net.wars

Everyone except James Allan scrabbled in the bag Joe DiVanna brought with him to the Digital Money Forum (my share: a well-rubbed 1908 copper penny). To be fair, Allan had already left by then. But even if he hadn't he'd have disdained the bag. I offered him my pocketful of medium-sized change and he looked as disgusted as if it were a handkerchief full of snot. That's what living without cash for two years will do to you.

Listen, buddy, like the great George Carlin said, your immune system needs practice.

People in developed countries talk a good game about doing away with cash in favor of credit cards, debit cards, and Oyster cards, but the reality, as Michael Salmony pointed out, is that 80 percent of payments in Europe are...cash. Cash seems free to consumers (where cards have clearer charges), but costs European banks €84 billion a year. Less visibly banks also benefit (when the shadow economy hoards high-value notes it's an interest-free loan), and governments profit from Seigniorage (when people buy but do not spend coins).

"Any survey about payment methods," Salmony said Wednesday, "reveals that in all categories cash is the preferred payment method." You can buy a carrot or a car; it costs you nothing directly; it's anonymous, fast, and efficient. "If you talk directly to supermarkets, they all agree that cash is brilliant - they have sorting machines, counting machines...It's optimized so well, much better than cards."

The "unbanked", of course, such as the London migrants Kavita Datta studies, have no other options. Talk about the digital divide, this is the digital money divide: the cashless society excludes people who can't show passports, can't prove their address, or are too poor to have anything to bank with.

"You can get a job without a visa, but not without a bank account," one migrant worker told her. Electronic payments, ain't they grand?

But go to Africa, Asia, or South America, and everything turns upside down. There, too, cash is king - but there, unlike here with banks and ATMs on every corner and a fully functioning system of credit cards and other substitutes, cash is a terrible burden. Of the 2.6 billion people living on less than $2 a day, said Ignacio Mas, fewer than 10 percent have access to formal financial services. Poor people do save, he said, but their lack of good options means they save in bad ways.

They may not have banks, but most do have mobile phones, and therefore digital money means no long multi-bus rides to pay bills. It means being able to send money home at low cost. It means saving money that can't be easily stolen. In Ghana 80 percent of the population have no access to financial services - but 80 percent are covered by MTN, which is partnering with the banks to fill the gap. In Pakistan, Tameer Microfinance Bank partnered with Telenor to launch Easy-Peisa, which did 150,000 transactions its first month and expects a million by December. One million people produce milk in Pakistan; Nestle pays them all painfully by check every month. The opportunity in these countries to leapfrog traditional banking and head into digital payments is staggering, and our banks won't even care. The average account balance of customers for Kenya's M-Pesa customers is...$3.

When we're not destroying our financial system, we have more choices. If we're going to replace cash, what do we replace it with and what do we need? Really smart people to figure out how to do it right - like Isaac Newton, said Thomas Levenson. (Really. Who knew Isaac Newton had a whole other life chasing counterfeiters?) Law and partnership protocols and banks to become service providers for peer-to-peer finance, said Chris Cook. "An iTunes moment," said Andrew Curry. The democratization of money, suggested conference organizer David Birch.

"If money is electronic and cashless, what difference does it make what currency we use?" Why not...kilowatt hours? You're always going to need to heat your house. Global warming doesn't mean never having to say you're cold.

Personally, I always thought that if our society completely collapsed, it would be an excellent idea to have a stash of cigarettes, chocolate, booze, and toilet paper. But these guys seemed more interested in the notion of Facebook units. Well, why not? A currency can be anything. Second Life has Linden dollars, and people sell virtual game world gold for real money on eBay.

I'd say for the same reason that most people still walk around with notes in their wallet and coins in their pocket: we need to take our increasing abstraction step by step. Many have failed with digital cash, despite excellent technology, because they asked people to put "real" money into strange units with no social meaning and no stored trust. Birch is right: storing value in an Oyster card is no different than storing value in Beenz. But if you say that money is now so abstract that it's a collective hallucination, then the corroborative details that give artistic verisimilitude to an otherwise bald and unconvincing currency really matter.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of the earlier columns in this series.

Posted by Wendy M. Grossman at 11:51 AM | Permalink | Comments (0) | TrackBacks (0)

There is a touching moment at the end of the new documentary Erasing David, which had an early screening last night for some privacy specialists. In it, Katie, the wife of the film's protagonist, filmmaker David Bond, muses on the contrast between the England she grew up in and the "ugly" one being built around her. Of course, many people become nostalgic for a kinder past when they reach a certain age, but Katie Bond is probably barely 30, and what she is talking about is the engorging Database State (PDF).

Anyone watching this week's House of Lords debate on the Digital Economy Bill probably knows how she feels. (The Open Rights Group has advice on appropriate responses.)

At the beginning, however, Katie's biggest concern is that her husband is proposing to "disappear" for a month leaving her alone with their toddler daughter and her late-stage pregnancy.

"You haven't asked," she points out firmly. "You're leaving me with all the child care." Plus, what if the baby comes? They agree in that case he'd better un-disappear pretty quickly.

And so David heads out on the road with a Blackberry, a rucksack, and an increasingly paranoid state of mind. Is he safe being video-recorded interviewing privacy advocates in Brussels? Did "they" plant a bug in his gear? Is someone about to pounce while he's sleeping under a desolate Welsh tree?

There are real trackers: Cerberus detectives Duncan Mee and Cameron Gowlett, who took up the challenge to find him given only his (rather common) name. They try an array of approaches, both high- and low-tech. Having found the Brussels video online, they head to St Pancras to check out arriving Eurostar trains. They set up a Web site to show where they think he is and send the URL to his Blackberry to see if they can trace him when he clicks on the link.

In the post-screening discussion, Mee added some new detail. When they found out, for example, that David was deleting his Facebook page (which he announced on the site and of which they'd already made a copy), they set up a dummy "secret replacement" and attempted to friend his entire list of friends. About a third of Bond's friends accepted the invitation. The detectives took up several party invitations thinking he might show.

"The Stasi would have had to have a roomful of informants," said Mee. Instead, Facebook let them penetrate Bond's social circle quickly on a tiny budget. Even so, and despite all that information out on the Internet, much of the detectives' work was far more social engineering than database manipulation, although there was plenty of that, too. David himself finds the material they compile frighteningly comprehensive.

In between pieces of the chase, the filmmakers include interviews with an impressive array of surveillance victims, politicians (David Blunkett, David Davis), and privacy advocates including No2ID's Phil Booth and Action on Rights for Children's Terri Dowty. (Surprisingly, no one from Privacy International, I gather because of scheduling issues.)

One section deals with the corruption of databases, the kind of thing that can make innocent people unemployable or, in the case of Operation Ore, destroy lives such as that of Simon Bunce. As Bunce explains in the movie, 98.2 percent of the Operation Ore credit card transactions were fraudulent.

Perhaps the most you-have-got-to-be-kidding moment is when former minister David Blunkett says that collecting all this information is "explosive" and that "Government needs to be much more careful" and not just assume that the public will assent. Where was all this people-must-agree stuff when he was relentlessly championing the ID card ? Did he - my god! - learn something from having his private life exposed in the press?

As part of his preparations, Bond investigates: what exactly do all these organizations know about him? He sends out more than 80 subject access requests to government agencies, private companies, and so on. Amazon.com sends him a pile of paper the size of a phone book. Transport for London tell hims that even though his car is exempt his movements in and out of the charging zone are still recorded and kept. This is a very English moment: after bashing his head on his desk in frustration over the length of his wait on hold, when a woman eventually starts to say, "Sorry for keeping you..." he replies, "No problem".

Some of these companies know things about him he doesn't or has forgotten: the time he "seemed angry" on the phone to a customer service representative. "What was I angry about on November 21, 2006?" he wonders.

But probably the most interesting journey, after all, is Katie's. She starts with some exasperation: her husband won't sign this required form giving the very good nursery they've found the right to do anything it wants with their daughter's data. "She has no data," she pleads.

But she will have. And in the Britain she's growing up in, that could be dangerous. Because privacy isn't isolation and it isn't not being found. Privacy means being able to eat sand without fear.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

Posted by Wendy M. Grossman at 12:50 PM | Permalink | Comments (0) | TrackBacks (0)

The court clerk - if that's the right term - seemed slightly baffled by the number of people who showed up for Tuesday's hearing in Simon Singh v. British Chiropractic Association. There was much rearrangement, as the principals asked permission to move forward a row to make an extra row of public seating and then someone magically produced eight or ten folding chairs to line up along the side. Standing was not allowed. (I'm not sure why, but I guess something to do with keeping order and control.)

It was impossible to listen to the arguments without feeling a part of history. Someday - ten, 50, 150 years from now - a different group of litigants will be sitting in that same court room or one very like it in the same building and will cite "our" case, just as counsel cited precedents such as Reynolds and Branson v Bower. If Singh's books don't survive, his legal case will, as may the effects of the campaign to reform libel law (sign the petition!) it has inspired and the Culture, Media, and Sport report (Scribd) that was published on Wednesday. And the sheer stature of the three judges listening to the appeal - Lord Chief Justice Lord Judge (to Americans: I am not making this up!), Master of the Rolls Lord Neuberger, and Lord Justice Sedley - ensures it will be taken seriously.

There are plenty of write-ups of what happened in court and better-informed analyses than I can muster to explain what it means. The gist, however: it's too soon to tell which pieces of law will be the crucial bits on which the judges make their decision. They certainly seemed to me to be sympathetic to the arguments Singh's counsel, Adrienne Page QC, made and much less so to the arguments the BCA's counsel, Heather Rogers QC. But the case will not be decided on the basis of sympathy; it will be decided on the basis of legal analysis. "You can't read judges," David Allen Green (aka jackofkent) said to me over lunch. So we wait.
But the interesting thing about the case is that this may be the first important British legal case to be socially networked: here is a libel case featuring no pop stars or movie idols, and yet they had to turn some 20 or 30 people away from the courtroom. Do judges read Twitter?

Beginning with Howard Rheingold's 1993 book The Virtual Community, it was clear that the Net's defining characteristic as a medium is its enablement of many-to-many communication. Television, publishing, and radio are all one-to-many (if you can consider a broadcaster/publisher a single gatekeeper voice). Telephones and letters are one-to-one, by and large. By 1997, business minds, most notably John Hagel III and Arthur Armstrong in net.gain, had begun saying that the networked future of businesses would require them to build communities around themselves. I doubt that Singh thinks of his libel case in that light, but today's social networks (which are a reworking of earlier systems such as Usenet and online conferencing systems) are enabling him to do just that. The leverage he's gained from that support is what is really behind both the challenge to English libel law and the increasing demand for chiropractors generally to provide better evidence or shut up.

Given the value everyone else, from businesses to cause organizations to individual writers and artists, places on building an energetic, dedicated, and active fan base, it's surprising to see Richard Dawkins, whose supporters have apparently spent thousands of unpaid hours curating his forums for him, toss away what by all accounts was an extraordinarily successful community supporting his ideas and his work. The more so because apparently Dawkins has managed to attract that community without ever noticing what it meant to the participants. He also apparently has failed to notice that some people on the Net, some of the time, are just the teeniest bit rude and abusive to each other. He must lead a very sheltered life, and, of course, never have moderated his own forums.

What anyone who builds, attracts, or aspires to such a community has to understand from the outset is that if you are successful your users will believe they own it. In some cases, they will be right. It sounds - without having spend a lot of time poring over Dawkins' forums myself - as though in this case in fact the users, or at least the moderators, had every right to feel they owned the place because they did all the (unpaid) work. This situation is as old as the Net - in the days of per-minute connection charges CompuServe's most successful (and economically rewarding to their owners) forums were built on the backs of volunteers who traded their time for free access. And it's always tough when users rediscover the fact that in each individual virtual community, unlike real-world ones, there is always a god who can pull the plug without notice.

Fortunately for the causes of libel law reform and requiring better evidence, Singh's support base is not a single community; instead, it's a group of communities who share the same goals. And, thankfully, those goals are bigger than all of us.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. I would love to hear (net.wars@skeptic.demon.co.uk) from someone who could help me figure out why this blog vapes all non-spam comments without posting them.

Posted by Wendy M. Grossman at 4:09 PM | Permalink | Comments (0) | TrackBacks (0)

This year is going to be the first British general election in which blogging is going to be a factor, someone said on Monday night at the event organized by the Westminster Skeptics on the subject of political blogging: does it make any difference? I had to stop and think: really? Things like the Daily Kos have been part of the American political scene for so long now - Kos was founded in 2002 - that they've been through two national elections already.

But there it was: "2005 was my big break," said Paul Staines, who blogs as Guido Fawkes. "I was the only one covering it. 2010 is going to be much tougher." To stand out, he went on to say, you're going to need a good story. That's what they used to tell journalists.

Due to the wonders of the Net, you can experience the debate for yourself. The other participants were Sunny Hundal (Liberal Conspiracy), Mick Fealty (Slugger O'Toole), Jonathan Isaby (Conservative Home), and the Observer journalist Nick Cohen, there to act as the token nay-sayer. (I won't use skeptic, because although the popular press like to see a "skeptic" as someone who's just there to throw brickbats, I use the term rather differently: skepticism is inquiry and skeptics ask questions and examine evidence.)

All four of political bloggers have a precise idea of what they're trying to do and who they're writing for. Jonathan Isaby, who claims he's the first British journalist to leave a full-time newspaper job (at the Telegraph) for new media, said he's read almost universally among Conservative candidates. Paul Staines aims Guido Fawkes at "the Westminster bubble". Mick Fealty uses Slugger O'Toole to address a "differentiated audience" that is too small for TV, radio, and newspapers. Finally, Sunny Hundal uses Liberal Conspiracy to try to "get the left wing to become a more coherent force".

Despite their various successes, Cohen's basic platform defended newspapers. Blogging, he said, is not replacing the essential core of journalism: investigation and reporting. He's right up to a point. But some do exactly that. Westminster Skeptics convenor David Allen Green, then standing approximately eight inches away, is one example. But it's probably true that for every blogger with sufficient curiosity and commitment to pick up a phone or bang on someone's door there are a couple of hundred more who write blog postings by draping a couple of hundred words of opinion around a link to a story that appeared in the mainstream media.

Of course, as Cohen didn't say, plenty of journalists\, through lack of funding, lack of time, or lack of training, find themselves writing news stories by draping a couple of hundred words of rewritten press release around the PR-provided quotes - and soul-destroying work it is, too. My answer to Cohen, therefore, is to say that commercial publishers have contributed to their own problems, and that one reason blogs have become such an entrenched medium is that they cover things that no newspaper will allow you to write about in any detail. And it's hard to argue with Cohen's claim that almost any blogger finding a really big story will do the sensible thing and sell it to a newspaper.

If you can. Arguably the biggest political story of 2009 was MPs' expenses. That material was released because of the relentless efforts of Heather Brooke, who took up the 2005 arrival into force of the UK's Freedom of Information Act as a golden opportunity. It took her nearly five years to force the disclosure of MPs' expenses - and when she finally succeeded the Telegraph wrote its own stories after poring over the details that were disclosed.

The fact is that political blogging has been with us for far longer than one five-year general election cycle. It's just that most of it does not take the same form as the "inside politics" blogs of the US or the traditional Parliamentary sketches in the British newspapers. The push for Libel reform began with Jack of Kent (David Allen Green); the push to get the public more engaged with their MPs began with MySociety's Fax Your MP. It was clear as long ago as 2006 that MPs were expert users of They Work For You: it's how they keep tabs on each other. MySociety's sites are not blogs - but they are the source material without which political blogging would be much harder work.

I don't find it encouraging to hear Isaby predict that in the upcoming election (expected in May) blogging "will keep candidates on their toes" because "gaffes will be more quickly reported". Isn't this the problem with US elections? That everyone gets hung up on calumnies such as that Al Gore claimed to have invented the Internet. Serious issues fall by the wayside, and good candidates can be severely damaged by biased reporting that happens to feed an eminently quotable sarcastic joke. Still: anything for a little light into the smoke-filled back rooms where British politics is still made. Even with smoking now banned, it's murky back there.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

Posted by Wendy M. Grossman at 2:36 PM | Permalink | Comments (0) | TrackBacks (0)

The received wisdom in tennis has always been that drugs are a non-issue. There is, the argument goes, no drug that can supply the particular mix of talents and skills that are needed to win you tennis matches. In her 1985 book, Passing Shots on Tour, Pam Shriver noted another reason for the women, courtesy of former player JoAnne Russell: they're too cheap to buy their own drugs.

The situation with respect to recreational drugs has been a little less shrouded in mystery. The 1970s top ten player and 1977 Australian Open winner Vitas Gerulaitis, for example, admitted to cocaine use, and in his 1995 autobiography, I Never Played the Game, US veteran sports commentator Howard Cosell speculated on the unlikelihood that at least some of tennis's dozens of young, rich, successful people who travelled in jet-setting circles hadn't at least dabbled in such things. Other revelations have surfaced from time to time, most notoriously Jennifer Capriati's 1993 marijuana drug bust. Now, Andre Agassi has admitted to using crystal meth in 1997, the year his ranking plunged to a low of 141.

As advertisements for drug use go, this is a pretty good one for the ill-effects: one of the most talented players in the history of the game couldn't even keep himself in the top 100 while using.

Still, Agassi's admission - and still more, the ATP's acceptance of the lies he told to avoid exposure and a three-month suspension - has set off a predictable firestorm between the self-righteous and the forgiving. McEnroe's admission in his 2004 autobiography that he had (unknowingly, he said) taken steroids during his playing career, caused much less outcry.

It has long been my belief that players should not be tested, certainly not disqualified, for recreational drug use. Agassi's case seems to suggest otherwise, as the ATP's notification of his failed test frightened him into rehabilitating himself, his game, and his life, turning him from an underachiever to a tennis great. But if the tours are going behave as rescuers in this way they should also direct their energies to finding ways to lower the injury rate, a much more visibly widespread and career-damanging problem.

In any event, it was always clear that in today's corporate sports exposing drug use on the part of tennis's top stars would benefit no one. Neither tours nor tournament promoters nor sponsors can scandal concerning their top box office draws. Even competitors do not benefit as much as you might think if a top star is taken out. Yes, their opportunities to rise in the rankings or win a particular tournament may be enhanced. But the star players like Agassi and McEnroe pull in the money and fans that enable everyone else to make a living.

It certainly seems as though today things would be handled differently. Take, for example, the case of the young, up-and-coming Belgian player Yanina Wickmayer, a semifinalist at the recent US Open, who has just been suspended for a year, potentially permanently wrecking her career, for failing to notify the drug testing authorities of her daily whereabouts (reportedly her appeal will rest on being unable to log onto the WADA Web site for two weeks). The whereabouts rule was the subject of much criticism by the players when it was introduced at the beginning of the year. They thought of the difficulties of leaving town hastily after losses; they thought of the logistical problems of sudden schedule changes. No one mentioned Internet failures, but it's an oh-so-credible explanation.

A lot of things have changed since 1997 to satisfy critics. The tours are no longer responsible for their own drug testing, removing both the obvious conflict of interest (good) and the best source of help for the players (bad). The retired Spanish player Sergi Bruguera (Spanish), who lost to Agassi in the 1996 Olympic final in Atlanta, is complaining that Agassi should now be relieved of his gold medal. His logic is unclear given the reported dates, but it's easy to understand the betrayal a player would feel on learning that another got special protection. WADA has said both that it would like the case investigated and that now, past the eight years' statute of limitations, there's nothing that can be done to punish Agassi.

But the people who should be most upset are those innocent athletes who are wrongfully accused. WADA's preferred zero-tolerance view seems to be that contrary to the presumption of innocence in a democratic society there is no such thing as an innocent explanation. Even so, there have certainly been cases of contaminated supplements and medically necessary ingestion, and confusion over which substances should be on the banned list (PDF).

Agassi's telling the truth about himself was certainly not a bad thing for him or his publishers; it is not even a bad thing for the game, since rational policy-making depends on the availability of factual evidence. But it will still make it harder for any athlete who is actually innocent to be believed, no matter what the exculpating evidence. As unintended consequences go, that's a real shame.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, follow on , or send email to netwars@skeptic.demon.co.uk.

Posted by Wendy M. Grossman at 8:59 PM | Permalink | Comments (0) | TrackBacks (0)

Many governments, faced with the question of how to improve national security, would do the obvious thing: round up the usual suspects. These would be, of course, the experts - that is, the security services and law enforcement. This exercise would be a lot like asking the record companies and film studios to advise on how to improve copyright: what you'd get is more of the same.

This is why it was so interesting to discover that the US National Academies of Science was convening a workshop to consult on what research topics to consider funding, and began by appointing a committee that included privacy advocates and usability experts, folks like Microsoft researcher Butler Lampson, Susan Landau, co-author of books on privacy and wiretapping, and Donald Norman, author of the classic book The Design of Everyday Things. Choosing these people suggests that we might be approaching a watershed like that of the late 1990s, when the UK and the US governments were both forced to understand that encryption was not just for the military any more. The peace-time uses of cryptography to secure Internet transactions and protect mobile phone calls from casual eavesdropping are much broader than crypto's war-time use to secure military communications.

Similarly, security is now everyone's problem, both individually and collectively. The vulnerability of each individual computer is a negative network externality, as NYU economist Nicholas Economides pointed out. But, as many asked, how do you get people to understand remote risks? How do you make the case for added inconvenience? Each company we deal with makes the assumption that we can afford the time to "just click to unsubscribe" or remember one password, without really understanding the growing aggregate burden on us. Norman commented that door locks are a trade-off, too: we accept a little bit of inconvenience in return for improved security. But locks don't scale; they're acceptable as long as we only have to manage a small number of them.

In his 2006 book, Revolutionary Wealth, Alvin Toffler comments that most of us, without realizing it, have a hidden third, increasingly onerous job, "prosumer". Companies, he explained, are increasingly saving money by having us do their work for them. We retrieve and print out our own bills, burn our own CDs, provide unpaid technical support for ourselves and our families. One of Lorrie Cranor's students did the math to calculate the cost in lost time and opportunities if everyone in the US read annually the privacy policy of each Web site they visited once a month. Most of these things require college-level reading skills; figure 244 hours per year per person, $3,544 each...$781 billion nationally. Weren't computers supposed to free us of that kind of drudgery? As everything moves online, aren't we looking at a full-time job just managing our personal security?

That, in fact, is one characteristic that many implementations of security share with welfare offices - and that is becoming pervasive: an utter lack of respect for the least renewable resource, people's time. There's a simple reason for that: the users of most security systems are deemed to be the people who impose it, not the people - us - who have to run the gamut.

There might be a useful comparison to information overload, a topic we used to see a lot about ten years back. When I wrote about that for ComputerActive in 1999, I discovered that everyone I knew had a particular strategy for coping with "technostress" (the editor's term). One dealt with it by never seeking out information and never phoning anyone. His sister refused to have an answering machine. One simply went to bed every day at 9pm to escape. Some refused to use mobile phones, others to have computers at home..

But back then, you could make that choice. How much longer will we be able to draw boundaries around ourselves by, for example, refusing to use online banking, file tax returns online, or participate in social networks? How much security will we be able to opt out of in future? How much do security issues add to technostress?

We've been wandering in this particular wilderness a long time. Angela Sasse, whose 1999 paper Users Are Not the Enemy talked about the problems with passwords at British Telecom, said frankly, "I'm very frustrated, because I feel nothing has changed. Users still feel security is just an obstacle there to annoy them."

In practice, the workshop was like the TV game Jeopardy: the point was to generate research questions that will go into a report, which will be reviewed and redrafted before its eventual release. Hopefully, eventually, it will all lead to a series of requests for proposals and some really good research. It is a glimmer of hope.

Unless, that is, the gloominess of the beginning presentations wins out. If you listened to Lampson, Cranor, and to Economides, you got the distinct impression that the best thing that could happen for security is that we rip out the Internet (built to be open, not secure), trash all the computers (all of whose operating systems were designed in the pre-Internet era), and start over from scratch. Or, like the old joke about the driver who's lost and asking for directions, "Well, I wouldn't start from here".

So, here's my question: how can we make security scale so that the burden stays manageable?

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, follow on Twitter, or send email to netwars@skeptic.demon.co.uk.

Posted by Wendy M. Grossman at 4:45 PM | Permalink | Comments (0) | TrackBacks (0)

The challenge posed by many of today's panelists: activism transfer. How do you get people communicating via Twitter, Facebook, and other social networks to take to the streets? Because that's where the real impact is.

How little things have changed since 1994, my first year at CFP, when Simon Davies dressed up as the Pope, read from the Book of Unix, and told everyone that if they wanted governments to listen they needed to stop sending around email petitions and organize at the grass roots level. In India, explained Gaurav Mishra, this meant getting people to vote instead of complaining that the system was corrupt and staying home.

Use online tools to build offline institutions, he concluded. "Real social change will not happen online."

But today's China panel - probably the best of all this year's offerings - made the point that although we have tended to assume that the Internet will bring democracy and light to anywhere it penetrates, China shows that the Internet can also be used to spread propaganda. You'd think this would have been obvious, but policy has tended to assume otherwise.

Said Rebecca MacKinnon, who is writing a book about China and the Internet, "It's true that China has shown that authoritarianism can do a lot better in the internet age than a lot of people ever expected."

China has implemented several different elements of control: many overseas sites and services are blocked (so many blogging sites are down "for maintenance" on this 20th anniversary of Tiannamen Square that there's a joke about China Maintenance Day). There is some change, but it's a slow evolution: "The Internet may be liberalizing people to some extent, but on the other hand, we're not going to see any kind of regime change." The liquid metal man in Terminator 2 only becomes a threat when the little blobs of metal flow together; you can let little local pockets of increasing liberalization occur as long as they never join together to become national.

In a later panel on taking Tweets to the street, Ralf Bendrath recounted creating a 75,000-person demonstration against surveillance and in favor of privacy in Germany starting with little more than a wiki. But, he noted that individual liberals are not the only voices who will be able to use these tools.

"We celebrate Obama's use of these tools because we believe in his ideology," said Mishra, going on to point out that in India a right-wing party that wants to restrict women's movements is at the forefront of using Twitter, Facebook, and blogging. "As much as I hate to say this, very soon we will find enthusiasm for these tools being tempered by realism that anybody can use them." The tools by themselves do not give us more power.

"Use online tools to build offline institutions," said Bendrath. "Real social change will not happen online."

Over and out. Anyone with ideas for next year should submit them not at www.cfp2010.org. Have a good year, folks!

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of the earlier columns in this series. Readers are welcome to post here, follow on Twitter or email netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 11:26 PM | Permalink | Comments (0) | TrackBacks (0)

"Do you feel guilty about killing newspapers?" Saul Hansell asked Craig Newmark yesterday. The founder of Craig's List, widely credited with stealing newspapers' classified ads, offered the mildly presented answer that it would be more correct to say that Craig's List, Amazon, and eBay took the newspapers' audience by offering them a more friendly and convenient marketplace.

At some point in the early 19-00s, Charlotte-Anne Lucas explained today, newspapers changed from charging for content to charging for audiences, leading them to selecting content based on its mass appeal. Exactly, she didn't say, like AOL in the mid 1990s, when it switched from making its money from connect time, which favored all sorts of niche content, to making its money from advertising, which required mass eyeballs.

One advantage bloggers have, noted Marcy Wheeler is that they don't have to frame every story as a controversy that can be resolved in 700 words (how like a sitcom).

My other favorite quote of the day, from a panel on whether government secrecy makes any sense in the post-Internet world "Secrecy makes people stupid." The speaker, Steve Aftergood, a senior research analyst with the Federation of American Scientists, went on to note that the US spends $10 billion a year on keeping secrets - that is, protecting classified information. He didn't draw the obvious conclusion...

The panel, which included a former undercover agent (Mike German, now with the ACLU), a former director of the US Information Security Oversight Office (Bill Leonard), and a former chief information policy officer from the NSA (Mike Levin), is worth listening to in full. Satirists could have fun with Aftergood's later note, that while you can find out that the 2008 intelligence budget was $47.7 billion, and the 2007 budget was $43.5 billion, the 2006 number is classified - as is the budget from 50 years ago. Aftergood tried to find out the number from the 1940s and was refused; appeal was denied, second appeal was denied, and a lawsuit to force disclosure was unsuccessful. He's not sure how this figure could damage national security; I say with these numbers he could go on Letterman.

Still, it's a fair point to say that secrets are harder to keep than they've ever been, not least because the intelligence community is adopting the same kinds of tools the rest of us use, albeit versions closed to public access. Perhaps we can get away from the sort of thing John Le Carre wrote about at the end of one of his books, in which an agent died for a fact that would be published in a Russian newspaper the following week. The good news is there's to be a review of all these procedures, a "unique opportunity", the panel called it, to effect real change.

We finished today with a selection of ultra-short presentations. Lock your credit record with a ten-digit code, said Jeremy Duffy, and celebrate Sam Warren, Brandeis's less famous partner, said Paul Rosenzweig. The highlight for me, though: meeting < a href="http://www.veni.com">Veni Markowski, whom I've read about for years as Bulgaria's cyberspace king. He's going to work now for the government to coordinate international action on cybersecurity. Good stuff.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Readers are welcome to post here, follow on follow on Twitter, or send email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 4:03 AM | Permalink | Comments (0) | TrackBacks (0)

One hundred and thirty-three days into the Obama Administration. He still still has a lot of fans - one conference attendee was wearing silver Obama logo earrings yesterday and CNet writer Declan McCullough was pleased that a FOIA request that kept him waiting for over a year was answered within a few weeks of the inauguration - privacy advocates are beginning to carp that his record on privacy seems unlikely to be any improvement on his immediate predecessor's. Kicking off the day's first session, Susan Crawford talked some good principles, but a basic one - answering public questions - was off-limits. `

McCullough also noted that Obama has yet to fulfill his promise to post non-emergency legislation for public comment for five days before signing it.

Meanwhile, however, said the ACLU's Caroline Fredrickson, the US's Real ID effort, which threatened to unify state-issued driver's licenses into a single national ID card-equivalent, has halted under the pressure of the refusal of many individual states to participate. Why? Unworkable, costly, and invasive. Sounds like Britain's ID card, though the UK government still persists, lacking state governments to stand in its way.

"A mistake in the database can render you an unperson," she noted.

There was another good line on this: "Information asymmetry is how repressive regimes operate." The Internet's power to flatten information hierarchies all by itself might be why Nicole Wong wakes up every morning and checks her Blackberry to find out which country Google is blocked in today. As the deputy general counsel for Google, it's her job not only to track that sort of thing but to try to remove these blockages by negotiating with national governments. The New York Times recently described Wong as the person with the most influence over the exercise of free speech in the world.

Wong was part of my panel on Internet censorship, we were arguing about censorship in the US, the UK, and Australia, and debating whether John Gilmore's oft-quoted aphorism is still correct. "The Internet perceives censorship as damage, and routes around it," Gilmore thinks he probably said sometime in 1990 or thereabouts. Is that still true, given the computing power to do deep packet inspection? Very possibly not. Derek Bambauer had a neat list of the stages of Internet censorship. Version 1.0: it can't be done. Version 2.0: the bad guys do it. Version 3.0: everyone does it. Australia is on round two of let's-filter-the-Internet, and it is the world's pilot on this. The danger, Wong commented, is that we may get tied up in arguing whether it's OK to filter specific types of content; the existence of a filter in a country like Australia legitimizes filtering for the more repressive countries coming online that she has to negotiate with.

Perhaps the most surprising bit of the day was the appearance on the same panel of Bruce Schneierand Stewart Baker without acrimony. Valerie Caproni, the FBI's general counsel, also on that panel, was a little frostier, particularly when travel data privacy expert Edward Hasbrouck attacked her and the US government's apparent belief that foreigners do not have the same human rights as US citizens. Both Schneier and Baker fired off a few good lines. Schneier pointed out that as technology increases and gives each of us more personal power amplitude, the harm that ten armed men can do to society keeps getting bigger. At what point, he asked, is that noise bigger than society?

Baker, who's made a sort of career of insulting the CFP crowd, more or less agreed: there is an illusion that the continued working of Moore's Law is always going to be beneficial to society. That aside, Baker was slightly miffed. After winning the Big Brother award for Worst Public Official in 2007, he said, Privacy International had yet to deliver his award. Via Twitter PI promised to deliver it. Eventually. When he least expects it.

More tomorrow.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, follow on Twitter, or send email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 4:09 AM | Permalink | Comments (0) | TrackBacks (0)

"Did you check that with your ethics committee?"

The speaker, who was feeling the strain of being a newcomer to privacy issues among a very tough, highly activist crowd, turned a little shakier than she already was.

"I didn't need to," she said, or something very like it. "It's not interacting with humans, just computers."

We spend a lot of time talking about where the line might be between human intelligence and artificial intelligence, but the important question may not be the usual one, Not "What does it mean to be human?" but "How far down the layer of abstractions does human interaction persist?" If I send you email intended to deceive, clearly I'm interacting with a human. If I set up a Facebook account and use it to get you to friend me by first friending one of your less careful friends and never communicate directly with you, the line gets a little more attenuated. Someone who had thought more about computers than about people might get confused.

This sort of question is going to come up a lot as we get better at datamining, the subject of an all-day tutorial on the first day of CFP (you'll find a lot of streams and papers on the conference Web site, if you'd like to investigate further), and you can pick up notes-in-progress on the conference real-time Twitter feed. (I missed out on the annual civil liberties in cyberspace tutorial, and others on health data privacy and behavioral advertising.)

The important point, as speakers like Khaled El Emam, a research chair at the University of Ottawa, and Bradley Malin, made clear, is that it's actually very difficult to anonymize data, no matter how much governments would like to persuade us otherwise. Pharmaceutical companies want medical data for research; governments want to give it to them in return for (they hope) lowered medical costs.

But what is identifiable data? Do you include data that can be reidentified when matched against a different dataset? The typical threat model assumes that an attacker will try once and give up. But in one case, Canadian media matched anonymized prescription data for an acne drug against published obituaries, and managed to find four families that matched. Media are persistent: they will call each family until they find the right one.

When we talk about anonymized data, therefore, we have to ask many more questions than we do now. What are the chances of unique records? What are the chances of unique records in the databases this database may be matched to? That determines how easy it is to find a particular individual's record. With just a name, full date of birth, and postal codes for the last year, 98 percent of 11 years of patient data covering 4 million people in Montreal was uniquely identifiable.

People have of course been working on this problem because patient data is incredibly valuable for research to improve public health.

The problem, as Malin noted, is that "People have been proposing methodologies for ten-plus years, and there's not much in the way of technology transfer."

El Emam had an explanation: "A lot of stuff is unusable." Really anonymizing the data using tools such as generalization, perturbation, or multi-party computation, is currently not a practical option: it leaves you with a dataset you can't analyze using standard research tools. Ouch.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, follow on Twitter, or reply by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 2:49 AM | Permalink | Comments (0) | TrackBacks (0)

Are users getting better or worse?

At what? you might ask. Naturally: at being thorns in the side of IT security people. Users see security as damage, and route around it.

You didn't need to look any further than this week's security workshop, where this question was asked, to see this principle in action. The hotel-supplied wireless was heavily filtered: Web and email access only, no VPNs, "undesirable" sites blocked. Over lunch, the conversation: how to set up VPNs using port 443 to get around this kind of thing. The perfect balanced sample: everyone's a BOFH *and* a hostile user. Kind of like Jacqui Smith, who has announced plans to largely circumvent the European Court of Human Rights' ruling that Britain has to remove the DNA of innocent people from the database. Apparently, this government perceives European law as damage.

But the question about users was asked seriously. The workshop gathered security folks from all over to brain storm and compare notes: what are the emerging security threats? What should we be worrying about? And, most important, what should people be researching?

Three working groups - smart environments, malware and fraud, and critical systems - came up with three different lists, mostly populated with familiar stuff - but the familiar stuff keeps going and getting worse. According to Symantec's latest annual report spam, for example, was up 162 percent in 2008 over 2007, with a total of 349.6 billion messages sent - simply a staggering waste of resources. What has changed is targeting; new attacks are short-lived, small distribution affairs - much harder to shut down.

Less familiar to me was the "patch window" problem, which basically goes like this: it takes 24 hours for 80 percent of Windows users to get a new patch from Windows Update. An attacker who downloads the patch as soon as it's available can quickly - within minutes - reverse-engineer it to find out what bug(s) it's fixing. Then the attacker has most of a day in which to exploit the bug. Last year, Carnegie-Mellon's David Brumley and others found a way to automate this process (PDF). An ironic corollary: the more bug-free the program, the easier a patch window attack becomes. Various solutions were discussed for this, none of them entirely satisfactory; the most likely was to roll out the patch locked, and distribute a key only after the download cycle is complete.

But back to the trouble with users: systems are getting more and more complex. A core router now has 5,000 lines of code; an edge router 11,000. Someone has to read and understand all those lines. And that's just one piece. "Today's networks are now so complex we don't understand them any more," said Cisco's Michael Behrenger. Critical infrastructures need to be more like the iPhone, a complex system that nonetheless just about anyone can operate.

As opposed, I guess, to being like what most people have now: systems that are a mish-mash of strategies for getting around things that don't work. But I do see his point. Once you could debug even a large network by reading the entire configuration. Pause to remember the early days of Demon Internet, when the technical support staff would debug your connection by directly editing the code of the dial-up software we were all using, KA9Q. If you'd taken *those* humans out of the system, no one could have gotten online.

It's my considered view that while you can blame users for some things - the one in 12.5 million spam recipients Christian Kreibich said actually buys the pharma products so advertised springs to mine - blaming them in general is a lot like the old saw about how "only a poor workman blames his tools". It's more than 20 years since Donald Norman pointed out in The Design of Everyday Things that user error is often a result of poor system design. Yet a depressing percentage of security folks complaining about system complexity don't even know his name and a failure to understand human factors is security's single biggest failure.

Joseph Bonneau made this point in a roundabout way by considering Facebook which, he said, really is inventing the Web - not just in the rounded corners sense, but in the sense of inventing its own protocols for things for which standards already exist. Plus - and more important for the user question - it's training users to do things that security people would rather they didn't, like click on emailed links without checking the URLs. "Social networks," he said, "are repeating all the Web's security problems - phishing, spam, 419 scams, identity theft, malware, cross-site scripting, click fraud, stalking...privacy is the elephant in the room." Worse, "They really don't yet have a business model, which makes dealing with security difficult."

It's a typical scenario in computing, where each new generation reinvents every wheel. And that's the trouble with automation with everything, too. Have these people never used voice menus?

Get rid of the humans and replace them with automated systems that operate perfectly, great. But won't humans have to write the automated systems? No, automated systems will do that. And who will program those? Computers. And who...

Never mind.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to follow (and reply) on , post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 3:21 PM | Permalink | Comments (0) | TrackBacks (0)

Two people in the audience said they were actually at Woodstock.

The math: Champaign-Urbana's Virginia Theater seats 1,600 ("I saw all the Star Wars movies in this theater," said the guy behind me). Audience skews somewhat to Baby Boom and older. Mostly white. Half a million people at Woodstock. Hard to know, but the guy sitting next to me and I agreed: two *feels* right.

This week is Roger Ebert's Film Festival, a small, personal event likely to remain so because of its location: his Illinois home town. A nice, Midwestern town, chiefly known for the university whence came Mosaic. People outside the US may not know Ebert's work as well as those inside it: a Pulitzer Prize-winning print critic, he and fellow Chicago newspaper critic Gene Siskel invented TV movie criticism. The festival is a personal love letter to movie fans, to his home town, and to the movies he picks because he feels they deserve to be more widely known and/or appreciated.

This is what it's like: the second day the parents of one of the featured directors casually pull me to lunch in the student union cafeteria. "I used to sit at this table when I was a student here," said the wife. She pointed across the cafeteria. "Roger Ebert used to sit at that table over there." Her husband pointed in a third direction and added, "And that table over there is where we met."

People come because they love movies - and also love seeing them in a fine theater with perfect sound and projection filled with the ultimate in appreciative audiences. Watching Woodstock last night, people so much forgot that they weren't at a live concert that they applauded each act in turn. And when Country Joe yelled, "What does it spell?" they yelled back "FUCK" at increasingly high volume. (I will remind you that this is America's heartland; these are supposed to be the people whose sensibilities are too delicate for Janet Jackson's nipple. Hah.)

The next morning, at a panel about the tribulations of movie distribution in these troubled times, I found I was back at work. Woodstock Michael Wadleigh - who's heavy into saving the planet now - told a quaint story about the film's release. His contract gave him final cut. Warner Brothers saw his finished length - four hours - and was ready to ignore it and cut it down to one hour 50 minutes. Received wisdom: successful movies aren't longer than that. Received wisdom: rock and roll documentaries are not successful movies anyway. Received wisdom: we have more lawyers than you. Nyaaah. Come and sue us. This attitude toward artists seems familiar, somehow.

So Wadleigh and his producers stole back his film, just like in S.O.B.. The producer then called the studios and convinced them that Wadleigh was deranged enough to actually set fire to himself and all the footage if the studio didn't release the film exactly as he'd cut it. Studio relents (that probably wouldn't happen now either). Film is released at nearly four hours. Still the biggest-grossing documentary in history. Now remastered, cleaned up, sound digitized, etc. for a new DVD. That was, like flower power, then..

Cut to Nina Paley, sitting a few directors down the panel from Wadleigh. Paley, like most of the others here - Guy Madden (My Winnipeg), Karen Gehres (Begging Naked), Carl Deal and Tia Lessin (Trouble the Water) - can't find distribution. Unlike Lessin, who reacted with some umbrage to the notion of giving stuff away, Paley decided that rather than sign away effectively all rights to her movie for five or ten years she turned it over to her audience to distribute for her. Yes, she put all the movie's files on the Internet for free under a share-alike Creative Commons license. Go ye and download. I'll wait.

And what happened? People downloaded! People shared! People started inviting her to speak! People started demanding to buy DVDs. She started making money.

Wait. What?

Boggle, MPAA, boggle.

That doesn't mean to say that movie distribution isn't in trouble: it is. Wadleigh and the Warner Brothers publicity person, Ronnee Sass, next to him, may have a mutual admiration society, but even films that have won top prizes at Cannes and Sundance are having trouble getting seen. Art theaters are shutting down and the small distributors that service them are going out of business.

"Why?" I was asked over lunch. A dozen reasons. People have more entertainment options. Corporate-owned studios would rather gamble on blockbusters. Theaters got unpleasant - carved-up, badly angled, out-of-focus screening rooms with sticky floors and too-loud, distorted sound. To people who were watching movies on small TV screena with commercial disruptions, home theaters look like an improvement - you can talk to your friends, eat what you want, pick your own movies, and pause whenever you like. More, in fact, like reading a novel or listening to music than going to a movie in the old sense, when you didn't - couldn't - yawn halfway through the magic and say, "I'll finish it tomorrow.".

What people have forgotten is the way a theater filled with audience response changes the experience. Would Woodstock have been the same if everyone had stayed home and watched it on TV?

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to follow on Twitter, post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 3:36 PM | Permalink | Comments (0) | TrackBacks (0)

It's not about Phorm, it's about snooping. At Wednesday morning's Parliamentary roundtable, "The Internet Threat", the four unhappy representatives I counted from Phorm had a hard time with this. Weren't we there to trash them and not let them reply? What do you mean the conversation isn't all about them?

We were in a committee room many medieval steps up unside the House of Lords. The gathering, was convened by Baroness Miller of Chilthorne Domer with the idea of helping Parliamentarians understand the issues raised not only by Phorm but also by the Interception Modernisation Programme, Google, Microsoft, and in fact any outfit that wants to collect huge amounts of our data for purposes that won't be entirely clear until later.

Most of the coverage of this event has focused on the comments of Sir Tim Berners-Lee, the indefatigable creator of the 20-year-old Web (not the Internet, folks!), who said categorically, "I came here to defend the integrity of the Internet as a medium." Using the Internet, he said, "is a fundamental human act, like the act of writing. You have to be able to do it without interference and/or snooping." People use the Internet when they're in crisis; even just a list of URLs you've visited is very revealing of sensitive information.

Other distinguished speakers included Professor Wendy Hall, Nicholas Bohm representing the Foundation for Information Policy Research, the Cambridge security research group's Richard Clayton, the Open Rights Group's new executive director, Jim Killock, and the vastly experienced networking and protocol consultant Robb Topolski.

The key moment, for me, was when one of the MPs the event was intended to educate asked this: "Why now?" Why, in other words, is deep packet inspection suddenly a problem?

The quick answer, as Topolski and Clayton explained, is "Moore's Law." It was not, until a couple-three years ago, possible to make a computer fast enough to sit in the middle of an Internet connection and not only sniff the packets but examine their contents before passing them on. Now it is. Plus, said Clayton, "Storage."

But for Kent Ertegrul, Phorm's managing director, it was all about Phorm. The company had tried to get on the panel and been rejected. His company's technology was being misrepresented. Its system makes it impossible for browsing habits to be tracked back to people. Tim Berners-Lee, of all people, if he understood their system, would appreciate the elegance of what they've actually done.

Berners-Lee was calm, but firm. "I have not at all criticized behavioral advertising," he pointed out. "What I'm saying is a mistake is snooping on the Internet."

Right on.

The Internet, Berners-Lee and Topolski explained, was built according to the single concept that all the processing happens at the ends, and that the middle is just a carrier medium. That design decision has had a number of consequences, most of them good. For example, it's why someone can create the new application of the week and deploy it without getting permission. It's why VOIP traffic flows across the lines of the telephone companies whose revenues it's eating. It is what network neutrality is all about.

Susan Kramer, saying she was "the most untechie person" (and who happens to be my MP), asked if anyone could provide some idea of what lawmakers can actually do. The public, she said, is "frightened about the ability to lose privacy through these mechanisms they don't understand".

Bohm offered the analogy of water fluoridation: it's controversial because we don't expect water flowing into our house to have been tampered with. In any event, he suggested that if the law needs to be made clearer it is in the area of laying down the purposes for which filtering, management, and interference can be done. It should, he said, be "strictly limited to what amounts to matters of the electronic equivalent of public health, and nothing else."

Fluoridation of water is a good analogy for another reason: authorities are transparent about it. You can, if you take the trouble, find out what is in your local water supply. But one of the difficulties about a black-box-in-the-middle is that while we may think we know what it does today - because even if you trust, say, Richard Clayton's report on how Phorm works (PDF) there's no guarantee of how the system will change in the future. Just as, although today's government may have only good intentions in installing a black box in every ISP that collects all traffic data, the government of ten years hence may use the system in entirely different ways for which today's trusting administration never planned. Which is why it's not about Phorm and isn't even about behavioural advertising; Phorm was only a single messenger in a bigger problem.

So the point is this: do we want black boxes whose settings we don't know and whose workings we don't understand sitting at the heart of our ISPs' networks examining our traffic? This was the threat Baroness Miller had in mind - a threat *to* the Internet, not the threat *of* the Internet beloved of the more scaremongering members of the press. Answers on a postcard...

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML)

Posted by Wendy M. Grossman at 7:46 PM | Permalink | Comments (0) | TrackBacks (0)

Tomorrow is a thing: a series of events around Britain called the Modern Liberty Convention. Practically everyone I know (and a lot of people I don't) is on the speakers' list at one site or another. A Canadian friend emailed envirously about this: the Brits have it right! she said.

Well, not entirely. The reason you need an event like the Modern Liberty Convention is because you have a problem. Or, as the University College London Student Human Rights Programme has caefully documented, because you've lost a load of freedoms you thought you had (PDF). The list they've compiled is pretty astonishing. In the fact of the Human Rights Act and 800 years of the Magna Carta, 25 Acts of Parliament and 50 individual measures have served to remove freedoms that most British people took pretty much for granted. This is, of course, the problem with an unwritten constitution: it's fine to govern by gentlemen's agreement as long as everyone concerned is a gentleman - that is, that they share a consistent set of values and can imagine that the laws they're creating will apply to them just as much as everyone else they affect.

That this hasn't been the case for sometime is thoroughly documented by the convention's researchers, the University College London Student Human Rights Programme in What we've lost, an inventory of 25 Acts of Parliament and 50 measures that in the few short years of this century have acid-washed liberties that Britons have taken for granted in the 800 years since Magna Carta.

My contribution is to form, on behalf of the Open Rights Group, part of a panel called Business gets personal - can privacy have a future?

The answer, I think, is "maybe" and "sometimes". Businesses invade our privacy for all sorts of different reasons with varying amounts of power over us, so there isn't going to be just one answer. Constitutions don't necessarily help with this, largely because the threat companies pose is so recent. Even the written US constitution can't help us much; there was no such thing as a multinational corporation with an economy bigger than a government's back in the 18th century.

Amazon and eBay retain our user histories in ways that benefit us as well as them. It's helpful to be able to look over past Amazon purchases to make sure we don't give someone the same gift twice; Amazon uses our purchase history to recommend new things we might like. On eBay, your history is your reputation; it's what enables trading with strangers with some confidence. We get less in return - small discounts, preferential seating - in return for the privacy we give away when we sign up for loyalty cards or frequent flyer programs. But in these cases we have choices: we can buy books and groceries with cash from local shops; we can either not fly or vary the airline. As privacy advocates have said for some years, in these situations we tend to sell our privacy very cheaply.

We have little choice about using other types of businesses, such as banks and telephone companies - and there is no market pressure on them to adopt privacy-protecting policies. The nature of their businesses ensures that they have access to particularly intimate information about us. More than that, government mandates such as the anti-terrorism and data retention laws require them to retain that information and make it available. We can't get a better privacy regime by changing banks (unless the new bank is off-shore somewhere) or by switching from BT to Vodafone. Just last week, the US announced proposals to require not only ISPs (as in this country) but anyone operating a Wi-Fi hotspot to retain access logs for two years. The only way those businesses can be forced to change is by changing the law.

The most interesting are the social media, not only social networks like Facebook and Twitter but Web boards. These businesses provide the infrastructure for people to invade their own privacy to an extent that a business would probably never dare ask them to. Users do have some power in relation to these businesses because using these systems really is discretionary. Facebook, when it announced unilateral new terms and conditions last week became only the latest in a long series of online services to discover the speed with which users can revolt. Facebook's response - to try to create a Bill of Rights and ensure the democratic participation of its users in decisions it makes about the site - is interesting. The company has a serious and deep-rooted conflict: if its users don't trust it they won't stay; but the only potential money-making asset it has is its users and their data.

The big mystery is Google. We aren't locked into using it by lack of competitors or government regulation, and we understand its business model perfectly well - collect mountains of data on all of us. And yet we're seduced by that slick interface and those helpful results.

We can't rely on government to control these companies, not least because they'd love to have access to all this data, too. If we want privacy in future, we need to start by making better choices where we can, including in our politics.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 7:19 PM | Permalink | Comments (0) | TrackBacks (0)

It's been a quiet week, as you'd expect. But 2009 is likely to be a big year in terms of digital rights.

Both the US and the UK are looking to track non-citizens more closely. The UK has begun issuing foreigners with biometric ID cards. The US, which began collecting fingerprints from visiting tourists two years ago says it wants to do the same with green card holders. In other words, you can live in the US for decades, you can pay taxes, you can contribute to the US economy - but you're still not really one of us when you come home.

The ACLU's Barry Steinhardt has pointed out, however, that the original US-VISIT system actually isn't finished: there's supposed to be an exit portion that has yet to be built. The biometric system is therefore like a Roach Motel: people check in but they never leave.

That segues perfectly into the expansion of No2ID's "database state". The UK is proceeding with its plan for a giant shed to store all UK telecommunications traffic data. Building the data shed is a lot like saying we're having trouble finding a few needles in a bunch of haystacks so the answer is to build a lot bigger haystack.

Children in the UK can also look forward to ContactPoint (budget £22.4 million) going live at the end of January, only the first of several. The conservativers apparently have pledged to scrap ContactPoint in favor of a less expensive system that would track only children deemed to be at risk. If the conservatives don't get their chance to scrap it - probably even if they do - the current generation may be the last that doesn't get to grow up taking for granted that their every move is being tracked. Get 'em young, as the Catholic church used to say, and they're yours for life.

The other half of that is, of course, the National Identity Register. Little has been heard of the ID card in recent months; although the Home Office says 1,000 people have actually requested one. Since these have begun rolling out to foreigners, it's probably best to keep an eye on them.

On January 19, look for the EU to vote on copyright term extension in sound recordings. They have now: 50 years. They want: 95 years. The problem: all the independent reviewers agree it's a bad idea economically. Why does this proposal keep dogging us? Especially given that even the UK government accepts that recording contracts mean that little of the royalties will go to the musicians the law is supposedly trying to help, why is the European Parliament even considering it? Write your MEP. Meanwhile, the economic downturn reaches Cliff Richards; his earliest recordings begin entering the public domain...oh, look - yesterday, January 1, 2009.

Those interested in defending file-sharing technology, the public domain, or any other public interest in intellectual property will find themselves on the receiving end of a pack of new laws and initiatives out to get them.

The RIAA recently announced it would cease suing its customers in the US. It plans to "work with ISPs". Anyone who's been around the UK and France in recent months should smell the three-strikes policy that the Open Rights Group has been fighting against. ORG's going to find it a tougher battle, now that the govermment is considering a stick and carrot approach: make ISPs liable for their users' copyright infringement, but give them a slice of the action for legal downloads. One has to hope that even the most cash-strapped ISPs have more sense.

Last year's scare over the US's bald statement that customs authorities have the right to search and impound computers and other electronic equipment carried by travellers across the national borders will probably be followed up with lengthy protest over new rules known as the Anti-Counterfeiting Trade Agreement and being negotiated by the US, EU, Japan, and other countries. We don't know as much as we'd like about what the proposals actually are, though some information escaped last June. Negotiations are expected to continue in 2009.

The EU has said that it has no plans to search individual travellers, which is a relief; in fact, in most cases it would be impossible for a border guard to tell whether files on a computer were copyright violations. Nonetheless, it seems likely that this and other laws will make criminals of most of us; almost everyone who owns an MP3 player has music on it that technically infringes the copyright laws (particularly in the UK, where there is as yet no exemption for personal copying).

Meanwhile, Australia's new $44 million "great firewall" is going ahead despiteknown flaws in the technology. Nearer home, British Culture Secretary Andy Burnham would like to rate the Web, lest it frighten the children.

It's going to be a long year. But on the bright side, if you want to make some suggestions for the incoming Obama administration, head over to Change.org and add your voice to those assembling under "technology policy".

Happy new year!

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her Posted by Wendy M. Grossman at 6:22 PM | Permalink | Comments (0) | TrackBacks (0)