and neuroscientist Lone Frank's 2011 book My Beautiful Genome, which began with a personal genetics test and ended with a survey of the many cowboys the burgeoning field was already attracting. As Frank discovers, genes are malleable, and their individual workings are not so neatly predictable. Among the absurd misapplications, she also finds outfits offering to test you and your potential mates for "genetic compatibility" - not whether your children will be born with a horrid disease, but personal compatibility. They can probably spot the gene for gullible-enough-to-buy-swamp-land-in-Florida, too.

In a personal appearance in London to promote her book, Frank argued that companies like this - and like the ones she found that purported to use genetic testing to identify how you should raise your child - should not exist. She called the current generation of personal genomics version 1.0 and compared it to the Commodore PET: the earliest stage of something that yes, someday, will be in everyone's hands. But not yet, and not in its present form.

Yes, some form of what 23andMe is doing is part of the future. That doesn't mean we can't make choices about it.

Wendy M. Grossman Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.