For years the received wisdom has been that the UK is too different. In both countries the legacy monopoly telecommunications supplier ran into deregulation in the mid-1980s. In the US, that began with the court-ordered break-up of AT&T, leading to the set of seven "Baby Bells", which have since merged back into three, much like the shards of the liquid metal man in Terminator 2. In the UK, it's been government policy to open up BT's network to competitors, and its behavior is closely scrutinized. That's harder to do in the US where so much happens at the state, rather than federal, level.

While both countries have large companies wishing to lock consumers into bundles that include broadband, telephone, mobile, and television, the average British Internet user who cares to look has probably dozens of choices of supplier, not all of whom buy their upstream bandwidth from BT Wholesale. The average American is lucky if they have two.

The bigger differences lie in the way television is funded and provided, partly because of the UK's entrenched public service broadcasting and partly because of geography. Given the US's size, in many areas either you have cable or a satellite dish or you don't have television at all because the nearest broadcast station is too far away. In the UK, terrestrial broadcast blankets the nation and the major broadcasters (BBC, ITV, Sky) have teamed up to offer free satellite (Freesat) and broadcast (Freeview) systems whose array of channels is entirely competitive with cable or paid satellite if you can do without the premium channels (mostly movies and sports). I cut the cord on cable a year ago in favor of Freesat plus an online subscription to the tennis tours.

Given this situation, it's not surprising if BT thinks it needs television content in order to compete effectively with Virgin and other ISPs.

In 2010, the BBC's Rory Cellan-Jones asked the network neutrality question about BT when BT Retail's commercial director referred in an interview about prioritizing network traffic so that television streams would reach consumers uninterrupted. There are, Ofcom told Cellan-Jones at the time, no rules against the widespread practice of traffic shaping, and let's face it: if you're watching a video stream or making a voice call it's a lot more important to get your packets immediately and continuously than if you're loading a Web page or reading your email.

In 2011, BT's announcement of Content Connect raised similar questions; that wholesale service was, again, intended to speed delivery of streaming video by using local servers - which sounds like the kind of content caching that goes on all over the place.

For me, what raised more questions was BT's announcement in June 2012 that it had paid £738 million for the rights to 38 Premier League football games and then in February 2013 that it had acquired ESPN's UK and Irish channels. These channels are the basis of BT Sport, which will broadcast a load of football, in direct competition with Sky (and, they tell me, some women's tennis). We are now talking about the country's most significant telecommunications infrastructure provider competing directly with other companies whose content it carries.

Accordingly, this is the announcement that to me is the serious one. The really vital thing in ensuring network neutrality is not banning practices that speed service but in avoiding giving dominant suppliers leverage over their competitors or incentives to break it. Otherwise, you get discriminatory service - exactly what the EU is investigating Google for This is the classic first principle of antitrust law: the owners of the means of distribution should not be allowed to also own the content that streams through it.

Two of the best-known cases under the US's 1890 Sherman Act illustrate the point perfectly: the break-ups of the movie studios and of Standard Oil. In the former, the movie studios were required to divest themselves of theater chains; in the latter, the company was broken up into dozens of smaller ones. As in the AT&T break-up, some of those smaller ones - Exxon and Mobil - have merged back together, but by the time they did the landscape had substantially altered.

In some of these cases you could argue that regulatory action was rendered unnecessary because new technologies were about to present them with new forms of competition. The AT&T break-up was in 1984 and separated local and long distance reveues; by 1990 the Internet would have begun threatening the latter anyway - although law professor Susan Crawford argues that the subsequent mergers have undone the break-up's competition benefits. Similarly, Paramount Pictures' break-up in 1949 was rapidly followed by the challenge of television.

We can't bet on such a radical change this time. Instead, BT may become a content supplier to other ISPs while, conversely, in the US Google is building out local fiber. Watch this space.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

Defcad started up in the summer of 2012 when Makerbot, the owner of the 3D printing design-sharing site Thingiverse, refused to host designs for firearms. Those who know Net history will see a parallel here to early Usenet, when the relatively small group who ran things refused to create rec.drugs and talk.drugs. Frustrated, Gorden Moffett, John Gilmore, and Brian Reid routed around the decision and created the alt hierarchy, and with it alt.drugs, alt.sex, and, for symmetry, alt.rock-n-roll, setting the tone for Internet defiance of centralized control. This episode was followed by such incidents as the many mirror sites set up to host Scientology secrets in 1995 and the so-called Streisand effect. And yet it still seems not to have landed. By the time the US State Department acted, the files had been downloaded 100,000 times, and they're now readily available on your favorite torrent site.

Society at large is not in any imminent danger from these downloads, certainly compared to the millions of (metal) guns sold in the US each year: it's the sort of thing people grab because they *can*, out of curiosity. Few have the resources to really use the files. See for example Philip Bump, who recounts in The Atlantic the impossibility of actually getting the thing printed. The Guardian's Charles Arthur writes that specialists approached by British newspapers refused to print the design for safety reasons.

Obviously it's not making plastic guns that's the issue; it's how to control who has them. This is the source of the panic, and the danger isn't the gun but the bad law people make when in that state of mind, particularly in the light of recent terrorist attacks.

The early proponents of 3D printing specifically, and additive manufacturing more generally, hope it will eliminate some transportation costs, use materials more efficiently, create utterly new possibilities, and enable customization. In their recent book, Fabricated, Cornell researcher Hod Lipson and technology analyst Melba Kurman talk about the three stages they believe 3D manufacturing will go through:

First we will gain control over the shape of physical things. Then we will gain new levels of control over their composition, the materials they're made of. Finally, we will gain control over the behavior of physical things.

Under the influence of Lipson and Kurman, the world is on the verge of becoming infinitely malleable. They seem particularly entranced by the prospects for food printing customized to provide the healthiest possible diet for a particular genotype and lifestyle and living human tissue. The Defcad launch video linked above, however, has a different set of excitements: the democratization of manufacturing items previously controlled by regulation or copyright, much as the Internet did to digital content. Per the video, the site's goal is making an "unblockable open-source search engine for all 3D-printed parts", bypassing industry and government to make "the important things" like "medical devices, drugs, goods, guns".This is the 2013 physical world equivalent of Timothy May's Crypto Anarchist Manifesto. (Except, of course, that faced with a government threat the site promptly voided its video promise of "No takedowns - ever".

I've long thought that the first phase, now rushing at us, would recapitulate, far less pleasantly, the copyright and content wars of the last 20 years of the Internet's development. When the Defcad link came up for discussion among a few members of the Open Rights Group advisory council, I said as much. Certainly, the market and uses are growing fast. Alan Cox, who posted some thoughts earlier today which call this takedown the beginning of "the unavoidable collision between speech and physical objects", had a different take.

Cox felt there were four areas government should think about: trademark enforcement, regulation to protect people in shared environments (such as roadways; never mind thoroughly tested self-driving cars; what about the guy who's printed a wheel?); health and safety education for maker communities; and the recyclability of materials. "I would be far more concerned about the number of people who end up injuring themselves on badly designed home 3D printed objects," he concluded. This all makes sense to me.

But the bigger thing governments should think about is what can sensibly be regulated, and for that they must first free their minds of thinking they know what *things* look like. In that discussion, Cox called guns "irrelevant and old-fashioned". The key change brought by 3D printing and other additive manufacturing technologies is that we are not limited to the constrained shapes of the past. They knew Defcad had firearms because Defcad said so. Criminals wouldn't be so helpful - and if we could reliably understand what a series of bits described we wouldn't be in so much trouble with respect to cybersecurity.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

In the case of government policy-making, the complaints are well-known and of long standing; they boil down essentially to the fact that policy is made by the few for the many, and there are always going to be disconnects in the interface between those two groups. The few may ignore, not understand, or not hear expert advice; the people most affected may not have a voice; entrenched prejudice may prove impossible to shake; the political climate may mean certain ideas simply will not be considered; or the resulting legislation may be derailed at the last minute by special interests. These difficulties are likely to remain no matter what mechanism you use for enacting legislation and no matter how you gather information and opinion beforehand. And the people don't always know best: in California, where the number of referendums turns the published voter instructions into something the size of a telephone book, popular policies may have adverse consequences that persist for decades after they become law.

The technology world has a weird and uneasy relationship with all this. Policy making is slow, which techies tend to hate. It's *governmental*, which libertarian techies tend to hate even more. Young upstarts simply ignore it by routing around it: the release of PGP onto the Internet in 1991, for example, up-ended entrenched policies on encryption. It's almost a sign investors could use that a technology company has reached the dreaded maturity when instead of bypassing laws by deploying new technologies it starts sending delegations to legislatures and hiring lobbyists.

It was therefore interesting to listen to the civil servants assembled for yesterday's London tea camp chew over short presentations from various people attempting to make real change in how policy-making happens in Britain. This is a discussion that I'd missed until now but that is taking place in a number of venues and reflects a broader plan for civil service reform that includes improving policy-making.

Among the major questions raised yesterday is how to broaden the range of information and participants: today's model of publishing consultations, collecting and collating responses, and then publishing reports and draft legislation attracts only the most dedicated respondents who then risk being thought of as cranks if they say the same thing too often even if they're both expert and right.

This is Anthony Zacharzewski's focus; his organization, Demsoc, aims to broaden participation. Government policy, he said yesterday, "has to be based on the best possible information. There are far more sources of information out there than policy-makers use." One of the things he complained about is speed: "People don't want to wait four years to change policy. We have to find people in the networks where they are already having conversations. They won't come to us."

And yet: policy-making isn't a speed trial. Policy that is going to affect a nation for decades to come should be implemented deliberately, slowly, and after careful thought.

Hannah Rutter, (Twitter: @openpolicyuk), from the Cabinet Office, struggles with the meaning of "open" in "open policy". "How to consult more widely is just one sliver," she said. "There's a broader piece about how to broaden the quality of the evidence we're getting - not just more academics and more think tanks - the people who are experiencing and delivering the services."

Other speakers are looking at how the civil service works, trying to use agile technologies to remake how policy is created, and running small, manageable experimental projects that can be shut down quickly and cheaply if they don't work. "If you're going to fail, fail fast," as Alice Newton (Twitter: @aliceenewton) put it.

That particular idea up-ends a characteristic of British government that the late Margaret Thatcher was especially keen on: policy begins at the center and propagates outward. The UK has no analogue to the US, where local government has its own revenue-raising powers and where therefore policies may start locally and then sweep the states before arriving at the federal level (data breach notification laws, for example, which started in California and worked eastward). Allowing the local authorities at the coal face to propose and test policies they want and let the successful ones percolate upwards would be a profound reversal of decades of increasing power at the center.

The more complex issue is harder to solve: how do you change the influence of money and promises of jobs that can sway and distort policy decisions, most notably but not solely in areas like copyright? It was the realization that policy-makers were simply not hearing the other side of the copyright debate that led Lawrence Lesssig to found a movement to counter that kind of influence. This is the problem open policy really has to tackle. Because: what politician will tell the nice man promising jobs in their local constituency to go away because a bunch of ragged-trousered posters on Twitter are opposed to the policy the nice man wants?

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of the earlier columns in this series. Stories about the border wars between cyberspace and real life are occasionally posted at the net.wars Pinboard - or follow on Twitter.

I have a lot of sympathy with Peru's and Brazil's claim "Amazon" is a lot older than Jeff Bezos On the other hand, they already have the country codes .br and .pe respectively; it's not like they'll fall off the Internet without .amazon as well. But the lack of consensus about the purpose of the DNS (other than to ease human navigation) means these conflicts are inevitable. No clear structure guides who gets precedence: countries or companies, geographical regions or brand names.

The brief background: traffic is routed around the Internet by computers that use numbers - Internet Protocol addresses. To make it easier for humans, in 1983 Paul Mockapetris created the Domain Name System, which provides a server that takes the name you request and routes your request to the correct number. Domain names are hierarchical and read right to left in order of increasing specificity: google.com takes you to Google's main page, news.google.com takes you to the news servers at Google. The rightmost piece (.com in google.com) is known as the top-level domain, and these come in two types: generic (.com, .edu) and country code (.us, .uk). The intention was that national enterprises would register under their country code, and only multinational organizations would register under the handful of generic top-level domains (gTLDs): .edu (educational), .org (non-profits), .mil (military), .net (for staff of ISPs), and, of course, .com (for commercial organizations).

Blame the users that things did not work out that way. As things shook out, everyone wanted to be in .com, the gTLD that Mockapetris had originally opposed creating. As the early rush online grew into the dot-com boom of the late 1990s, people began complaining that all the "good names" were taken. By this they meant that the *meaningful* names in .com were taken. By 1997, plans were afoot to create more gTLDs and add support for international - that is, non-ASCII - alphabets.

Since then, a relatively small number of new gTLDs have been created with, it seems to me, relatively little effect. As of March 2013, there were more than three times as many registrations in .com as in the next seven gTLDs put together. It's also notable that the top three continue to be the oldies: .com, .net, and .org. What isn't so easily calibrated is the percentage of registrations that are defensive: IBM, for example, is registered in .biz, .info, and .org (plus, I'm sure, many country code domains as well), all of which divert to its main site at ibm.com.

In 2011, ICANN announced it would create as many as 1,000 new gTLDs via an application process that starts with a $185,000 fee and that closed to new entries in March 2012. Vetting the 1,900 applications ICANN received is understandably slow.

The absurdity of the whole situation is that what really matters are the numbers. You can, as the instructions for bypassing the UK court-ordered block on accessing The Pirate Bay show, get to a site using only its number (assuming you know it). Censorship efforts so far have focused on blocking access to a given site by altering the DNS server's response to requests for its name - a man-in-the-middle attack, basically. Yet few understand the numbers; it's the names that have meanings people care about.

Personally, I've never been convinced that the new gTLDs answer any real need. More, they revive and intensify all the old conflicts and confusions: under the old system you can have amazon.pe, amazon.us, and amazon.com and the "amazon" in each case can mean something different. Under the new one, only one usage can win. Kieren McCarthy, who has covered ICANN in greater detail than any other journalist I'm aware of and who even worked for the organization for a time, has raised a more frightening issue: that the Governmental Advisory Committee has demanded "safeguards" for the new gTLDs that, if implemented, could mean government-ordered content restrictions.

From the day ICANN was created, this potential for the organization to engage in censorship has been a frequently-voiced concern. So far, it has stuck to a narrow technical remit. But this year is seeing many more concerted efforts: the British Prime Minister is pitching for clean public wifi, and Eric Schmidt is imagining an Internet carved up by censorship into national regions. Whatever the DNS is for, it shouldn't be for implementing censorship. As Evgeny Morozov would despise me for saying: it would break the Internet as we know it.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Stories about the border wars between cyberspace and real life are posted throughout the week at the net.wars Pinboard - or follow on Twitter.

In the mid-1990s, in a famous incident at the Computers, Freedom, and Privacy conference, which at the time was a hotbed of opponents to key escrow and defenders of the wide deployment of strong cryptography (privacy, security, authentication), the lawyer Stewart Baker told those assembled that the only opposition to key escrow was coming from "people who couldn't go to Woodstock because they had to stay home and finish their math homework". (To be fair to Baker, despite the insult, he's ever since been a very good sport about coming to CFP and being insulted right back by people who violently disagree with him. So, wash.)

In 2001, when Britain began the process of passing what became the Anti-Terrorism, Crime, and Security Act, the then Home Secretary, Jack Straw, called those who opposed key escrow in the mid-1990s "naïve", and suggested that the 9/11 attacks ought to be making us think better of said opposition. Now I'm told that the bill's sponsor, Mike Rogers (R-MI) stood up in Congress and urged the passage of the Cyber Intelligence Sharing and Protection Act (CISPA) and said, "if you're a 14-year-old tweeter in the basement" you don't understand why Congress needs to pass CISPA".

For those who've lost track, CISPA is the US bill that seeks to carve out a large exception to privacy law for "cybersecurity". Its provisions would give companies new rights to monitor their users and share the resulting data with government. The government needs no warrant, and the legislation grants the companies immunity from lawsuits. It creates, in other words, the surveillance-industrial complex that people used to think only paranoids thought could happen.

Let's say up front that 14-year-olds aren't what they used to be. Aaron Swartz won the ArsDigita Prize at 13, and at 14 he was part of the group that wrote the first version of the RSS standard. I don't care where kids like that tweet from; they're worth listening to. More to the point, of course, the opposition spans dozens of civil liberties groups, none of which are staffed by 14-year-olds.

I am 59, so, yes, I was too young for Woodstock. I tweet from wherever I happen to be but have no basement. I was opposed to key escrow, and am opposed to CISPA. I recognize - how could I not? - the very real threats we all face from terrorism. But there are much bigger risks - driving cars, going out in public where there are flu viruses - that we all take every day without thought. We are at much lower risk from terrorism, but are more frightened of it because a) it's new and b) it seems more out of our control.

On Wednesday, Bruce Schneier smartly rewrote and posted his "refused to be terrorized" essay (others' related thoughts are linked from that posting). The gist: don't panic and pass bad laws that stick. Refuse to be terrorized by going about life as normal. The ongoing disruption to public life, the raised anxiety, the man-centuries of bag and personal searches, the economic uncertainty, the vast sums spent on surveillance infrastructure - these are the real goals of terrorist activity. When, yesterday, Farhad Manjoo argued in Slate that what we need is more security cameras, he was reacting as intended..

On Thursday, the non-14-year-olds in the House of Representatives passed CISPA. If each incident keeps ratcheting up the fear-driven deployment of surveillance technology, the US may become as different from what we think of as American democratic values as the McCarthy era was. Instead of loyalty oaths and blacklists this would mean pervasive automated control.

It's unfortunately hard to explain to frightened people why hoping that sacrificing core values of liberty and democracy, privacy and personal autonomy will buy safety is wrong, especially with so little public understanding of statistics. Mass surveillance *will certainly* make you less free but it only *may* pay off in increased safety - and that pay-off will be highly unevenly distributed. You are never going to be able to lock down all possible targets.

Last year, when the hated bills du jour were SOPA and PIPA, technology companies and digital rights activists were on the same side. The evil genius of CISPA is that it divides us up: digital rights activists oppose it, particularly the warrantless data sharing. But because the bill relieves these data-driven companies like Facebook and Google of the worry about being sued by angry customers, their motivation to join with activists in opposing CISPA is limited. Privacy policies, contrary to what we'd like to believe, to protect companies' corporate asses, not us. This is likely to be a much tougher fight, even though CISPA's similar passage through the House last year was followed by rejection in the Senate. Worse, the drafters of future legislation know now that Internet companies will abandon digital rights rhetoric in favor of their business interests: they can be bought.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Stories about the border wars between cyberspace and real life are posted throughout the week at the net.wars Pinboard - or follow on Twitter.

Danforth is demonstrating the only actual robot at this year's at We Robot, which is otherwise mostly lawyers scoping out the legal challenges robots will bring. Danforth's video clip has it rolling around a little to chase a ball: I imagine becoming quickly bored (yes, yes, Aibo).

Yet Danforth confidently predicts that in six months "incredible, unexpected new robots you want in your home" will be available; in a year thousands of homes will have them; in two years tens of thousands; and five years will produce the first "true AI". We are less than a mile away from the research lab where John McCarthy labored for 50 years; in 1956 he thought it would take six months.

Danforth's ideas tap into a particular trend, which Ken Goldberg at UC Berkeley calls "cloud robotics". Today's networked computational power means that you can launch a cute pet robot into the market with rather limited abilities, and let it improve in the field via the cloud. People enjoy teaching pets tricks and find it endearing when they fail; why shouldn't this apply to robots? Coalescence happens for me when someone asks what kind of data this cute little pet will be collecting, especially in conjunction with other recent events. Answer: video, audio, accelerometer, and geolocation from an attached GPS unit, all sent to a central server, from where the data can be shared back out again so my robot suddenly knows a trick that yours has learned. Someone's actually implementing Rupert Sheldrake's morphic resonance.

Danforth claims the data will not be looked at by humans. Not impressed: as the ACLU's Jay Stanley has pointed out, what matters is less whether data is examined by humans or read by machines than the way the resulting decisions reverberate through the rest of our lives. Later, Danforth tells me the stream will be encrypted in transit to and from the server, and he hopes that if law enforcement issues a subpoena he'll be able to say he has no data to show them. Now, why does that make me want to say CALEA and communications data bill?

The notion of robot as intimate data collection device came up at the first We Robot last year, among the many other things lawyers worry about, like liability, but this is less hypothetical. It shows that Charlie Stross was right in his talk about the future of Moore's Law that computational power is yesterday's future, just as increasing transportation speeds were the future of the first half of the 20th century. Today's future is rapidly emerging as data (his meditations on the implications of bandwidth included lifelogging). Big data, open data, algorithmic decision-making. Asimov did not, if I remember correctly, consider this aspect of robotics. His robots fought through individual behavioral tangles brought upon them by the Three Laws, but did not collaborate across vast data networks and did not wrestle with deciding whether disclosing their intimate knowledge of you to a hostile interrogator would cause you sufficient harm that they should harm the interrogator or self-destruct rather than answer.

Julie Martin saw this as a possibly hopeful thing: "Robotics cases may force people to look at things they should be looking at," she said. "It shouldn't be different because it's robotics." She meant that the world is now full of data collection technologies we shouldn't be taking so casually, and robots provide an opportunity to make that visible enough to engage people in stopping it. In response, Ian Kerr commented that Ryan Calo has made similar comments about drones in the past - that they would spark a chance to h4ave and win a privacy debate that should have already taken place, "but I'm cautiously apocalyptic about that now".

One of Martin's examples was Tesla's recent spat with the New York Times, which showed how much data cars can collect about their drivers. Unfortunately, if the past discussions are any guide, the argument others will make is that in a world of CCTV cameras, wiretap-ready telephone services and ISPs, online profiling, and audit trails, "why should robotics be any different" will be the line used to justify the invasion of our most private settings. Cue Bill Steele's 1970s song The Walls Have Ears.

At this point an evil thought occurs: you sell a cute robot people will fall in love with. You include the kind of subscription service common in software, where you push updates and improvements to the robot automatically. Or, in the way of today's world, you offer those services free, contingent on my agreeing to data sharing. When I fail to resubscribe or refuse to provide data, all that stops. With an Internet service, the site stops giving me personalized service (search results, targeted ads). A pet robot would seem to stop loving me back. This seems to me a chilling but perfectly plausible business model and not at all what we imagine when we long for a robot to do the housecleaning.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Stories about the border wars between cyberspace and real life are posted throughout the week at the net.wars Pinboard - or follow on Twitter.

At a Westminster eForum on the data protection reforms (PDF) a couple of weeks ago, the deputy commissioner David Smith, from Britain's Information Commissioner's Office, commented that he thinks RTBF "may have unintended serious impact by setting users' expectations too high for what can realistically be achieved". Today, media stories are reporting that the UK wants to opt out, for just those reasons. As the Telegraph explains matters, currently individuals have the right to object to wrong information; what's proposed is to extend that right and put the onus on companies to comply. At stake for non-compliance (with the various new rules, not just RTBF): up to 2 percent of a company's global income.

Smith thought it would be better to characterize it as a "right to object", and thought seen in that light it could be a good thing: "I can say I object and ask you to stop, and you will have to stop unless you can come up with valid reasons." Such a right would, he said, reverse the burden of proof in existing processes, rather like shifting from opt-out to opt-in. This seems reasonable to me, in part because no matter what the law says it's impossible to be sure that every copy of anything has been removed from the Internet.

Framed Smith's way, the proposals seem more rational: there is real harm at stake here. For example, why should someone applying for a job be at a disadvantage because the first few pages that turn up in a Google search are full of abusive postings over something you said once about Harry Potter? Whether or not you did anything wrong, today's cover-your-corporate-ass attitudes will move on to a less controversial candidate. It can take years to push that kind of thing down enough pages that Human Resources will lose patience before finding it. Similarly, with no obligation to check, update, or correct information, sites are free to spread as much misinformation as they like. These are issues that have been well covered by privacy scholars such as Daniel Solove and, in his 2010 book, Delete, Viktor Mayer-Schönberger.

Anyone with a modicum of technical knowledge about the Internet will say it's not reasonable to expect ISPs, search engines, hosting sites, and social networks to police the steady flood of data that's being posted. Granted. Much impetus behind RTBF came from the discovery, largely due to research by Cambridge's Joseph Bonneau, that deleting material from social networks is often purely cosmetic: the material is not served up to the public but continues to reside on their servers. Bonneau published his research in 2009; it was August 2012 before Facebook changed the system so that deleted means deleted. The hunger of (especially) advertising-supported companies for Big Data means there is a genuine need for this intuitively correct right to be backed by law. The alternative risks rampant deception, only revealed occasionally when researchers like Bonneau are motivated to dig and publish.

Other difficulties concern the nature of social networks. If a circle of friends regularly post pictures of themselves and each other, large holes are torn in the social fabric if one demands that all material related to them be deleted. What are the boundaries of RTBF in a time when people, like networks, are losing their defined perimeters?

Naturally, the biggest push-back against RTBF is coming from the US, home of the biggest advertising-driven companies. In the Stanford Law Review, Jeffrey Rosen analyzes the legal roots of this cultural disjuncture, tracing it to variations in the way past convictions are handled in criminal law. In the US, convictions are published while in Europe after a certain amount of time has passed they are "spent" - essentially, forgotten. In 2009, Wikipedia was the center of exactly this cultural clash.

Like Lauren Weinstein, who sees RTBF as a modern reenactment of the memory hole in Orwell's 1984, Rosen concludes that RTBF necessarily means chilling freedom of expression and implementing mass censorship. Peter Fleischer, Google's global privacy counsel, doesn't love it either: by January 2012 he was complaining that, their expectations raised, individuals were asking for links to legally posted information about them to be deleted from search listings, perhaps referring to the workings of a relevant Spanish law. Fleischer and the EU went on to argue about whether search engines should be responsible for such deletions or not. Last week, a US coalition launched that claims it wants to find a balance between protecting privacy and ensuring the free flow of information.

The labyrinthine process of legislation in the EU makes it hard to parse the thousands of amendments and myriad committee votes to get a sense of how this particular debate will translate into law. You would hope that the length and complexity of the process would result in a nuanced outcome.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Stories about the border wars between cyberspace and real life are posted throughout the week at the net.wars Pinboard - or follow on Twitter.

This is of course obviously true. We can say it in a Yes, Minister irregular verb: I do theoretical physics; you discover nuclear fission; he bombs Hiroshima. Or, updating, I wish I didn't have to push a light switch; you write an app to do it; he gets rid of electrical inspections because there's an app.

In The Net Delusion, Morozov argued that despite the Internet pioneers' best intentions, their inventions can be and are smartly used by authoritarian governments to surveille and repress their populations, who, in turn, are more interested in downloading pictures of cats than engaging in political revolt. Now, Morozov extends that "net delusion" into twin, trending obsessions: "solutionism" and "Internet-centrism".

Internet-centrism values the Internet and its well-being above all other interests. You see it in action when network neutrality advocates or copyright reformers complain that some new proposal is "bad for the Internet", or will "break the Internet". As someone written about the Internet and the battles over its freedoms this is not how I feel: the Internet is not a god to me, but, as I suspect it is to many others, an opportunity to be protected. Once upon a time, the Internet seemed special.

On Wednesday, Morozov defined solutionism this way: "the shallow intellectual tendency emerging in the last decade where we identify problems as problems based solely on the idea that we have the means of perfection or solution". In other words, it's the state of mind in which if you have a hammer you believe it can solve all problems whether or not they look like nails. As Morozov did not say, an example might be the British national ID card, which in the last 50 years has been touted as the solution to football hooliganism, benefit fraud, immigration, health tourism, employment fraud, serious and organized crime, terrorism...

Or, as Morozov did say, the state of mind in which Facebook and Google present themselves as more like humanitarian missions than companies. Google wants "to organize the world's information and make it useful"; Mark Zuckerberg said - in his letter in Facebook's IPO prospectus! - that Facebook's social mission is more important to him than its business. Or Amazon, whose founder, Jeff Bezos, Morozov cited, perhaps thinking of this, as seeing getting rid of gatekeepers as an unalloyed good: "His company is the ultimate gatekeeper!"

It's easy to agree when Morozov complains that starting with technology is starting from the wrong end. And yet...what he was saying seems disconnected from the activists I know. Of the familiar authors he cites, most (other than Lessig, who was the inspiring force behind creating Creative Commons and Rootstrikers) are academics light on practical action. When I think of open data, the first to spring to mind are the guys at MySociety, who have sequentially opened up access to local information, Parliamentary records, and the negotiations at the United Nations? Is open data an unalloyed good? Of course not. Is it possible, as Lessig argued in his 2009 essay Against Transparency, that devoid of context people will get the wrong idea? Of course. But isn't that how MPs would have justified refusing to disclose their expenses to Heather Brooke?

In the activist trenches you find the good and bad debated and scrutinized, not ignored. These are not people who revere technology at the expense of "goals and agendas previously held dear"; instead, they are trying to use technology to further those goals - or rein in technology where it threatens them. As Judith Rauhofer memorably said at a conference a few years back, "The world's social norms don't change just because some rich geeks in California say they have." In my neck of the world it's quite hard to find libertarians who think that giving everyone an app so they can check meat products for horsemeat is a better option than a government agency whose job it is to ensure food safety in its many forms. Cue Morozov: "Once there's an app, it's harder to defend institutions."

It is certainly fair to say that those favoring small government - in the UK, the current coalition, in the US the Republications - are eager to deploy technological substitutes such as computer assessment for capability to work. But Morozov went on to draw an interesting but uncertain connection between the self-quantified movement and a longer and larger trend, driven by pharmaceutical companies and doctors: "We are under constant pressure to look for more and more biomarkers, identify more diseases, real and imaginary, and buy more drugs to fix them. If that's the broader logic of how we think about health, self-tracking fills a certain role identifying even more symptoms." It is, he agreed, a grass roots movement - "but partly funded by venture capitalists and pharmaceutical companies". I would argue that funding has only come in because the grass roots movement has become big enough to be of interest to them.

"Solutions come with costs," Morozov said. Doesn't magic always?

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Stories about the border wars between cyberspace and real life are posted throughout the week at the net.wars Pinboard - or follow on Twitter.

I hadn't heard of Feist in 1993, when the late Personal Computer World assigned a piece about the Postcode Address File (PAF)) and the telephone directory database, but the principle that information taxpayers pay to collect should belong to the public was apparently thoroughly embedded. I was shocked to learn that in Britain these databases were not only copyrighted, to the Post Office and British Telecom respectively, but that people had to pay to use them.

Twenty years later, Ofcom has just concluded a consultation to discuss PAF's licensing arrangements. The gist of its recommendations: that the Royal Mail simplify its pricing, but that it continue to "recover its costs" through licensing. The Open Data User Group begs to differ. Its response to the consultation objects to the redaction of costing details and questions the figures; suggests alternatives to PAF itself; ; and argues that PAF should become an open dataset free at the point of use in the public interest. ODUG also objects to Ofcom's "business-as-usual" tone.

ODUG's chair, Heather Savory, told the Guardian a few months ago: "This is data which comes from publicly funded, publicly owned bodies. The Royal Mail is very opaque about the costs and profits of keeping PAF up to date, but we're pretty sure they could afford to make it free."

Other than when you receive postal mail, the most common way you encounter PAF is that you fill out a Web address form by typing a postcode and choosing from a picklist of valid addresses. In the mid-1980s, software companies began licensing it to provide that functionality for over-the-phone sellers and direct marketers; by 1993 they were beginning to link PAF to other databases to create new applications. Jean Lemon, then the value-added resellers manager for the Post Office, told me about 15 licensees were authorized to sell software based on PAF; Ofcom's report says there are now 250 licensed "solution providers" who embed PAF in products from those familiar ecommerce applications to customer relationship management systems.

It's clear no one foresaw the data's many potential uses. Spokespeople for GB Address, one of those 15 1993 companies, told me: "When we started we thought there'd be a good market among mail order companies, but it turns out there's a big market among any companies collecting addresses: charities, travel companies, insurance companies, hospitals."

By 1996, I returned to the subject when a resident of the US state of Oregon paid a modest media charge to buy a copy of the state's vehicle licensing database and put the whole thing online. Cue discussions of privacy, the value of public data, and so on. The feature I wrote about that incident for the Daily Telegraph (TEXT) included an inevitable comparison to the situation in the UK, where getting a single address out of the Driver and Vehicle Licensing Agency requires you to fill out a form justifying why you need it and pay a (small) fee. So one reason something like "couldn't happen here" is that you can't get the data. This is how we get silly situations like requirements to click on data licenses on local council Web sites

At that point, the Royal Mail was barely beginning to think about the Internet. Lemon, revisited, told me that costs were coming down and the adding PAF to Internet application back ends didn't seem particularly difficult. She even raised the question of whether to continue to recover costs by selling licenses or to make the database freely available. Now, 17 years and three-four, Internet generations later, Ofcom is still dubious. .

Ofcom notes that although the £27 million PAF brought the Royal Mail in revenues in 2011/2012 is only 0.4 percent of its overall revenues, it's more than the £23 million the Royal Mail's operating profit that year. (Although: so what? What matters is how significant the roughly £2 million over operating costs PAF earns is to the Royal Mail's overall viability.) If, it argues, the Royal Mail absorbs the cost of maintaining PAF, then either the cost of postage will have to rise or the Royal Mail will have to be less profitable. But as ODUG points out, creating instead an Open National Address Dataset would benefit everyone while vastly lowering the costs the Royal Mail is claiming. The case for retaining "cost recovery" only makes sense if you consider Royal Mail's business in isolation.

If, however, we look at the Royal Mail as an element of the larger national economic system and an essential piece of the national instruacture, then keeping the data closed is absurd. Ofcom estimates the value of PAF to the British economy at £1 billion - 40 times the revenue it brings the Royal Mail. How much greater would the value to all of us if it were free?

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Stories about the border wars between cyberspace and real life are posted throughout the week at the net.wars Pinboard - or follow on Twitter.

Aquarone is telling this story to this year's Digital Money Forum, now renamed the Tomorrow's Transactions Forum. "I have a passion for things with a small chance of success," he says. He produced the 2012 film Tortoise in Love, made by a village in Oxfordshire. Yes, "by", not "in". His current "thing" is the mobile payments app Droplet, launching on iPhones, and soon on Android, dreamed up over pints in a Birmingham. With no marketing, he says the system already has 1,500 users. The company is closing its first round of funding; a recent hire came from Visa Europe.

How it works: download app, add money using the conduit of your choice, and thereafter you can send anyone money for free. I like that the phone isn't storing account information, limiting the risk. It sounds like early Paypal pitches that that you could send money to anyone with an email address. The disruptive bit is that incoming payments to merchants are also free, unlike every other type of payment known so far. Mobile money - transmit a few numbers in a couple of seconds - ought indeed to be a whole lot cheaper than cash or credit cards. But free?

Apparently the pub cocktail napkin is Britain's Silicon Valley garage. Aquarone was instantly mobbed. I heard "£2 million".

In 2013 doesn't everyone have a mobile payment scheme in their back pocket? There's the mobile wallet crowd - Google, Paypal, Square. Electronic bank transfers. The weird little underground economy of Amazon gift cards. Credit card companies and phone manufacturers bet heavily that contactless (NFC) is the Next Big Thing, but so far NFC's big winner is Transport for London. Cue Yandex's Jane Zavalishina, explaining that in her country, Russia, mobile wallets are being embraced, but, "NFC is the hard way to solve problems that don't exist." (Ouch.) Mobile should be the native home of purely digital currencies - Bitcoin, e-gold, but who accepts them? You'd have better luck with stuff we barely think of as currency: loyalty points. LoyLogic's Dominic Hofer calls frequent flyer miles "the biggest currency in the world": all the miles in all the programs add up to more than US dollars.

For small transactions, all these things are way too expensive or limited; micropayments are still a mirage. So everyone is scrambling; legacy players know they must reinvent themselves. Like the Royal Canadian Mint and Mintchip: "Our goal is to deliver a cash-like product that costs less to transact than other electronic payment solutions," explains Mint CFO Mark Brule. Essentially, the Mint mints the chips just as it would money; once embedded in devices they move money from one to another by sending date, time, and amount - "instantaneous, non-revocable, simple". A challenge last year created example apps. The Mint's survival as a business that makes money from making money - and even pays taxes - is at stake. As it, and at least some other legacy players understand, the economics and incentives are changing. The percentage charged to merchants in credit card fees, for example, was probably a better deal at the beginning, when they were competing with paper cheques and cash and the fees bought lowered risk and less hassle. But now? If they sue you when you report a problem? If the alternative is a secure, instantaneous transfer of a few electronic digits? And free?

At this point, the suspicious person asks: are we talking free as in speech, free as in beer, or free as in puppies?

A few hours earlier, Zavalishina had said (while expressing skepticism that banks and payment companies could ever muster *enough* data for it to be called "big"), "The only value is in big data". Speed-reading through Aquarone's slides behind his head, there it was, "data analytics". Free puppy!

What data are they going to analyze? Aquarone says that the system will give anonymized data to merchants, only with users' consent. Quizzed, he knows that "anonymized" is more or less impossible; what he means is that within their system your "know your customer" identity information is permanently separated from your behavioral profile, which users must opt in to make available to merchants. For him, the heart is the merchant-customer relationship; Droplet's next stage is a loyalty platform on which to build transactions from which the company can take a small cut.

And this is where the story gets so, so familiar. If Aquarone is right, what we'll see is the Web's business model - basic services free at point of use and advertising-supported, charges for value-added services - moving into payment structures. Aquarone and, if he is successful, his imitators will leverage the thousands of people working to improve the existing Web infrastructure. There will be a pitched battle over business models and key players.

"Once you wean people off legacy systems, all sorts of things become possible."

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Stories about the border wars between cyberspace and real life are posted sporadically at the net.wars Pinboard - or follow on Twitter.

I thought about these arguments several times last week during Eva Pascoe's Cybersalon, which asked, "has social media lived up to its original libertarian and communitarian promise of the Net?"

Eva Pascoe! Few under-30s happily asking Google to find the answers to pub quizzes on their phones will have any idea who she is, but in 1994 she opened London's first Internet café, Cyberia, in Whitfield Street. It was quickly followed by many more, and for a time in the late 1990s you could hardly walk ten yards in central London without passing a huge, computer-filled space (often owned by Selios Haji-Ioannou's EasyGroup) where £1 got you online long enough to check your email.

The idea of a café you had to go to in order to get online perfectly encapsulates why cyberspace *felt* like a different place. Now that you can casually dip your brain into the stream-of-online-consciousness any time, we've lost how different it felt when you had to dial up and wait while computers booted, modems mated, and pages loaded; in 1990 you could read each letter as it appeared on your screen. And every day a new technology or site to investigate, watching the Net being built. Eventually, of course, the need for cybercafés died off, killed by widespread computer ownership, free wifi, and mobile phones. I can remember when Cyberia opened, I have no idea when it closed.

As I said last week, the key element in making cyberspace feel like a separate place was that hardly anyone you knew was online. Today, you join Facebook to join your real-world friends and family. Twenty years ago, you went online and made friends with strangers, though many of them already knew each other. People described themselves as WELLperns, CIXen, and even Netizens and wrote books about virtual communities. Who today considers using Google an important part of their identity?

For many, what defined the Internet as a different "place" was the lack of what the ACLU's Jay Stanley calls "reverberations" in their daily lives - their "real" lives. Your boss didn't know about your evenings on the Usenet newsgroup alt.tasteless plotting the invasion of rec.pets.cats, and those cat-loving targets didn't know where you worked (though they might know where you went to school). Stanley argues that it's these reverberations that are really at the heart of many privacy debates. Certainly, the Net's increasing commercialization set off a series of shocks as material they people thought was ephemeral when they posted it resurfaced in newly public archives. Usenet was a prime example: in the late 1980s people knew their postings would expire after a couple of weeks; in 1995 those same people were stunned when Deja News revived them on the Web, and angry when the Google bought it. Today, Google's historical "Groups" archive is thought to be near-complete, minus some postings people have asked to be deleted.

It was predictable even in 1997, when I was writing net.wars-the-book that online and offline would gradually become less distinct from one another. Over time, our online relationships spilled offline and our offline contacts moved online. Government regulators argued that what was illegal offline should be illegal online (child porn, defamation, hate speech, copyright infringement); digital rights activists argued back that what was legal offline should be legal online (loaning friends copies of media, free association, freedom of expression). Nonetheless, smaller online social groupings - the WELL, some Web boards, IRC channels, anywhere that the same people persistently visit day after day rather than comment-and-run - still have a sense of community and place. In this sense, it was right to think in 1997 that the future of the Internet was to be many Nets.

The convergence between offline and online has accelerated rapidly since. Is it meaningful to say that the group you meet in the pub every Friday night is offline when each of you carries a mobile phone, pays by credit card, and geolocates your tweets? Soon, lampposts will have sensors, even human-driven cars will network traffic data, and any public encounter is likely to be recorded from all angles, while home-based 3D printing based on transmitted designs promises to complete the digital invasion of physical space. No wonder the US's data-driven companies are lobbying so hard to derail the EU's data protection review.

Some people definitely took "cyberspace" too seriously, but it's not a dumb concept; as a metaphor it conveyed something about the strangeness of change when pundits said in the early 1990s that "cyberspace is where your money is". Today it's where your personal data of all types lives. Tomorrow, it will be where the backup copy of your home lives. Don't blame the word for how it's been misused.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Stories about the border wars between cyberspace and real life are posted throughout the week at the net.wars Pinboard - or follow on Twitter.

The basics: last July, the Justice Committee reported the results of its post-legislative scrutiny of the act: its report; oral and written evidence; and additional written evidence. In November, the government published its response (PDF). The Information Commissioner, which oversees the Act and handles complaints, was cautiously optimistic. More worried about the potential for weakening the Act is the Campaign for Freedom of Information, which was founded in 1984. Last week, CFOI held a briefing to outline its analysis (PDF) and concerns.

It is, I suppose, inevitable that any time a country passes a new freedom of information act the authorities who are now required to answer the public's requests for information get grumpy. Who are these people demanding information, and why won't they leave us alone to get on with governing them in peace? And why are there so many of them? Reading through some of the written submissions is a Yes, Minister moment: unlike most government policies, the more successful this one is the more people complain about it.

From the start, politicians seem to have worried that government authorities would be plagued by the information request equivalent of a denial-of-service attack: obsessive individuals buying ink by the barrelful seeking to satisfy some private, unworthy agenda. They call these "vexatious" requests, which seems a hilariously poor choice of language: how many of the various authorities Brooke pestered for information to which she was reasonably entitled regarded her as "vexatious"? While it's a small point, I'd like to see this changed to "abusive", to make it clear that the pejorative applies to the requests and not the requester.

The people answering the requests are not always good judges. In the evidence, several institutions of higher education complain that journalists send "round-robin" requests to a dozen or two universities but use only the three or four responses to illustrate their stories. This is actually good news: instead of picking three in advance and calling them a trend, these journalists are responsibly surveying the landscape to get an accurate view. FOI is not PR; you don't judge the success of your efforts by whether you get a nice write-up.

CFOI is concerned about the suggestions for reducing the (vexatious) burden on public authorities by either adding cost for requesters or reducing the time and resources authorities must allocate to answering. One recurring idea is to introduce a charge for making FOI requests - perhaps the £10 charged for subject access requests under data protection law. Alternatively, authorities may to reject requests that cost more than £600 (at a standard rate of £25 an hour) to answer, not including time for consideration or necessary redaction. So lower the cost limit, raise the rate per hour, or include consideration and redaction. Other proposals CFOI's director, Maurice Frankel, listed are charging fees for tribunal appeals or aggregating all of an individual or organization's requests to a single authority, related or not, and blocking further requests for a set period.

Frankel is hoping none of these happen. Aggregating unrelated requests from a single individual or organization would most hurt local press. Bloggers and journalists already call tribunals intimidating and user-unfriendly; Frankel notes that charging only about 25 percent of appeals are struck out, so charging fees would likely deter many valid appeals.

I also think it's not valid to compare subject access requests with FOI requests. Subject access requests are more straightforward, based on your individual relationship with a particular organization, and you are the beneficiary. FOI requests are more complicated, often requiring follow-ups and more research; the information they're designed to elicit has been gathered at taxpayer expense; and the beneficiary is the public interest.

It remains to ask how significant a problem abusive requests are; they should not be an excuse to penalize an entire population. In its response to the task force grappling with the same problem in Canada, the Information Commissioner of Canada commented (PDF) that the evidence for the "abusive" claim was anecdotal and poorly identified and that even the government's task force agreed that most requesters were responsible. It estimated the cost across Canada at $1 per capita and falling, and called solutions similar to those above a hammer to kill a fly (thanks to Tamir Israel for the link).

It's hard to be too sympathetic to public bodies wanting FOI cut back; the power of secrecy has been theirs for too long. Over time, the waste of resources they're fretting about should diminish as their culture changes, systems are reconfigured to speed common requests and open data by default. Proactive disclosure will go a long way toward reducing the burden. More important is ensuring that private companies fulfilling public contracts don't escape.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Stories about the border wars between cyberspace and real life are posted throughout the week at the net.wars Pinboard - or follow on Twitter.

I think I understand it, though: there is a state of mind you get into when you have been battered relentlessly with unerring but false logic: if this, then this, then this other thing, then the next thing, and you see...you must admit this, and that means you were wrong all along. The floor slides away from you the way it does in the description Mrs Morton gave Berton Roueche of her bouts of labyrinthitis, a disease of the inner ear, and if you are not left alone the only way you can reassert the world as you know it is to bellow out the facts as you know them.

When you read the BBC Panorama journalist John Sweeney's new book about his time investigating Scientology for two Panorama episodes, one in 2007 and the other in 2010, The Church of Fear, you get the sense that this was his state of mind when he turned into - his term - the exploding tomato. This becomes clearer when you're shown the steps that led him there. Sweeney has apologized for his loss of control many times. Last night, speaking in East Grinstead, the town where Scientology has its UK headquarters, he gave us a small re-enactment. Up close, that was LOUD.

In an interview yesterday with The Register, Sweeney references a line I had forgotten, said to me in 1994 by former Scientologist Robert Vaughan Young to explain why he was glad he did not have to face the Internet during his time as a national spokesman for the Church of Scientology: "It's going to be to Scientology what Vietnam was to the US."

Eighteen years later, it seems clear he was right.

On Sweeney's 2010 Panorama, The Secrets of Scientology, the actor Larry Anderson, explains that his 33 years in Scientology began to end when he decided to break with CoS policy to go online and see what critics said about it. What he found was the secret documents at the heart of the conflict described in my 1995 Wired piece, whose reverberations set the framework for the copyright-related notice and takedown rules still in effect today. These "OT III" materials outline the beliefs you only learn hundreds of thousands of dollars into the practice of Scientology: the story of Xenu.

The OT III - for Operating Thetan, level III - documents escaped total Scientology control when they became an exhibit in Lawrence Wollersheim's 1980 suit against the CoS for damages after leaving the organization. Then came the Internet, which for the first time allowed former and disaffected Scientologists to find each other and share their stories. In 1994, the "Operating Thetan" documents made their appearance on the Usenet newsgroup alt.religion.scientology. When their publication brought legal and law enforcement attacks, copies spread more and more widely. The CoS was about as successful in keeping them offline as the RIAA and MPAA: today, they're not only on Usenet and the Web but readily accessible on your favorite torrent site, and there are summaries on Wikipedia, About.com, and, well, everywhere.

In 1994, a former Scientologist called the CoS "bait and switch", arguing that if people realized they were joining a belief system involving billion-year-old space aliens they would never sign up. This was why the alt.religion.scientology dissidents were so intent on getting the "secret scriptures" out in public: break the CoS's rigid control over that information and you break an important element of the recruiting mechanism. In the 1970s, a campus recruiter could invite students to an introductory meeting confident that they would know very little about the organization. Today's students have found Scientology's history, controversies, and belief system on their phones before he's finished his opening sentence. If China can't entirely insulate its population from the Internet, what chance does Scientology have?

They can still try, and some will let them. In the video clip linked above, Sweeney says the CoS told him it discourages members from accessing outside media because they are "merchants of chaos". In his book, he quotes from celebrity interviews given him for his 2007 Panorama, Scientology and Me that he was not allowed to broadcast. (Later, the CoS included excerpts from those same interviews in its crossfire documentary, Panorama Exposed, enabling the BBC to use those bits in 2010.) In Sweeney's account of these interviews, Kirstie Alley describes herself as "a little bit stupid on the Internet" and says she doesn't use it; Leah Remini says, "I don't go on the Internet".

By this time, Scientology's innermost beliefs are probably better understood and better known by those *outside* the group than those inside it. Because: until you have reached (at considerable expense) the OT III stage of studying Scientology, the core of Scientology beliefs is not disclosed to you. The reason, Hubbard wrote in 1967, is that exposure to these powerful secrets without proper preparation will send you insane, then kill you. The blank stares of Scientologists you ask about Xenu may simply mean they really don't know yet.

"We'll just run the SPs [Suppressive Persons] right off the system. It will be quite simple," Elaine Siegel, then a member of the Office of Special Affairs International, wrote to Scientologists online in 1994. Famous last words.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series

Is cash friction? That's less clear. There are plenty of people - in the UK, most notably Consult Hyperion's Dave Birch - who will tell you that it is. The British Rail Consortium's policy lead, Richard Braham, on the other hand, pointed out that last year 58 percent of transactions were in cash. "We're more likely heading to the cardless society than the cashless society," he said.

That makes intuitive sense to me: for a quick getaway for small purchases it's hard to beat plunking down exact change. But just as the speed and lower risk of credit cards have abolished paper checks/cheques from in-person transactions, I can see where for many people the speed and convenience of tapping a mobile phone on a reader would kill off the business of carrying plastic credit cards.

We're a long way from there yet, however, and it's as sensible trying to predict the eventual outcome as it is to try to predict which media formats will die. In fact, if the history of media is any guide, most of today's forms of payments will survive in some shape, depending on their cultural context. For most Westerners, with our bank accounts and financial services, digital payments are a luxury, in Kenya they fill such an enormous market gap that M-Pesa has been a huge success and is changing the landscape.

Some support for Braham's position came from Matthew Hudson, the head of business development, fares and ticketing for Transport for London. When it launched Oyster cards in 2003, TfL had no idea it would become the largest contactless card issuer in the UK: 52 million cards issued to date. Oyster is just one step in a series intended to reduce costs. Ticketing started in the 1850s to eliminate the "massive" amounts of fraud involved in accepting cash directly. Recently, London buses began accepting payment via Barclaycard's contactless Wave. By November, anyone with a contactless payment card, native or foreign, will be able to use it throughout TfL's system; eventually, the system will effectively be back to directly accepting cash - albeit digital cash. What's likely ending is the Ticket Era. But Hudson is, he said bluntly, not remotely interested in mobile phone payments as long as consumers have no idea whom to call when the system fails (although he loves the Barclaycard plastic pay tag you can glue to the back of your phone). "Interoperability means nothing to consumers," he said.

It takes a large-scale operation to appreciate that point: uncertainty and confusion about who is responsible for which failures - do you call the mobile phone manufacturer, the mobile network operator, the handset manufacturer, the operating system vendor, the app publisher, or the company you're buying from? - are the app killers. Especially given today's situation with security; earlier in the week, Trustwave launched its 2013 report, which showed that the average length of time from intrusion to containment is 210 days. In 76 percent of the cases Trustwave investigated, organizations did not know they'd been hacked until an outsider told them - regulators, law enforcement, the public. Mobile phones are already targets for malware; so much more so when they are digital wallets.

Hudson's comments make it clear how fast players and methods are proliferating. It's what you expect from an immature industry: an explosion of experiments and options in which unexpected players emerge, usually followed by a shakeout leaving behind a relatively few large, successful winners. Both the UK and the EU are thinking about this progression. In early February, the UK's Chancellor of the Exchequer, George Osborne, talked about opening up payment systems. Last year, the an EU green paper on card, Internet, and mobile payments studied how to remove obstacles and provide effective governance for the new era. The framework for electronic money was created some years back.

Yet things are getting stranger than they may realize. What's a currency? We usually think of the government-backed, state-sponsored variety as the hard stuff. Yet Hudson sees Oyster cards as a "currency" people convert Sterling into. Frequent flyer miles and loyalty points are also obvious currencies, even if what you can buy with them is limited. But what about Amazon gift certificates? On his blog, Birch tells the story of his brief study of payment systems in use among online sex workers. Few take Paypal, which allows chargebacks and freezes accounts unpredictably if it suspects illegal activities. Most customers eschew credit cards as too tightly coupled to their real-world identities. But Amazon gift certificates: set up a new account with a different email address, charge to real credit card. Birch argues it provides a sufficient level of pseudonymity while still giving both sides the ability to trace the other in case of fraud. And it's a whole lot simpler than Bitcoin. In digital payments, complexity is friction.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

The gist is straightforward enough: when you pass a law mandating the installation of back doors in communications equipment you create, of necessity, a hole. To you, that may be legal access for interception (wiretapping); to the rest of us it's a security vulnerability that can be exploited by criminals and trolls every bit as effectively as one of those unpatched zero-day bugs that keep getting in the news. Like yesterday's announcement that the Federal Reserve's systems had been hacked. So instead of creating new holes, why not simply develop the expertise and tools to exploit the ones that already exist and seem to be an endemic part of creating complex software?

Yeah, no, they're not joking. April isn't for some time yet.

A little more background. In 1994, the US passed the Communications Assistance for Law Enforcement Act (CALEA). It was promptly followed by legislation mandating lawful interception in Europe, Canada, and others. Since then, law enforcement in those countries has persistently tried to expand the range of services requires to install such equipment. In the UK, the current government proposes the Communications Capabilities Development Programme (CCDP), which would install deep packet inspection (DPI) boxes on ISPs' networks so that all communications can be surveilled.

There are many, many problems with this approach. One is cost; fellow Open Rights Group advisory council member Alec Muffett has done a wonderful job of pointing that out for CCFP in particular. If, he writes, you require a whole lot of small and medium-sized companies to install a proprietary piece of hardware/software that perforce must be frequently updated, you have just given the vendors of these items "a license to print money".

The bigger problem, however, as Landau wrote in 2005 (PDF), is security. A hole is a hole; when a burglar who finds an unlocked door isn't deterred by its having been intended solely for the use of the homeowner. The Internet is different, she argues, and the insecurities you create when you try to apply CALEA to modern telephony - digital, carried over the Internet as one among many flows of data packets rather than over a dedicated direct circuit connection - have far-reaching implications that include serious damage to national security.

Nothing since has invalidated that argument. If you'd like some technical details, here's Cisco describing how it works: as you'll see, the interception element creates two streams, sending one on unaltered and sending the other to the monitoring address. Privacy International's Eric King has exposed the international trade in legally mandated surveillance technologies. Finally, as Blaze, Landau, Clark, and Bellovin write here, recent years have turned up hard evidence that lawful intercept back doors have been exploited. The most famous case is the 2004 pre-Olympic incident in which more than 100 Greek government officials and other dignitaries had their cellphones tapped via software installed on the Vodafone Greece network. So their argument that this approach is dangerous is, I think, well-founded.

The FBI, like other law enforcement services, is complaining that its ability to intercept communications is "going dark". There are many possible responses to that, and many people, including these authors, have made them. Even if they can no longer intercept phone calls with a simple nudge to a guy in a control room at AT&T/BT, they have much, much more data accessible to them from all sorts of source; surveillance has become endemic. And the decades of such complaints make it easy to be jaded about this: it was, 20 years ago, the government's argument why the use of strong cryptography had to be restricted. We know how that turned out: the need to enable electronic commerce won that particular day, and somehow civilization surived.

But if we accept that there is a genuine need for *some* amount of legal wiretapping as a legitimate investigative tool, then what? Hence this paper's suggestion that a less-worse alternative is to encourage the FBI and others to exploit the vulnerabilities that already exist in modern computer systems. Learn, in other words, to hack. Yes, over time those vulnerabilities will get closed up, but there will inevitably be new ones. Like cybercriminals, law enforcement will have to be adept at adapting to changing technology.

The authors admit there are many details to be worked out with respect to policy, limitations, and so on. It seems to me inevitable - because of the way incentives work on humans - that if we pursue this path there will come a point where law enforcement or the security services quietly pressure manufacturers not to fix certain bugs because they've become too useful. And then you start wondering: in this scenario do people like UCL's Brad Karp, whose mission is to design systems with smaller attack surfaces, become enemies of the state?

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of the earlier columns in this series