Main

November 23, 2012

Democracy theater

So Facebook is the latest to discover that it's hard to come up with a governance structure online that functions in any meaningful way. This week, the company announced plans to disband the system of voting on privacy changes that it put in place in 2009. To be honest, I'm surprised it took this long.

Techcrunch explains the official reasons. First, with 1 billion users, it's now too easy to hit the threshold of 7,000 comments that triggers a vote on proposed changes. Second, with 1 billion users, amassing the 30 percent of the user base necessary to make the vote count has become...pretty much impossible. (Look, if you hate Facebook's policy changes, it's easier to simply stop using the system. Voting requires engagement.) The company also complained that the system as designed encourages comments' "quantity over quality". Really, it would be hard to come up with an online system that didn't unless it was so hard to use that no one would bother anyway.

The fundamental problem for any kind of online governance is that no one except some lawyers thinks governmance is fun. (For an example of tedious meetings producing embarrassing results, see this week's General Synod.) Even online, where no one can tell you're a dog watching the Outdoor Channel while typing screeds of debate, it takes strong motivation to stay engaged. That in turn means that ultimately the people who participate, once the novelty has worn off, are either paid, obsessed, or awash in free time.

The people who are paid - either because they work for the company running the service or because they work for governments or NGOs whose job it is to protect consumers or enforce the law - can and do talk directly to each other. They already know each other, and they don't need fancy online governmental structures to make themselves heard.

The obsessed can be divided into two categories: people with a cause and troublemakers - trolls. Trolls can be incredibly disruptive, but they do eventually get bored and go away, IF you can get everyone else to starve them of the oxygen of attention by just ignoring them.

That leaves two groups: those with time (and patience) and those with a cause. Both tend to fall into the category Mark Twain neatly summed up in: "Never argue with a man who buys his ink by the barrelful." Don't get me wrong: I'm not knocking either group. The cause may be good and righteous and deserving of having enormous amounts of time spent on it. The people with time on their hands may be smart, experienced, and expert. Nonetheless, they will tend to drown out opposing views with sheer volume and relentlessness.

All of which is to say that I don't blame Facebook if it found the comments process tedious and time-consuming, and as much of a black hole for its resources as the help desk for a company with impenetrable password policies. Others are less tolerant of the decision. History, however, is on Facebook's side: democratic governance of online communities does not work.

Even without the generic problems of online communities which have been replicated mutatis mutandem since the first modem uploaded the first bit, Facebook was always going to face problems of scale if it kept growing. As several stories have pointed out, how do you get 300 million people to care enough to vote? As a strategy, it's understandable why the company set a minimum percentage: so a small but vocal minority could not hijack the process. But scale matters, and that's why every democracy of any size has representative government rather than direct voting, like Greek citizens in the Acropolis. (Pause to imagine the complexities of deciding how to divvy up Facebook into tribes: would the basic unit of membership be nation, family, or circle of friends, or should people be allocated into groups based on when they joined or perhaps their average posting rate?)

The 2009 decision to allow votes came a time when Facebook was under recurring and frequent pressure over a multitude of changes to its privacy policies, all going one way: toward greater openness. That was the year, in fact, that the system effectively turned itself inside out. EFF has a helpful timeline of the changes from 2005 to 2010. Putting the voting system in place was certainly good PR: it made the company look like it was serious about listening to its users. But, as the Europe vs Facebook site says, the choice was always constrained to old policy or new policy, not new policy, old policy, or an entirely different policy proposed by users.

Even without all that, the underlying issue is this: what company would want democratic governance to succeed? The fact is that, as Roger Clarke observed before Facebook even existed, social networks have only one business model: to monetize their users. The pressure to do that has only increased since Facebook's IPO, even though founder Mark Zuckerberg created a dual-class structure that means his decisions cannot be effectively challenged. A commercial company- especially a *public* commercial company - cannot be run as a democracy. It's as simple as that. No matter how much their engagement makes them feel they own the place, the users are never in charge of the asylum. Not even on the WELL.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series.

November 2, 2012

Survival instincts

The biggest divide in New York this week, in the wake of Hurricane Sandy has been, as a friend pointed out, between the people who had to worry about getting to work and the people who didn't. Reuters summed this up pretty well. Slightly differently, The Atlantic had it as three New Yorks: one underwater, one dark and dry, and one close to normal. The stories I've read since by people living in "dark and dry" emerging into the light at around 40th street bear out just how profound the difference is between the powerless and the empowered - in the electrical sense.

This is not strictly speaking about rich and poor (although the Reuters piece linked above makes the point that the city is more economically divided than it has been in some time); the Lower Manhattan area known as Tribeca, for example, is home to plenty of wealthy people - and was flooded. Instead, my friend's more profound divide is about whether you do the kind of work that requires physical presence. Freelance writers, highly paid software engineers, financial services personnel, and a load of other people can work remotely. If your main office is a magazine or a large high-technology company like, say, Google, whose New York building is at 15th and 8th, as long as you have failover systems in place so that your network and data centers keep operating, your staff can work from wherever they can find power and Internet access. Even small companies and start-ups can keep going if their systems are built on or can failover to the right technology.

One of my favorite New York retailers, J&R (they sell everything from music to computers from a series of stores in lower Manhattan, not far from last year's Occupy Wall Street site), perfectly demonstrated this digital divide. The Web site noted yesterday (Thursday) that its shops, located in "dark and dry", are all closed, but the Web site is taking orders as normal.

Plumbers, doormen, shop owners, restaurateurs, and fire fighters, on the other hand, have to be physically present - and they are vital in keeping the other group functioning. So in one sense the Internet has made cities much more resilient, and in another it hasn't made a damn bit of difference.

The Internet was still very young when people began worrying about the potential for a "digital divide". Concerns surfaced early about the prospects for digital exclusion of vulnerable groups such as the elderly and, the cognitively impaired, as well as those in rural areas poorly served by the telecommunications infrastructure and the poor. And these are the groups that, in the UK, efforts at digital engagement are intended to help.

Yet the more significant difference may be not who *is* online - after all, why should anyone be forced online who doesn't want to go? - but who can *work* online. Like traveling with only carry-on luggage, it makes for a more flexible life that can be altered to suit conditions. If your physical presence is not required, today you avoided long lines and fights at gas stations, traffic jams approaching the bridges and tunnels, waits for buses, and long trudges from the last open subway station to your actual destination.

This is not the place to argue about climate change. A single storm is one data point in a pattern that is measured in timespans longer than those of individual human lives.

Nonetheless, it's interesting to note that this storm may be the catalyst the the US needed to stop dragging its feet. As Business Week indicates , the status quo is bad for business, and the people making this point are the insurance companies, not scientists who can be accused of supporting the consensus in the interests of retaining their grant money (something that's been said to me recently by people who normally view a scientific consensus as worth taking seriously).

There was a brief flurry of argument this week on Dave Farber's list about whether the Internet was designed to survive a bomb outage or not. I thought this had been made clear by contemporary historians long ago: that while the immediate impetus was to make it easy for people to share files and information, DARPA's goal was very much also to build resilient networks. And, given that New York City is a telecommunications hub it's clear we've done pretty well with this idea, especially after the events of September 11, 2001 forced network operators to rethink their plans for coping with emergencies.

It seems clear that the next stage will be to do better at coming up with better strategies for making cities more resilient. Ultimately, the cause of climate change doesn't matter: if there are more and more "freak" weather patterns resulting on more and more extreme storms and natural disasters, then it's only common sense to try to plan for them: disaster recovery for municipalities rather than businesses. The world's reinsurance companies - the companies that eventually bear the brunt of the costs - are going to insist on it.


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series.


April 13, 2012

The people perimeter

People with jobs are used to a sharp division between their working lives and their private lives. Even in these times, when everyone carries a mobile phone and may be on call at any moment, they still tend to believe that what they say to their friends is no concern of their employer's. (Freelances tend not to have these divisions; to a much larger extent we have always been "in public" most of the time.)

These divisions were always less in small towns, where teachers or clergy had little latitude, and where even less-folk would be well advised to leave town before doing anything they wouldn't want discussed in detail. Then came social media, which turns everywhere into a small town and where even if you behave impeccably details about you and your employer may be exposed without your knowledge.

That's all a roundabout way of leading to yesterday's London Tea camp, where the subject of discussion was developing guidelines for social media use by civil servants.

Civil servants! The supposedly faceless functionaries who, certainly at the senior levels, are probably still primarily understood by most people through the fictional constructs of TV shows like Yes, Minister and The Thick of It. All of the 50 or 60 people from across government who attended yesterday have Twitter IDs; they're on Facebook and Foursquare, and probably a few dozen other things that would horrify Sir Humphrey. And that's as it should be: the people administering the nation's benefits, transport, education, and health absolutely should live like the people they're trying to serve. That's how you get services that work for us rather than against us.

The problem with social media is the same as their benefit: they're public in a new and different way. Even if you never identify your employer, Foursquare or the geotagging on Twitter or Facebook checks you in at a postcode that's indelibly identified with the very large government building where your department is the sole occupant. Or a passerby photographs you in front of it and Facebook helpfully tags your photograph with your real name, which then pops up in outside searches. Or you say something to someone you know who tells someone else who posts it online for yet another person to identify and finally the whole thing comes back and bites you in the ass. Even if your Tweets are clearly personal, and even if your page says, "These are just my personal opinions and do not reflect those of my employer", the fact of where you can be deduced to work risks turning anything connected to you into something a - let's call it - excitable journalist can make into a scandal. Context is king.

What's new about this is the uncontrollable exposure of this context. Any Old Net Curmudgeon will tell you that the simple fact of people being caught online doing things their employers don't like goes back to the dawn of online services. Even now I'm sure someone dedicated could find appalling behavior in the Usenet archives by someone who is, 25 years on, a highly respected member of society. But Usenet was a minority pastime; Facebook, Twitter et al are mainstream.

Lots has been written by and about employers in this situation: they may suffer reputational damage, legal liability, or a breach that endangers their commercial secrets. Not enough has been written about individuals struggling to cope with sudden, unwanted exposure. Don't we have the right to private lives? someone asked yesterday. What they are experiencing is the same loss of border control that security engineers are trying to cope with. They call it "deperimeterization", because security used to mean securing the perimeter of your network and now security means coping with its loss. Adding wireless, remote access for workers at home, personal devices such as mobile phones, and links to supplier and partner networks have all blown holes in it.

There is no clear perimeter any more for networks - or individuals, either. Trying to secure one by dictating behavior, whether by education, leadership by example, or written guidelines, is inevitably doomed. There is, however, a very valid reason to have these things: to create a general understanding between employer and employee. It should be clear to all sides what you can and cannot get fired for.

In 2003, Danny O'Brien nailed a lot of this when he wrote about the loss of what he called the "private-intermediate sphere". In that vanishing country, things were private without being secret. You could have a conversation in a pub with strangers walking by and be confident that it would reach only the audience present at the time and that it would not unexpectedly be replayed or published later (see also Don Harmon and Chevy Chase's voicemail). Instead, he wrote, the Net is binary: secret or public, no middle ground.

What's at stake here is really not private life, but *social* life. It's the addition of the online component to our social lives that has torn holes in our personal perimeters.

"We'll learn a kind of tolerance for the private conversation that is not aimed at us, and that overreacting to that tone will be a sign of social naivete," O'Brien predicted. Maybe. For now, hard cases make bad law (and not much better guidelines) *First* cases are almost always hard cases.


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.


February 17, 2012

Foul play

You could have been excused for thinking you'd woken up in a foreign country on Wednesday, when the news broke about a new and deliberately terrifying notice replacing the front page of a previously little-known music site, RnBXclusive.

ZDNet has a nice screenshot of it; it's gone from the RnBXclusive site now, replaced by a more modest advisory.

It will be a while before the whole story is pieced together - and tested in court - but the gist so far seems to be that the takedown of this particular music site was under the fraud laws rather than the copyright laws. As far as I'm aware - and I don't say this often - this is the first time in the history of the Net that the owner of a music site has been arrested on suspicion of conspiracy to defraud (instead of copyright infringement ). It seems to me this is a marked escalation of the copyright wars.

Bearing in mind that at this stage these are only allegations, it's still possible to do some thinking about the principles involved.

The site is accused of making available, without the permission of the artists or recording companies, pre-release versions of new music. I have argued for years that file-sharing is not the economic enemy of the music industry and that the proper answer to it is legal, fast, reliable download services. (And there is increasing evidence bearing this out.) But material that has not yet been officially released is a different matter.

The notion that artists and creators should control the first publication of new material is a long-held principle and intuitively correct (unlike much else in copyright law). This was the stated purpose of copyright: to grant artists and creators a period of exclusivity in which to exploit their ideas. Absolutely fundamental to that is time in which to complete those ideas and shape them into their final form. So if the site was in fact distributing unreleased music as claimed, especially if, as is also alleged, the site's copies of that music were acquired by illegally hacking into servers, no one is going to defend either the site or its owner.

That said, I still think artists are missing a good bet here. The kind of rabid fan who can't wait for the official release of new music is exactly the kind of rabid fan who would be interested in subscribing to a feed from the studio while that music is being recorded. They would also, as a friend commented a few years ago, be willing to subscribe to a live feed from the musicians' rehearsal studio. Imagine, for example, being able to listen to great guitarists practice. How do they learn to play with such confidence and authority? What do they find hard? How long does it take to work out and learn something like Dave van Ronk's rendition, on guitar, of Scott Joplin rags with the original piano scoring intact?

I know why this doesn't happen: an artist learning a piece is like a dog with a wound (or maybe a bone): you want to go off in a forest by yourself until it's fixed. (Plus, it drives everyone around you mad.) The whole point of practicing is that it isn't performance. But musicians aren't magicians, and I find it hard to believe that showing the nuts and bolts of how the trick of playing music is worked would ruin the effect. For other types of artists - well, writers with works in progress really don't do much worth watching, but sculptors and painters surely do, as do dance troupes and theatrical companies.

However, none of that excuses the site if the allegations are true: artists and creators control the first release.

But also clearly wrong was the notice SOCA placed on the site, which displayed visitors' IP address, warned that downloading music from the site was a crime bearing a maximum penaltde y of up to ten years in prison, and claimed that SOCA has the capacity to monitor and investigate you with no mention of due process or court orders. Copyright infringement is a civil offense, not a criminal one; fraud is a criminal offense, but it's hard to see how the claim that downloading music is part of a conspiracy to commit fraud could be made to stick. (A day later, SOCA replaced the notice.) Someone browsing to The Pirate Bay and clicking on a magnet link is not conspiring to steal TV shows any more than someone buying a plane ticket is conspiring to destroy the ozone layer. That millions of people do both things is a contributing factor to the existence of the site and the airline, but if you accuse millions of people the term "organized crime" loses all meaning.

This was a bad, bad blunder on the part of authorities wishing to eliminate file-sharing. Today's unworkable laws against file-sharing are bringing the law into contempt already. Trying to scare people by misrepresenting what the law actually says at the behest of a single industry simply exacerbates the effect. First they're scared, then they're mad, and then they ignore you. Not a winning strategy - for anyone.


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.


February 10, 2012

Media cop

The behavior of The Times in the 2009 NightJack case, in which the paper outed an anonymous policeman blogging about his job, was always baffling since one of the key freedoms of the press is protecting sources. On occasion, journalists have gone to jail rather than give up a source's name, although it happens rarely enough that when it does, as in the Judith Miller case linked above, Hollywood makes movies about it. The principle at work here, writes NPR reporter David Folkenflik, who covered that case, is that, "You have to protect all of your sources if you want any of them to speak to you again."

Briefly, the background. In 2009, the first winner of the prestigious Orwell Prize for political blogging was a unidentified policeman. Blogging under the soubriquet of "NightJack", the blogger declined all interviews (I am not a media cop, he wrote ), sent a friend to deliver his acceptance speech, and had his prize money sent directly to charity. Shortly afterwards, he took The Times to court to prevent it from publishing his real-life identity. Controversially, Justice David Eady ruled for The Times on the basis that NightJack had no expectation of privacy - and freedom of expression was important. Ironic, since the upshot was to stifle NightJack's speech: his real-life alter ego, Richard Horton, was speedily reprimanded by his supervisor and the blog was deleted.

This is the case that has been reinvestigated this week by the Leveson inquiry into media phone hacking in the media. Justice Eady's decision seems to have rested on two prongs: first, that the Times had identified Horton from public sources, and second, that publication was in the public interest because Horton's blog posts disclosed confidential details about his police work. It seems clear from Times editor James Harding's testimony (PDF) that the first of these prongs was bent. The second seems to have been also: David Allen Green, who has followed this case closely, is arguing over at New Statesman (see the comments) that The Times's court testimony is the only source of the allegations that Horton's blog posts gave enough information that the real people in the cases he talked about could be identified. (In fact, I'd expect the cases are much more identifiable *after* his Times identification than before it.)

So Justice Eady's decision was not animated by research into the difficulty of real online anonymity. Instead, he was badly misled by incomplete, false evidence. Small wonder that Horton is suing.

One of the tools journalists use to get sources to disclose information they don't want tracked back to them is the concept of off-the-record background. When you are being briefed "on background", the rule is that you can't use what you're told unless you can find other sources to tell you the same thing on the record for publication. This is entirely logical because once you know what you're looking for you have a better chance of finding it. You now know where to start looking and what questions to ask.

But there should be every difference in an editor's mind between information willingly supplied under a promise not to publish and information obtained illegally. We can argue about whether NightJack's belief that he could remain anonymous was well-founded and whether he, like many people, did a poor job at securing his email account, but few would think he should have been outed as the result of a crime.

Once Foster knew Horton's name he couldn't un-know it - and, as noted, it's a lot easier to find evidence backing up things you already know. What should have happened is that Foster's managers should have barred him from pursuing or talking about the story. The paper should then either have dropped it or, if the editors really thought it sufficiently importance, assigned a different, uncontaminated reporter to start over with no prior knowledge and try to find the name from legal sources. Sounds too much like hard work? Yes. That this did not happen says a lot about the newsroom's culture: a focus on cheap, easy, quick, attention-getting stories acquired by whatever means. "I now see it was wrong" suggests that Harding and his editorial colleagues had lost all perspective.

Horton was, of course, not a source giving confidential information to one or more Times reporters. But it's so easy to imagine the Times - or any other newspaper - deciding to run a column written by "D.C. Plod" to give an intimate insight into how the police work. A newspaper running such a column would boast about it, especially if it won the Orwell Prize. And likely the only reason a rival paper would expose the columnist's real identity was if the columnist was a fraud.

Imagine Watergate if it had been investigated by this newsroom instead of that of the 1972 Washington Post. Instead of the President's malfeasance in seeking re-election, the story would be the identity of Deep Throat. Mark Felt would have gone to jail and Richard Milhous Nixon would have gone down in history as an honest man.


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.


February 3, 2012

Beyond the soup kitchen

"The whole idea of what a homeless service is, is a soup kitchen," one of the representatives for The Connection at St Martin-in-the-Fields said yesterday. But does it have to be?

It was in the middle of "Teacamp", a monthly series of meetings that sport the same mix of geeks, government, and do-gooders as the annual UK Govcamp we covered a couple of weeks back. Meetings like this seem to be going on all the time all over the place, trying to figure out ways to use technology to help people. Hardly anyone has any budget, yet that seems not to matter: the optimism is contagious. This week's Teacamp also featured Westminster in Touch, an effort to support local residents and charities; the organization runs a biannual IT Support Forum to brainstorm (the next is March 28).

I have to admit: when I first read about Martha Lane Fox's Digital Inclusion initiative my worst rebellious instincts were triggered: why should anyone be bullied online if they didn't want to go there? Maybe at least some of those 9 million people who have never used the Internet in Britain would like to be left in peace to read books and listen to - rather than use - the wireless.

But the "digital divide" predicted even in the earliest days of the Net is real: those 9 million are those in the most vulnerable sectors of society. According to research published on the RaceOnline site, the percentage of people who have never used the Net correlates closely with income. This isn't really much of a surprise, although you would expect to see a slight tick upwards again at the very top economic levels, where not so long ago people were too grand, too successful, and too set in their ways to feel the need to go online. But they have proxies: their assistants can answer their email and do their Web shopping.

When Internet access was tied to computers, the homeless in particular were at an extreme disadvantage. You can't keep a desktop computer if you have nowhere - or only a very tiny, insecure space - to put it or power it, and you can't afford broadband or a landline. A laptop presents only slightly fewer problems. Even assuming you can find free wifi to use somewhere, how do you keep the laptop from being stolen or damaged? Where and how do you keep it charged? And so The Connection, like libraries and other places, runs a day center with a computing area and resources to help, including computer training.

But even that, they said, hasn't been reaching the most excluded, the under-25s that The Connection sees. When you think about it, it's logical, but I had to be reminded to think about it. Having missed out on - or been failed by - school education, this group doesn't see the Net as the opportunity the rest of us imagine it to be for them.

"They have no idea of creating anything to help their involvement."

So rather than being "digital natives", their position might be comparable to people who have grown up without language or perhaps autistic children whose intelligence and ability to learn has been disrupted by their brain wiring and development so much that the gap between them and their normally wired peers keeps increasing. Today's elderly who lack the motivation, the cognitive functioning, or the physical ability to go online will be catered to, even if only by proxy, until they die out. But imagine being 20 today and having no digital life beyond the completely passive experience of watching a few clips on YouTube or glancing at a Facebook page and thinking they have nothing to do with you. You will go through your entire life at a progressively greater disadvantage. Just as we assume that today's 80-year-olds grew up with movies, radio, and postal mail, when *you* are 80 (if the planet hasn't run out of energy and water and been forced to turn off all the computers by then), in devising systems to help you society will assume you grew up with television, email, and ecommerce. Whatever is put in place to help you navigate whatever that complex future will be like, will be completely outside your grasp.

So The Connection is helping them to do some simple things: upload interviews about their lives, annotate YouTube clips, create comic strips - anything to break this passive lack of interest. Beyond that, there's a big opportunity in smart phones, which don't need charging so often and are easier to protect - and can take advantage of free wifi just as a laptop can. The Connection is working on things like an SMS service that goes out twice a day and provides weather reports, maps of food runs, and information about free things to do. Should you be technically skilled and willing, they're looking for geeky types to help them put these ideas together and automate them. There are still issues around getting people phones, of course - and around the street value of a phone - but once you have a phone where you can be contacted by friend, family, and agencies, it's a whole different life. As it is again if you can be convinced that the Net belongs to you, too, not just all those other people.


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.


January 21, 2012

Camping out

"Why hasn't the marvelous happened yet?" The speaker - at one of today's "unconference" sessions at this year's UK Govcamp - was complaining that with 13,000-odd data sets up on his organization's site there ought to be, you know, results.

At first glance, GovCamp seems peculiarly British: an incongruous mish-mash of government folks, coders, and activists, all brought together by the idea that technology makes it possible to remake government to serve us better. But the Web tells me that events like this are happening in various locations around Europe. James Hendler, who likes to collect government data sets from around the world (700,000 and counting now!), tells me that events like this are happening all over the US, too - except that there this size of event - a couple of hundred people - is New York City.

That's both good and bad: a local area in the US can find many more people to throw at more discrete problems - but on the other hand the federal level is almost impossible to connect with. And, as Hendler points out, the state charters mean that there are conversations the US federal government simply cannot have with its smaller, local counterparts. In the UK, if central government wants a local authority to do something, it can just issue an order.

This year's GovCamp is a two-day affair. Today was an "unConference": dozens of sessions organized by participants to talk about...stuff. Tomorrow will be hands-on, doing things in the limited time available. By the end of the day, the Twitter feed was filling up with eagerness to get on with things.

A veteran camper - I'm not sure how to count how many there have been - tells me that everyone leaves the event full of energy, convinced that they can change the world on Monday. By later next week, they'll have come down from this exhilarated high to find they're working with the same people and the same attitudes. Wonders do not happen overnight.

Along those lines, Mike Bracken, the guy who launched the Guardian's open data platform, now at the Cabinet Office, acknowledges this when he thanks the crowd for the ten years of persistence and pain that created his job. The user, his colleague Mark O'Neill said recently is at the center of everything they're working on. Are we, yet, past proving the concept?

"What should we do first?" someone I couldn't identify (never knowing who's speaking is a pitfall of unConferences) asked in the same session as the marvel-seeker. One offered answer was one any open-source programmer would recognize: ask yourself, in your daily life, what do you want to fix? The problem you want to solve - or the story you want to tell - determines the priorities and what gets published. That's if you're inside government; if you're outside, based on last summer's experience following the Osmosoft teams during Young Rewired State, often the limiting factor is what data is available and in what form.

With luck and perseverance, this should be a temporary situation. As time goes on, and open data gets built into everything, publishing it should become a natural part of everything government does. But getting there means eliminating a whole tranche of traditional culture and overcoming a lot of fear. If I open this data and others can review my decisions will I get fired? If I open this data and something goes wrong will it be my fault?

In a session on creative councils, I heard the suggestion that in the interests of getting rid of gatekeepers who obstruct change organizational structures should be transformed into networks with alternate routes to getting things done until the hierarchy is no longer needed. It sounds like a malcontent's dream for getting the desired technological change past a recalcitrant manager, but the kind of solution that solves one problem by breaking many other things. In such a set-up, who is accountable to taxpayers? Isn't some form of hierarchy inevitable given that someone has to do the hiring and firing?

It was in a session on engagement where what became apparent that as much as this event seems to be focused on technological fixes, the real goal is far broader. The discussion veered into consultations and how to build persistent networks of people engaged with particular topics.

"Work on a good democratic experience," advised the session's leader. Make the process more transparent, make people feel part of the process even if they don't get what they want, create the connection that makes for a truly representative democracy. In her view, what goes wrong with the consultation process now - where, for example, advocates of copyright reform find themselves writing the same ignored advice over and over again in response to the same questions - is that it's trying to compensate for the poor connections to their representatives that most people have. Building those persistent networks and relationships is only a partial answer.

"You can't activate the networks and not at the same time change how you make decisions," she said. "Without that parallel change you'll wind up disappointing people."

Marvels tomorrow, we hope.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

January 6, 2012

Only the paranoid

Yesterday's news that the Ramnit worm has harvested the login credentials of 45,000 British and French Facebook users seems to me a watershed moment for Facebook. If I were an investor, I'd wish I had already cashed out. Indications are, however, that founding CEO Mark Zuckerberg is in it for the long haul, in which case he's going to have to find a solution to a particularly intractable problem: how to protect a very large mass of users from identity fraud when his entire business is based on getting them to disclose as much information about themselves as possible.

I have long complained about Facebook's repeatedly changing privacy controls. This week, while working on a piece on identity fraud for Infosecurity, I've concluded that the fundamental problem with Facebook's privacy controls is not that they're complicated, confusing, and time-consuming to configure. The problem with Facebook's privacy controls is that they exist.

In May 2010, Zuckerberg enraged a lot of people, including me, by opining that privacy is no longer a social norm. As Judith Rauhofer has observed, the world's social norms don't change just because some rich geeks in California say so. But the 800 million people on Facebook would arguably be much safer if the service didn't promise privacy - like Twitter. Because then people wouldn't post all those intimate details about themselves: their kids' pictures, their drunken, sex exploits, their incitements to protest, their porn star names, their birth dates... Or if they did, they'd know they were public.

Facebook's core privacy problem is a new twist on the problem Microsoft has: legacy users. Apple was willing to make earlier generations of its software non-functional in the shift to OS X. Microsoft's attention to supporting legacy users allows me to continue to run, on Windows 7, software that was last updated in 1997. Similarly, Facebook is trying to accommodate a wide variety of privacy expectations, from those of people who joined back when membership was limited to a few relatively constrained categories to those of people joining today, when the system is open to all.

Facebook can't reinvent itself wholesale: it is wholly and completely wrong to betray users who post information about themselves into what they are told is a semi-private space by making that space irredeemably public. The storm every time Facebook makes a privacy-related change makes that clear. What the company has done exceptionally well is to foster the illusion of a private space despite the fact that, as the Australian privacy advocate Roger Clarke observed in 2003, collecting and abusing user data is social networks' only business model.

Ramnit takes this game to a whole new level. Malware these days isn't aimed at doing cute, little things like making hard drive failure noises or sending all the letters on your screen tumbling into a heap at the bottom. No, it's aimed at draining your bank account and hijacking your identity for other types of financial exploitation.

To do this, it needs to find a way inside the circle of trust. On a computer network, that means looking for an unpatched hole in software to leverage. On the individual level, it means the malware equivalent of viral marketing: get one innocent bystander to mistakenly tell all their friends. We've watched this particular type of action move through a string of vectors as the human action moves to get away from spam: from email to instant messaging to, now, social networks. The bigger Facebok gets, the bigger a target it becomes. The more information people post on Facebook - and the more their friends and friends of friends friend promiscuously - the greater the risk to each individual.

The whole situation is exacerbated by endemic, widespread, poor security practices. Asking people to provide the same few bits of information for back-up questions in case they need a password reset. Imposing password rules that practically guarantee people will use and reuse the same few choices on all their sites. Putting all the eggs in services that are free at point of use and that you pay for in unobtainable customer service (not to mention behavioral targeting and marketing) when something goes wrong. If everything is locked to one email account on a server you do not control, if your security questions could be answered by a quick glance at your Facebook Timeline and a Google search, if you bank online and use the same passwords throughout...you have a potential catastrophe in waiting.

I realize not everyone can run their own mail server. But you can use multiple, distinct email addresses and passwords, you can create unique answers on the reset forms, and you can limit your exposure by presuming that everything you post *is* public, whether the service admits it or not. Your goal should be to ensure that when - it's no longer safe to say "if" - some part of your online life is hacked the damage can be contained to that one, hopefully small, piece. Relying on the privacy consciousness of friends means you can't eliminate the risk; but you can limit the consequences.

Facebook is facing an entirely different risk: that people, alarmed at the thought of being mugged, will flee elsewhere. It's happened before.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

December 23, 2011

Duck amuck

Back in about 1998, a couple of guys looking for funding for their start-up were asked this: How could anyone compete with Yahoo! or Altavista?

"Ten years ago, we thought we'd love Google forever," a friend said recently. Yes, we did, and now we don't.

It's a year and a bit since I began divorcing Google. Ducking the habit is harder than those "They have no lock-in" financial analysts thought when Google went public: as if habit and adaptation were small things. Easy to switch CTRL-K in Firefox to DuckDuckGo, significantly hard to unlearn ten years of Google's "voice".

When I tell this to Gabriel Weinberg, the guy behind DDG - his recent round of funding lets him add a few people to experiment with different user interfaces and redo DDG's mobile application - he seems to understand. He started DDG, he told The Rise to the Top last year, because of Google's increasing amount of spam. Frustration made him think: for many queries wouldn't searching just Delicio.us and Wikipedia produce better results? Since his first weekend mashing that up, DuckDuckGo has evolved to include over 50 sources.

"When you type in a query there's generally a vertical search engine or data source out there that would best serve your query," he says, "and the hard problem is matching them up based on the limited words you type in." When DDG can make a good guess at identifying such a source - such as, say, the National Institutes of Health - it puts that result at the top. This is a significant hint: now, in DDG searches, I put the site name first, where on Google I put it last. Immediate improvement.

This approach gives Weinberg a new problem, a higher-order version of the Web's broken links: as companies reorganize, change, or go out of business, the APIs he relies on vanish.

Identifying the right source is harder than it sounds, because the long tail of queries require DDG to make assumptions about what's wanted.

"The first 80 percent is easy to capture," Weinberg says. "But the long tail is pretty long."

As Ken Auletta tells it in Googled, the venture capitalist Ram Shriram advised Sergey Brin and Larry Page to sell their technology to Yahoo! or maybe Infoseek. But those companies were not interested: the thinking then was portals and keeping site visitors stuck as long as possible on the pages advertisers were paying for, while Brin and Page wanted to speed visitors away to their desired results. It was only when Shriram heard that, Auletta writes, that he realized that baby Google was disruptive technology. So I ask Weinberg: can he make a similar case for DDG?

"It's disruptive to take people more directly to the source that matters," he says. "We want to get rid of the traditional user interface for specific tasks, such as exploring topics. When you're just researching and wanting to find out about a topic there are some different approaches - kind of like clicking around Wikipedia."

Following one thing to another, without going back to a search engine...sounds like my first view of the Web in 1991. But it also sounds like some friends' notion of after-dinner entertainment, where they start with one word in the dictionary and let it lead them serendipitously from word to word and book to book. Can that strategy lead to new knowledge?

"In the last five to ten years," says Weinberg, "people have made these silos of really good information that didn't exist when the Web first started, so now there's an opportunity to take people through that information." If it's accessible, that is. "Getting access is a challenge," he admits.

There is also the frontier of unstructured data: Google searches the semi-structured Web by imposing a structure on it - its indexes. By contrast, Mike Lynch's Autonomy, which just sold to Hewlett-Packard for £10 billion, uses Bayesian logic to search unstructured data, which is what most companies have.

"We do both," says Weinberg. "We like to use structured data when possible, but a lot of stuff we process is unstructured."

Google is, of course, a moving target. For me, its algorithms and interface are moving in two distinct directions, both frustrating. The first is Wal-Mart: stuff most people want. The second is the personalized filter bubble. I neither want nor trust either. I am more like the scientists Linguamatics serves: its analytic software scans hundreds of journals to find hidden links suggesting new avenues of research.

Anyone entering a category that's as thoroughly dominated by a single company as search is now, is constantly asked: How can you possibly compete with ? Weinberg must be sick of being asked about competing with Google. And he'd be right, because it's the wrong question. The right question is, how can he build a sustainable business? He's had some sponsorship while his user numbers are relatively low (currently 7 million searches a month) and, eventually, he's talked about context-based advertising - yet he's also promising little spam and privacy - no tracking. Now, that really would be disruptive.

So here's my bet. I bet that DuckDuckGo outlasts Groupon as a going concern. Merry Christmas.


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.


July 29, 2011

Name check

How do you clean a database? The traditional way - which I still experience from time to time from journalist directories - is that some poor schnook sits in an office and calls everyone on the list, checking each detail. It's an immensely tedious job, I'm sure, but it's a living.

The new, much cheaper method is to motivate the people in the database to do it themselves. A government can pass a law and pay benefits. Amazon expects the desire to receive the goods people have paid for to be sufficient. For a social network it's a little harder, yet Facebook has managed to get 750 million users to upload varying amounts of information. Google hopes people will do the same with Google+,

The emotional connections people make on social networks obscure their basic nature as databases. When you think of them in that light, and you remember that Google's chief source of income is advertising, suddenly Google's culturally dysfunctional decision to require real names on |Google+ makes some sense. For an advertising company,a fuller, cleaner database is more valuable and functional. Google's engineers most likely do not think in terms of improving the company's ability to serve tightly targeted ads - but I'd bet the company's accountants and strategists do. The justification - that online anonymity fosters bad behavior - is likely a relatively minor consideration.

Yet it's the one getting the attention, despite the fact that many people seem confused about the difference between pseudonymity, anonymity, and throwaway identity. In the reputation-based economy the Net thrives on, this difference matters.

The best-known form of pseudonymity is the stage name, essentially a form of branding for actors, musicians, writers, and artists, who may have any of a number of motives for keeping their professional lives separate from their personal lives: privacy for themselves, their work mates, or their families, or greater marketability. More subtly, if you have a part-time artistic career and a full-time day job you may not want the two to mix: will people take you seriously as an academic psychologist if they know you're also a folksinger? All of those reasons for choosing a pseudonym apply on the Net, where everything is a somewhat public performance. Given the harassment some female bloggers report, is it any wonder they might feel safer using a pseudonym?

The important characteristic of pseudonyms, which they share with "real names", is persistence. When you first encounter someone like GrrlScientist, you have no idea whether to trust her knowledge and expertise. But after more than ten years of blogging, that name is a known quantity. As GrrlScientist writes about Google's shutting down her account, it is her "real-enough" name by any reasonable standard. What's missing is the link to a portion of her identity - the name on her tax return, or the one her mother calls her. So what?

Anonymity has long been contentious on the Net; the EU has often considered whether and how to ban it. At the moment, the driving justification seems to be accountability, in the hope that we can stop people from behaving like malicious morons, the phenomenon I like to call the Benidorm syndrome.

There is no question that people write horrible things in blog and news site comments pages, conduct flame wars, and engage in cyber bullying and harassment. But that behaviour is not limited to venues where they communicate solely with strangers; every mailing list, even among workmates, has flame wars. Studies have shown that the cyber versions of bullying and harassment, like their offline counterparts, are most often perpetrated by people you know.

The more important downside of anonymity is that it enables people to hide, not their identity but their interests. Behind the shield, a company can trash its competitors and those whose work has been criticized can make their defense look more robust by pretending to be disinterested third parties.

Against that is the upside. Anonymity protects whistleblowers acting in the public interest, and protesters defying an authoritarian regime.

We have little data to balance these competing interests. One bit we do have comes from an experiment with anonymity conducted years ago on the WELL, which otherwise has insisted on verifying every subscriber throughout its history. The lesson they learned, its conferencing manager, Gail Williams, told me once, was that many people wanted anonymity for themselves - but opposed it for others. I suspect this principle has very wide applicability, and it's why the US might, say, oppose anonymity for Bradley Manning but welcome it for Egyptian protesters.

Google is already modifying the terms of what is after all still a trial service. But the underlying concern will not go away. Google has long had a way to link Gmail addresses to behavioral data collected from those using its search engine, docs, and other services. It has always had some ability to perform traffic analysis on Gmail users' communications; now it can see explicit links between those pools of data and, increasingly, tie them to offline identities. This is potentially far more powerful than anything Facebook can currently offer. And unlike government databases, it's nice and clean, and cheap to maintain.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

May 20, 2011

The world we thought we lived in

If one thing is more annoying than another, it's the fantasy technology on display in so many TV shows. "Enhance that for me!" barks an investigator. And, obediently, his subordinate geek/squint/nerd pushes a button or few, a line washes over the blurry image on screen, and now he can read the maker's mark on a pill in the hand of the target subject that was captured by a distant CCTV camera. The show 24 ended for me 15 minutes into season one, episode one, when Kiefer Sutherland's Jack Bauer, trying to find his missing daughter, thrust a piece of paper at an underling and shouted, "Get me all the Internet passwords associated with that telephone number!" Um...

But time has moved on, and screenwriters are more likely to have spent their formative years online and playing computer games, and so we have arrived at The Good Wife, which gloriously wrapped up its second season on Tuesday night (in the US; in the UK the season is still winding to a close on Channel 4). The show is a lot of things: a character study of an archetypal humiliated politician's wife (Alicia Florrick, played by Julianna Margulies) who rebuilds her life after her husband's betrayal and corruption scandal; a legal drama full of moral murk and quirky judges ( Carob chip?); a political drama; and, not least, a romantic comedy. The show is full of interesting, layered men and great, great women - some of them mature, powerful, sexy, brilliant women. It is also the smartest show on television when it comes to life in the time of rapid technological change.

When it was good, in its first season, Gossip Girl cleverly combined high school mean girls with the citizen reportage of TMZ to produce a world in which everyone spied on everyone else by sending tips, photos, and rumors to a Web site, which picks the most damaging moment to publish them and blast them to everyone's mobile phones.

The Good Wife goes further to exploit the fact that most of us, especially those old enough to remember life before CCTV, go on about our lives forgetting that everywhere we leave a trail. Some are, of course, old staples of investigative dramas: phone records, voice messages, ballistics, and the results of a good, old-fashioned break-in-and-search. But some are myth-busting.

One case (S2e15, "Silver Bullet") hinges on the difference between the compressed, digitized video copy and the original analog video footage: dropped frames change everything. A much earlier case (S1e06, "Conjugal") hinges on eyewitness testimony; despite a slightly too-pat resolution (I suspect now, with more confidence, it might have been handled differently), the show does a textbook job of demonstrating the flaws in human memory and their application to police line-ups. In a third case (S1e17, "Heart"), a man faces the loss of his medical insurance because of a single photograph posted to Facebook showing him smoking a cigarette. And the disgraced husband's (Peter Florrick, played by Chris Noth) attempt to clear his own name comes down to a fancy bit of investigative work capped by camera footage from an ATM in the Cayman Islands that the litigator is barely technically able to display in court. As entertaining demonstrations and dramatizations of the stuff net.wars talks about every week and the way technology can be both good and bad - Alicia finds romance in a phone tap! - these could hardly be better. The stuffed lion speaker phone (S2e19, "Wrongful Termination") is just a very satisfying cherry topping of technically clever hilarity.

But there's yet another layer, surrounding the season two campaign mounted to get Florrick elected back into office as State's Attorney: the ways that technology undermines as well as assists today's candidates.

"Do you know what a tracker is?" Peter's campaign manager (Eli Gold, played by Alan Cumming) asks Alicia (S2e01, "Taking Control"). Answer: in this time of cellphones and YouTube, unpaid political operatives follow opposing candidates' family and friends to provoke and then publish anything that might hurt or embarrass the opponent. So now: Peter's daughter (Makenzie Vega) is captured praising his opponent and ham-fistedly trying to defend her father's transgressions ("One prostitute!"). His professor brother-in-law's (Dallas Roberts) in-class joke that the candidate hates gays is live-streamed over the Internet. Peter's son (Graham Phillips) and a manipulative girlfriend (Dreama Walker), unknown to Eli, create embarrassing, fake Facebook pages in the name of the opponent's son. Peter's biggest fan decides to (he thinks) help by posting lame YouTube videos apparently designed to alienate the very voters Eli's polls tell him to attract. (He's going to post one a week; isn't Eli lucky?) Polling is old hat, as are rumors leaked to newspaper reporters; but today's news cycle is 20 minutes and can we have a quote from the candidate? No wonder Eli spends so much time choking and throwing stuff.

All of this fits together because the underlying theme of all parts of the show is control: control of the campaign, the message, the case, the technology, the image, your life. At the beginning of season one, Alicia has lost all control over the life she had; by the end of season two, she's in charge of her new one. Was a camera watching in that elevator? I guess we'll find out next year.


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

April 15, 2011

The open zone

This week my four-year-old computer had a hissy fit and demanded, more or less simultaneously, a new graphics card, a new motherboard, and a new power supply. It was the power supply that was the culprit: when it blew it damaged the other two pieces. I blame an incident about six months ago when the power went out twice for a few seconds each time, a few minutes apart. The computer's always been a bit fussy since.

I took it to the tech guys around the corner to confirm the diagnosis, and we discussed which replacements to order and where to order them from. I am not a particularly technical person, and yet even I can repair this machine by plugging in replacement parts and updating some software. (It's fine now, thank you.)

Here's the thing: at no time did anyone say, "It's four years old. Just get a new one." Instead, the tech guys said, "It's a good computer with a good processor. Sure, replace those parts." A watershed moment: the first time a four-year-old computer is not dismissed as obsolete.

As if by magic, confirmation turned up yesterday, when the Guardian's Charles Arthur asked whether the PC market has permanently passed its peak. Arthur goes on to quote Jay Chou, a senior research analyst at IDC, suggesting that we are now in the age of "good-enough computing" and that computer manufacturers will now need to find ways to create a "compelling user experience". Apple is the clear leader in that arena, although it's likely that if I'd had a Mac instead of a PC it would have been neither so easy nor so quick and inexpensive to fix my machine and get back to work on it, Macs are wonders of industrial design, but as I noted in 2007 when I built this machine, building PCs is now a color-by-numbers affair plugged together out of subsystem pieces that plug together in only one way. What it lacks in elegance compared to a Mac is more than made up for by being able to repair it myself.

But Chou is likely right that this is not the way the world is going.

In his 1998 book The Invisible Computer, usability pioneer Donald Norman projected a future of information appliances, arguing that computers would become invisible because they would be everywhere. (He did not, however, predict the ubiquitous 20-second delay that would accompany this development. You know, it used to be you could turn something on and it would work right away because it didn't have to load software into its memory?) For his model, Norman took electric motors: in the early days you bought one electric motor and used it to power all sorts of variegated attachments; later (now) you found yourself owning dozens of electric motors, all hidden inside appliances.

The trade-off is pretty much the same: the single electric motor with attachments was much more repairable by a knowledgeable end user than today's sealed black-box appliances are. Similarly, I can rebuild my PC, but I can only really replace the hard drive on my laptop, and the battery on my smart phone. Iphone users can't even do that. Norman, whose interest is usability, doesn't - or didn't, since he's written other books since - see this as necessarily a bad deal for consumers, who just want their technology to work intuitively so they can use it to get stuff done.

Jonathan Zittrain, though, has generally taken the opposite view, arguing in his book The Future of the Internet - and How to Stop It and in talks such as the one he gave at last year's Web science meeting that the general-purpose computer, which he dates to 1977, is dying. With it, to some extent, is going the open Internet; it was at that point that, to illustrate what he meant by curated content, he did a nice little morph from the ultra-controlled main menu of CompuServe circa 1992 to today's iPhone home screen.

"How curated do we want things to be?" he asked.

It's the key question. Zittrain's view, backed up by Tim Wu in The Master Switch is that security and copyright may be the levers used to close down general-purpose computers and the Internet, leaving us with a corporately-owned Internet that runs on black boxes to which individual consumers have little or no access. This is, ultimately, what the "Open" in Open Rights Group seems to me to be about: ensuring that the most democratic medium ever invented remains a democratic medium.

Clearly, there are limits. The earliest computer kits were open - but only to the relatively small group of people with - or willing to acquire - considerable technical skill. My computer would not be more open to me if I had to get out a soldering iron to fix my old motherboard and code my own operating system. Similarly, the skill required to deal with security threats like spam and malware attacks raises the technical bar of dealing with computers to the point where they might as well be the black boxes Zittrain fears. But somewhere between the soldering iron and the point-and-click of a TV remote control there has to be a sweet spot where the digital world is open to the most people. That's what I hope we can find.


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

March 25, 2011

Return to the red page district

This week's agreement to create a .xxx generic top-level domain (generic in the sense of not being identified with a particular country) seems like a quaint throwback. Ten or 15 years ago it might have made mattered. Now, for all the stories rehashing the old controversies, it seems to be largely irrelevant to anyone except those who think they can make some money out of it. How can it be a vector for censorship if there is no prohibition on registering pornography sites elsewhere? How can it "validate" the porn industry any more than printers and film producers did? Honestly, if it didn't have sex in the title, who would care?

I think it was about 1995 when a geekish friend said, probably at the Computers, Freedom, and Privacy conference, "I think I have the solution. Just create a top-level domain just for porn."

It sounded like a good idea at the time. Many of the best ideas are simple - with a kind of simplicity mathematicians like to praise with the term "elegant". Unfortunately, many of the worst ideas are also simple - with a kind of simplicity we all like to diss with the term "simplistic". Which this is depends to some extent on when you're making the judgement..

In 1995, the sense was that creating a separate pornography domain would provide an effective alternative to broad-brush filtering. It was the era of Time magazine's Cyberporn cover story, which Netheads thoroughly debunked and leading up to the passage of the Communications Decency Act in 1996. The idea that children would innocently stumble upon pornography was entrenched and not wholly wrong. At that time, as PC Magazine points out while outlining the adult entertainment industry's objections to the new domain, a lot of Web surfing was done by guesswork, which is how the domain whitehouse.com became famous.

A year or two later, I heard that one of the problems was that no one wanted to police domain registrations. Sure. Who could afford the legal liability? Besides, limiting who could register what in which domain was not going well: .com, which was intended to be for international commercial organizations, had become the home for all sorts of things that didn't fit under that description, while the .us country code domain had fallen into disuse. Even today, with organizations controlling every top-level domain, the rules keep having to adapt to user behavior. Basically, the fewer people interested in registering under your domain the more likely it is that your rules will continue to work.

No one has ever managed to settle - again - the question of what the domain name system is for, a debate that's as old as the system itself: its inventor, Paul Mockapetris, still carries the scars of the battles over whether to create .com. (If I remember correctly, he was against it, but finally gave on in that basis that: "What harm can it do?") Is the domain name system a directory, a set of mnemonics, a set of brands/labels, a zoning mechanism, or a free-for-all? ICANN began its life, in part, to manage the answers to this particular controversy; many long-time watchers don't understand why it's taken so long to expand the list of generic top-level domains. Fifteen years ago, finding a consensus and expanding the list would have made a difference to the development of the Net. Now it simply does not matter.

I've written before now that the domain name system has faded somewhat in importance as newer technologies - instant messaging, social networks, iPhone/iPad apps - bypass it altogether. And that is true. When the DNS was young, it was a perfect fit for the Internet applications of the day for which it was devised: Usenet, Web, email, FTP, and so on. But the domain name system enables email and the Web, which are typically the gateways through which people make first contact with those services (you download the client via the Web, email your friend for his ID, use email to verify your account).

The rise of search engines - first Altavista, then primarily Google - did away with much of consumers' need for a directory. Also a factor was branding: businesses wanted memorable domain names they could advertise to their customers. By now, though probably most people don't bother to remember more than a tiny handful of domain names now - Google, Facebook, perhaps one or two more. Anything else they either put into a search engine or get from either a bookmark or, more likely, their browser history.

Then came sites like Facebook, which take an approach akin to CompuServe in the old days or mobile networks now: they want to be your gateway to everything online (Facebook is going to stream movies now, in competition with NetFlix!) If they succeed, would it matter if you had - once - to teach your browser a user-unfriendly long, numbered address?

It is in this sense that the domain name system competes with Google and Facebook as the gateway to the Net. Of all the potential gateways, it is the only one that is intended as a public resource rather than a commercial company. That has to matter, and we should take seriously the threat that all the Net's entrances could become owned by giant commercial interests. But .xxx missed its moment to make history.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

March 4, 2011

Tax returns

In 1994, when Jeff Bezos was looking for a place to put the online bookseller he intended to grow into the giant, multi-faceted online presence it is today, he began with a set of criteria that included, high up on the list, avoiding liability for sales tax as much as possible. That meant choosing a small state, so that the vast majority of the new site's customers would be elsewhere.

Bezos could make this choice because of the 1992 Supreme Court decision in Quill Corp v. North Dakota, blocking states from compelling distance sellers to collect sales tax from customers unless the seller had a substantial physical operation (a "nexus") in the customer's state. Why, the reasoning went, should a company be required to pay taxes in a state where it receives no benefit in the form of public services? The decision helped fuel the growth of first mail-order sales and then ecommerce.

And so throughout the growth of electronic commerce Americans have gone along taking advantage of the relief from sales tax afforded by online sales. This is true despite the fact that many states have laws requiring their residents to declare and pay the sales tax on purchases over a certain amount. Until the current online tax disputes blew up, few knew about these laws - I only learned of them from a reader email some years ago - and as far as I'm aware it isn't enforced. Doing so would require comprehensive surveillance of ecommerce sites.

But this is the thing when something is new: those setting up businesses can take advantage of loopholes created for very different markets and conditions. A similar situation applies in the UK with respect to DVD and CD sales. Fulfilled by subsidiaries or partners based in the Channel Islands, the DVD and CD sales of major retailers such as Amazon, Tesco, and others take advantage of tax relief rules intended to speed shipments of agricultural products. Basically, any package valued under £18 is exempt from VAT. For consumers, this represents substantial savings; for local shops, it represents a tough challenge.

Even before that, in the early 1990s, CompuServe and AOL, as US-based Internet service providers, were able to avoid charging VAT in the UK based on a rule making services taxable based on their point of origin. That gave those two companies a significant - 17.5 percent - advantage over native ISPs like Demon and Pipex. There were many objections to this situation, and eventually the loophole was closed and both CompuServe and AOL began charging VAT.

You can't really blame companies for taking advantage of the structures that are there. No one wants to pay more tax - or pay for more administration - than is required by law, and anyone running those companies would make the same decisions. But as the recession continues to bite and state, federal, and central governments are all scrambling to replace lost revenues from a tax base that's been , the calls to level the playing field by closing off these tax-advantage workarounds are getting louder.

This type of argument is as old as mail order. But in the beginning there was a general view - implemented also in the US as a moratorium on taxing Internet services that was renewed as recently as 2007 - that exempting the Internet from as many taxes as possible would help the new medium take root and flourish. There was definitely some truth to the idea that this type of encouragement helped; an early FCC proposal to surcharge users for transmitting data was dropped after 10,000 users sent letters of complaint. Nonetheless, the FCC had to continue issuing denials for years as the dropped proposal continued to make the rounds as the "modem tax" hoax spam.

The arguments for requiring out-of-state sellers to collect and remit sales taxes (or VAT) are fairly obvious. Local retailers, especially small independents, are operating at a price disadvantage (even though customers must pay shipping and delivery charges when they buy online). Governments are losing one of their options for raising revenues to pay for public services. In addition, people buy online for many more reasons than saving money. Online shopping is convenient and offers greater choice. It is also true, though infrequently remembered, that the demographics of online shopping skew toward the wealthier members of our society - that is, the people who best afford to pay the tax.

The arguments against largely boil down to the fact that collecting taxes in many jurisdictions is administratively burdensome. There are some 8,000 different tax rates across the US's 50 states, and although there are many fewer VAT rates across Europe, once your business in a country has reached a certain threshold the rules and regulations governing each one can be byzantine and inconsistent. Creating a single, simple, and consistent tax rule to apply across the board to distance selling would answer these.

No one likes paying taxes (least of all us). But the fact that Amazon would apparently rather jettison the associates program that helped advertise and build its business than allow a state to claim those associates constitute a nexus exposing it to sales tax liability says volumes about how far we've come. And, therefore, how little the Net's biggest businesses now need the help.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

February 18, 2011

What is hyperbole?

This seems to have been a week for over-excitement. IBM gets an onslaught of wonderful publicity because it built a very large computer that won at the archetypal American TV game, Jeopardy. And Eben Moglen proposes the Freedom box, a more-or-less pocket ("wall wart") computer you can plug in and that will come up, configure itself, and be your Web server/blog host/social network/whatever and will put you and your data beyond the reach of, well, everyone. "You get no spying for free!" he said in his talk outlining the idea for the New York Internet Society.

Now I don't mean to suggest that these are not both exciting ideas and that making them work is/would be an impressive and fine achievement. But seriously? Is "Jeopardy champion" what you thought artificial intelligence would look like? Is a small "wall wart" box what you thought freedom would look like?

To begin with Watson and its artificial buzzer thumb. The reactions display everything that makes us human. The New York Times seems to think AI is solved, although its editors focus, on our ability to anthropomorphize an electronic screen with a smooth, synthesized voice and a swirling logo. (Like HAL, R2D2, and Eliza Doolittle, its status is defined by the reactions of the surrounding humans.)

The Atlantic and Forbes come across as defensive. The LA Times asks: how scared should we be? The San Francisco Chronicle congratulates IBM for suddenly becoming a cool place for the kids to work.

If, that is, they're not busy hacking up Freedom boxes. You could, if you wanted, see the past twenty years of net.wars as a recurring struggle between centralization and distribution. The Long Tail finds value in selling obscure products to meet the eccentric needs of previously ignored niche markets; eBay's value is in aggregating all those buyers and sellers so they can find each other. The Web's usefulness depends on the diversity of its sources and content; search engines aggregate it and us so we can be matched to the stuff we actually want. Web boards distributed us according to niche topics; social networks aggregated us. And so on. As Moglen correctly says, we pay for those aggregators - and for the convenience of closed, mobile gadgets - by allowing them to spy on us.

An early, largely forgotten net.skirmish came around 1991 over the asymmetric broadband design that today is everywhere: a paved highway going to people's homes and a dirt track coming back out. The objection that this design assumed that consumers would not also be creators and producers was largely overcome by the advent of Web hosting farms. But imagine instead that symmetric connections were the norm and everyone hosted their sites and email on their own machines with complete control over who saw what.

This is Moglen's proposal: to recreate the Internet as a decentralized peer-to-peer system. And I thought immediately how much it sounded like...Usenet.

For those who missed the 1990s: invented and implemented in 1979 by three students, Tom Truscott, Jim Ellis, and Steve Bellovin, the whole point of Usenet was that it was a low-cost, decentralized way of distributing news. Once the Internet was established, it became the medium of transmission, but in the beginning computers phoned each other and transferred news files. In the early 1990s, it was the biggest game in town: it was where the Linus Torvalds and Tim Berners-Lee announced their inventions of Linux and the World Wide Web.

It always seemed to me that if "they" - whoever they were going to be - seized control of the Internet we could always start over by rebuilding Usenet as a town square. And this is to some extent what Moglen is proposing: to rebuild the Net as a decentralized network of equal peers. Not really Usenet; instead a decentralized Web like the one we gave up when we all (or almost all) put our Web sites on hosting farms whose owners could be DMCA'd into taking our sites down or subpoena'd into turning over their logs. Freedom boxes are Moglen's response to "free spying with everything".

I don't think there's much doubt that the box he has in mind can be built. The Pogoplug, which offers a personal cloud and a sort of hardware social network, is most of the way there already. And Moglen's argument has merit: that if you control your Web server and the nexus of your social network law enforcement can't just make a secret phone call, they'll need a search warrant to search your home if they want to inspect your data. (On the other hand, seizing your data is as simple as impounding or smashing your wall wart.)

I can see Freedom boxes being a good solution for some situations, but like many things before it they won't scale well to the mass market because they will (like Usenet) attract abuse. In cleaning out old papers this week, I found a 1994 copy of Esther Dyson's Release 1.0 in which she demands a return to the "paradise" of the "accountable Net"; 'twill be ever thus. The problem Watson is up against is similar: it will function well, even engagingly, within the domain it was designed for. Getting it to scale will be a whole 'nother, much more complex problem.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.


January 28, 2011

Stuffed

"You don't need this old math work," said my eighth grade geography teacher, paging through my loose-leaf notebook while I watched resentfully. It was 1967, the math work was no more than a couple of months old, and she was ahead of her time. She was an early prototype of that strange, new species littering the media these days: the declutterer.

People like her - they say "professional organizer", I say bully - seem to be everywhere. Their sudden visibility is probably due, at least in part, to the success of the US TV series Hoarders, in which mentally disordered people are forced to confront their pathological addiction to keeping and/or acquiring so much stuff that their houses are impassable, often hazardous. Of course, one person's pathological hoarder is another's more-or-less normal slob, packrat, serious collector, or disorganized procrastinator. Still, Newsweek's study of kids who are stuck with the clean-up after their hoarder parents die is decidedly sad.

But much of what I'm reading seems aimed at perfectly normal people who are being targeted with all the zealotry of an early riser insisting that late sleepers and insomniacs are lazy, immoral slugs who need to be reformed.

Some samples. LifeHacker profiles a book to help you estimate how much your clutter is costing you. The latest middle-class fear is that schools' obsession with art work will turn children into hoarders. The New York Times profiles a professional declutterer who has so little sympathy for attachment to stuff that she tosses out her children's party favors after 24 hours. At least she admits she's neurotic, and is just happy she's made it profitable to the tune of $150 an hour (well, Manhattan prices).

But take this comment from LifeHacker:

For example, look in your bedroom and consider the cost of unworn clothes and shoes, unread books, unworn jewelry, or unused makeup.

And this, from the Newsweek piece:

While he's thrown out, recycled, and donated years' worth of clothing, costume jewelry, and obvious trash, he's also kept a lot--including an envelope of clothing tags from items [his mother] bought him in 1972, hundreds of vinyl records, and an outdated tape recorder with corroded batteries leaking out the back.

OK, with her on the corroded batteries. (What does she mean, outdated? If it still functions for its intended purpose it's just old.) Little less sure about the clothing tags, which might evoke memories. But unread books? Unless you're talking 436 copies of The DaVinci Code, unread books aren't clutter. Unread books are mental food. They are promises of unknown worlds on a rainy day when the electricity goes bang. They are cultural heritage. Ditto vinyl records. Not all books and LPs are equally valuable, of course, but they should be presumed innocent until proven to be copies of Jeffrey Archer novels. Books are not shoeboxes marked "Pieces of string - too small to save".

Leaving aside my natural defensiveness at the suggestion that thousands of books, CDs, DVDs, and vinyl LPs are "clutter", it strikes me that one reason for this trend is that there is a generational shift taking place. Anyone born before about 1970 grew up knowing that the things they liked might become unavailable at any time. TV shows were broadcast once, books and records went out of print, and the sweater that sold out while you were saving up for it didn't reappear later on eBay. If you had any intellectual or artistic aspirations, building your own library was practically a necessity.

My generation also grew up making and fixing things: we have tools. (A couple of years ago I asked a pair of 20-somethings for a soldering iron; they stared as if I'd asked for a manual typewriter.) Plus, in the process of rebelling against our parents' largely cautious and thrifty lifestyles, Baby Boomers were the first to really exploit consumer credit. Put it together: endemic belief that the availability of any particular item was only temporary, unprecedented array of goods to choose from, extraordinary access to funding. The result: stuff.

To today's economically stressed-out younger generation, raised on reruns and computer storage, the physical manifestations of intellectual property must seem peculiarly unnecessary. Why bother when you can just go online and click a button? One of my 50-something writer friends loves this new world; he gives away or sells books as soon as he's read them, and buys them back used from Amazon or Alibris if he needs to consult them again. Except for the "buying it used" part, this is a business model the copyright industries ought to love, because you can keep selling the same thing over and over again to the same people. Essentially, it's rental, which means it may eventually be an even better business than changing the media format every decade or two so that people have to buy new copies. When 3D printers really get going, I imagine there will be people arguing that you really don't need to keep furniture around - just print it when you need it. Then the truly modern home environment will be just a bare floor and walls. If you want to live like that, fine, but on behalf of my home libraries, I say: ick.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

January 14, 2011

Face time

The history of the Net has featured many absurd moments, but this week was some sort of peak of the art. In the same week I read that a) based a $450 million round of investment from Goldman Sachs Facebook is now valued at $50 billion, higher than Boeing's market capitalization and b) Facebook's founder, Mark Zuckerberg, is so tired of the stress of running the service that he plans to shut it down on March 15. As I seem to recall a CS Lewis character remarking irritably, "Why don't they teach logic in these schools?" If you have a company worth $50 billion and you don't much like running it any more, you sell the damn thing and retire. It's not like Zuckerberg even needs to wait to be Time's Man of the Year.

While it's safe to say that Facebook isn't going anywhere soon, it's less clear what its long-term future might be, and the users who panicked at the thought of the service's disappearance would do well to plan ahead. Because: if there's one thing we know about the history of the Net's social media it's that the party keeps moving. Facebook's half-a-billion-strong user base is, to be sure, bigger than anything else assembled in the history of the Net. But I think the future as seen by Douglas Rushkoff, writing for CNN last week is more likely: Facebook, he argued based on its arguably inflated valuation, is at the beginning of its end, as MySpace was when Rupert Murdoch bought it in 2005 for $580 million. (Though this says as much about Murdoch's Net track record as it does about MySpace: Murdoch bought the text-based Delphi, at its peak moment in late 1993.)

Back in 1999, at the height of the dot-com boom, the New Yorker published an article (abstract; full text requires subscription) comparing the then-spiking stock price of AOL with that of the Radio Corporation of America back in the 1920s, when radio was the hot, new democratic medium. RCA was selling radios that gave people unprecedented access to news and entertainment (including stock quotes); AOL was selling online accounts that gave people unprecedented access to news, entertainment, and their friends. The comparison, as the article noted, wasn't perfect, but the comparison chart the article was written around was, as the author put it, "jolly". It still looks jolly now, recreated some months later for this analysis of the comparison.

There is more to every company than just its stock price, and there is more to AOL than its subscriber numbers. But the interesting chart to study - if I had the ability to create such a chart - would be the successive waves of rising, peaking, and falling numbers of subscribers of the various forms of social media. In more or less chronological order: bulletin boards, Usenet, Prodigy, Genie, Delphi, CompuServe, AOL...and now MySpace, which this week announced extensive job cuts.

At its peak, AOL had 30 million of those; at the end of September 2010 it had 4.1 million in the US. As subscriber revenues continue to shrink, the company is changing its emphasis to producing content that will draw in readers from all over the Web - that is, it's increasingly dependent on advertising, like many companies. But the broader point is that at its peak a lot of people couldn't conceive that it would shrink to this extent, because of the basic principle of human congregation: people go where their friends are. When the friends gradually start to migrate to better interfaces, more convenient services, or simply sites their more annoying acquaintances haven't discovered yet, others follow. That doesn't necessarily mean death for the service they're leaving: AOL, like CIX, the The WELL, and LiveJournal before it, may well find a stable size at which it remains sufficiently profitable to stay alive, perhaps even comfortably so. But it does mean it stops being the growth story of the day.

As several financial commentators have pointed out, the Goldman investment is good for Goldman no matter what happens to Facebook, and may not be ring-fenced enough to keep Facebook private. My guess is that even if Facebook has reached its peak it will be a long, slow ride down the mountain and between then and now at least the early investors will make a lot of money.

But long-term? Facebook is barely five years old. According to figures leaked by one of the private investors, its price-earnings ratio is 141. The good news is that if you're rich enough to buy shares in it you can probably afford to lose the money.

As far as I'm aware, little research has been done studying the Net's migration patterns. From my own experience, I can say that my friends lists on today's social media include many people I've known on other services (and not necessarily in real life) as the old groups reform in a new setting. Facebook may believe that because the profiles on its service are so complex, including everything from status updates and comments to photographs and games, users will stay locked in. Maybe. But my guess is that the next online party location will look very different. If email is for old people, it won't be long before Facebook is, too.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

December 10, 2010

Payback

A new word came my way while I was reviewing the many complaints about the Transportation Security Administration and its new scanner toys and pat-down procedures: "Chertoffed". It's how "security theater" (Bruce Schneier's term) has transformed the US since 2001.

The description isn't entirely fair to Chertoff, who was only the *second* head of the Bush II-created Department of Homeland Security and has now been replaced: he served from 2005-2009. But since he's the guy who began the scanner push and also numbers scanner manufacturers among the clients of his consultancy company, The Chertoff Group - it's not really unfair either.

What do you do after defining the travel experience of a generation? A little over a month ago, Chertoff showed up at London's RSA Data Security conference to talk about what he thought needed to happen in order to secure cyberspace. We need, he said, a doctrine to lay out the rules of the road for dealing with cyber attacks and espionage - the sort of thing that only governments can negotiate. The analogy he chose was to the doctrine that governed nuclear armament, which he said (at the press Q&A) "gave us a very stable, secure environment over the next several decades."

In cyberspace, he argued, such a thing would be valuable because it makes clear to a prospective attacker what the consequences will be. "The greatest stress on security is when you have uncertainty - the attacker doesn't know what the consequences will be and misjudges the risk." The kinds of things he wants a doctrine to include are therefore things like defining what is a proportionate response: if your country is on the receiving end of an attack from another country that's taking out the electrical power to hospitals and air traffic control systems with lives at risk, do you have the right to launch a response to take out the platform they're operating from? Is there a right of self-defence of networks?

"I generally take the view that there ought to be a strong obligation on countries, subject to limitations of practicality and legal restrictions, to police the platforms in their own domains," he said.

Now, there are all sorts of reasons many techies are against government involvement - or interference - in the Internet. First and foremost is time: the World Summit on the Information Society and its successor, the Internet Governance Forum, have taken years to do...no one's quite sure what, while the Internet's technology has gone on racing ahead creating new challenges. But second is a general distrust, especially among activists and civil libertarians. Chertoff even admitted that.

"There's a capability issue," he said, "and a question about whether governments put in that position will move from protecting us from worms and viruses to protecting us from dangerous ideas."

This was, of course, somewhat before everyone suddenly had an opinion about Wikileaks. But what has occurred since makes that distrust entirely reasonable: give powerful people a way to control the Net and they will attempt to use it. And the Net, as in John Gilmore's famous aphorism, "perceives censorship as damage and routes around it". Or, more correctly, the people do.

What is incredibly depressing about all this is watching the situation escalate into the kind of behavior that governments have quite reasonably wanted to outlaw and that will give ammunition to those who oppose allowing the Net to remain an open medium in which anyone can publish. The more Wikileaks defenders organize efforts like this week's distributed denial-of-service attacks, the more Wikileaks and its aftermath will become the justification for passing all kinds of restrictive laws that groups like the Electronic Frontier Foundation and the Open Rights Group have been fighting against all along.

Wikileaks itself is staying neutral on the subject, according to the statement on its (Swiss) Web site: Wikileaks spokesman Kristinn Hrafnsson said: "We neither condemn nor applaud these attacks. We believe they are a reflection of public opinion on the actions of the targets."

Well, that's true up to a point. It would be more correct to say that public opinion is highly polarized, and that the attacks are a reflection of the opinion of a relatively small section of the public: people who are at the angriest end of the spectrum and have enough technical expertise to download and install software to make their machines part of a botnet - and not enough sense to realize that this is a risky, even dangerous, thing to do. Boycotting Amazon.com during its busiest time of year to express your disapproval of its having booted Wikileaks off its servers would be an entirely reasonable protest. Vandalism is not. (In fact the announced attack on Amazon's servers seems not to have succeeded, though others have.

I have written about the Net and what I like to call the border wars between cyberspace and real life for nearly 20 years. Partly because it's fascinating, partly because when something is new you have a real chance to influence its development, and partly because I love the Net and want it to fulfill its promise as a democratic medium. I do not want to have to look back in another 20 years and say it's been "Chertoffed". Governments are already mad about the utterly defensible publication of the cables; do we have to give them the bullets to shoot us with, too?

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

December 3, 2010

Open diplomacy

Probably most people have by now lived through the embarrassment of having a (it was intended to be) private communication made public. The email your fingers oopsishly sent to the entire office instead of your inamorata; the drunken Usenet postings scooped into Google's archive; the direct Tweet that wound up in the public timeline; the close friend your cellphone pocket-dialed while you were trashing them.

Most of these embarrassments are relatively short-lived. The personal relationships that weren't already too badly damaged recover, if slowly. Most of the people who get the misdirected email are kind enough to delete it and never mention it again. Even the stock market learns to forgive those drunken Usenet postings; you may be a CEO now but you were only a frat boy back then.

But the art of government-level diplomacy is creating understanding, tolerance, and some degree of cooperation among people who fundamentally distrust each other and whose countries may have substantial, centuries-old reasons why that is utterly rational. (Sometimes these internecine feuds are carried to extremes: would you buy from a store that filed Greek and Turkish DVDs in the same bin?) It's hardly surprising if diplomats' private conversations resemble those of Hollywood agents, telling each person what they want to hear about the others and maneuvering them carefully to get the desired result. And a large part of that desired result is avoiding mass destruction through warfare.

For that reason, it's hard to simply judge Wikileaks' behavior by the standard of our often-expressed goal of open data, transparency, accountability, and net.freedoms. Is there a line? And where do you draw it?

In the past, it was well-established news organizations who had to make this kind of decision - the New York Times and the Washington Post regarding the Pentagon Papers, for example. Those organizations, rooted in a known city in a single country, knew that mistakes would see them in court; they had reputations, businesses, and personal liberty to lose. As Jay Rosen: the world's first stateless news organization. (culture, laws, norms) - contract with those who have information that can submit - will encrypt to disguise source from us as well as others - and publish - can't subpoena because stateless. Failure of the watchdog press under George Bush and anxiety on part of press derived from denial of their own death.

Wikileaks wasn't *exactly* predicted by Internet pioneers, but it does have its antecedents and precursors. Before collaborative efforts - wikis - became commonplace on the Web there was already the notion of bypassing the nation-state to create stores of data that could not be subjected to subpoenas and other government demands. There was the Sealand data bunker. There was physicist Timothy May's Crypto Anarchist Manifesto, which posited that, "Crypto anarchy will allow national secrets to be trade freely and will allow illicit and stolen materials to be traded."

Note, however, that a key element of these ideas was anonymity. Julian Assange has told Guardian readers that in fact he originally envisioned Wikileaks as an anonymous service, but eventually concluded that someone must be responsible to the public.

Curiously, the strand of Internet history that is the closest to the current Wikileaks situation is the 1993-1997 wrangle between the Net and Scientology, which I wrote about for Wired in 1995. This particular net.war did a lot to establish the legal practices still in force with respect to user-generated content: notice and takedown, in particular. Like Wikileaks today, those posting the most closely guarded secrets of Scientology found their servers under attack and their material being taken down and, in response, replicated internationally on mirror sites to keep it available. Eventually, sophisticated systems were developed for locating the secret documents wherever they were hosted on a given day as they bounced from server to server (and they had to do all that without the help of Twitter. Today, much of the gist is on Wikipedia. At the time, however, calling it a "flame war with real bullets" wasn't far wrong: some of Scientology's fiercest online critics had their servers and/or homes raided. When Amazon removed Wikileaks from its servers because of "copyright", it operated according to practices defined in response to those Scientology actions.

The arguments over Wikileaks push at many other boundaries that have been hotly disputed over the last 20 years. Are they journalists, hackers, criminals, or heroes? Is Wikileaks important because, as NYU professor Jay Rosen points out, journalism has surrendered its watchdog role? Or because it is posing, as Techdirt says, the kind of challenge to governments that the music and film industries have already been facing? On a technical level, Wikileaks is showing us the extent to which the Internet can still resist centralised control.

A couple of years ago, Stefan Magdalinski noted the "horse-trading in a fairly raw form" his group of civic hackers discovered when they set out to open up the United Nations proceedings - another example of how people behave when they think no one is watching. Utimately governments will learn to function in a world in which they cannot trust that anything is secret, just as they had to learn to cope with CNN (PDF)

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

November 12, 2010

Just between ourselves

It is, I'm sure, pure coincidence that a New York revival of Vaclav Havel's wonderfully funny and sad 1965 play The Memorandum was launched while the judge was considering the Paul Chambers "Twitter joke trial" case. "Bureaucracy gone mad," they're billing the play, and they're right, but what that slogan omits is that the bureaucracy in question has gone mad because most of its members don't care and the one who does has been shut out of understanding what's going on. A new language, Ptydepe, has been secretly invented and introduced as a power grab by an underling claiming it will improve the efficiency of intra-office communications. The hero only discovers the shift when he receives a memorandum written in the new language and can't get it translated due to carefully designed circular rules. When these are abruptly changed the translated memorandum restores him to his original position.

It is one of the salient characteristics of Ptydepe that it has a different word for every nuance of the characters' natural language - Czech in the original, but of course English in the translation I read. Ptydepe didn't work for the organization in the play because it was too complicated for anyone to learn, but perhaps something like it that removes all doubt about nuance and context would assist older judges in making sense of modern social interactions over services such as Twitter. Clearly any understanding of how people talk and make casual jokes was completely lacking yesterday when Judge Jacqueline Davies upheld the conviction of Paul Chambers in a Doncaster court.

Chambers' crime, if you blinked and missed those 140 characters, was to post a frustrated message about snowbound Doncaster airport: "Crap! Robin Hood airport is closed. You've got a week and a bit to get your shit together otherwise I'm blowing the airport sky high!" Everyone along the chain of accountability up to the Crown Prosecution Service - the airport duty manager, the airport's security personnel, the Doncaster police - seems to have understood he was venting harmlessly. And yet prosecution proceeded and led, in May, to a conviction that was widely criticized both for its lack of understanding of new media and for its failure to take Chambers' lack of malicious intent into account.

By now, everyone has been thoroughly schooled in the notion that it is unwise to make jokes about bombs, plane crashes, knives, terrorists, or security theater - when you're in an airport hoping to get on a plane. No one thinks any such wartime restraint need apply in a pub or its modern equivalent, the Twitter/Facebook/online forum circle of friends. I particularly like Heresy Corner's complaint that the judgement makes it illegal to be English.

Anyone familiar with online writing style immediately and correctly reads Chambers' Tweet for what it was: a perhaps ill-conceived expression of frustration among friends that happens to also be readable (and searchable) by the rest of the world. By all accounts, the judge seems to have read it as if it were a deliberately written personal telegram sent to the head of airport security. The kind of expert explanation on offer in this open letter apparently failed to reach her.

The whole thing is a perfect example of the growing danger of our data-mining era: that casual remarks are indelibly stored and can be taken out of context to give an utterly false picture. One of the consequences of the Internet's fundamental characteristic of allowing the like-minded and like-behaved to find each other is that tiny subcultures form all over the place, each with its own set of social norms and community standards. Of course, niche subcultures have always existed - probably every local pub had its own set of tropes that were well-known to and well-understood by the regulars. But here's the thing they weren't: permanently visible to outsiders. A regular who, for example, chose to routinely indicate his departure for the Gents with the statement, "I'm going out to piss on the church next door" could be well-known in context never to do any such thing. But if all outsiders saw was a ten-second clip of that statement and the others' relaxed reaction that had been posted to YouTube they might legitimately assume that pub was a shocking hotbed of anti-religiou slobs. Context is everything.

The good news is that the people on the ground whose job it was to protect the airport read the message, understood it correctly, and did not overreact. The bad news is that when the CPS and courts did not follow their lead it opened up a number of possibilities for the future, all bad. One, as so many have said, is that anyone who now posts anything online while drunk, angry, stupid, or sloppy-fingered is at risk of prosecution - with the consequence of wasting huge amounts of police and judicial time that would be better spent spotting and stopping actual terrorists. The other is that everyone up the chain felt required to cover their ass in case they were wrong.

Chambers still may appeal to the High Court; Stephen Fry is offering to pay his fine (the Yorkshire Post puts his legal bill at £3,000), and there's a fund accepting donations.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

September 10, 2010

Google, I want a divorce


Jamie: You're dating your mailman?
Lisa: Why not? He comes to see me every day. He's always bringing me things.
Jamie: Mail. He brings you mail.
Lisa: Don't judge him!

- from Mad About You, Season 3, Episode 1, "Escape From New York".

Two years ago, when Google turned ten years old I was called into a BBC studio to talk about the company. Why, I was asked, did people hate Microsoft so much? Would people ever hate Google, too? I said, I think, that because we're only aware of Microsoft when its software fails, our primary impression of the company is frustration: why does this software hate me?

Whereas, I went on to say, to most people Google is like the mailman: it's a nice Web site that keeps bringing you things you really want. Yes, Street View (privacy), Google Books (copyright), and other controversies, but search results! Right out of the oven!

This week I can actually say it: I hate Google. There was the annoying animated Buckyball. There was the enraging exploding animation. And now there's Google Instant - which I can turn off, to be sure, now I can't turn off Google's suggestions. Pause to scream.

I know life is different for normal people, and that people who can't touch type maybe actually like Google's behaving like a long-time spouse who finishes all their sentences, especially if they cannot spell correctly. But neither Instant nor suggestions is a help when your typical search is a weird mix of constraints intended to prod Google into tossing out hits on obscure topics. And you know what else isn't a help? Having stuff change before your eyes and disrupt the brain-fingers continuum. Changing displays, animations, word suggestions all distract you from what you're typing and make it hard to concentrate.

A different problem is the one posed by personalized results: journalists need to find the stuff they - and lots of other people - don't know about. Predictive and personalized results typically will show you the stuff you already do know about, which is fine if you're trying to find that guy who fixed your garage door that time but terrible if what you're trying to do is put together new information in new ways (like focus groups, as Don Draper's said in the recent Mad Men episode "The Rejected".)

There are a lot of things Google could do that would save me - and millions of other people - more time than Instant. The company could get expunge more of the link farms and useless aggregator shopping sites from its results. Intelligence could be better deployed for disaggregation - this Wendy Grossman or that one? I'd benefit from having the fade-in go away; it always costs me a few seconds.

There are some other small nuisances that also waste my time. On the News and some other pages, for example, you can't right-click on a URL and copy/paste it into a story because a few years ago doing that started returning an enormously long Google-adulterated URL. Simply highlighting and copying the URL into Word puts it in weird fonts you have to change. So the least slow way is to go to the page - which is very nice for the page but you're on deadline. And why can't Google read the page's date of last alteration (at least on static pages) and include that in the search listing? The biggest time-waster for me is having to plough through acres of old stuff because there's no way to differentiate it from the recent material. I also don't like the way the new Images search pages load. You would be this fussy, too, if you spent an hour or two a day on the site.

Lauren Weinstein has turned up some other, more serious, problems with Google Instant and the way it "thinks". Of course, it's still in beta, we all know this. Even though Yahoo! says hey, we had that back in 2005. (And does anyone else think the mention of "intellectual property" in that blog post sounds ominous?) Search Engine Watch has more detail (and a step-by-step critique; it's SEW's commentators' opinions that Yahoo! did not go ahead with its live offering because it had insufficient appetite for product risk - and insufficient infrastructure to support it.

So, for me personally the upshot is that I'm finally, after 11 years, in the market for a replacement search engine. Yahoo! is too cluttered. Ask.com's "question of the day" annoys me because, again, it's distracting. Altavista I abandoned gratefully (clutter!) in 1998 even though it invented the Babelfish. Dogpile has a stupid name, is hideous, and has a horoscope button on the front page. Webcrawler doesn't quick-glance differentiate its sponsored links. Cuil has too few results on a page and no option to increase them. Of course, mostly I want not to have to change.

Perhaps the most likely option is the one I saw recommended on Slashdot: Google near-clone DuckDuckGo, which seems to have a good attitude toward privacy and a lot of nifty shortcuts. I don't really love the shading in and out as you mouse over results, but I love that you can click anywhere in the shading to go to the page. I don't like having to wait for most of the listings to load; I like to skim all 100 listings on a page quickly before choosing anything. But I have to use something. I search to live.
So many options, yet none are really right. It may just be that as the main search engines increasingly compete for the mass-market they will be increasingly less fit for real research. There's an important niche here, folks.


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

September 3, 2010

Beyond the zipline

When Aaron Sorkin (The West Wing, Sports Night) was signed to write the screenplay for a movie about Facebook, I think the general reaction was one of more or less bafflement. Sorkin has a great track record, sure, but how do you make a movie about a Web site, even if it's a social network? What are you going to show? People typing to each other?

Now that the movie is closer coming out (October 1 in the US) that we're beginning to see sneak peak trailers, and we can tell a lot more from the draft screenplay that's been floating around the Net. The copy I found is dated March 2009, and you can immediately tell it's the real thing: quality dialogue and construction, and the feel of real screenwriting expertise. Turns out, the way you write a screenplay about Facebook is to read the books, primarily the novelistic, not-so-admired Accidental Billionaires by Ben Mezrich, along with other published material and look for the most dramatic bit of the story: the lawsuits eventually launched by the characters you're portraying. Through which, as a framing device, you can tell the story of the little social network that exploded. Or rather, Sorkin can. The script is a compelling read. (It's actually not clear to me that it can be improved by actually filming it.)

Judging from other commentaries, everyone seems to agree it's genuine, though there's no telling where in the production process that script was, how many later drafts there were, or how much it changed in filming and post-production. There's also no telling who leaked it or why: if it was intentional it was a brilliant marketing move, since you could hardly ask for more word-of-mouth buzz.

If anyone wanted to design a moral lesson for the guy who keeps saying privacy is dead, it might be this: turn out your deepest secrets to portray you as a jerk who steals other people's ideas and codes them into the basis for a billion-dollar company, all because you want to stand out at Harvard and, most important, win the admiration of the girl who dumped you. Think the lonely pathos of the socially ostracized, often overlooked Jenny Humphrey in Gossip Girl crossed with the arrogant, obsessive intelligence of Sheldon Cooper in The Big Bang Theory. (Two characters I actually like, but they shouldn't breed.)

Neither the book nor the script is that: they're about as factual as 1978's The Buddy Holly Story or any other Hollywood biopic. Mezrich, who likes to write books about young guys who get rich fast (you can see why; he's gotten several bestsellers out of this approach), had no help from Facebook founder and CEO Mark Zuckerberg, What dialogue there is has been "re-created", and sources other than disaffected co-founder Eduardo Saverin are anonymous. Lacking sourcing (although of course the court testimony is public information), it's unclear how fictional the dramatization is. I'd have no problem with that if the characters weren't real people identified by their real names.

Places, too. Probably the real-life person/place/thing that comes off worst is Harvard, which in the book especially is practically a caricature of the way popular culture likes to depict it: filled with the rich, the dysfunctional, and the terminally arrogant who vie to join secretive, elite clubs that force them to take part in unsavoury hazing rituals. So much so that it was almost a surprise to read in Wikipedia that Mezrich actually went to Harvard.

Journalists and privacy advocates have written extensively about the consequences for today's teens of having their adolescent stupidities recorded permanently on Facebook or elsewhere, but Zuckerberg is already living with having his frat-boy early days of 2004 documented and endlessly repeated. Of course one way to avoid having stupid teenaged shenanigans reported is not to engage in them, but let's face it: how many of us don't have something in our pasts we'd just as soon keep out of the public eye? And if you're that rich that young, you have more opportunities than most people to be a jerk.

But if the only stories people can come up with about Zuckerberg date from before he turned 21, two thoughts occur. First, that Zuckerberg has as much right as anybody to grow up into a mature human being whose early bad judgement should be forgiven. To cite two examples: the tennis player Andre Agassi was an obnoxious little snert at 18 and a statesman of the game at 30; at 30 Bill Gates was criticized for not doing enough for charity but now at 54 is one of the world's most generous philanthropists. It is, therefore, somewhat hypocritical to demand that Zuckerberg protect today's teens from their own online idiocy while constantly republishing his follies.

Second, that outsized, hyperspeed business success might actually have forced him to grow up rather quickly. Let's face it, it's hard to make an interesting movie out of the hard work of coding and building a company.

And a third: by joining the 500 million and counting who are using Facebook we are collectively giving Zuckerberg enough money not to care either way.


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

August 20, 2010

Naming conventions

Eric Schmidt, the CEO of Google, is not a stupid person, although sometimes he plays one for media consumption. At least, that's how it seemed this week, when the Wall Street Journal reported that he had predicted, apparently in all seriousness, that the accumulation of data online may result in the general right for young people to change their names on reaching adulthood in order to escape the embarrassments of their earlier lives.

As Danah Boyd commented in response, it is to laugh.

For one thing, every trend in national and international law is going toward greater, permanent trackability. I know the UK is dumping the ID card and many US states are stalling on Real ID, but try opening a new bank account in the US or Europe, especially if you're a newly arrived foreigner. It's true that it's not so long ago - 20 years, perhaps - that people, especially in California, did change their names at the drop of an acid tablet. I'm fairly sure, for example, that the woman I once knew as Dancingtree Moonwater was not named that by her parents. But those days are gone with the anti-money laundering regulations, the anti-terrorist laws, and airport security.

For one thing, when is he imagining the adulthood moment to take place? When they're 17 and applying to college and need to cite their past records of good works, community involvement, and academic excellence? When they're 21 and graduating from college and applying for jobs and need to cite their past records of academic excellence, good works, and community involvement? I don't know about you, but I suspect that an admissions officer/prospective employer would be deeply suspicious of a kid coming of age today who had, apparently, no online history at all. Even if that child is a Mormon.

For another, changing your name doesn't change your identity (even if the change is because you got married). Investigators who track down people who've dropped out of their lives and fled to distant parts to start new ones often do so by, among other things, following their hobbies. You can leave your spouse, abandon your children, change jobs, and move to a distant location - but it isn't so easy to shake a passion for fly-fishing or 1957 Chevys. The right to reinvent yourself, as Action on Rights for Children's Terri Dowty pointed out during the campaign against the child-tracking database ContactPoint, is an important one. But that means letting minor infractions and youthful indiscretions fade into the mists of time, not to be pulled out and laughed until, say, 30 years hence, rather than being recorded in a database that thinks it "knows" you.

I think Schmidt knows all this perfectly well. And I think if such an infrastructure - turn 16, create a new identity - were ever to be implemented the first and most significant beneficiary would be...Google. I would expect most people's search engine use to provide as individual a fingerprint as, well, fingerprints. (This is probably less true for journalists, who research something different every week and therefore display the database equivalent of multiple personality disorder.)

Clearly if the solution to young people posting silly stuff online where posterity can bite them on the ass is a change of name the only way to do it is to assign kids online-only personas at birth that can be retired when they reach an age of reason. But in such a scenario, some kids would wind up wanting to adopt their online personas as their real ones because their online reputation has become too important in their lives. In the knowledge economy, as plenty of others have pointed out, reputation is everything.

This is, of course, not a new problem. As usual. When, in 1995, DejaNews (bought by Google some years back to form the basis of the Google Groups archive) was created, it turned what had been ephemeral Usenet postings into a permanent archive. If you think people post stupid stuff on Facebook now, when they know their friends and families are watching, you should have seen the dumb stuff they posted on Usenet when they thought they were in the online equivalent of Benidorm, where no one knew them and there were no consequences. Many of those Usenet posters were students. But I also recall the newly appointed CEO of a public company who went around the WELL deleting all his old messages. Didn't mean there weren't copies...or memories.

There is a genuine issue here, though, and one that a very smart friend with a 12-year-old daughter worries about regularly: how do you, as a parent, guide your child safely through the complexities of the online world and ensure that your child has the best possible options for her future while still allowing her to function socially with her peers? Keeping her offline is not an answer. Neither are facile statements from self-interested CEOs who, insulated by great wealth and technological leadership, prefer to pretend to themselves that these issues have already been decided in their favor.


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

June 4, 2010

Return to the hacker crackdown

Probably many people had forgotten about the Gary McKinnon case until the new government reversed their decision to intervene in his extradition. Legal analysis is beyond our expertise, but we can outline some of the historical factors at work.

By 2001, when McKinnon did his breaking and entering into US military computers, hacking had been illegal in the UK for just over ten years - the Computer Misuse Act was passed in 1990 after the overturned conviction of Robert Schifreen and Steve Gold for accessing Prince Philip's Prestel mailbox.

Early 1990s hacking (earlier, the word meant technological cleverness) was far more benign than today's flat-out crimes of identity fraud, money laundering, and raiding bank accounts. The hackers of the era - most famously Kevin Mitnick were more the cyberspace equivalent of teenaged joyriders: they wandered around the Net rattling doorknobs and playing tricks to get passwords, and occasionally copied some bit of trophy software for bragging rights. Mitnick, despite spending four and a half years in jail awaiting trial, was not known to profit from his forays.

McKinnon's claim that he was looking for evidence that the US government was covering up information about alternative energy and alien visitations seems to me wholly credible. There was and is a definite streak of conspiracy theorists - particularly about UFOs - among the hacker community.

People seemed more alarmed by those early-stage hackers than they are by today's cybercriminals: the fear of new technology was projected onto those who seemed to be its masters. The series of 1990 "Operation Sundown" raids in the US, documented in Bruce Sterling's book , inspired the creation of the Electronic Frontier Foundation. Among other egregious confusions, law enforcement seized game manuals from Steven Jackson Games in Austin, Texas, calling them hacking instruction books.

The raids came alongside a controversial push to make hacking illegal around the world. It didn't help when police burst in at the crack of dawn to arrest bright teenagers and hold them and their families (including younger children) at gunpoint while their computers and notebooks were seized and their homes ransacked for evidence.

"I think that in the years to come this will be recognized as the time of a witch hunt approximately equivalent to McCarthyism - that some of our best and brightest were made to suffer this kind of persecution for the fact that they dared to be creative in a way that society didn't understand," 21-year-old convicted hacker Mark Abene ("Phiber Optik") told filmmaker Annaliza Savage for her 1994 documentary, Unauthorized Access (YouTube).

Phiber Optik was an early 1990s cause célèbre. A member of the hacker groups Legion of Doom and Masters of Deception, he had an exceptionally high media profile. In January 1990, he and other MoD members were raided on suspicion of having caused the AT&T crash of January 15, 1990, when more than half of the telephone network ceased functioning for nine hours. Abene and others were eventually charged in 1991, with law enforcement demanding $2.5 million in fines and 59 years in jail. Plea agreements reduced that a year in prison and 600 hours of community service. The company eventually admitted the crash was due to its own flawed software upgrade.

There are many parallels between these early days of hacking and today's copyright wars. Entrenched large businesses (then AT&T; now RIAA, MPAA, BPI, et al) perceive mostly young, smart Net users as dangerous enemies and pursue them with the full force of the law claiming exaggeratedly large-figure sums in damages. Isolated, often young, targets were threatened with jail and/or huge sums in damages to make examples of them to deter others. The upshot in the 1990s was an entrenched distrust of and contempt for law enforcement on the part of the hacker community, exacerbated by the fact that back then so few law enforcement officers understood anything about the technology they were dealing with. The equivalent now may be a permanent contempt for copyright law.

In his 1990 essay Crime and Puzzlement examining the issues raised by hacking, EFF co-founder John Perry Barlow wrote of Phiber Optik, whom he met on the WELL: "His cracking impulses seemed purely exploratory, and I've begun to wonder if we wouldn't also regard spelunkers as desperate criminals if AT&T owned all the caves."

When McKinnon was first arrested in March 2002 and then indicted in a Virginia court in October 2002 for cracking into various US military computers - with damage estimated at $800,000 - all this history will still fresh. Meanwhile, the sympathy and good will toward the US engendered by the 9/11 attacks had been dissipated by the Bush administration's reaction: the PATRIOT Act (passed October 2001) expanded US government powers to detain and deport foreign citizens, and the first prisoners arrived at Guantanamo in January 2002. Since then, the US has begun fingerprinting all foreign visitors and has seen many erosions to civil liberties. The 2005 changes to British law that made hacking into an extraditable offense were controversial for precisely these reasons.

As McKinnon's case has dragged on through extradition appeals this emotional background has not changed. McKinnon's diagnosis with Asperger's Syndrome in 2008 made him into a more fragile and sympathetic figure. Meanwhile, the really dangerous cybercriminals continue committing fraud, theft, and real damage, apparently safe from prosecution.


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

May 28, 2010

Privacy theater

On Wednesday, in response to widespread criticism and protest Facebook finally changed its privacy settings to be genuinely more user-friendly - and for once, the settings actually are. It is now reasonably possible to tell at a glance which elements of the information you have on the system are visible and to what class of people. To be sure, the classes available - friends, friends of friends, and everyone - are still broad, but it is a definite improvement. It would be helpful if Facebook provided a button so you could see what your profile looks like to someone who is not on your friends list (although of course you can see this by logging out of Facebook and then searching for your profile). If you're curious just how much of your information is showing, you might want to try out Outbook.

Those changes, however, only tackle one element of a four-part problem.

1: User interface. Fine-grained controls are, as the company itself has said, difficult to present in a simple way. This is what the company changed this week and, as already noted, the new design is a big improvement. It can still be improved, and it's up to users and governments to keep pressure on the company to do so.

2: Business model. Underlying all of this, however, is the problem that Facebook still has make money. To some extent this is our own fault: if we don't want to pay money to use the service - and it's pretty clear we don't - then it has to be paid for some other way. The only marketable asset Facebook has is its user data. Hence Andrew Brown's comment that users are Facebook's product; advertisers are its customers. As others have commented, traditional media companies also sell their audience to their advertisers; but there's a qualitative difference in that traditional media companies also create their own content, which gives them other revenue streams.

3. Changing the defaults. As this site's graphic representation makes clear, since 2005 the changes in Facebook's default privacy settings have all gone one way: towards greater openness. We know from decades of experience that defaults matter because so many computer users never change them. It's why Microsoft has had to defend itself against antitrust actions regarding bundling Internet Explorer and Windows Media Player into its operating system. On Facebook, users should have to make an explicit decision to make their information public - opt in, rather than opt out. That would also be more in line with the EU's Data Protection Directive.

4: Getting users to understand what they're disclosing. Back in the early 1990s, AT&T ran a series of TV ads in the US targeting a competitor's having asked its customers the names of their friends and family for marketing purposes, "I don't want to give those out," the people in the ads were heard to say. Yet they freely disclose on Facebook every day exactly that sort of information. As director of the Foundation for Information Policy Research Caspar Bowden argued persuasively that traffic analysis - seeing who is talking to whom and with what frequency - is far more revealing than the actual contents of messages.

What makes today's social networks different from other messaging systems (besides their scale) is that typically those - bulletin boards, conferencing systems, CompuServe, AOL, Usenet, today's Web message boards - were and are organized around topics of interest: libel law reform, tennis, whatever. Even blogs, whose earliest audiences are usually friends, become more broadly successful because of the topics they cover and the quality of that coverage. In the early days, that structure was due to the fact that most people online were strangers meeting for the first time. These days, it allows those with minority interests to find each other. But in social media the organizing principle is the social connections of individual people whose tenure on the service begins, by and large, by knowing each other. This vastly simplifies traffic analysis.

A number of factors contributed to the success of Facebook. One was the privacy promises the company made (and have since revised). But another was certainly elements of dissatisfaction with the wider Net. I've heard Facebook described as an effort to reinvent the Net, and there's some truth to that in that it presents itself as a safer space. That image is why people feel comfortable posting pictures of their kids. But a key element in Facebook's success has, I think, also been the brokenness of email and, to a lesser degree, instant messaging. As these became overridden with spam, rather than grapple with spam and other unwanted junk or the uncertainty of knowing which friend was using which incompatible IM service, many people gravitated to social networks as a way of keeping their inboxes as personal space.

Facebook is undoubtedly telling the truth when it says that the privacy complaints have, so far, made little difference to the size and engagement of its user base. It's extreme to say that Facebook victimizes its users, but it is true that the active core of long-term users' expectations have been progressively betrayed. Facebook's users have no transparency about or control over what data Facebook shares with its advertisers. Making that visible would go a long way toward restoring users' trust.


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

May 14, 2010

Bait and switch

If there's one subject Facebook's PR people probably wish its founder and CEO, 27-year-old Mark Zuckerberg, had never discussed in public it's privacy, which he dismissed in January as no longer a social norm.

What made Zuckerberg's statement sound hypocritical - on top of arrogant, blinkered, self-interested, and callous - is the fact that he himself protects information he posts on Facebook. If he doesn't want his own family photographs searchable on Google, why does he assume that other people do?

What's equally revealing, though, is the comment he went on to make (quoted in that same piece) that he views it as really important "to keep a beginner's mind" in deciding what the company should do next. In other words, they ask themselves what decision they would make if they were starting Facebook now - and then they do that.

You can't hardly get there from here.

Zuckerberg is almost certainly right that if he were setting up the company now he'd make everything public as a default setting - as Twitter, founded two years later, does. Of course he'd do things differently: he'd be operating post-Facebook. Most important, he'd be a tiny company instead of a huge one. Size matters: you cannot make the same decisions that you would if you were a start-up when you have 400 million users, are the Web's largest host of photographs, and the biggest publisher of display ads. Facebook is discovering what Microsoft and Google also have: it isn't easy being big.

Being wholly open would, I'm sure, be a simpler situation both legally and in terms of user expectations, and I imagine it would be easier to program and develop. The difficulty is that he isn't starting the company now, and just as the seventh year of a marriage isn't the same as the first year of a marriage, he can't behave as if he is. Because: like in a marriage, Facebook has made promises to its users throughout the last six years, and you cannot single-handedly rewrite the contract without betraying them.

On Sky TV last night, I called Facebook's attitude to privacy a case of classic bait-and-switch. While I have no way of knowing if that was Zuckerberg's conscious intention when he first created Facebook in his Harvard dorm room at 19, that is nonetheless an accurate description of the situation. Facebook users - and the further you go back in the company's history the more true this is - shared their information because the company promised them privacy. Had the network been open from the start, people would likely have made different choices. Both a group of US senators nor the EU's Data Protection working party understand this perfectly. It would be a mistake for Facebook's management to dismiss these complaints as the outdated concerns of a bunch of guys who aren't down with the modern world.

Part of Facebook's difficulty with privacy issues is I'm sure the kind of interface design problem computer companies have struggled with for decades. In published comments, the company has referred to the conflict between granularity and simplicity: people want detailed choices but providing those makes the interface complex; simplifying the interface removes choice. I don't think this is an unsolvable problem; though it does require a new approach.

One thing I'd like Facebook to provide is a way of expiring data (which would solve a number of privacy issues) so that you could specify that anything posted on the site will be deleted after a certain amount of time has passed. Such a setup would also allow users to delete data posted before the beginning date of a new privacy regime. I'd also like to be able to export all my data in a format suitable for searching and archiving on my own system.

Zuckerberg was a little bit right, in that people are disclosing information to anybody who's interested in a way they didn't - couldn't - before. That doesn't, however, mean they're not interested in privacy; it means many think they are in private, talking to their friends, without understanding who else may be watching. It was doubtless that sort of feeling that ledPaul Chambers into trouble: a few days ago he was (in my opinion outrageously) fined £1,000 for sending a menacing message over a public telecommunications network.

I suppose Facebook can argue that the fact that 400 million people use their site means their approach can't be wholly unpopular. The number of people that have deleted their accounts since the latest opening-up announcements seems to be fairly small. But many more are there because they have to be: they have friends who won't communicate in any other way, or there are work commitments that require it. Facebook should remember that this situation came about because the company made promises about privacy. Reneging on those promises and thumbing your nose at people for being so stupid as to believe you invites a backlash.

Where Zuckerberg is wrong is to think that the errors people make in a new and unfamiliar medium where the social norms and community standards are still being defined means there's been a profound change in the world's social values. If it looks like that to rich geeks in California, it may be time for them to get out of Dodge.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of the earlier columns in this series.

April 30, 2010

Child's play

In the TV show The West Wing (Season 6, Episode 17, "A Good Day") young teens tackle the president: why shouldn't they have the right to vote? There's probably no chance, but they made their point: as a society we trust kids very little and often fail to take them or their interests seriously.

That's why it was so refreshing to read in 2008's < a href="http://www.dcsf.gov.uk/byronreview/actionplan/">Byron Review the recommendation that we should consult and listen to children in devising programs to ensure their safety online. Byron made several thoughtful, intelligent analogies: we supervise as kids learn to cross streets, we post warning signs at swimming pools but also teach them to swim.

She also, more controversially, recommended that all computers sold for home use in the UK should have Kitemarked parental control software "which takes parents through clear prompts and explanations to help set it up and that ISPs offer and advertise this prominently when users set up their connection."

The general market has not adopted this recommendation; but it has been implemented with respect to the free laptops issued to low-income families under Becta's £300 million Home Access Laptop scheme, announced last year as part of efforts to bridge the digital divide. The recipients - 70,000 to 80,000 so far - have a choice of supplier, of ISP, and of hardware make and model. However, the laptops must meet a set of functional technical specifications, one of which is compliance with PAS 74:2008, the British Internet safety standard. That means anti-virus, access control, and filtering software: NetIntelligence.

Naturally, there are complaints; these fall precisely in line with the general problems with filtering software, which have changed little since 1996, when the passage of the Communications Decency Act inspired 17-year-old Bennett Haselton to start Peacefire to educate kids about the inner working of blocking software - and how to bypass it. Briefly:

1. Kids are often better at figuring out ways around the filters than their parents are, giving parents a false sense of security.

2. Filtering software can't block everything parents expect it to, adding to that false sense of security.

3. Filtering software is typically overbroad, becoming a vehicle for censorship.

4. There is little or no accountability about what is blocked or the criteria for inclusion.

This case looks similar - at first. Various reports claim that as delivered NetIntelligence blocks social networking sites and even Google and Wikipedia, as well as Google's Chrome browser because the way Chrome installs allows the user to bypass the filters.

NetIntelligence says the Chrome issue is only temporary; the company expects a fix within three weeks. Marc Kelly, the company's channel manager, also notes that the laptops that were blocking sites like Google and Wikipedia were misconfigured by the supplier. "It was a manufacturer and delivery problem," he says; once the software has been reinstalled correctly, "The product does not block anything you do not want it to." Other technical support issues - trouble finding the password, for example - are arguably typical of new users struggling with unfamiliar software and inadequate technical support from their retailer.

Both Becta and NetIntelligence stress that parents can reconfigure or uninstall the software even if some are confused about how to do it. First, they must first activate the software by typing in the code the vendor provides; that gets them password access to change the blocking list or uninstall the software.

The list of blocked sites, Kelly says, comes from several sources: the Internet Watch Foundation's list and similar lists from other countries; a manual assessment team also reviews sites. Sites that feel they are wrongly blocked should email NetIntelligence support. The company has, he adds, tried to make it easier for parents to implement the policies they want; originally social networks were not broken out into their own category. Now, they are easily unblocked by clicking one button.

The simple reaction is to denounce filtering software and all who sail in her - censorship! - but the Internet is arguably now more complicated than that. Research Becta conducted on the pilot group found that 70 percent of the parents surveyed felt that the built-in safety features were very important. Even the most technically advanced of parents struggle to balance their legitimate concerns in protecting their children with the complex reality of their children's lives.

For example: will what today's children post to social networks damage their chances of entry into a good university or a job? What will they find? Not just pornography and hate speech; some parents object to creationist sites, some to scary science fiction, others to Fox News. Yesterday's harmless flame wars are today's more serious cyber-bullying and online harassment. We must teach kids to be more resilient, Byron said; but even then kids vary widely in their grasp of social cues, common sense, emotional make-up, and technical aptitude. Even experts struggle with these issues.

"We are progressively adding more information for parents to help them," says Kelly. "We want the people to keep the product at the end. We don't want them to just uninstall it - we want them to understand it and set the policies up the way they want them." Like all of us, Kelly thinks the ideal is for parents to engage with their children on these issues, "But those are the rules that have come along, and we're doing the best we can."

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

March 26, 2010

Sung heroines

There are more of them than you think; there are fewer of them than there should be. We are talking, of course, about geek girls. Er: women in science and technology.

To be sure, there are some benefits to being one of only a few women. Being a woman at a geek conference means never having to stand on line to use the bathroom.

Not long after I started working as a technology journalist, a friend at MIT commented to me in passing that the early computer programmers were women. By then it was the 1990s and the predominant image of anyone doing anything with computers was male. So women in technology have a long, if hidden history. There may not be an overlooked Rosalind Franklin for every Crick and Watson, but there are definitely enough to write home about.

Wednesday was, by the style and grace of Suw Charman-Anderson (founding director of the Open Rights Group and social media consultant), Ada Lovelace Day, an effort to get everyone to blog about the women they admired in science and technology to highlight the contributions of women to science and technology. (I like Buffy, the Vampire Slayer as much as the next person, but I still don't think the very fictional Buffy Summers and Willow Rosenberg qualify as "women in science and technology". Perspective, folks!)

My favorite among the blog postings I've read is the story of the poster's grandmother, Jean Valentine, one of a group of women assigned to help work on the Bombe, Alan Turing's world war-winning crypto-cracking project at Bletchley Park, where she is now a tour guide (and probably being told more technical detail about the work she did than she was allowed to know at the time!).

There are, of course, many science and technology women I know but didn't see listed. Here are a few.

Rebecca Mercuri published her doctoral dissertation on electronic voting in 2000, about six months before the whole chad debacle the following November.

Susan Landau was for many years a Distinguished Engineer at Sun; she is author of several books on the inner workings and history of wiretapping and other privacy issues, and has a long list of awards and honors. And, years before Ada Lovelace's birthday became a thing, she founded ResearcHers, a mailing list for women computer science researchers and co-created the ACM-W Athena lectures to celebrate women researchers.

One woman worth mentioning who did make it onto several people's blogs is Hedy Lamarr, who besides her career as a movie star (of which she memorably commented that anyone can look glamorous if she stands still and looks stupid) was co-inventor of frequency hopping, a technique used to encrypt radio signals. It was her contribution to the war effort and is used now by the mobile phone industry. You have to be really smart to know how to look that glamorous. The EFF granted her a Pioneer Award in 1997.

Amy Bruckman works on education through designing online communities. In her Ada Lovelace Day blog post she talks about the expanding range of women in her classes.

For a lawyer Lilian Edwards is pretty geeky.
Ellen Ullman is a former software engineer, essayist, and author whose books ought to be required reading for anyone, male or female, working in technology. In Close to the Machine: Technophilia and Its Discontents she talks about the way the cold, discrete logic of computer systems changes their owners and specifiers, removing human compromise and understanding. In The Bug she charts the inner life of a programmer who spends a year trying to resolve a single bug in a program. Both are excellent.

Also not on anyone's list, I think, is the math teacher I had in junior high school, Nancy Rosenberg. In the interstices of teaching geometry and trigonometry, she introduced us to the work of Martin Gardner, whose mathematical games she loved (for years, my father and I played Nim on placemats in restaurants while waiting for food). She had ideas for cartoons that today would be huge hit on YouTube to illustrate geometrical concepts. She was funny, smart, direct, and forthright, and talked about whatever was exercising her most at the time. She once stopped whatever she was supposed to be teaching us, swore us all to secrecy, and proceeded to read us the first chapter of the book she was reading because she thought it was so screamingly funny. The book was Portnoy's Complaint. In my entire school career, I had only three teachers who really made a difference in my life; Rosenberg's was probably the most significant, since she got me interested in math and science and directed me to Gardner, who was of key importance in leading me to the skeptics. Not exactly a heroine, because for one thing I think she would have found that ridiculous. But an excellent teacher and the kind of geek girl who makes a lot more geek girls.

Happy belated Ada Lovelace Day.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

March 19, 2010

Digital exclusion: the bill

The workings of British politics are nearly as clear to foreigners as cricket; and unlike the US there's no user manual. (Although we can recommend Anthony Trollope's Palliser novels and the TV series Yes, Minister as good sources of enlightenment on the subject.) But what it all boils down to in the case of the Digital Economy Bill is that the rights of an entire nation of Internet users are about to get squeezed between a rock and an election unless something dramatic happens.

The deal is this: the bill has completed all the stages in the House of Lords, and is awaiting its second reading in the House of Commons. Best guesses are that this will happen on or about March 29 or 30. Everyone expects the election to be called around April 8, at which point Parliament disbands and everyone goes home to spend three weeks intensively disrupting the lives of their constituency's voters when they're just sitting down to dinner. Just before Parliament dissolves there's a mad dash to wind up whatever unfinished business there is, universally known as the "wash-up". The Digital Economy Bill is one of those pieces of unfinished business. The fun part: anyone who's actually standing for election is of course in a hurry to get home and start canvassing. So the people actually in the chamber during the wash-up while the front benches are hastily agreeing to pass stuff thought on the nod are likely to be retiring MPs and others who don't have urgent election business.

"What we need," I was told last night, "is a huge, angry crowd." The Open Rights Group is trying to organize exactly that for this Wednesday, March 24.

The bill would enshrine three strikes and disconnection into law. Since the Lords' involvement, it provides Web censorship. It arguably up-ends at least 15 years of government policy promoting the Internet as an engine of economic growth to benefit one single economic sector. How would the disconnected vote, pay taxes, or engage in community politics? What happened to digital inclusion? More haste, less sense.

Last night's occasion was the 20th anniversary of Privacy International (Twitter: @privacyint), where most people were polite to speakers David Blunkett and Nick Clegg. Blunkett, who was such a front-runner for a second Lifetime Menace Big Brother Award that PI renamed the award after him, was an awfully good sport when razzed; you could tell that having his personal life hauled through the tabloid press in some detail has changed many of his views about privacy. Though the conversion is not quite complete: he's willing to dump the ID card, but only because it makes so much more sense just to make passports mandatory for everyone over 16.

But Blunkett's nearly deranged passion for the ID card was at least his own. The Digital Economy Bill, on the other hand, seems to be the result of expert lobbying by the entertainment industry, most especially the British Phonographic Industry. There's a new bit of it out this week in the form of the Building a Digital Economy report, which threatens the loss of 250,000 jobs in the UK alone (1.2 million in the EU, enough to scare any politician right before an election). Techdirt has a nice debunking summary.

A perennial problem, of course, is that bills are notoriously difficult to read. Anyone who's tried knows these days they're largely made up of amendments to previous bills, and therefore cannot be read on their own; and while they can be marked up in hypertext for intelligent Internet perusal this is not a service Parliament provides. You would almost think they don't really want us to read these things.

Speaking at the PI event, Clegg deplored the database state that has been built up over the last ten to 15 years, the resulting change in the relationship between citizen and state, and especially the omission that, "No one ever asked people to vote on giant databases." Such a profound infrastructure change, he argued, should have been a matter for public debate and consideration - and wasn't. Even Blunkett, who attributed some of his change in views to his involvement in the movie Erasing David (opening on UK cinema screens April 29), while still mostly defending the DNA database, said that "We have to operate in a democratic framework and not believe we can do whatever we want."

And here we are again with the Digital Economy Bill. There is plenty of back and forth among industry representatives. ISPs estimate the cost of the DEB's Web censorship provisions at up to £500 million. The BPI disagrees. But where is the public discussion?

But the kind of thoughtful debate that's needed cannot take place in the present circumstances with everyone gunning their car engines hoping for a quick getaway. So if you think the DEB is just about Internet freedoms, think again; the way it's been handled is an abrogation of much older, much broader freedoms. Are you angry yet?


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

February 26, 2010

The community delusion

The court clerk - if that's the right term - seemed slightly baffled by the number of people who showed up for Tuesday's hearing in Simon Singh v. British Chiropractic Association. There was much rearrangement, as the principals asked permission to move forward a row to make an extra row of public seating and then someone magically produced eight or ten folding chairs to line up along the side. Standing was not allowed. (I'm not sure why, but I guess something to do with keeping order and control.)

It was impossible to listen to the arguments without feeling a part of history. Someday - ten, 50, 150 years from now - a different group of litigants will be sitting in that same court room or one very like it in the same building and will cite "our" case, just as counsel cited precedents such as Reynolds and Branson v Bower. If Singh's books don't survive, his legal case will, as may the effects of the campaign to reform libel law (sign the petition!) it has inspired and the Culture, Media, and Sport report (Scribd) that was published on Wednesday. And the sheer stature of the three judges listening to the appeal - Lord Chief Justice Lord Judge (to Americans: I am not making this up!), Master of the Rolls Lord Neuberger, and Lord Justice Sedley - ensures it will be taken seriously.

There are plenty of write-ups of what happened in court and better-informed analyses than I can muster to explain what it means. The gist, however: it's too soon to tell which pieces of law will be the crucial bits on which the judges make their decision. They certainly seemed to me to be sympathetic to the arguments Singh's counsel, Adrienne Page QC, made and much less so to the arguments the BCA's counsel, Heather Rogers QC. But the case will not be decided on the basis of sympathy; it will be decided on the basis of legal analysis. "You can't read judges," David Allen Green (aka jackofkent) said to me over lunch. So we wait.
But the interesting thing about the case is that this may be the first important British legal case to be socially networked: here is a libel case featuring no pop stars or movie idols, and yet they had to turn some 20 or 30 people away from the courtroom. Do judges read Twitter?

Beginning with Howard Rheingold's 1993 book The Virtual Community, it was clear that the Net's defining characteristic as a medium is its enablement of many-to-many communication. Television, publishing, and radio are all one-to-many (if you can consider a broadcaster/publisher a single gatekeeper voice). Telephones and letters are one-to-one, by and large. By 1997, business minds, most notably John Hagel III and Arthur Armstrong in net.gain, had begun saying that the networked future of businesses would require them to build communities around themselves. I doubt that Singh thinks of his libel case in that light, but today's social networks (which are a reworking of earlier systems such as Usenet and online conferencing systems) are enabling him to do just that. The leverage he's gained from that support is what is really behind both the challenge to English libel law and the increasing demand for chiropractors generally to provide better evidence or shut up.

Given the value everyone else, from businesses to cause organizations to individual writers and artists, places on building an energetic, dedicated, and active fan base, it's surprising to see Richard Dawkins, whose supporters have apparently spent thousands of unpaid hours curating his forums for him, toss away what by all accounts was an extraordinarily successful community supporting his ideas and his work. The more so because apparently Dawkins has managed to attract that community without ever noticing what it meant to the participants. He also apparently has failed to notice that some people on the Net, some of the time, are just the teeniest bit rude and abusive to each other. He must lead a very sheltered life, and, of course, never have moderated his own forums.

What anyone who builds, attracts, or aspires to such a community has to understand from the outset is that if you are successful your users will believe they own it. In some cases, they will be right. It sounds - without having spend a lot of time poring over Dawkins' forums myself - as though in this case in fact the users, or at least the moderators, had every right to feel they owned the place because they did all the (unpaid) work. This situation is as old as the Net - in the days of per-minute connection charges CompuServe's most successful (and economically rewarding to their owners) forums were built on the backs of volunteers who traded their time for free access. And it's always tough when users rediscover the fact that in each individual virtual community, unlike real-world ones, there is always a god who can pull the plug without notice.

Fortunately for the causes of libel law reform and requiring better evidence, Singh's support base is not a single community; instead, it's a group of communities who share the same goals. And, thankfully, those goals are bigger than all of us.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. I would love to hear (net.wars@skeptic.demon.co.uk) from someone who could help me figure out why this blog vapes all non-spam comments without posting them.

January 29, 2010

Game night

Why can't computer games get any serious love? The maverick Labour MP Tom Watson convened a meeting this week to ask just that. (Watson is also pushing for the creation of an advocacy group, Gamers' Voice (Facebook).) From the dates, the meeting is not in response to claims that playing computer games causes rickets.

Pause to go, "Huh?"

We all know what causes rickets in the UK. Winter at these crazy high latitudes causes rickets in the UK. Given the amount of atmosphere and cloud it has to get through in the darker months, sunlight can't muster enough oomph to make Vitamin D on the skins of the pasty, blue-white people they mostly have here. The real point of the clinical review paper that kicked off this round of media nonsense, Watson rants, is that half of all UK adults are deficient in Vitamin D in the winter and spring. Well, duh. Wearing sunscreen has made it worse. So do clothes. And this: to my vast astonishment on arrival here they don't put Vitamin D in the milk. But, hey, let's blame computer games!

And yet: games are taking over. In December Chart-Track market researchfound that the UK games industry is now larger than its film industry. Yesterday's game-playing kids are today's game-playing parents. One day we'll all be gamers on this bus. Criminals pay more for stolen World of Warcraft accounts than for credit card accounts (according to Richard Bartle), and the real-money market for virtual game world props is worth billions (PDF). But the industry gets no government support. Hence Watson's meeting.

At this point, I must admit that net.wars, too, has been deficient: I hardly ever cover games. As a freelance, I can't afford to be hooked on them, so I don't play them, so I don't know enough to write about them. In the early-to-mid 1990s I did sink hours into Hitchhiker's Guide to the Galaxy, Minesweeper, Commander Keen, Lemmings, Wolfenstein 3D, Doom, Doom 2, and some of Duke Nukem. At some point, I decided it was a bad road. When I waste time unproductively I need to feel that I'm about to do something useful. I switched the mouse to the left hand, mostly for ergonomic reasons, and my slightly lower competence with it was sufficient to deter further exploration. The other factor: Quake made it obvious that I'd reached my theoretical limit.

I know games are different now. I've watched a 20-something friend play World of Warcraft and Grand Theft Auto; I've even traded deaths with him in one of those multiplayer games where your real-life best friends are your mortal enemies. Watching him play The Sims as a recalcitrant teenager (is there any other kind?) was the most fun. It seemed like Cosmic Justice to see him shriek in frustration at the computer because the adults in his co-op household were *refusing to wash the dishes*. Ha!

For people who have jobs, games are a (sometimes shameful) hobby; for people who are self-employed they are a dangerous menace. Games are amateur sports without the fresh air. And they are today's demon medium, replacing TV, comic books (my parents believed these rotted the brain), and printed multi-volume novels. All of that contributes to why games get relatively little coverage outside of specialist titles and writers such as Aleks Krotoski and are studied by rare academics like Douglas Thomas and Richard Bartle.

Except: it's arguable that the structure of games and the kind of thinking they require - logical, problem-solving, exploratory, experimental - does in fact inspire a kind of mental fitness that is a useful background skill for our computer-dominated world. There are, as Tom Chatfield, one of the evening's three panelists and an editor at Prospect, says in his new book Fun, Inc, many valuable things people can and do learn from games. (I once watched an inveterate game-playing teen extract himself from the maze at Hampton Court in 15 seconds flat.)

And in fact, that's the thought with which the seminal game cum virtual world was started: in writing MUD, Bartle wanted to give people the means to explore their identities by creating different ones.

It's also fun. And an escape from drab reality. And a challenge. And active, rather than passive, entertainment. The critic Sam Leith (who has compared World of Warcraft to Chartres Cathedral) pointed out that the violent shoot-'em-up games that get the media attention are a small, stereotyped sector of the market that deliberately insert shocking violence recursively to get media attention and increase sales. Limiting the conversation to one stereotypical theme is the problem, not games themselves.

Philip Oliver, founder and CEO of the UK's large independent games developer, Blitz Games, listed some cases in point: in their first 12 weeks of release his company sold 500,000 copies of its The Biggest Loser TV and 3.8 million copies of its Burger King advertising game. And what about that wildly successful Wii Fit?

If you say, "That's different", there is the problem.

Still, if game players are all going to be stereotyped as violent players shooting things...I'm not sure who pointed out that the Houses of Parliament are a fabulous gothic castle in which to set a shoot-'em-up, but it's a great idea. Now, that would really be government support!

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, follow on , or send email to netwars@skeptic.demon.co.uk (but please turn off HTML).

January 9, 2010

Car talk

The most interesting thing I've heard all week was a snippet on CNBC in which a commentator talked about cars going out of style. The story was that in 2009 the US fleet of cars shrank by four million. That is, four million cars were scrapped without being replaced.

The commentator and the original story have a number of reasons: increasing urbanization, uncertainty about oil prices, frustration about climate change, and so on. But the really interesting trend is a declining interest in cars on the part of young people. (Presumably these are the same young people who don't watch enough TV.)

A pause to reminisce. In 1967, when I was 13, my father bought a grey Mercedes 230SL with a red interior. It should tell you something when I say that I don't like sports cars, have always owned Datsuns/Nissans (including a pickup truck and two Prairies), and am not really interested in cars that aren't mine but I still remember the make and model number of this car from 42 years ago. I remember hoping he wouldn't trade it in before I turned 16 and was old enough to drive. (He did. Nerts.)

When, at 21, I eventually did get my own first car (a medium blue Nissan 710 station wagon with a white leather-like interior), it felt like I had finally achieved independence. Having a car meant that I could leave my parents' house any time I wanted. The power of that was shocking; it utterly changed how I felt about being in their home.

In London, I hardly drive. The public transportation is too good and the traffic too dense. There are exceptions, of course, but the fact is that it would be cheaper for me to book a taxi every time I needed a car than it is to own one. And yet, the image of being behind the wheel on the open road, going nowhere and everywhere retains its power.

People think of the US as inextricably linked to car culture, but the fact is that our national love affair with the car is quite recent and was imposed on us. The 1988 movie Who Framed Roger Rabbit? had it right: at one time even Los Angeles had a terrific public transportation system. But starting in 1922, General Motors, acting in concert with a number of oil companies, most notably Chevron, deliberately set out to buy up and close down thousands of municipal streetcar systems. The scheme was not popular: people did not want to have to buy cars.

CNBC's suggestion was that today's young people find their independence differently: through their cell phones and the Internet. He has a point. As children, many baby boomers shared bedrooms with siblings. Use of the family phone was often restricted. The home was most emphatically not a place where a young adult could expect any privacy.

Today, kids go out less, first because their parents worry about their safety, later because their friends and social lives are on tap from the individual bedrooms they now tend to have. And even if they have to share the family computer and use it in a well-trafficked location, they can carve themselves out a private space inside their phones, by text if not by voice.

The Internet's potential to destroy or remake whole industries is much discussed: see also newspapers, magazines, long-distance telecommunications, music, film, and television. The "Google decade" so many commentators say is ending is, according to Slate, just the beginning of how Google, all by itself, will threaten industries: search portals, ad agencies, media companies, book publishers, telephone companies, Mapquest, soon smart phone manufacturers, and then the big man on campus, Microsoft.

But if there's one thing we know, it's that technology companies are bad bets because they can be and are challenged when the next wave comes along. Who thought ten years ago that Microsoft wouldn't kill everyone else in its field? Twenty years ago, IBM was the unbeatable gorilla.

The happening wave is mobile phones, and it isn't at all clear that Google will dominate, any more than Microsoft has succeeded in dominating the Internet. But the interesting thing is what mobile phones will kill. So far, it's made a dent in the watchmaking industry (because a lot of people carrying phones don't see why they need a watch, too). Similarly, smart phones have subsumed MP3 players, pocket televisions. Now, cars. And, if I had to guess, smart phones will be the most popular vehicles for ebooks, too, and for news. Tim O'Reilly, for example, says that ebooks really began to take off with the iPhone. Literary agents and editors may love the Kindle, but consumers reading while waiting for trains are more likely to choose their phones. Ray Kurzweil is very likely right on track with his cross-platform ereader software, Blio.

All this seems to me to validate the questions we pose whenever we're asked to subsidize the entertainment industry in its struggle to find its feet in this new world. Is it the right business model? Is it the right industry? Is it the right time?

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, follow on Twitter, or send email to netwars@skeptic.demon.co.uk.

December 25, 2009

Second acts

Reviewing the big names of 2009 versus the big names of 1999 for ZDNet UK last week turned up some interesting trends there wasn't space to go into. Also worth noting: still unpublished is the reverse portion, looking at what the names who are Internet-famous in 2009 were doing in 1999. These were: Mark Zuckerberg (Facebook), Sergey Brin and Larry Page (Google), Rupert Murdoch, Barack Obama, and Jimmy Wales (Wikipedia).

One of the trends, of course, is the fact that there were so many women making technology headlines in 1999: Kim Polese (Marimba), Martha Lane Fox (Lastminute.com), Carly Fiorina (running - and arguably nearly destroying - HP), Donna Dubinsky (co-founder of Palm), and Eva Pascoe (a media darling for having started the first Internet café, London's Cyberia, and writing a newspaper column). It isn't easy now to come up with names of similar impact in 2009.

You can come up with various theories about this. For example: the shrinking pipeline reported ten years ago by both the ACM and the BCS has borne fruit, so that there are actually fewer women available to play the prominent parts these women did. As against that (as a female computer scientist friend points out) one of the two heads of Oracle is female.

The other obvious possibility is the opposite: that women in prominent roles in technology companies have become so commonplace that they don't command the splashy media attention they did ten years ago. I doubt this; if they're commonplace, you'd expect to see some of their names in common use. I will say, though, that I know quite a few start-ups founded or co-founded by women. It was interesting to learn, in looking up Eva Pascoe's current whereabouts, that part of her goal in starting Cyberia was to educate women about the Internet. She was, of course, right: at the time, particularly in Britain, the attitude was very much that computers were boys' toys and few women then had found the confidence to navigate the online world.

The other interesting thing is the varying fortunes of the technologies the names represent. Some, such as Napster (Shawn Fanning), Netscape (Marc Andreesen) and Cyberia, live on through their successors. Others have changed much less: HP (Fiorina) is still with us, and Palm (Dubinsky and Jeff Hawkins) may yet manage a comeback. Symbian has achieved pretty much everything Colly Myers hoped.

Several of the technologies present the earliest versions of the hot topics of 2009, most notably Napster, which kicked off the file-sharing wars. If I were a music industry executive, I'd be thinking now that I was a numb-nut not to make a deal with the original Napster: it was a company with a central server. Suing it out of existence begat the distributed Gnutella, the even more distributed eDonkey, and then the peer-to-peer BitTorrent and all the little Torrents. Every year, more material is available online with or without the entertainment industry's sanction. This year's destructive industry proposal, three strikes, will hurt all sorts of people if it becomes law - but it will not stop file-sharing.

Of course, Napster's - and contemporary MP3.com's - mistake was not being big enough. The Google Books case, one of the other big stories of the year, shows that size matters: had Brin and Page, still graduate students with an idea and some venture capital funding, tried scanning in library books in 1999 Google would be where Napster is now. Instead, of course, it's too big to fail.

The AOL/Time-Warner merger, for all that it has failed utterly, was the first warning of what has become a long-running debate about network neutrality. At the time, AOL was the biggest conduit for US consumer Internet access; merging with Time-Warner seemed to put dangerous control over that access in the hands of one of the world's largest owners of content. In the event, the marriage was a disastrous failure for both companies. But AOL, now divorced, may not be done yet: the "walled garden" approach to Internet content is finding new life with sites like Facebook. If, of course, it doesn't get run over by the juggernaut of 2009, Twitter.

If AOL does come back into style, it won't be the only older technology finding new life: the entire history of technology seems to be one of constant rediscovery. What, after all, is 2009's cloud computing but a reworking of what the 1960s called time-sharing?

Certainly, a revival of the walled garden would make life much easier for the >deep packet inspectors who would like to snoop intensively on all of us. Phorm, Home Office, it doesn't much matter: computers weren't really fast enough to peek inside data packets in real time much before this year.

One recently resurfaced name from the Net's early history that I didn't flag in the ZDNet piece is Sanford ("Spamford") Wallace, who in the late 1990s was widely blacklisted for sending spam email. By 1999, he had supposedly quit the business. And yet, this year he was convicted of 14,214,753 violations of the CAN-SPAM anti-spam act and told to pay Facebook more than $711 million. How times do not change.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, follow on Twitter, or send email to netwars@skeptic.demon.co.uk.

December 19, 2009

Little black Facebook

Back in 2004, the Australian privacy advocate and consultant Roger Clarke warned about the growth of social networks. In his paper Very Black 'Little Black Books' he warned of the privacy implications inherent in posting large amounts of personal data to these sites. The primary service Clarke talks about in that paper is Plaxo, though he also mentions the Google's then newly-created Orkut, as well as Tribe.net, various dating sites, and, on the business side, LinkedIn.

The gist: posting all that personal data (especially in the case of Plaxo, to which users upload their entire address books) is a huge privacy risk because the business models for such sites are still unknown.

"The only logical business model is the value of consumers' data," he told me for a piece I wrote on social networks in 2004. "Networking is about viral marketing, and that's one of the applications of social networking. It's social networks in order to achieve economic networks."

In the same interview, Clarke predicted the future for such networks and their business models: "My expectation would be that if they were rational accumulators of data about individuals they wouldn't be caught out abusing until they had a very nice large collection of that data. It doesn't worry me if they haven't abused yet; they will abuse."

Cut to this week, when Facebook - which wouldn't even exist until two years after that interview - suddenly changed its privacy defaults to turn the service inside out. Gawker calls the change a great betrayal, and says, "The company has, in short, turned evil."

The change in a nutshell: Facebook changed the default settings on its privacy controls, so that information that was formerly hidden by default is now visible to default - and not just to people on Facebook but to the Internet at large. The first time I logged on after the change, I got a confusing screen asking me to choose among the privacy options for each of a number of different types of data - open, or "old settings". I stared at it: what were the old settings?

Less than a week after the changes were announced, ten privacy organizations, led by the Electronic Privacy Information Center and including the American Library Association, the Privacy Rights Now Coalition, and the Bill of Rights Foundation, filed a complaint with the Federal Trade Commission (PDF) asking the FTC to enjoin Facebook's "unfair and deceptive business practices" and compel the company to restore its earlier privacy settings and allow complete opt-out, as well as give users more effective control over their data.

The "walled garden" approach to the Net is typically loathed when it's applied to, say, general access to the Internet. But the situation is different when it's applied to personal information; Facebook's entire appeal to its users is based on the notion that it's a convenient way to share stuff with their friends that they don't want to open up to the entire Internet. If they didn't care, they'd put it all on blogs, or family Web sites.

"I like it," one friend told me not long ago, "because I can share pictures of my kids with my family and know no one else can see them."

My guess is that Facebook's owners have been confused by the success of Twitter. On Twitter, almost everything is public: what you post, who you follow, who follows you, and the replies you send to others' messages. All of that is easily searchable by Google, and Tweets show up with regularity in public search results.

But Twitter users know that everything is public, and (one hopes) moderate their behavior accordingly. Facebook users have populated the service with personal chatter and photos of each other at private moments precisely because they expected that material to remain private. (Although: Joseph Bonneau at the University of Cambridge noticed last May that even deleted photos didn't always remain private.) You can understand Facebook's being insecure about Twitter. Twitter is the fastest-growing social network and the one scooping all the media attention (because if ever there were a service designed for the butterfly mentality of journalists, this is it). The fact that Tweets are the same length as Facebook status updates may have led Facebook founding CEO Mark Zuckerberg et al to think that competing with Twitter means implementing the same features that make Twitter so appealing.

Of course, Facebook has done this in a typically Facebookish sort of way, in that the interface is typically clunky and unpleasant (the British journalist Andrew Brown once commented that the Facebook user interface could drive one to suicide.) Hence the need for a guide to reprivatizing your account.

But adding mobile phone connections is one thing; upending users' expectations of your service is another. There is a name for selling a product based on one description and supplying something different and less desirable: bait and switch.

It is as Roger Clarke said five years ago: sooner or later, these companies have to make money. Social networks have only two real assets: their users' desire to keep using their service, and the mass of data users keep giving them. They're not charging users. What does that leave as a business strategy?

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of the earlier columns in this series. Readers are welcome to post here, follow on Twitter, or send email to netwars@skeptic.demon.co.uk.

October 23, 2009

The power of Twitter

It was the best of mobs, it was the worst of mobs.

The last couple of weeks have really seen the British side of Twitter flex its 140-character muscles. First, there was the next chapter of the British Chiropractic Association's ongoing legal action against science writer Simon Singh. Then there was the case of Jan Moir, who wrote a more than ordinarily Daily Mailish piece for the Daily Mail about the death of Boyzone's Stephen Gately. And finally, the shocking court injunction that briefly prevented the Guardian from reporting on a Parliamentary question for the first time in British history.

I am on record as supporting Singh, and I, too, cheered when, ten days ago, Singh was granted leave to appeal Justice Eady's ruling on the meaning of Singh's use of the word "bogus". Like everyone, I was agog when the BCA's press release called Singh "malicious". I can see the point in filing complaints with the Advertising Standards Authority over chiropractors' persistent claims, unsupported by the evidence, to be able to treat childhood illnesses like colic and ear infections.

What seemed to edge closer to a witch hunt was the gleeful take-up of George Monbiot's piece attacking the "hanging judge", Justice Eady. Disagree with Eady's ruling all you want, but it isn't hard to find libel lawyers who think his ruling was correct under the law. If you don't like his ruling, your correct target is the law. Attacking the judge won't help Singh.

The same is not true of Twitter's take-up of the available clues in the Guardian's original story about the gag to identify the Parliamentary Question concerned and unmask Carter-Ruck, the lawyers who served it and their client, Trafigura. Fueled by righteous and legitimate anger at the abrogation of a thousand years of democracy, Twitterers had the PQ found and published thousands of times in practically seconds. Yeah!

Of course, this phenomenon (as I'm so fond of saying) is not new. Every online social medium, going all the way back to early text-based conferencing systems like CIX, the WELL, and, of course, Usenet, when it was the Internet's town square (the function in fact that Twitter now occupies) has been able to mount this kind of challenge. Scientology versus the Net was probably the best and earliest example; for me it was the original net.war. The story was at heart pretty simple (and the skirmishes continue, in various translations into newer media, to this day). Scientology has a bunch of super-secrets that only the initiate, who have spent many hours in expensive Scientology training, are allowed to see. Scientology's attempts to keep those secrets off the Net resulted in their being published everywhere. The dust has never completely settled.

Three people can keep a secret if two of them are dead, said Mark Twain. That was before the Internet. Scientology was the first to learn - nearly 15 years ago - that the best way to ensure the maximum publicity for something is to try to suppress it. It should not have been any surprise to the BCA, Trafigura, or Trafigura's lawyers. Had the BCA ignored Singh's article, far fewer people would know now about science's dim view of chiropractic. Trafigura might have hoped that a written PQ would get lost in the vastness that is Hansard; but they probably wouldn't have succeeded in any case.

The Jan Moir case, and the demonstration outside Carter-Ruck's offices are, however rather different. These are simply not the right targets. As David Allen Green (Jack of Kent) explains, there's no point in blaming the lawyers; show your anger to the client (Trafigura) or to Parliament.

The enraged tweets and Facebook postings about Moir's article helped send a record number of over 25,000 complaints to the Press Complaints Commission, whose Web site melted down under the strain. Yes, the piece was badly reasoned and loathsome, but isn't that what the Daily Mail lives for? Tweets and links create hits and discussion. The paper can only benefit. In fact, it's reasonable to suppose that in the Trafigura and Moir cases both the Guardian and the Daily Mail manipulated the Net perfectly to get what they wanted.

But the stupid part about let's-get-Moir is that she does not *matter*. Leave aside emotional reactions, and what you're left with is someone's opinion, however distasteful.

This concerted force would be more usefully turned to opposing the truly dangerous. See for example, the AIDS denialism on parade by Fraser Nelson at The Spectator. The "come-get-us" tone e suggests that they saw attention New Humanist got for Caspar Melville's mistaken - and quickly corrected - endorsement of the film House of Numbers and said, "Let's get us some of that." There is no more scientific dispute about whether HIV causes AIDS than there is about climate change or evolutionary theory.

If we're going to behave like a mob, let's stick to targets that matter. Jan Moir's column isn't going to kill anybody. AIDS denialism will. So: we'll call Trafigura a win, chiropractic a half-win, and Moir a loser.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, follow on Twitter, or send email to netwars@skeptic.demon.co.uk.

October 16, 2009

Unsocial media

"No one under 30 will use email," the convenor objected.

There was a bunch of us, a pre-planning committee for an event, and we were talking about which technology we should have the soon-to-be appointed program committee use for discussions. Email! Convenient. Accessible by computer or phone. Easily archived, forwarded, quoted, or copied into any other online medium. Why are we even talking about this?

And that's when he said it.

Not so long ago, if you had email you were one of the cool kids, the avant-garde who saw the future and said it was electronic. Most of us spent years convincing our far-flung friends and relatives to get email so we didn't have to phone or - gasp - write a letter that required an envelope and a stamp. Being told that "email is for old people" is a lot like a 1960s "Never trust anyone over 30" hippie finding out that the psychedelic school bus he bought to live in to support the original 1970 Earth Day is a gas-guzzling danger to the climate and ought to be scrapped.

Well, what, then? (Aside: we used to have tons of magazines called things like Which PC? and What Micro? to help people navigate the complex maze of computer choices. Why is there no magazine called Which Social Medium??)

Facebook? Clunky interface. Not everyone wants to join. Poor threading. No easy way to export, search, or archive discussions. IRC or other live chat? No way to read discussion that took place before you joined the chat. Private blog with comments and RSS? Someone has to set the agenda. Twitter? Everything is public, and if you're not following all the right people the conversation is disjointed and missing links you can't retrieve. IM? Skype? Or a wiki? You get the picture.

This week, the Wall Street Journal claimed that "the reign of email is over" while saying only a couple of sentences later, "We all still use email, of course." Now that the Journal belongs to Rupert Murdoch, does no one check articles for sense?

Yes, we all still use email. It can be archived, searched, stored locally, read on any device, accessed from any location, replied to offline if necessary, and read and written thoughtfully. Reading that email is dead is like reading, in 2000, that because a bunch of companies went bust the Internet "fad" was over. No one then who had anything to do with the Internet believed that in ten years the Internet would be anything but vastly bigger than it was then. So: no one with any sense is going to believe that ten years from now we'll be sending and receiving less email than we are now. What very likely will be smaller, especially if industrial action continues, is the incumbent postal services.

What "No one under 30 uses email" really means is that it's not their medium of first choice. If you're including college students, the reason is obvious: email is the official stuff they get from their parents and universities. Facebook, MySpace, Twitter, and texting is how they talk to their friends. Come the day they join the workforce, they'll be using email every day just like the rest of us - and checking the post and their voicemail every morning, too.

But that still leave the question: how do you organize anything if no one can agree on what communications technology to use? It's that question that the new Google Wave is trying to answer. It's too soon, really, to tell whether it can succeed. But at a guess, it lacks one of the fundamental things that makes email such a lowest common denominator: offline storage. Yes, I know everything is supposed to be in "the cloud" and even airplanes have wifi. But for anything that's business-critical you want your own archive where you can access it when the network fails; it's the same principle as backing up your data.

Reviews vary in their take on Wave. LifeHacker sees it as a collaborative tool. ZDNet UK editor Rupert Goodwins briefly called it Usenet 2.0 and then retracted and explained using the phrase "unified comms".

That, really, is the key. Ideally, I shouldn't have to care whether you - or my fellow committee members - prefer to read email, participate in phone calls (via speech-to-text, text-to-speech synthesizers), discuss via Usenet, Skype, IRC, IM, Twitter, Web forums, blogs, or Facebook pages. Ideally, the medium you choose should be automatically translated in to the medium I choose. A Babel medium. The odds that this will happen in an age when what companies most want is to glue you to their sites permanently so they can serve you advertising are very small.

Which brings us back to email. Invented in an era when the Internet was commercial-free. Designed to open standards, so that anyone can send and receive it using any reader they like. Used, in fact, to alert users to updates they want to know about to their accounts on Facebook/IRC/Skype/Twitter/Web forums. Yes, it's overrun with corporate CYA memos and spam. But it's still the medium of record - and it isn't going anywhere. Whereas: those 20-somethings will turn 30 one day soon.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of the earlier columns in this series. Readers are welcome to post here, follow on follow on Twitter, or send email to netwars@skeptic.demon.co.uk (but please turn off HTML).

August 7, 2009

The five percent solution

So much has been said about Australia's Internet filtering this year that nearby New Zealand's project has mostly escaped notice. The plan is to implement filtering sometime in the next couple of months. Unlike the UK, where the blocklist is maintained by the Internet Watch Foundation under a voluntary arrangement, in New Zealand the list is being administered by the Department of Internal Affairs.

It turns out that the technology New Zealand is putting in place is coming into use in the UK, courtesy of Watchdog International, which recently signed a deal to supply it to Talk Internet.

Watchdog's managing director, Peter Mancer, says the idea for the technical implementation comes from Sweden.

"I was impressed at the cooperation of police and NGOs," he said of the work he observed there, "but I don't like DNS poisoning. It's not effective enough and it's too broad a brush, and my ten-year-old can bypass it by putting someone else's DNS servers in the browser settings. But it's easy to employ from the ISP's point of view." DNS poisoning - or rather, blocking selected domains - is, of course, what is implemented in the UK through BT's Cleanfeed.

The system Mancer was shown by the Swedish royal technical college and now supplies via his company relies instead on Border Gateway Protocol, or BGP, the core routing protocol of the Internet. Users don't interact with it directly; it's used among ISPs to route traffic correctly. In New Zealand's case, the necessary servers are all managed and hosted by the government. Mancer's explanation: "All ISPs connect to those servers via Internet tunnels using BGP, so the URL list is managed independently of the ISPs, and there is very little cost to the ISP - a few configurations and they're connected to it."

The point for the UK: Cleanfeed requires implementation effort from the ISP. If you're Virgin or another huge ISP, you have sufficient resources and in-house expertise to do it. But the difficulty and expense is, says Mancer, one of the reasons why smaller ISPs haven't adopted it - and why the percentage of British consumer broadband users covered by the IWF blocklist has remained stuck at 90 to 95 percent for years.

Smaller ISPs, says Mancer, "find it quite a challenge. Cleanfeed is not suitable for a lot of ISPs, and there's no commercially available system." So, he says, to the "remaining 5 percent tail which the Home Office and the government keep jumping up and down about a commercially available solution is more attractive." Watchdog's system starts at €2,000 per year, or about £200 per month, and the cost per user goes down as the number of users goes up. Despite the horrid economics of running a small ISP, 5p per customer per month ought in theory to be affordable.

All of this leads back to the question we posed in a panel at this year's Computers, Freedom, and Privacy conference: can the Internet still route around censorship? Images of child abuse (the IWF's preferred term) are illegal in most countries.

Even the US is beginning to show signs of moving in the hotline-voluntary blocklist direction. Last year, for example, Qwest began blocking access to a list of sites that the National Center for Missing and Exploited Children has identified as containing child pornography. (This is not, by the way, a violation of the First Amendment right to free speech as far as I can make out. The First Amendment says, "Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances." It does not prohibit private companies like Qwest from making their own rules, a reality that seems to be widely misunderstood.)

Mancer himself is passionate on the topic: "I sat on a Swedish hotline and took some of the reports and looked at sites. It really does impact you, and it's worth fighting against." He adds, "We're a bit frustrated. We believe we have a good solution that's affordable, but a lot of ISPs are sitting on the fence." There isn't, he concludes, enough pressure.

Given some odds and ends of possible failures - the link to Watchdog's servers has to stay up, the ISP has to configure its systems correctly - Watchdog's system seems likely to be hard for Web users to bypass, although Richard Clayton, the expert in these matters, queries whether the technology will be able to track changes fast enough to deal with the fast-flux technology in use on botnets.

But Clayton also sugests that blocking Web sites is becoming quaintly old-fashioned.

"The IWF list is down to c. 400 sites (from 1500+, of which about 1/3 are 'free' sites - ie: a single phone call would remove the material)," he said by email. In other words, the Web may not be able to bypass the technology - but things like TOR, Freenet, closed peer-to-peer networks, and that wacky darknet-in-a-browser project showed off at Black Hat last week probably can because they were deliberately created to bypass the domain name system entirely. The Web is not the Internet. The Web may no longer be able to route around censorship, but the Internet still can in the time-honored way: by changing technologies. Originally, John Gilmore's aphorism referred to...Usenet.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, follow on Twitter, or send email to netwars@skeptic.demon.co.uk.

May 8, 2009

Automated systems all the way down

Are users getting better or worse?

At what? you might ask. Naturally: at being thorns in the side of IT security people. Users see security as damage, and route around it.

You didn't need to look any further than this week's security workshop, where this question was asked, to see this principle in action. The hotel-supplied wireless was heavily filtered: Web and email access only, no VPNs, "undesirable" sites blocked. Over lunch, the conversation: how to set up VPNs using port 443 to get around this kind of thing. The perfect balanced sample: everyone's a BOFH *and* a hostile user. Kind of like Jacqui Smith, who has announced plans to largely circumvent the European Court of Human Rights' ruling that Britain has to remove the DNA of innocent people from the database. Apparently, this government perceives European law as damage.

But the question about users was asked seriously. The workshop gathered security folks from all over to brain storm and compare notes: what are the emerging security threats? What should we be worrying about? And, most important, what should people be researching?

Three working groups - smart environments, malware and fraud, and critical systems - came up with three different lists, mostly populated with familiar stuff - but the familiar stuff keeps going and getting worse. According to Symantec's latest annual report spam, for example, was up 162 percent in 2008 over 2007, with a total of 349.6 billion messages sent - simply a staggering waste of resources. What has changed is targeting; new attacks are short-lived, small distribution affairs - much harder to shut down.

Less familiar to me was the "patch window" problem, which basically goes like this: it takes 24 hours for 80 percent of Windows users to get a new patch from Windows Update. An attacker who downloads the patch as soon as it's available can quickly - within minutes - reverse-engineer it to find out what bug(s) it's fixing. Then the attacker has most of a day in which to exploit the bug. Last year, Carnegie-Mellon's David Brumley and others found a way to automate this process (PDF). An ironic corollary: the more bug-free the program, the easier a patch window attack becomes. Various solutions were discussed for this, none of them entirely satisfactory; the most likely was to roll out the patch locked, and distribute a key only after the download cycle is complete.

But back to the trouble with users: systems are getting more and more complex. A core router now has 5,000 lines of code; an edge router 11,000. Someone has to read and understand all those lines. And that's just one piece. "Today's networks are now so complex we don't understand them any more," said Cisco's Michael Behrenger. Critical infrastructures need to be more like the iPhone, a complex system that nonetheless just about anyone can operate.

As opposed, I guess, to being like what most people have now: systems that are a mish-mash of strategies for getting around things that don't work. But I do see his point. Once you could debug even a large network by reading the entire configuration. Pause to remember the early days of Demon Internet, when the technical support staff would debug your connection by directly editing the code of the dial-up software we were all using, KA9Q. If you'd taken *those* humans out of the system, no one could have gotten online.

It's my considered view that while you can blame users for some things - the one in 12.5 million spam recipients Christian Kreibich said actually buys the pharma products so advertised springs to mine - blaming them in general is a lot like the old saw about how "only a poor workman blames his tools". It's more than 20 years since Donald Norman pointed out in The Design of Everyday Things that user error is often a result of poor system design. Yet a depressing percentage of security folks complaining about system complexity don't even know his name and a failure to understand human factors is security's single biggest failure.

Joseph Bonneau made this point in a roundabout way by considering Facebook which, he said, really is inventing the Web - not just in the rounded corners sense, but in the sense of inventing its own protocols for things for which standards already exist. Plus - and more important for the user question - it's training users to do things that security people would rather they didn't, like click on emailed links without checking the URLs. "Social networks," he said, "are repeating all the Web's security problems - phishing, spam, 419 scams, identity theft, malware, cross-site scripting, click fraud, stalking...privacy is the elephant in the room." Worse, "They really don't yet have a business model, which makes dealing with security difficult."

It's a typical scenario in computing, where each new generation reinvents every wheel. And that's the trouble with automation with everything, too. Have these people never used voice menus?

Get rid of the humans and replace them with automated systems that operate perfectly, great. But won't humans have to write the automated systems? No, automated systems will do that. And who will program those? Computers. And who...

Never mind.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to follow (and reply) on , post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

May 1, 2009

Twit crit

In his book Learning How to Learn the Sufi author and teacher Idries Shah listed the stages of Western criticism before it can stop:
1. It is impossible.
2. It is possible, but it is useless.
3. It is useful, but I knew about it all the time.

Twitter seems to be somewhere between stage one and stage two. Stage one, in Twitter's case, I guess would be the assumption that while the technology was possible no one would ever, every want to use it. There's some logic to that. I think everyone I've talked to agrees that the first thing they thought the first time they saw Twitter was: "That is the silliest use of technology I ever saw."

Stage two is: anyone who would actually use Twitter is sad and pathetic, and why would you want to read all the time that some friend has just had a cup of coffee or brushed his teeth?

Stage two is: Twitter is a fad. Don't click on that and give Business Week the satisfaction of its own stupidity. The summary: Twitter's retention rate is lower than that of Facebook and MySpace at the same stage in their development. And it cites the survey everyone was talking about on Tuesday before swine flu turned everyone into hypochondriacs, Nielsen Online's study that showed that 60 percent of the people who join Twitter don't come back the following month. (The arrival of Oprah should speed up departures.) As compared to Facebook, with a 70 percent retention rate. I'd say that's deceptive; Facebook probably thinks it's retained me, but in fact I just let Twitter feed it, and ignore it hugely otherwise.

Stage two is: well, yeah, we use it, and our friends use it, and our number of followers keeps growing and we keep following more people, and it's really useful to us, but it's still nonsense, do you hear?

Cut to March 2000, when the stock market crashed. (How much would you give to be having that crash right now instead of the one we're actually having?) "See? We told you the Internet was a fad," people said. That is, people who weren't in the technology business. While watching technology shares plummet, every single technologically literate person, if asked, agreed that the Internet would be bigger in 2005 than it was in 2000 and by a lot. They were all absolutely correct, too.

Twitter is not a fad. Twitter the company may or may not survive, but five years from now platforms to support microblogging - short messages integrated across Web, mobile phones, PDAs, and other clients - will be all over the place. Eventually, every company will have one running on its intranet alongside its Web server, instant messaging, email, and voice calling software and people will be in stage three.

My simplest explanation of Twitter is this: Twitter is where the online party is this week. It was on Internet Relay Chat, Usenet, bulletin boards, CompuServe, mailing lists, CIX, and the WELL in the 1980s and early 1990s; then it was on the Web; then blogs. Now it's on Twitter, which is sucking the life out of a lot of people's blogs the same way online technologies have plundered each other before. The 140-character limit forces people to be succinct; no one message can eat up your time the way someone who buys his electrons by the barrel can on older systems. There are no flame wars (yet) because a) although you *can* be abusive in 140 characters (you pointless waste of space) back-and-forth conversations don't tend to last that long and b) the idiots haven't arrived yet (or if they have, no one follows them). There is just the zeitgeist; if you pick correctly you can follow the stream-of-thought of interesting people you could not access in such compact form in any other way. RSS, be damned.

Others have suggested that the Nielsen study is flawed: are people leaving or have they abandoned the Web interface (featureless and clunky) for desktop clients (featureful and functional) or mobile phones (mobile!)? If they're not posting, does that mean they've gone, that they are lurkers (as are 90 percent of the users of any given online discussion forum), or that they only use Twitter for direct messages (which don't show up to outsiders)? Used over the Web, Twitter does seem a pointless and dispensable entertainment; the key to its usefulness as a tool is the third-party clients and the mobile connections.

Nielsen responded to these criticisms by expanding the study to 30 more Web sites and applications - and got the same result. But in restating that a retention rate of 40 percent is a problem for Twitter the company also proved Twitter's usefulness: the immediacy and breadth of the response forced it to do additional research to stand up its claims. Sometimes value isn't just quantitative.

The other complaint that's showing up this week is that - gasp! - people are posting information to it that is less than wholly accurate. My God, when did that last happen on the Internet?
Surely, we are only a week or two away from tabloid stories that terrorists, organized crime, child abusers, and drug dealers are using it and cries that we must shut down this latest scourge to civilization.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. On Twitter: wendyg.

March 20, 2009

The untweetable Xeroxness of being

So the other week I was chatting on Twitter across time and space with a Xerox machine from 1961... (As you do.)

At least, it said it was a Xerox machine. On the Internet, no one knows you're a coffee pot.

In fact, the conversation is less rational than that: it's a fictional Xerox machine.

The story begins with the brilliantly conceived and executed TV show Mad Men. Set in the 1960s in a Madison Avenue advertising agency of the kind my father worked with at that time (my father was a Manhattan printer from the 1920s to 1980s), the show's first season featured secretaries and a typing pool. At the beginning of the second season, which starts in February 1962, the office has a new arrival: a Xerox 914. The secretaries gape at it and admire its workings without quite realizing that the machine heralds the decline of secretarial careers, a process that will become complete when PCs arrive on every desktop. Like, now.

"There will be a little 914 in everything," the machine tweeted at one point, a nod to the fact that today's graphical interfaces were first dreamed up at Xerox's PARC research lab, doubtless funded by some of the 914's revenues.

Pause to look up the Xerox 914. It was, I read on Wikipedia, the first commercially successful plain-paper copier. Plain paper! In 1961 the only copy machines I ever got near used nasty thermal paper that got easily scuffed. In fact, I was still being rude about the local library's thermal paper fax in 1971. Sterling Cooper was an early adopter and a big spender on this one. Its number derived from the size of things it could copy: anything up to 9in by 14in.

Aaannyway, someone on WELL noted that the show's 914 had a Twitter account. I thought it was just amusing enough to follow. For months, it burped out a tweet at irregular intervals, a few weeks or a month apart. It's hinted at irregularities in the expense accounts filed by Pete Campbell (a character on the show who also has a Twitter feed), and admired Joan Holloway's figure (ditto). I don't follow the human characters. Human characters are a dime a dozen. It takes real talent to be a machine.

The other night, the machine went berserk and started pumping out URLs. No explanation of what they were, just shortened URLs. Ten or 20 at least, in the space of an hour or two. Finally, maddened, I sent the machine a message.

"Did squirrels get into the nuts in the writers' room, or what?" I demanded intemperately. I didn't expect an answer any more than I did on the day in 1979 at the Winnipeg Folk Festival, when I passed a guy pouring beer on his head and - well, I guess he thought it was - dancing, and muttered, just to vent, "First time on the planet, sir?" (Stan Rogers, who happened to be watching, reminded me of this incident several years later; apparently he liked the line so much he grabbed it and used it on hecklers throughout the rest of his career.)

The next morning, however, I found a message waiting: "My nuts are perfectly tight, thank you."

I posted this little exchange back onto the WELL, where someone less suspicious than I pointed out that the URLs the machine had been posting were links to pictures of other old Xerox machines and very early computers, plus one to a secret Fortran manual. The machine, in other words, was behaving exactly in character, excited because it had come across a treasure trove of pictures of friends, family, and...would that machine look sexy if you were a machine? Oh. It was surfing for *porn*.

It wasn't unreasonable to be suspicious. Spam has come to Twitter, as will become increasingly obvious over the next few months. I used "credit card" in a message this week, and almost instantly got a reply directing me to a site selling money management tools to help me pay off my credit cards. (My credit cards are perfectly tight, thank you.) And of course, someone could have hacked the machine's account, or the studio advertising department could have decided restraint was stupid. You just never know. But...I was wrong.

And so I told it, with an apology for not trusting it. It replied with nothing but a shortened URL that, when I clicked, displayed an empty page with a message in the title bar: " No apology needed @wendyg, I am only offended by shameless low voltage and the occasional body fluids on my glass." Hm.

But I'm still making this conversation sound more sensible than it was, because it's actually not clear which, if any, of the characters' Twitter feeds actually emanate from the show's broadcast channel, AMC, or from the show's production team. There was, some months back, a mini-war between the Twitterers and AMC, which issued DMCA notices to shut them down and then recanted. Xerox914's profile links to the real 914's Wikipedia entry; others link to fan blogs; a few go to AMC's site.

So start over.

The other week I was chatting on Twitter with a fake fictional Xerox machine from 1961. On the Internet, no one knows you're a piece of carbon paper...

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

February 14, 2009

The Gattaca in Gossip Girl

Spotted: net.wars obsessing over Gossip Girl instead of diligently reading up on the state of the data retention directive's UK implementation.

It's the cell phones. The central conceit of the show and the books that inspired it is this: an unseen single-person Greek (voiced by Kristen Bell in a sort of cross between her character on Veronica Mars and Christina Ricci's cynical, manipulative trouble-maker in The Opposite of Sex) chorus of unknown identity publishes - to the Web and by blast to subscribers' cell phones - tips and rumors about "the scandalous lives of Manhattan's elite".

The Upper East Siders she? reports on are, of course, the private high school teens whose centrally planned destiny is to inherit their parents' wealth, power, social circles, and Ivy League educations. These are teens under acute pressure to perform as expected, and in between obsessing about whether they can get into Yale (played on-screen by Columbia), they blow off steam by throwing insanely expensive parties, drinking, sexing, and scheming. All, of course, in expensive designer clothes and bearing the most character and product-placement driven selection of phones ever seen on screen.

Most of the plots are, of course, nonsense. The New Yorker more or less hated it on sight. Also my first reaction: I went, not to the school the books' author, Cecily von Ziegesar, did, but to one in the same class 25 years earlier and then to an Ivy League school. One of my closest high school friends grew up in - and his parents still live at - the building the inhabited in the series by teen queen Blair Waldorf. So I can assess the show's unreality firsthand. So can lots of other New Yorkers who are equally obsessed with the show: the New York Magazine runs a hysterically funny reality index recap of each episode of "the Greatest Show of Our Time", followed by a recap of the many comments.

But we never had the phones! Pink and flip, slider and black, Blackberries, red, gold, and silver phones! Behind the trashy drama portraying the ultra rich as self-important, stressed-out, miserable, self-absorbed, and mean is a fictional exploration of what life is like under constant surveillance by your peers.

Over the year and a half of the show's run - SPOILER ALERT - all sorts of private secrets have been outed on Gossip Girl via importunate camera phone and text message. Serena is spotted buying a pregnancy test (causing panic in at least two households); four characters are revealed at a party full of agog subscribers to be linked by a half-sibling they didn't know they had until the blast went out; and of course everyone is photographed kissing (or worse) the wrong person at some point. Exposure via Gossip Girl is also handy for blackmail (Blair), pre-emption (Chuck), lovesick yearning (Dan), and outing his sister's gay boyfriend (Dan).

"If you're sending tips to Gossip Girl, you're in the game with the rest of us," Jenny tells Dan, who had assumed his own moral superiority.

A lot of privacy advocates express concern that today's "digital natives" don't care about privacy, or at least, don't understand the potential consequences to their future job and education prospects of the decisions they make when they post the intimate details of their lives online. In fact, when this generation grows up they'll all be in the same boat, exposure wise.. Both in reality and in this fiction, the case is as it's usually been, that teens don't fear each other; they collude as allies to exclude their parents. That trope, too, is perfectly played on the show when Blair (again!) gets rid of a sociopathic interloper by going over the garden wall and calling her parents. This is not the world of David Brin's The Transparent Society, after all; the teens surveille each other but catch adults only by accident, though they take full advantage when they do.

"Gossip Girl...is how we communicate," Blair says, trying to make one of her many vendettas seem normal.

Privacy advocates also often stress that surveillance chills spontaneous behaviour. Not here, or at least not yet. Instead, the characters manipulate and expose, then anguish when it happens to them. A few become inured.

Says Serena, trying to comfort Rachel Carr, the first teacher to be so exposed: "I've been on Gossip Girl plenty of times and for the worst things...eventually everyone forgets. The best thing to do with these things is nothing at all,"

Phones and Gossip Girl are not the only mechanisms by which the show's characters spy on and out each other. They use all the more traditional media, too - in-person interaction, mistaken identity (a masked ball!), rifling through each other's belongings, stolen phones, eavesdropping, accident, and, of course, the gossip pages of the New York press.

"It's anonymous, so no one really knows," Serena says, when asked who is behind the site. But she and all the others do know: the tips come from each other and from the nameless other students they ignore in the background. Gossip Girl merely forwards them, with commentary in her own style:

You know you love me.

XOXO,
Net.wars

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

January 23, 2009

Will tweet for food

So we were at a thing in London this week where practically everyone was a Twitter user. Not surprising, since Twitter use has gone up nearly 1000 percent in the UK in the last year. As you do, we rehearsed various dissatisfactions with the service and wishes for feature improvements. Among them: people wished they could actually pay for the service so they could get it to do more of the stuff they want. There's something very odd about a company that people are so devoted to that they actually spend recreational time in a pub debating its business model. People were in love with Google in its early days, too, yet I don't remember pub chats about it.

That 1000 percent still makes Twitter tiny in context: it lags way behind Facebook, YouTube, Bebo, MySpace, and even Yahoo! Answers, as weirdly chaotic as that list is. YouTube compared with Twitter? As that article points out, the ecology of third-party software built around Twitter and automated feeds from Twitter into other sites like Facebook mean that many people use the service without ever accessing its Web site or even necessarily knowing they're reading a Twitter feed.

The existence of the third-party ecology is both a good and a bad sign. Good that people find the blogging-for-the-mobile-phone-generation platform so useful that they are willing to put in the effort. Bad, in the sense that it makes clear how utterly unusable Twitter is on its own. I've had an account for nearly two years, but left it mostly dormant until someone recommended Tweetdeck.

The whole conversation started because I was trying to find a tactful way of asking one of those present whether she could divide her Twitter feed into two: one for the really interesting work type stuff she does, and the other for the..."crap?" she said helpfully.

"It would be great if you could filter the feed by putting on "stop" words," someone said. Yes, and "go" words, too, so you could select what kind of thing you wanted to get when. You don't need many Twits on your list for the tweet stream to become unmanageable. Others have had this same thought and there is in fact something that does it.

Filtering would be a great thing because it's the lack of it that is the reason I've never dared turn on the switch that has Twitter send updates to my mobile phone. In the UK now, however, that element of the service is turned off. All to do with money, which mobile network operators tend to insist on and Internet users don't like to spend, leaving service providers squeezed in the middle.

"I'd pay for that," said one of the group. "The service is that useful to me."

"So would I," said someone else.

"Can't we make ask them?"

"Lots of people have tried."

Twitter's business model has in fact been the subject of some speculation even outside of pubs, and even ideas how to turn it into a billion-dollar company. It has, apparently, enough money to go on with from its funding rounds.

No one's actually sure exactly what Twitter's business model is, but it seems clear that charging for SMS updates isn't it. The site has no advertising (not even on its blog or home pages), and even if it did that ecology of desktop clients would render it moot anyway. It also seems that making life easy for third-party developers isn't necessarily it either. Twitter so far seems to be following in the footsteps of the early Web: if they come in sufficient numbers and you keep control a business model will present itself.

It worked for Google, the last successful company that fed a lot of similar speculation in its early days. Another parallel: those stories were written about Google in 2001-2002, just after the dot-com bust, when it was fashionable among Old Media to opine that New Media would never be able to grow up, move out, and make a living. Now, in this much worse economic crash, how will Twitter ever be able to leave home?

Some things clearly won't work. No matter how small, there is probably no number of ads that wouldn't send users fleeing to a Twitter competitor without them. Google locked in its users by being better than its competitors, by offering added services, and by acculturation: the more you learn about constructing good searches on Google the less you want to repeat the learning curve elsewhere. Social networks have proved in the long term to be more fungible: look at what happened to the well established discussion groups on early online services once everyone had access to the Internet.

More likely is the idea of marketing accounts, which is already happening anyway, built on the interests users indicate via their choices of whom to follow.

Our idea, which seemed logical in the pub: Twitter users start sending money to one of the company's email addresses using Paypal and force them to accept payment. Take control. Force a business model on them. Yeah!

It would be a great hack.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

January 2, 2009

No rest for 2009

It's been a quiet week, as you'd expect. But 2009 is likely to be a big year in terms of digital rights.

Both the US and the UK are looking to track non-citizens more closely. The UK has begun issuing foreigners with biometric ID cards. The US, which began collecting fingerprints from visiting tourists two years ago says it wants to do the same with green card holders. In other words, you can live in the US for decades, you can pay taxes, you can contribute to the US economy - but you're still not really one of us when you come home.

The ACLU's Barry Steinhardt has pointed out, however, that the original US-VISIT system actually isn't finished: there's supposed to be an exit portion that has yet to be built. The biometric system is therefore like a Roach Motel: people check in but they never leave.

That segues perfectly into the expansion of No2ID's "database state". The UK is proceeding with its plan for a giant shed to store all UK telecommunications traffic data. Building the data shed is a lot like saying we're having trouble finding a few needles in a bunch of haystacks so the answer is to build a lot bigger haystack.

Children in the UK can also look forward to ContactPoint (budget £22.4 million) going live at the end of January, only the first of several. The conservativers apparently have pledged to scrap ContactPoint in favor of a less expensive system that would track only children deemed to be at risk. If the conservatives don't get their chance to scrap it - probably even if they do - the current generation may be the last that doesn't get to grow up taking for granted that their every move is being tracked. Get 'em young, as the Catholic church used to say, and they're yours for life.

The other half of that is, of course, the National Identity Register. Little has been heard of the ID card in recent months; although the Home Office says 1,000 people have actually requested one. Since these have begun rolling out to foreigners, it's probably best to keep an eye on them.

On January 19, look for the EU to vote on copyright term extension in sound recordings. They have now: 50 years. They want: 95 years. The problem: all the independent reviewers agree it's a bad idea economically. Why does this proposal keep dogging us? Especially given that even the UK government accepts that recording contracts mean that little of the royalties will go to the musicians the law is supposedly trying to help, why is the European Parliament even considering it? Write your MEP. Meanwhile, the economic downturn reaches Cliff Richards; his earliest recordings begin entering the public domain...oh, look - yesterday, January 1, 2009.

Those interested in defending file-sharing technology, the public domain, or any other public interest in intellectual property will find themselves on the receiving end of a pack of new laws and initiatives out to get them.

The RIAA recently announced it would cease suing its customers in the US. It plans to "work with ISPs". Anyone who's been around the UK and France in recent months should smell the three-strikes policy that the Open Rights Group has been fighting against. ORG's going to find it a tougher battle, now that the govermment is considering a stick and carrot approach: make ISPs liable for their users' copyright infringement, but give them a slice of the action for legal downloads. One has to hope that even the most cash-strapped ISPs have more sense.

Last year's scare over the US's bald statement that customs authorities have the right to search and impound computers and other electronic equipment carried by travellers across the national borders will probably be followed up with lengthy protest over new rules known as the Anti-Counterfeiting Trade Agreement and being negotiated by the US, EU, Japan, and other countries. We don't know as much as we'd like about what the proposals actually are, though some information escaped last June. Negotiations are expected to continue in 2009.

The EU has said that it has no plans to search individual travellers, which is a relief; in fact, in most cases it would be impossible for a border guard to tell whether files on a computer were copyright violations. Nonetheless, it seems likely that this and other laws will make criminals of most of us; almost everyone who owns an MP3 player has music on it that technically infringes the copyright laws (particularly in the UK, where there is as yet no exemption for personal copying).

Meanwhile, Australia's new $44 million "great firewall" is going ahead despiteknown flaws in the technology. Nearer home, British Culture Secretary Andy Burnham would like to rate the Web, lest it frighten the children.

It's going to be a long year. But on the bright side, if you want to make some suggestions for the incoming Obama administration, head over to Change.org and add your voice to those assembling under "technology policy".

Happy new year!

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

November 28, 2008

Mother love

It will be very easy for people to take away the wrong lessons from the story of Lori Drew, who this week was found guilty of several counts of computer fraud in a case of cyberbullying that drove 13-year-old Missouri native Megan Meier to suicide.

The gist: in 2006, 49-year-old Lori Drew, a neighbor of Meier's who believed that Meier had spread gossip about her own 13-year-old daughter, a former friend. With help from her daughter and her 18-year-old assistant, Drew created a MySpace page belonging to a fictitious 16-year-old boy named Josh Evans. For some weeks Evans sent Meier flirtatious messages, then abruptly dumped her with a stream of messages and bulletings, ending with the message, "The world would be a better place without you." Meier, who had for five years been taking prescription medication for attention deficit disorder and depression, who was overweight and lacked self-esteem, hanged herself.

The story is a horror movie for parents. This is a teen who was, her mother said in court, almost always supervised in her Internet use. In fact, Meier and Drew's daughter had, some months earlier, created a fake MySpace page to talk to boys online, an escapade that caused Meier's mother to close down her MySpace access for some months. On the day of Meier's suicide, her mother was on her way to the orthodontist with her younger daughter when Meier, distraught, reported the stream of unpleasant messages. Her mother told her to sign off. She didn't; when her mother came home there was a brief altercation; they found her 20 minutes later.

The basic elements of the story are not, of course, new. Identity deception is as old as online services; the best-known early case was that of Joan, a CompuServe forum regular who for more than two years in the early 1990s claimed to be a badly disabled former neuropsychologist whose condition made her reluctant to meet people, especially her many online friends. Joan was in fact a fictional character, the increasingly elaborate creation of a male New York psychiatrist named Alex.

Cyberbullying is, of course, also not new. You can go back to the war between alt.tasteless and rec.pets.cats in 1992, if you like, but organized playground behavior seems to flourish in every online medium. Gail Williams, the conference manager at the WELL, said about ten years ago that a lot of online behavior seems to be people working our their high school angst, and nothing has changed in the interim except that a lot of people online now actually still in high school. And unfortunately for them, the people they're working out their high school angst with are bigger, older, more experienced, and a lot savvier about where to stick in the virtual knife. People can be damned unpleasant sometimes.

But let's look at the morals people are finding. EfluxMedia:
The case of Megan Meier calls for boundaries when it comes to cyberbullying and the use of social networking sites in general, but also calls for reason. Social networking sites and the Internet in general have become more than just virtual realities, they are now part of our everyday lives, and they influence us in ways that we cannot ignore. What we must learn from this is that our actions may have unimaginable consequences on other people, even when it comes to the Internet, so think twice before you act.

Boundaries? Meier was far more rigorously supervised online than the average teen. Who's going to supervise the behavior of a 49-year-old woman to make sure she doesn't cross the line?

More to the point, the court's verdict found that Drew had broken federal laws concerning computer fraud. Is it hacking to set up a pseudonymous MySpace page and send fraudulent postings? The MySpace's 2006 terms and conditions required registration information to be truthful and banned harassment and sexual exploitation. Have MySpace's terms become federal law?

The answer is probably that there was no properly applicable law. We've seen that situation before, too - Robert Schifreen and Steve Gold were prosecuted under the laws against wire fraud. The eventual failure of the case on appeal proved the need for the Computer Misuse Act and comparable laws against hacking elsewhere in the world. Ironically, these laws are now showing their limits, too, as the Drew case proves. We can now, I suppose, expect to see a lot of proposals for laws banning cyberbullying under which people like Drew could be more correctly prosecuted.

But the horror movie is only partly about online; online, in this case MySpace, allowed the hoaxers to post "Josh Evans'" bare-chested photo. The same kind of hoax, with hardly less impact, could have been carried out by letter and poster. Wanda Holloway didn't need online to contract to muder her daughter's more successful cheerleading rival.

Ultimately, the lesson we should be learning is the same one we heard at this year's Computers, Freedom, and Privacy conference: just like rape and incest, you are more at risk for harassment and cyberbullying from people you know. Unfortunately, most such law seems to be written with the idea that it's strangers who are dangerous.


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

October 24, 2008

Living by numbers

"I call it tracking," said a young woman. She had healthy classic-length hair, a startling sheaf of varyingly painful medical problems, and an eager, frequent smile. She spends some minutes every day noting down as many as 40 different bits of information about herself: temperature, hormone levels, moods, the state of the various medical problems, the foods she eats, the amount and quality of sleep she gets. Every so often, she studies the data looking for unsuspected patterns that might help her defeat a problem. By this means, she says she's greatly reduced the frequency of two of them and was working on a third. Her doctors aren't terribly interested, but the data helps her decide which of their recommendations are worth following.

And she runs little experiments on herself. Change a bunch of variables, track for a month, review the results. If something's changed, go back and look at each variable individually to find the one that's making the difference. And so on.

Of course, everyone with the kind of medical problem - diabetes, infertility, allergies, cramps, migraines, fatigue - that medicine can't really solve - has done something like this for generations. Diabetics in particularly have long had to track and control their blood sugar levels. What's different is the intensity - and the computers. She currently tracks everything in an Excel spreadsheet, but what she's longing for is good tools to help her with data analysis.

From what Gary Wolf, the organizer of this group, Quantified Self, says - about 30 people are here for its second meeting, after hours at Palo Alto's Institute for the Future to swap notes and techniques on personal tracking - getting out of the Excel spreadsheet is a key stage in every tracker's life. Each stage of improvement thereafter gets much harder.

Is this a trend? Co-founder Kevin Kelley thinks so, and so does the Washington Post, which covered this group's first meeting. You may not think you will ever reach the stage of obsession that would lead you to go to a meeting about it, but in fact, if the interviews I did with new-style health companies in the past year is any guide, we're going to be seeing a lot of this in the health side of things. Home blood pressure monitors, glucose tests, cholesterol tests, hormone tests - these days you can buy these things in Wal-Mart.

The key question is clearly going to be: who owns your health data? Most of the medical devices in development assume that your doctor or medical supplier will be the one doing the monitoring; the dozens of Web sites highlighted in that Washington Post article hope there's a business in helping people self-track everything from menstrual cycles to time management. But the group in Palo Alto are more interested in self-help: in finding and creating tools everyone can use, and in interoperability. One meeting member shows off a set of consumer-oriented prototypes - bathroom scale, pedometer, blood pressure monitor, that send their data to software on your computer to display and, prospectively, to a subscription Web site. But if you're going to look at those things together - charting the impact of how much you walk on your weight and blood pressure - wouldn't you also want to be able to put in the foods you eat? There could hardly be an area where open data formats will be more important.

All of that makes sense. I was less clear on the usefulness of an idea another meeting member has - he's doing a start-up to create it - a tiny, lightweight recording camera that can clip to the outside of a pocket. Of course, this kind of thing already has a grand, old man in the form of Steve Mann, who has been recording his life with an increasingly small sheaf of devices for a couple of decades now. He was tired, this guy said, of cameras that are too difficult to use and too big and heavy; they get left at home and rarely used. This camera they're working on will have a wide-angle lens ("I don't know why no one's done this") and take two to five pictures a second. "That would be so great," breathes the guy sitting next to me.

Instantly, I flash on the memory of Steve Mann dogging me with flash photography at Computers, Freedom, and Privacy 2005. What happens when the police subpoenas your camera? How long before insurance companies and marketing companies offer discounts as inducements to people to wear cameras and send them the footage unedited so they can study behavior they currently can't reach?

And then he said, "The 10,000 greatest minutes of your life that your grandchildren have to see," and all you can think is, those poor kids.

There is a certain inevitable logic to all this. If retailers, manufacturers, marketers, governments, and security services are all convinced they can learn from data mining us why shouldn't we be able to gain insights by doing it ourselves?

At the moment, this all seems to be for personal use. But consider the benefits of merging it with Web 2.0 and social networks. At last you'll be able to answer the age-old question: why do we have sex less often than the Joneses?


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

September 26, 2008

Wimsey's whimsy

One of the things about living in a foreign country is this: every so often the actual England I live in collides unexpectedly with the fictional England I grew up with. Fictional England had small, friendly villages with murders in them. It had lowering, thick fogs and grim, fantastical crimes solvable by observation and thought. It had mathematical puzzles before breakfast in a chess game. The England I live in has Sir Arthur Conan Doyle's vehement support for spiritualism, traffic jams, overcrowding, and four million people who read The Sun.

This week, at the GikIII Workshop, in a break between Internet futures, I wandered out onto a quadrangle of grass so brilliantly and perfectly green that it could have been an animated background in a virtual world. Overlooking it were beautiful, stolid, very old buildings. It had a sign: Balliol College. I was standing on the quad where, "One never failed to find Wimsey of Balliol planted in the center of the quad and laying down the law with exquisite insolence to somebody." I know now that many real people came out of Balliol (three kings, three British prime ministers, Aldous Huxley, Robertson Davies, Richard Dawkins, and Graham Greene) and that those old buildings date to 1263. Impressive. But much more startling to be standing in a place I first read about at 12 in a Dorothy Sayers novel. It's as if I spent my teenaged years fighting alongside Angel avatars and then met David Boreanaz.

Organised jointly by Ian Brown at the Oxford Internet Institute and the University of Edinburgh's Script-ed folks, GikIII (prounounced "geeky") is a small, quirky gathering that studies serious issues by approaching them with a screw loose. For example: could we control intelligent agents with the legal structure the Ancient Romans used for slaves (Andrew Katz)? How sentient is a robot sex toy? Should it be legal to marry one? And if my sexbot rapes someone, are we talking lawsuit, deactivation, or prison sentence (Fernando Barrio)? Are RoadRunner cartoons all patent applications for devices thought up by Wile E. Coyote (Caroline Wilson)? Why is The Hound of the Baskervilles a metaphor for cloud computing (Miranda Mowbray)?

It's one of the characteristics of modern life that although questions like these sound as practically irrelevant as "how many angels, infinitely large, can fit on the head of a pin, infinitely small?", which may (or may not) have been debated here seven and a half centuries ago, they matter. Understanding the issues they raise matters in trying to prepare for the net.wars of the future.

In fact, Sherlock Holmes's pursuit of the beast is metaphorical; Mowbray was pointing out the miasma of legal issues for cloud computing. So far, two very different legal directions seem likely as models: the increasingly restrictive EULAs common to the software industry, and the service-level agreements common to network outsourcing. What happens if the cloud computing company you buy from doesn't pay its subcontractors and your data gets locked up in a legal battle between them? The terms and conditions in effect for Salesforce.com warn that the service has 30 days to hand back your data if you terminate, a long time in business. Mowbray suggests that the most likely outcome is EULAs for the masses and SLAs at greater expense for those willing to pay for them.

On social networks, of course, there are only EULAs, and the question is whether interoperability is a good thing or not. If the data people put on social networks ("shouldn't there be a separate disability category for stupid people?" someone asked) can be easily transferred from service to service, won't that make malicious gossip even more global and permanent? A lot of the issues Judith Rauhofer raised in discussing the impact of global gossip are not new to Facebook: we have a generation of 35-year-olds coping with the globally searchable history of their youthful indiscretions on Usenet. (And WELL users saw the newly appointed CEO of a large tech company delete every posting he made in his younger, more drug-addled 1980s.) The most likely solution to that particular problem is time. People arrested as protesters and marijuana smokers in the 1960s can be bank presidents now; in a few years the work force will be full of people with Facebook/MySpace/Bebo misdeeds and no one will care except as something laugh at drunkenly late out in the pub.

But what Lilian Edwards wants to know is this: if we have or can gradually create the technology to make "every ad a wanted ad" - well, why not? Should we stop it? Online marketing is at £2.5 billion a year according to Ofcom, and a quarter of the UK's children spend 22 hours a week playing computer games, where there is no regulation of industry ads and where Web 2.0 is funded entirely by advertising. When TV and the Internet roll together, when in-game is in-TV and your social network merges with megamedia, and MTV is fully immersive, every detail can be personalized product placement. If I grew up five years from now, my fictional Balliol might feature Angel driving across the quad in a Nissan Prairie past a billboard advertising airline tickets.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

April 4, 2008

Million-dollar baby


The first time I saw James Randi he was hauling a load of fresh chicken guts out of a guy's stomach.

Of course, in my eagerness to make it sound like a good story I've jazzed that up a bit. The chicken guts were real and the guy's stomach was real (he was an innocent audience member who'd been recruited for the purpose of demonstration), but the pull-outage was clever sleight-of-hand. The year was 1982 and the occasion was a lecture demonstration at Cornell University. The point was demonstrating how "psychic surgeons" achieve their effects.

The next time I'll see James Randi is on April 19, when he's giving a talk at Conway Hall, in London. I don't think chicken guts will be involved, though a number of other prominent skeptics will also be speaking and you just never know.

It was Randi's ability to demonstrate plausible explanations for the apparently inexplicable that blew me away on that particular day. A lot of people like to claim that skeptics are closed-minded, but in fact it seems to me that the key to skepticism is tolerance of uncertainty and patience. A skeptic sitting in an empty house and hearing inexplicable creaking thinks, "I wonder what that is." A believer thinks, "Must be a ghost." Randi never claimed to be able to explain everything, but he went a long way toward showing me that things that friends thought must be inexplicable might still have natural explanations if you had the patience to wait to find out what they were and the right kind of mind to. A lie goes round the world while the truth is still putting its boots on; it takes seconds to claim something's paranormal but years of research to find out the truth.

One of the sad things about science these days is that so many disciplines require so much expensive equipment and funding that it's hard for an amateur to make much of a contribution. There are, to be sure, exceptions: some friends on Crete were successful in finding the nests of griffin vultures and did a lot of work keeping count, and anyone can look for fossils and hope to fill in a gap in the record. But few can afford their own radio telescope, particle collider, or climate modelling supercomputer. Randi showed that amateurs with a particular bent - a knowledge of stage magic and deception - were more effective at assessing paranormal claims than many scientists.

None of this would qualify Randi as a subject for net.wars except that recently he's been the subject of Usenet spam. Most people who do not participate in Usenet are under the impression that all newsgroups drowned under email levels of spam long ago. But in fact until the last month, when the Chinese apparently discovered Usenet, spam levels have been negligible for quite a few years now. Once Web boards, blogs, and social networks got going Usenet became even more of a minority pastime than it was in its heyday. Spamming Usenet doesn't cost much, but why bother when the audience is relatively tiny?

But people who want to boast that they've bested James Randi apparently want to lump themselves in with ads for cheap knockoffs of Nike shoes, Breitling watches, and Prada handbags. And so a version of this message began popping up randomly. It is, of course, all over the Net by now, and there's not a lot anyone can do other than debunk it and hope someone notices.
To deal with the most trivial bit, the bit that asks if James Randi is "even a real name". Well, it's not the name Randi was born with, although it's a modification of his first and middle names. But he's been using it consistently for something over 50 years, and it is his legal name. So it's real enough for all intents and purposes.

The million-dollar challenge was a relative newcomer that had its origins in a similar $10,000 challenge that Randi had going for more than 30 years. The increased money made the challenge a much juicier story, of course. But as this rational game theoryish analysis of the challenge makes clear, the challenge was only ever likely to attract the deluded. As I understand it, the mailbag got ridiculous in both size and content. There's plenty of evidence for that; the apparent basis of the claim that Randi was beaten is impenetrable. It is true, though, that until the beginning of this year the challenge rules stated that the prize would continue to be offered until it was awarded, including after Randi's death. Now, it ends March 6, 2010. (Get your claim in now!)

The end of the challenge is the end of an era for skeptics. For years, if any paranormal claimant was particularly insistent that he could dowse for oil or read minds we could say, "If you're so psychic, why ain't you taking Randi's challenge?" Now, my god - we're going to have to think of new stuff to say.

Meantime, come watch Randi in person and find out about the kinds of tests he's been doing all these years.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

March 14, 2008

Uninformed consent

Apparently the US Congress is now being scripted by Jon Stewart of the Daily Show. In a twist of perfect irony, the House of Representatives has decided to hold its first closed session in 25 years to debate - surveillance.

But it's obvious why they want closed doors: they want to talk about the AT&T case. To recap: AT&T is being sued for its complicity in the Bush administration's warrantless surveillance of US citizens after its technician Mark Klein blew the whistle by taking documents to the Electronic Frontier Foundation (which a couple of weeks ago gave him a Pioneer Award for his trouble).

Bush has, of course, resisted any effort to peer into the innards of his surveillance program by claiming it's all a state secret, and that's part of the point of this Congressional move: the Democrats have fielded a bill that would give the whole program some more oversight and, significantly, reject the idea of giving telecommunications companies - that is, AT&T - immunity from prosecution for breaking the law by participating in warrantless wiretapping. 'Snot fair that they should deprive us of the fun of watching the horse-trading. It can't, surely, be that they think we'll be upset by watching them slag each other off. In an election year?

But it's been a week for irony, as Wikipedia founder Jimmy Wales has had his sex life exposed when he dumped his girlfriendand been accused of - let's call it sloppiness - in his expense accounts. Worse, he stands accused of trading favorable page edits for cash. There's always been a strong element of Schadenpedia around, but the edit-for-cash thing really goes to the heart of what Wikipedia is supposed to be about.

I suspect that nonetheless Wikipedia will survive it: if the foundation has the sense it seems to have, it will display zero tolerance. But the incident has raised valid questions about how Wikipedia can possibly sustain itself financially going forward. The site is big and has enviable masses of traffic; but it sells no advertising, choosing instead to live on hand-outs and the work of volunteers. The idea, I suppose, is that accepting advertising might taint the site's neutral viewpoint, but donations can do the same thing if they're not properly walled off: just ask the US Congress. It seems to me that an automated advertising system they did not control would be, if anything, safer. And then maybe they could pay some of those volunteers, even though it would be a pity to lose some of the site's best entertainment.

With respect to advertising, it's worth noting that Phorm, which we is under increasing pressure. Earlier this week, we had an opportunity to talk to Kent Ertegrul, CEO of Phorm, who continues to maintain that Phorm's system, because it does not store data, is more protective of privacy than today's cookie-driven Web. This may in fact be true.

Less certain is Ertegrul's belief that the system does not contravene the Regulation of Investigatory Powers Act, which lays down rules about interception. Ertegrul has some support from a informal letter from the Home Office whose reasoning seems to be that if users have consented and have been told how they can opt out, it's legal. Well, we'll see; there's a lot of debate going on about this claim and it will be interesting to hear the Information Commissioner's view. If the Home Office's interpretation is correct, it could open a lot of scope for abusive behavior that could be imposed upon users simply by adding it to the terms of service to which they theoretically consent when they sign up, and a UK equivalent of AT&T wanting to assist the government with wholesale warrantless wiretapping would have only to add it to the terms of service.

The real problem is that no one really knows how Phorm's system works. Phorm doesn't retain your IP address, but the ad servers surely have to know it when they're sending you ads. If you opt out but can still opt back in (as Ertegrul said you can), doesn't that mean you still have a cookie on your system and that your data is still passed to Phorm's system, which discards it instead of sending you ads? If that's the case, doesn't that mean you can not opt out of having your data shared? If that isn't how it works, then how does it work? I thought I understood it after talking to Ertegrul, I really did - and then someone asked me to explain how Phorm's cookie's usefulness persisted between sessions, and I wasn't sure any more. I think the Open Rights Group: Phorm should publish details of how its system works for experts to scrutinize. Until Phorm does that the misinformation Ertegrul is so upset about will continue. (More disclosure: I am on ORG's Advisory Council.

But maybe the Home Office is on to something. Bush could solve his whole problem by getting everyone to give consent to being surveilled at the moment they take US citizenship. Surely a newborn baby's footprint is sufficient agreement?

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

February 22, 2008

Strikeout

There is a certain kind of mentality that is actually proud of not understanding computers, as if there were something honorable about saying grandly, "Oh, I leave all that to my children."

Outside of computing, only television gets so many people boasting of their ignorance. Do we boast how few books we read? Do we trumpet our ignorance of other practical skills, like balancing a cheque book, cooking, or choosing wine? When someone suggests we get dressed in the morning do we say proudly, "I don't know how"?

There is so much insanity coming out of the British government on the Internet/computing front at the moment that the only possible conclusion is that the government is made up entirely of people who are engaged in a sort of reverse pissing contest with each other: I can compute less than you can, and see? here's a really dumb proposal to prove it.

How else can we explain yesterday's news that the government is determined to proceed with Contactpoint even though the report it commissioned and paid for from Deloitte warns that the risk of storing the personal details of every British child under 16 can only be managed, not eliminated? Lately, it seems that there's news of a major data breach every week. But the present government is like a batch of 20-year-olds who think that mortality can't happen to them.

Or today's news that the Department of Culture, Media, and Sport has launched its proposals for "Creative Britain", and among them is a very clear diktat to ISPs: deal with file-sharing voluntarily or we'll make you do it. By April 2009. This bit of extortion nestles in the middle of a bunch of other stuff about educating schoolchildren about the value of intellectual property. Dare we say: if there were one thing you could possibly do to ensure that kids sneer at IP, it would be to teach them about it in school.

The proposals are vague in the extreme about what kind of regulation the DCMS would accept as sufficient. Despite the leaks of last week, culture secretary Andy Burnham has told the Financial Times that the "three strikes" idea was never in the paper. As outlined by Open Rights Group executive director Becky Hogge in New Statesman, "three strikes" would mean that all Internet users would be tracked by IP address and warned by letter if they are caught uploading copyrighted content. After three letters, they would be disconnected. As Hogge says (disclosure: I am on the ORG advisory board), the punishment will fall equally on innocent bystanders who happen to share the same house. Worse, it turns ISPs into a squad of private police for a historically rapacious industry.

Charles Arthur, writing in yesterday's Guardian, presented the British Phonographic Institute's case about why the three strikes idea isn't necessarily completely awful: it's better than being sued. (These are our choices?) ISPs, of course, hate the idea: this is an industry with nanoscale margins. Who bears the liability if someone is disconnected and starts to complain? What if they sue?

We'll say it again: if the entertainment industries really want to stop file-sharing, they need to negotiate changed business models and create a legitimate market. Many people would be willing to pay a reasonable price to download TV shows and music if they could get in return reliable, fast, advertising-free, DRM-free downloads at or soon after the time of the initial release. The longer the present situation continues the more entrenched the habit of unauthorized file-sharing will become and the harder it will be to divert people to the legitimate market that eventually must be established.

But the key damning bit in Arthur's article (disclosure: he is my editor at the paper) is the BPI's admission that they cannot actually say that ending file-sharing would make sales grow. The best the BPI spokesman could come up with is, "It would send out the message that copyright is to be respected, that creative industries are to be respected and paid for."

Actually, what would really do that is a more balanced copyright law. Right now, the law is so far from what most people expect it to be - or rationally think it should be - that it is breeding contempt for itself. And it is about to get worse: term extension is back on the agenda. The 2006 Gowers Review recommended against it, but on February 14, Irish EU Commissioner Charlie McCreevy (previously: champion of software patents) has announced his intention to propose extending performers' copyright in sound recordings from the current 50-year term to 95 years. The plan seems to go something like this: whisk it past the Commission in the next two months. Then the French presidency starts and whee! new law! The UK can then say its hands are tied.

That change makes no difference to British ISPs, however, who are now under the gun to come up with some scheme to keep the government from clomping all over them. Or to the kids who are going to be tracked from cradle to alcopop by unique identity number. Maybe the first target of the government computing literacy programs should be...the government.


Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

February 15, 2008

Greedbay?

If you log onto ebay.com (not .co.uk or eBay's other international sites) next week you may find gaping holes: a number of sellers have pledged to boycott from February 18 to 25 to protest changes eBay is making in listing fees, commissions, some payment requirements, and, probably most contentious, the feedback system. The short version: sellers will no longer be able to leave feedback for buyers, and eBay will require sellers who are new or have low feedback ratings to use Paypal as a payment option and also give their listings less exposure in searches. There will also be penalties for overcharging for postage and handling (a sneaky way of making up for low prices).

Whether these changes are good changes or bad, eBay's feedback system has been broken for a long time, as Jim Griffith comments. The essence of a reputation-based system is holding buyers and sellers accountable for bad behavior. But no one dares leave negative feedback any more for fear of retaliation.

Sellers have reacted angrily to the announced change and some are threatening a strike in which they pull all their items from sale from February 18 to 25. Logically, however, what good do buyer ratings do? The system is inherently unbalanced: buyers choose their sellers but sellers can't discriminate among buyers.

Sellers can't, for example, use the buyer ratings to ring-fence sales. If a buyer fails to pay or rips off a seller by instigating a chargeback after the item has been delivered, the seller's only recourse is through eBay's trust and fraud department. eBay's argument that the change should result in a more accurate reputation system is probably justified.

If it doesn't feel fairly balanced, that's emotion, not logic, based on nostalgia for the early days, when eBay was a democratic site where all users were amateurs who both bought and sold. eBay now is full of businesses and professional sellers, and what the feedback changes make explicit is that over time eBay has become a class system.

Professional sellers (everyone from substantial businesses who also run their own ecommerce sites and probably list on Amazon Marketplace and Google Checkout as well) are in a different league from the casual seller who maybe wants to get rid of that old DVD player and doesn't see why it shouldn't be for a bit of cash. If online discussion forums are 90 percent lurkers and 10 percent posters, it wouldn't be surprising if eBay's user community was 90 percent buyers and 10 percent sellers. I'm a good example: I've sold two items on eBay, but bought dozens, some of them repeat business with the same crafts people and some one-off purchases. For casual sellers, I do look at sellers' feedback - largely to eliminate obvious frauds. (I had to stop buying DVDs on eBay at all - the site is overrun with Asian counterfeits). For the professional sellers, however, the more important reputation information lies in recommendations outside of eBay from people interested in the same sorts of things I am.

There are people the changes will hurt, but the big sellers probably won't be among them.; do enough volume successfully and a few negative reviews won't hurt you that much. Individuals won't be able to benefit from an established reputation as a reliable buyer when they sell items. Small sellers will have no way of defending themselves publicly if an unreasonable buyer chooses to trash them. (If the buyer doesn't pay at all, of course, sellers can still work to get the user barred from the service.)

Do eBay sellers have, as some are insisting, a real choice? Some, yes, even though the received wisdom for a long time has been in online auctions size of the user base is everything. Some craftspeople have been migrating to Etsy, which is becoming an interesting place to browse. The big sellers generally already sell through multiple channels. People selling off used DVDs, books, and other media would probably do better listing on Amazon Marketplace, where their items will show up, presumably favorably priced, in the same listing with new copies. It's the flea market crowd - the people selling off old tires, strange collectibles, and odd bits of clothing - for whom the size of eBay's audience is indispensable. That is very much eBay's roots, but who wants to move back in with their parents?

Online communities - including commercial ones, like eBay - all tend to exhibit the same social characteristics. One such is the rule that users hate change. Especially, they hate specific changes that threaten to remove one or more freedoms they're used to. eBay's new CEO is right to say it would be more surprising if people didn't protest, given the community's passionate nature. But plenty of online communities have had userbases just as passionate - and did not survive their own arrogance once technology changes created other options. In this battle, eBay's true opponent is Google.

It is Google, now, whose product search puts eBay listings alongside many others, and where people are increasingly likely to start looking for unfamiliar items. And it will be Google that wins if sellers leave eBay en masse, because that's how we will find them in their new homes.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

January 25, 2008

Xenu strikes again


I see that the war between Scientology and the Net, first spotted in about 1994, has erupted again. Same issues, slightly different people, similar behavior.

Then (1993-1996): a bunch of Scientology critics collided with a bunch of Scientology adherents in the Usenet newsgroup alt.religion.scientology. The critics, besides posting criticism, began posting chunks of the documents that were normally only revealed to Scientologists after they'd been through many (expensive) levels of Scientology training. For an explanation of what the documents are, see here.

The Church of Scientology reacted as documented in the first-referenced article back there (even now, often the one thing I've written that people remember). The newsgroup got flooded with hundreds of messages containing copied and pasted chunks of pro-Scientology material. There was a "Cancelbunny" that began cancelling the critics' messages. Real people got their real homes raided and their real hard drives confiscated. The anonymous mail server in Finland, used for posting some of the secret documents, was raided and, when its owner, Julf Helsingius, realized he couldn't really promise anonymity in the face of the law, shut down. Keith Henson, an engineer and fringe science adventurer (cryonics, space colonization, rocket building), was sued by the CoS for copyright infringement after he openly posted some of the secret documents. He lost in court, declared bankruptcy, picketed Scientology offices, was sentenced to jail, fled to Canada, ordered to present himself for extradition, fled back to the US, and finally spent sic months in jail.

1998: Usenet stopped being the most important forum for Net discussions probably sometime around 1998. At which point, flooding the Web seems to have become the strategy: give every Scientologist E-Z software for building their own site, and watch the numbers grow. "Web spam", a.r.s. called it; that was a time when sheer numbers might still influence what came top of search engine listings.

Early 2000s: The fight moved to where the most important gatekeepers were: search engines. The first note of the battle over spam links, Digital Millennium Copyright Act removal notices, and Google's behavior dates to 1998. A 2002 sampling shows pretty much the same pattern as the Usenet era, without the real-life drama, as does this 2001 article.

Now: this week, I see that an Internet group calling itself "Anonymous" have been launching DDoS attacks on Scientology Web sites, taking them intermittently offline. It's good to see that longstanding a.r.s. Scientology critics like Jeff Jacobsen think this tactic is wrong. Because it is, and not just because DDoS attacks are illegal.

Scientology's online critics have always skated a fine line between good and bad forms of protest. There was, for example, a possibly legitimate argument for posting the secret documents, even if they were copyrighted. Most copyright laws make exceptions for quotations for criticism and parody; critics could also reasonably argue that given the amount Scientologists pay for their access to these documents they ought to have the right to get some idea of what kind of teachings they were actually going to be paying for. After all, most religions – in which category Scientology places itself – publish their beliefs openly. Where would we be in Marriott hotels at night without our free copies of the Bible and the Book of Mormon? It's only businesses – in which category Scientology does not place itself willingly – that claim the inner workings of the products they sell are trade secrets.

There was, therefore, an defensible case that the critics who reacted to copyright threats by publishing the documents as widely and as often as possible were acting in the public interest. You may disagree with it, but it is a legitimate argument to say that people deserve to see what they're buying. A supposed church that counters that argument by claiming that publication will cause it financial hardship could find itself on shaky moral, if not legal, ground.

There is no such case to be made for DDoS attacks. If a site's owner is doing something illegal, report them to the police, counter their bad speech with more speech, or counter their bad technology by documenting it and creating better technology. The Web and search engine wars were carried out in just that way: documenting the influx of thousands of near-identical pro-Scientology Web sites and presenting the evidence to both the search engines themselves and the Web at large was exactly the right way to convince people that something questionable was going on. And the results of the changes search engines made have been long-lasting (in Internet terms). Type "Scientology" into Google today, and you get a set of hits that seem fairly representative of all points of view: top hit CoS's own site, next two hits Wikipedia's entries, third hit one of the best-known critics, Operation Clambake.

Operation Clambake's owner, Andreas Heldal-Lund, has also, I'm glad to see, come out against the DDoS operation. As he says, it's hypocritical to defend your own activities on the grounds of freedom of speech and then deny it to other people. Freedom of speech means freedom for speech you disagree with.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

January 18, 2008

Harmony, where is thy sting?

On the Net, John Perry Barlow observed long ago, everything is local and everything is global, but nothing is national. It's one of those pat summations that sometimes is actually right. The EU, in the interests of competing successfully with the very large market that is the US, wants to harmonize the national laws that apply to content online.

They have a point. Today's market practices were created while the intangible products of human ingenuity still had to be fixed in a physical medium. It was logical for the publishers and distributors of said media to carve up the world into national territories. But today anyone trying to, say, put a song in an online store, or create a legal TV download service has to deal with a thicket of national collection societies and licensing authorities.

Where there's a problem there's a consultation document, and so there is in this case: the EU is giving us until February 29 (leap year!) to tell them what we think (PDF).

The biggest flaw in the consultation document is that the authors (who needed a good copy editor) seem to have bought wholesale the 2005 thinking of rightsholders (whom they call "right holders"). Fully a third of the consultation is on digital rights management: should it be interoperable, should there be a dispute resolution process, should SMEs have non-discriminatory access to these systems, should EULAs be easier to read?

Well, sure. But the consultation seems to assume that DRM is a) desirable and b) an endemic practice. We have long argued that it's not desirable; DRM is profoundly anti-consumer. Meanwhile, the industry is clearly fulfilling Naxos founder Klaus Heymann's April 2007 prophecy that DRM would be gone from online music within two years. DRM is far less of an issue now than it was in 2006, when the original consultation was launched. In fact, though, these questions seem to have been written less to aid consumers than to limit the monopoly power of iTunes.

That said, DRM will continue to be embedded in some hardware devices, most especially in the form of HDCP, a form of copy protection being built, invisibly to consumers until it gets in their way, into TV sets and other home video equipment. Unfortunately, because the consultation is focused on "Creative Content Online", such broader uses of DRM aren't included.

However, because of this and because some live streaming services similarly use DRM to prevent consumers from keeping copies of their broadcasts (and probably more will in future as Internet broadcasting becomes more widespread), public interest limitations on how DRM can be used seem like a wise idea. The problem with both DRM and EULAs is that the user has no ability to negotiate terms. The consultation leaves out an important consumer consideration: what should happen to content a consumer pays for and downloads that's protected with DRM if the service that sold it closes down? So far, subscribers lose it all; this is clea

The questions regarding multi-territory licensing are far more complicated, and I suspect answers to those depend largely on whether you're someone trying to clear rights for reuse, someone trying to protect your control over your latest blockbuster's markets, or someone trying to make a living as a creative person. The first of those clearly wants to buy one license rather than dozens. The second wants to sell dozens of licenses rather than one (unless it's for a really BIG sum of money). The third, who is probably part of the "Long Tail" mentioned in the question, may be very suspicious of any regime that turns everything he created before 2005 into "back catalogue works" that are subject to a single multi-territory license. Science fiction authors, for example, have long made significant parts of their income by selling their out-of-print back titles for reprint. An old shot in a photographer's long tail may be of no value for 30 years – until suddenly the subject emerges as a Presidential candidate. Any regime that is adopted must be flexible enough to recognize that copyrighted works have values that fluctuate unpredictably over time.

The final set of question has to do with the law and piracy. Should we all follow France's lead and require ISPs to throw users offline if they're caught file-sharing more than three times? We have said all along that the best antidote to unauthorized copying is to make it easy for people to engage in authorized copying. If you knew, for example, that you could reliably watch the latest episode of The Big Bang Theory (if there ever is one) 24 hours after the US broadcast, would you bother chasing around torrent sites looking for a download that might or might not be complete? Technically, it's nonsense to think that ISPs can reliably distinguish an unauthorized download of copyrighted material from an authorized one; filtering cannot be the answer, no matter how much AT&T wants to kill itself trying. We would also remind the EU of the famed comment of another Old Netizen, John Gilmore: "The Internet perceives censorship as damage, and routes around it."

But of course no consultation can address the real problem, which isn't how to protect copyright online: it's how to encourage creators.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

December 28, 2007

2007 by numbers

April: Month when DRM on music began to fall.

235: Number of patents Microsoft claimed it owns that Linux violates.

8,000: Number of "diggs" a Big Spring, teenager's detention letter got while hordes of angry Firefox defenders from all over the world phoned and emailed his school. The letter had been doctored to make it look as though he was given detention for using Firefox.

24: Number of days from the time Facebook announced Beacon, the advertising partnership that publishes users' purchases at 44 partner sites to their friends lists to the time it announced it had modified the program to allow users to opt out. Facebook planned to expand Beacon to allow users to publish their eBay listings to their friends network.

9: Number of days later that Coca-Cola, Overstock.com, and Travelocity were reported to have pulled out of the program.

7: Number of additional days it took Facebook to allow users to turn off the program entirely, amid speculation that Blockbusters involvement with Beacon may have contravened the US Video Privacy Protection Act, passed after a newspaper disclosed Robert Bork's video rental records when he was a Supreme Court nominee.

1: female winner of the Alan Turing award – Frances Allen.

6: Percentage of BCS Fellows who are female.

5: Upper bound of the percentage of music on the average iPod that was bought on iTunes.

8: Number of times digital preservation can be more expensive than paper (PDF, see p4).

17 per second: the rate at which Amazon.com sold Wiis.

74: Days it took Apple to sell 1 million iPhones. We still don't get it.

£100: Likely cost of the ID card to individuals if/when it is launched in 2009. Exactly as predicted in 2002.

29,000: Number of identified sex offenders whose profiles were deleted by MySpace.

$12 million: amount SCO spent in 2006 on its licensing program, whose revenues were $116,000.

$30 million: SCO's estimated liability to Novell et al after an August court judgment went against it.

September 27: Date on which Darl McBride, CEO of SCO, announced SCO was filing for Chapter 11 bankruptcy protection: "Other companies such as Delta Airlines, Texaco, Dow Corning, K-Mart, United Airlines, Toys R’ Us, Macy’s Department Stores and others have emerged from Chapter 11 protection after restructuring themselves for success. We intend to do the same."

December 27: Date SCO was officially delisted from the NASDAQ.

$3.1 billion: Cost of Google's takeover of DoubleClick, which received FTC approval last week. The merger will mean not only that Google gets a huge, new database of individuals' surfing habits but that two of the biggest ad platforms will now belong to the same company.

140,000: Votes discarded by electronic counting machines in Scotland during the May evoting trial. Reports attribute the problem to ballot design. But the key problem was the lack of comeback for voters whose ballots are marked spoiled by machines with no human oversight.

August 2: Date the UK Electoral Commission recommended against pursuing electronic voting any further until security can be improved. The bad news: the government seems unlikely to take this or any other sane advice.

September 29: Date on which Linden Labs advised EU users that VAT is being applied to Second Life bills, including premium registration, land ownership, and maintenance fees. Paying taxes? Sounds like my first life.

25 million: number of UK households whose personal details were contained in two CDs "lost in the post" on the way to the General Audit Office.

3 million: number of UK driving test candidates whose details have been lost on a hard disk in the US, now believed to be touring Iowa.

$1 billion: Amount the FBI has allocated for building a biometric database, to include iris scans, facial images, and other physical characteristics. "Bigger. Faster. Better." Have they learned nothing from Facebook, Google, and MySpace? The bigger the database, the greater the number of connections, the more of it is garbage.

September 4: Date of dissolution of MUSE, the company set up to commercialize the early MUD virtual gaming world. The big beneficiary of that effort: CompuServe. And the original CEO, who went mad, stole the money, and shot himself.

$1.43 billion: the amount eBay overpaid for Skype in 2005.

October 5: Date on which the Bragg v. Linden Labs lawsuit was settled, with terms remaining confidential. This was the court action that lawyers were watching eagerly to see what precedents it might set for the legal status of virtual property. Bragg's Second Life account has been reinstated, and the SL Terms of Service have been amended after a judge's decision in the case found them invalid.

Unclear: which will cost more, the Galileo constellation of global navigation satellites being built by the EU, or the UK national ID card.

Happy New Year!

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

November 30, 2007

Spam today and spam tomorrow

Admittedly you have to be not really paying enough attention to do this, but in the last couple of weeks I've discovered torrent spam. Here's how it works: you download a file you think is something you want, and discovered it's been RAR-compressed. When you uncompress the file, you get a second RAR file that requires a password and a Readme file. The Readme advises you that to get the password you need to go to a Web site and enter an email address – any email address. I'm not quite demented enough to do this, even with the venerable black-hole address nobody@nowhere.com. Who knows what evils might be lurking on that Web site?

This is the more or less harmless kind. Other stories say that there are more dangerous types of torrent spam, where to play the file you are required to download a new video player that is typically infected with malware.

For once, this seems not to be an RIAA/MPAA initiative. It's just spam, reflecting the reality that any time anything on the Net gets sufficiently popular someone tries to turn it into a vehicle for unwanted crap. And you know they know it's unwanted, because otherwise they wouldn't be trying so hard to trick you into reading it. At one time – oh, say, a year ago – a lawyers' mailing list agreed that at the threshold of around 10,000 readers you have to turn off or moderate comments because the comment spam got too heavy. Page rank can do it, too: the pelicancrossing.net site that hosts one version of this column gets something like 1,000 comment spams a week – and hardly any real ones. (Moveable Type, which powers that blog, does have anti-spam settings, which trap most, but not all, of the junk. Unfortunately, the price is that for some reason it rejects all comments I make myself, which means that people who do comment don't get responses from me. Despite a lot of trawling through settings, I have yet to find a solution to this.)

Appropriately diligent research shows that torrent spam isn't new; it was first reported in 2004, and by 2005 there were efforts to create a reporting service. That service now has very little traffic in its forums, and that makes it hard to tell from its stats whether this is a growing problem. Despite the egocentric desire to see it as one – hey, I noticed it! It must be big! – it's probably just a footnote to the great tide of spam that washes over us in so many other ways. A modest amount of attention paid to checking the torrent you're downloading defeats it.

Still, it's arguably yet another reason why the *AAs should have fought back by creating their own cheap, reliable, widely available services. They may pick up some short-term advantage by being able to campaign semi-truthfully on the idea that using P2P to download copyrighted material is risky. But long-term the educational task they'll face in trying to explain to ordinary consumers why we should trust that their systems are safer will be a bigger disadvantage.

On the wider Internet, of course, spam continues to be a relentless flood. Google broke ranks this week to claim that the amount of spam reaching its network is declining. I find it hard to believe this. It's certainly true that spam does move on if a particular technology goes out of favor – the areas of Usenet I frequent are now almost completely spam-free though not, unfortunately, devoid of single-idea-obsessed idiots with a trigger-finger on the abusive adjectives.

But if email spam does start to die because too many people have moved their real communications to IM, Skype, Facebook, and other newer, more carefully gated media it seems unlikely that any one service provider will be singled out. Given that the single biggest reason email spam is popular is that it costs next to nothing to send, I really can't see botnet designers sitting around their labs going, "Oh, listen, this time let's not bother sending anything to gmail addresses; they just bounce it." If there's one thing we know about spammers it's that they don't care about targeting. I find Facebook, LinkedIn, and the other social network platforms painfully irritating to use for communications compared to email; but for a lot of people they work as an elaborate form of white-listing.

But others do not. "I'm more likely to have Facebook open these days than Outlook," one such correspondent wrote just this morning when I suggested taking it to email.

The longer-term prospects, though, are for much more "legitimate" marketing email. Spamhaus has a really interesting article up about a recent flood of sales messages it's received from one of the lifetime menaces on its ROKSO list advertising cheap home delivery of the New York Times. That same article talks about the many ways email addresses find their way onto marketing lists: sharing with third-party companies and database-matching being the most significant. Then, also this week, Adobe and Yahoo! announced that we can have – oh, joy! – ads in PDFs downloaded dynamically while we try to read.

Doesn't anyone get it? The difference between marketing and spam is user choice. Take that away, and it's all just spam.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

October 26, 2007

Tomorrow's world

"It's like 1994," Richard Bartle, the longest-serving virtual world creator, said this week. We were at the Virtual Worlds Forum. Sure enough: most of the panels were about how businesses could make money! in virtual worlds! Substitute Web! and Bartle was right.

"Virtual worlds are poised to revolutionize today's Web ecommerce," one speaker said enthusiastically. "They will restore to ecommerce the social and recreational aspect of shopping, the central element in the real world, which was stripped away when retailers went online."

There's gold in them thar cartoon hills.

But which hills? Second Life is, to be sure, the virtual world du jour, and it provides the most obviously exploitable platform for businesses. But in 1994 so did CompuServe. It was only three years later – ten years ago last month – that it had shrunk sufficiently for AOL to buy it as revenge. In turn, AOL is itself shrinking – its subscription revenues for the quarter ending June 30, 2007 were half those in the same quarter in 2006.

If there is one thing we know about Internet communities it's that they keep reforming in new technologies, often with many of the same people. Today's kids bop from world to world in groups, every few months. The people I've known on CIX or the WELL turn up on IRC, LiveJournal, Facebook, and IM. Sometimes you flee, as Corey Bridges said of social networks, because your friends list has become "crufted" up with people you don't like. You take your real friends somewhere else until mutatis mutandem. In the older text-based conferencing systems, same pattern: public conferences filled with too many annoying people joined sent old-timers to gated communities like mailing lists or closed conferences. And so it goes.

In a post pointed at by the VWF blog Metaversed's Nick Wilson defines social virtual worlds and concludes that there are only eight of them – the rest are not yet available to the general public, children's worlds, or simply development platforms. "The virtual worlds space," he concludes, "is not as large as many people think."

Probably anyone who's tried to come to grips with Second Life, number one on Wilson's list, without the benefit of friends to go there with knows that. Many parts of SL are resoundingly empty much of the time, and it seems inarguable that most of SL's millions of registered users try it out a few times and then leave their avatars as records in the database. Nonetheless, companies keep experimenting and find the results valuable. A batch of Italian IBMers even used the world to stage a strike last month. Naturally it crashed IBM's SL Business Center: the 1,850 strikers were spread around seven IBM locations, but you can only put about 50 avatars on an island before server lag starts to get you. Strikes: the original denial-of-service attacks.

But questioning whether there's a whole lot of there there is a nice reminder that in another sense, it's 1999. Perfect World, a Chinese virtual world, went public at the end of July, and is currently valued at $1.6 billion. It is, of course, losing money. Meanwhile Microsoft has invested $240 million of the change rattling around the back of its sofas in Facebook to become its exclusive "advertising partner", giving that company an overall value of $515 billion. That should do nicely to ensure that Google or Yahoo! doesn't buy it outright, anyway. Rupert Murdoch bought MySpace only two years ago for $580 million – which sounds like a steal by comparison if it weren't for the fact that Murdoch has made many online plays and they've all so far been wrong.

Two big issues seem to be dominating discussions about "the virtual world space". One: how to make money. Two: how and whether to make world interoperable, so when you get tired of one you can pick up your avatar and reputation and take them somewhere new. It was in discussing this latter point that Bridges made the comment noted above: after a while in a particular world shedding that world's character might be the one thing you really want to do. In real life, wherever you go, there you are. Freely exploring your possible selves is what Richard Bartle had in mind when he wrote the first MUD.

The first of those is, of course, the pesky thing only a venture capitalist or a journalist would ask. So far, in general game worlds make their money on subscriptions, and social worlds make their money selling non-existent items like land and maintenance fees thereupon (actually, says Linden Labs, "server resources"). But Asia seems already to be moving toward free play with the real money coming from in-game item sales: 80 million Koreans are buying products in and from Cyworld.

But the two questions are related. If your avatar only functions in a single world, the argument goes, that makes virtual worlds closed environments like the ones CompuServe and AOL failed with. That is of course true – but only after someone comes up with an open platform everyone can use. Unlike the Internet at large, though, it's hard to see who would benefit enough from building one to actually do it.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

October 5, 2007

Back to high skool

"Do you have a Facebook page?" one of my friends asked last week. Suppressing the desire to say, "Why? You never talk to me anyway," I simply said: "No." I have a Web site, a personal blog, all the journalism I do; I participate in at least six online communities, two IRC channels, and have email and four IM clients open on my desktop at all times. When people say "Facebook", "LinkedIn", or "MySpace" I sound like a little kid being forced to wear a sweater: "Do I have to…?" I mean, what percentage of my computer needs to belong to other people?

Besides, all these social networks really miss the point. They want you to say who your friends are, for a very small value of the word "friend". Hey, guys, these aren't friends; these are people I happen to know. They're only friends in the sense that if you meet someone in Kyrzgystan that you once worked with 15 years ago in London that you couldn't stand you fall upon them with glad cries of delight just because they aren't a stranger who can't speak English and are unarmed.

Starting with seven AIM buddies Facebook could find, the system started throwing up the names of people it thought I might know. And yes, some of those names are definitely familiar. So I added a few of them, randomly chosen. Two minutes later, an IM: "Did you ask to be my friend on Facebook?" The only sane person.

Then the system offers me "friends of friends".

This is not what I need: more tenuous connections to people to whom I'll have something to say once every five years. And that's why these social networks are wrong. You shouldn't be able to specify friends. You should be able to specify *enemies*. And the specification should be public. Keep your friends close – and your enemies closer.

Calling these things "social networks" makes them sound much grander and more grown-up than they really are. What they are is high school. With cliques and mysteriously popular people who are total jerks and mysteriously unpopular people to whom everyone is mean who are really nice and honorable. (Well, my school was never like that, or maybe I was too disconnected to notice, but all the TV writers seem to have gone to schools that were. I was unpopular, and there was no mystery about it: I was raised by wolves.) High school relationships are all about knowing who is enemies with whom. You can recover if, by mistake, you say something disparaging about someone to their best friend. You can't recover if you tell your friend's best friend's secret to that best friend's sworn enemy.

Your only chance there is that the enemy will pick you up as a friend; the rest are lost to you. My enemy's enemy is my friend: now there's a powerful basis for a friendship. And on a properly constructed social network, that prospective friend would be clearly visible to you.

But under the saccharine rule of Facebook, my friend's friend isn't my enemy (which would be useful to know). In a lot of cases it's someone I've never met. And given that half the people labeled as "friends" aren't really friends at all (you know who you are not), it's probably someone I wouldn't even like if I did meet them.

Plus, some of the people who I really do know best don't want to be public about it (well, would you?), so I can't tag them as friends, because then other people will see them in my list and might start asking questions. How helpful is that? Why isn't there a "secret friends" option? Have the people who run Facebook never heard of adultery?

I also have two "friends" who are just people I clicked on by mistake and sent the request before I realized. And they accepted? Is this like negative feedback on eBay, where you don't dare say anything bad about a delinquent seller because they might retaliate by trashing your hard-earned 100 percent positive reputation? Or are they "But he was my friend on Facebook for years, and he seemed like such a nice, normal guy – I can't believe it" people?

But, you know, I'm socially gregarious. Pleasant to a fault. Sweet. Kind. Gentle. Good. The kind of person anyone would want to have in their inbook. Or inbox. Whatever. Like Bugs Bunny. As long as they didn't actually know me in high school, I don't see why they shouldn't pretend to be my friend. It does seem to me curious, though, that so many of the digerati are not more embarrassed to admit they have a Facebook page. I mean, it's pathetic, all this trying to look cool and keep up with the teenagers. Clearly, anyone who would openly claim as a friend someone on Facebook is someone I do not want to admit to knowing. Groucho would never friend me on Facebook.

And the actual friend who asked me to join? Fuhgeddaboudit. He's got a common name and a habit of not specifying any details. He could be any of about 200 people. Should I friend them all, just to see?

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

September 21, 2007

The summer of lost hats

I seem to have spent the summer dodging in and out of science fiction novels featuring four general topics: energy, security, virtual worlds, and what someone at the last conference called "GRAIN" technologies (genetic engineering, robotics, AI, and nanotechnology). So the summer started with doom and gloom and got progressively more optimistic. Along the way, I have mysteriously lost a lot of hats. The phenomena may not be related.

I lost the first hat in June, a Toyota Motor Racing hat (someone else's joke; don't ask) while I was reading the first of many very gloomy books about the end of the world as we know it. Of course, TEOTWAWKI has been oft-predicted, and there is, as Damian Thompson, the Telegraph's former religious correspondent, commented when I was writing about Y2K – a "wonderful and gleeful attention to detail" in these grand warnings. Y2K was a perfect example: a timetable posted to comp.software.year-2000 had the financial system collapsing around April 1999 and the cities starting to burn in October…

Energy books can be logically divided into three categories. One, apocalyptics: fossil fuels are going to run out (and sooner than you think), the world will continue to heat up, billions will die, and the few of us who survive will return to hunting, gathering, and dying young. Two, deniers: fossil fuels aren't going to run out, don't be silly, and we can tackle global warming by cleaning them up a bit. Here. Have some clean coal. Three, optimists: fossil fuels are running out, but technology will help us solve both that and global warming. Have some clean coal and a side order of photovoltaic panels.

I tend, when not wracked with guilt for having read 15 books and written 30,000 words on the energy/climate crisis and then spent the rest of the summer flying approximately 33,000 miles, toward optimism. People can change – and faster than you think. Ten years ago, you'd have been laughed off the British isles for suggesting that in 2007 everyone would be drinking bottled water. Given the will, ten years from now everyone could have a solar collector on their roof.

The difficulty is that at least two of those takes on the future of energy encourage greater consumption. If we're all going to die anyway and the planet is going inevitably to revert to the Stone Age, why not enjoy it while we still can? All kinds of travel will become hideously expensive and difficult; go now! If, on the other hand, you believe that there isn't a problem, well, why change anything? The one group who might be inclined toward caution and saving energy is the optimists – technology may be able to save us, but we need time to create create and deploy it. The more careful we are now, the longer we'll have to do that.

Unfortunately, that's cautious optimism. While technology companies, who have to foot the huge bills for their energy consumption, are frantically trying to go green for the soundest of business reasons, individual technologists don't seem to me to have the same outlook. At Black Hat and Defcon, for example (lost hats number two and three: a red Canada hat and a black Black Hat hat), among all the many security risks that were presented, no one talked about energy as a problem. I mean, yes, we have all those off-site backups. But you can take out a border control system as easily with an electrical power outage as you can by swiping an infected RFID passport across a reader to corrupt the database. What happens if all the lights go out, we can't get them back on again, and everything was online?

Reading all those energy books changes the lens through which you view technical developments somewhat. Singapore's virtual worlds are a case in point (lost hat: a navy-and-tan Las Vegas job): everyone is talking about what kinds of laws should apply to selling magic swords or buying virtual property, and all the time in the back of your mind is the blog posting that calculated that the average Second Life avatar consumes as much energy as the average Brazilian. And emits as much carbon as driving an SUV for 2,000 miles. Bear in mind that most SL avatars aren't figured up that often, and the suggestion that we could curb energy consumption by having virtual conferences instead of physical ones seems less realistic. (Though we could, at least, avoid airport security.) In this, as in so much else, the science fiction writer Vernor Vinge seems to have gotten there first: his book Marooned in Real Time looks at the plight of a bunch of post-Singularity augmented humans knowing their technology is going to run out.

It was left to the most science fictional of the conferences, last week's Center for Responsible Nanotechnology conference (my overview is here) to talk about energy. In wildly optimistic terms: technology will not only save us but make us all rich as well.

This was the one time all summer I didn't lose any hats (red Swiss everyone thought was Red Cross, and a turquoise Arizona I bought just in case). If you can keep your hat while all around you everyone is losing theirs…

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

August 31, 2007

Snouting for bandwidth

Our old non-friend Comcast has been under fire again, this time for turning off Internet access to users it deems to have used too much bandwidth. The kicker? Comcast won't tell those users how much is too much.

Of course, neither bandwidth caps nor secrecy over what constitutes heavy usage is anything new, at least in Britain. ntl brought in a 1Gb per day bandwidth cap as long ago as 2003. BT began capping users in 2004. And Virgin Media, which now owns ntl and apparently every other cable company in the UK, is doing it, too.

As for the secrecy, a few years ago when "unlimited" music download services were the big thing, it wasn't uncommon to hear heavy users complain that they'd been blocked for downloading so much that the service owner concluded they were sharing the account. (Or, maybe hoarding music to play later, I don't know.) That was frustrating enough, but the bigger complaint was that they could never find out how much was too much. They would, they said, play by the rules – if only someone would tell them what those rules were.

This is the game Comcast is now playing. It is actually disconnecting exceptionally heavy users – and then refusing to tell them what usage is safe. Internet service, as provided by Franz Kafka. The problem is that in a fair number of areas of the US consumers have no alternative if they want broadband. Comcast owns the cable market, and DSL provision is patchy. The UK is slightly better off: Virgin Media now owns the cable market, but DSL is widespread, and it's not only sold by BT directly but also by smaller third parties under a variety of arrangements with BT's wholesale department.

I am surprised to find I have some – not a lot, but some – sympathy with Comcast here. I do see that publishing the cap might lead to the entire industry competing on how much you can download a month – which might in turn lead to everyone posting the "unlimited" tag again and having to stick with it. On the other hand, as this Slashdot comment says, subscribers don't have any reliable way of seeing how much they actually are downloading. There is no way to compare your records with the company's equivalent to balancing your check book. But at least you can change banks if the bank keeps making mistakes or your account is being hacked. As already noted, this isn't so much of an option for Comcast subscribers.

This type of issue is resurfacing in the UK as a network neutrality dispute with the advent of the BBC's iPlayer. Several large ISPs want the BBC to pay for bandwidth costs, perhaps especially because its design makes it prospectively a bandwidth hog. It's an outrageous claim when you consider that both consumers and the BBC already pay for their bandwidth.

Except…we don't, quite. The fact is that the economics of ISPs have barely changed since they were all losing money a decade ago. In the early days of the UK online industry, when the men were men, the women were (mostly) men, and Demon was the top-dog ISP, ISPs could afford to offer unlimited use of their dial-up connections for one very simple reason. They knew that the phone bills would throw users offline: British users paid by the minute for local calls in those days. ISPs could, therefore, budget their modem racks and leased lines based on the realistic assessment that most of their users would be offline at any given time.

Cut to today. Sure, users are online all the time with broadband. But most of them go out to work (or, if they're businesses, go home at night), and heavy round-the-clock usage is rare. ISPs know this, and budget accordingly. Pipes from BT are expensive, and their size is, logically, enough, specified based on average use. There isn't a single ISP whose service wouldn't fall over if all its users saturated all their bandwidth 24/7. And at today's market rates, there isn't a single ISP who could afford to provide a service that wouldn't fall over under that level of usage. If an entire nation switches even a sizable minority of its viewing habits to the iPlayer ISPs could legitimately have a problem. Today's bandwidth hogs are a tiny percentage of Internet users, easily controlled. Tomorrow's could be all of us. Well, all of us and the FBI.

Still, there really has to be a middle ground. The best seems to be the ideas in the Slashdot posting linked about: subscribers should be able to monitor the usage on their accounts. Certainly, there are advantages to both sides in having flexible rules rather than rigid ones. But the ultimate sanction really can't be to cut subscribers off for a year, especially if they have no choice of supplier. If that's how Comcast wants to behave, it could at least support plans for municipal wireless. Let the burden of the most prolific users of the Internet, like those of health care, fall on the public purse. Why not?


Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

August 24, 2007

Game gods

Virtual worlds have been with us for a long time. Depending who you listen to, they began in 1979, or 1982, or it may have been the shadows on the walls of Plato's cave. We'll go with the University of Essex MUD, on the grounds that its co-writer Richard Bartle can trace its direct influence on today's worlds.

At State of Play this week, it was clear that just as the issues surrounding the Internet in general have changed very little since about 1988, neither have the issues surrounding virtual worlds.

True, the stakes are higher now and, as Professor Yee Fen Lim noted, when real money starts to be involved people become protective.

Level 70 warrior accounts on World of Warcraft go for as little as $10 (though your level number cannot disguise your complete newbieness), but the unique magic sword you won in a quest may go for much more. The best-known pending case is Bragg versus Second Life over virtual property the world's owners confiscated when they realized that Bragg was taking advantage of a loophole in their system to buy "land" at exceptionally cheap prices. Lim had an interesting take on the Bragg case: as a legal concept, she argued, property is right of control, even though Linden Labs itself defines its virtual property as rental of a processor. As computer science that's fine, but it's not law. Otherwise, she said, "Property is mere illusion."

Ultimately, the issues all come down to this: who owns the user experience? In subscription gaming worlds, the owners tend to keep very tight control of everything – they claim ownership in all intellectual property in the world, limit users' ability to create their own content, and block the sale of cheats as much as possible. In a free-form world like Second Life which may host games but is itself a platform rather than a game, users are much freer to do what they want but the EULAs or Terms of Service may be just as unfair.

Ultimately, no matter what the agreement says, today's privately owned virtual worlds all function under the same reality: the game gods can pull the plug at any time. They own and control the servers. Possession is nine-tenths of the law, and all that. Until someone implements open source world software on a P2P platform, this will always be the way. Linden Labs says, for what it's worth, that its long-term intention is to open-source its platform so that anyone may set up a world. This, too, has been done before, with The Palace.

One consequence of this is that there is no such thing as virtual privacy, a topic that everyone is aware of but no one's talking about. The piecemeal nature of the Net means that your friend's IRC channel doesn't know anything about your Web use, and Amazon.com doesn't track what you do on eBay. But virtual worlds log everything. If you buy a new shirt at a shop and then fly to a distant island to have sex with it, all that is logged. (Just try to ensure the shirt doesn't look like a child's shirt and you don't get into litigation over who owns the island…)

There are, as scholars say, legitimate reasons. Logging everything that happens is important in helping game developers pinpoint the source of crashes and eliminate bugs. Logs help settle disputes over who did what to whose magic sword. And in a court case, they may be important evidence (although how you can ensure that the logs haven't been adjusted to suit the virtual world provider, who is usually one of the parties to the litigation, I don't know).

As long as you think of virtual worlds as games, maybe this isn't that big a problem. After all, no one is forced to spend half their waking hours killing enough monsters in World of Warcraft to join a guild for a six-hour quest.

But something like Second Life aspires to be a lot more than that. The world is adding voice communication, which will be interesting: if you have to use your real voice, the relative anonymity conferred by the synthetic world are gone. Quite apart from bandwidth demands (lag is the bane of every SLer's existence), exploring what virtual life is like in the opposite gender isn't going to work. They're going to need voice synthesizers.

Much of the law in this area is coming out of Asia, where massively multi-player online games took off so early with such ferocity that, according to Judge Unggi Yoon, in a recent case a member of a losing team in one such game ran to the café where the winning team was playing and physically battered one of its members. Yoon, who explained some of the new laws, is an experienced online gamer, all the way back to playing Ultima Online in middle school. In his country, a law has recently come into force taxing virtual world transactions (it works like a VAT threshold – under $100 a month you don't owe anything). For Westerners, who are used to the idea that we make laws and export them rather than the other way around, this is quite a reality shift.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

August 17, 2007

Welcome to Singapore

Some designs are just annoying – the Blue Screen of Death, say, once you get over the initial fright of seeing it, Somewhere on the planet there may be someone who sees the screen and can read the gibberish in the few seconds before the screen goes black and the computer restarts and say, "Ah, yes, it's the shedelepp in the specklediff" (non-words courtesy of the late humorist Jean Kerr).

Other designs are just dangerous: the laptop power adaptors that burst into flames, for example.
The really insidious ones are the ones that scare you half to death and make you scurry around in panicked circles ministering to them. Here is one such. The iGo Juice is in many ways an admirable product. It will power just about any laptop in just about any circumstance. It has two flaws: it relies on a bolt-together design using proprietary cables and plugs that you can't get anywhere but from iGo, and some of those cables and plugs are rather small and come apart rather too easily.

Which is all to explain how I managed to unpack the laptop in my hotel room on the evening I arrived in Singapore to discover that the little tiny plug that hooks the whole thing to the laptop was missing, presumably still hiding in my airplane seat. I may be more frightened of being in a foreign city with no laptop power more than almost anything that's actually likely to happen to me.

First idea: call airline, ask them to look for the plug. Airlines do find things sometimes; I'm fairly sure that if I were able to search the plane myself I *would* find it. However, it's a small plug, and it's nearly the same color as many of the furnishings…clearly a Plan B was needed.

It has to be possible to find a laptop adaptor that works in Singapore, right? It's southeast Asia. Electronics country. This is where geeks come for fun.

The hotel said, "Funan." I had already read about it online: a giant electronics shopping mall. It's within walking distance, which is near-miraculous. But it will be closing soon, probably in the next hour. I set out promptly in the wrong direction, map in hand.

There are several reasons why you can't actually walk very fast in Singapore. For one thing, downtown Singapore is filled with malls, overpasses, and other diversions that all work to slow you down. You have to go around, up, through, or over them. Second of all, and this is a hard thing for a native New Yorker, jaywalking is illegal – and they are said to enforce that law. (In fact, at one particularly crowded crossing there were police officers making sure.) Third of all, and I think this was just coincidental, it was incredibly crowded. Almost everyone was going the other way because there was going to be a huge firework display.

Funan, when I eventually got there after half an hour of walking (past, among other things, a giant Chinese pagoda) is six stories of electronics stores, all at various stages of closing for the night. The first one had a universal adaptor for S$170 that didn't have a plug that fit. It recommended a second store I couldn't find, and a third that was closed. A fourth store said no. The fifth had a list of adaptors it sold outside, and my specification was on it – but it was out of stock. And then a miracle happened. A guy materialized with another universal adaptor that came with more plugs. And one of them fit. And when we plugged it all in the laptop actually confirmed it was getting power. For S$49.

Of course, every design has its pluses and minuses. iGo's idea seems to have been to protect pins and cables so securely that they wouldn't break, a common problem with adaptors. The cables are braided or heavily insulated, and all the pins in all the plugs are encased in plastic to protect them. It's a nice design except for the losing parts problem.

I don't think the designers understand how important that really is – it makes their design so fragile if you're on the road somewhere. I feel sure that their design is a response to years of frustration with the more common type of adaptor, whose cable emerges from the power brick with a molded plastic surround that wears out under the strains of folding and unfolding the cord. But by fixing that perennial problem they created a new one: a design that at any given time is only one tiny proprietary part away from total failure.

Of course, the truly obsessive travel with not only backup power supplies but second laptops. And I suppose my Plan C would have been something like that: buy a new laptop, which of course would come with its own power adaptor. These days, when laptops all use commodity parts, you can just swap in the old one's hard drive and let the BIOS figure it out. It seems disproportionate, but anything has to be better than the black void of no communications, nothing to work on, and no entertainment. Because these days, when you travel, your laptop is all those things.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

July 27, 2007

There ain't no such thing as a free Benidorm

This has been the week for reminders that the border between real life and cyberspace is a permeable blood-brain barrier.

On Wednesday, Linden Labs announced that it was banning gambling in Second Life. The resentment expressed by some of SL residents is understandable but naive. We're not at the beginning of the online world any more; Second Life is going through the same reformation to take account of national laws as Usenet and the Web did before it.

Second, this week MySpace deleted the profiles of 29,000 American users identified as sex offenders. That sounds like a lot, but it's a tiny percentage of MySpace's 180 million profiles. None of them, be it noted, are Canadian.

There's no question that gambling in Second Life spills over into the real world. Linden dollars, the currency used in-world, have active exchange rates, like any other currency, currently running about L$270 to the US dollar. (When I was writing about a virtual technology show, one of my interviewees was horrified that my avatar didn't have any distinctive clothing; she was and is dressed in the free outfit you are issued when you join. He insisted on giving me L$1,000 to take her shopping. I solemnly reported the incident to my commissioning editor, who felt this wasn't sufficiently corrupt to worry about: US$3.75! In-world, however, that could buy her several cars.) Therefore: the fact that the wagering takes place online in a simulated casino with pretty animated decorations changes nothing. There is no meaningful difference between craps on an island in Second Life and poker on an official Web-based betting site. If both sites offer betting on real-life sporting events, there's even less difference.

But the Web site will, these days, have gone through considerable time and money to set up its business. Gaming, even outside the US, is quite difficult to get into: licenses are hard to get, and without one banks won't touch you. Compared to that, the $3,800 and 12 to 14 hours a day Brighton's Anthony Smith told Information Week he'd invested in building his SL Casino World is risibly small. You have to conclude that there are only two possibilities. Either Smith knew nothing about the gaming business - if he did, he know that the US has repeatedly cracked down on online gambling over the last ten years and that ultimately US companies will be forced to decide to live within US law. He'd also have known how hard and how expensive it is to set up an online gambling operation even in Europe. Or, he did know all those things and thought he'd found a loophole he could exploit to avoid all the red tape and regulation and build a gaming business on the cheap.

I have no personal interest in gaming; risking real money on the chance draw of a card or throw of dice seems to me a ridiculous waste of the time it took to earn it. But any time you have a service that involves real money, whether that service is selling an experience (gaming), a service, or a retail product, when the money you handle reaches a certain amount governments are going to be interested. Not only that, but people want them involved; people want protection from rip-off artists.

The MySpace decision, however, is completely different. Child abuse is, rightly, illegal everywhere. Child pornography is, more controversially, illegal just about everywhere. But I am not aware of any laws that ban sex offenders from using Web sites, even if those Web sites are social networks. Of course, in the moral panic following the MySpace announcement, someone is proposing such a law. The MySpace announcement sounds more like corporate fear (since the site is now owned by News International) than rational response. There is a legitimate subject for public and legislative debate here: how much do we want to cut convicted sex offenders out of normal social interaction? And a question for scientists: will greater isolation and alienation be effective strategies to keep them from reoffending? And, I suppose, a question for database experts: how likely is it that those 29,000 profiles all belonged to correctly identified, previously convicted sex offenders? But those questions have not been discussed. Still, this problem, at least in regards to MySpace, may solve itself: if parents become better able to track their kids' MySpace activities, all but the youngest kids will surely abandon it in favour of sites that afford them greater latitude and privacy.

A dozen years ago, John Perry Barlow (in)famously argued that national governments had no place in cyberspace. It was the most hyperbolic demonstration of what I call the "Benidorm syndrome": every summer thousands of holidaymakers descend on Benidorm, in Spain, and behave in outrageous and sometimes lawless ways that they would never dare indulge in at home in the belief that since they are far away from their normal lives there are no consequences. (Rinse and repeat for many other tourist locations worldwide, I'm sure.) It seems to me only logical that existing laws apply to behaviour in cyberspace. What we have to guard against is deforming cyberspace to conform to laws that don't exist.


Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

June 15, 2007

Six degrees of defamation

We used to speculate about the future of free speech on the Internet if every country got to impose its own set of cultural quirks and censorship dreams on The lowest common denominator would win – probably Singapore.

We forgot Canada. Michael Geist, the Canada Research Chair of Internet and E-Commerce Law at the University of Ottawa, is being sued for defamation by Wayne Crookes, a Vancouver businessman (it says here). You might think that Geist, who doubles as a columnist for the Toronto Star (so enlightened, a newspaper with a technology law column!), had slipped up and said something unfortunate in one of his public pronouncements. But no. Geist is part of an apparently unlimited number of targets that have linked to other sites that have linked to sites that allegedly contained defamatory postings.

In Geist's words on his blog at the end of May, "I'm reportedly being sued for maintaining a blogroll that links to a site that links to a site that contains some allegedly defamatory third party comments." (Geist has since been served.)
Crookes is also suing Yahoo!, MySpace, and Wikipedia. (If you followed the link to the Wikipedia stub identifying Wayne Crookes, now you know why it's so short. Wikipedia's own logs, searchable via Google, show that it's replacing the previous entry.) Plus P2Pnet, OpenPolitics.ca, DomainsByProxy, and Google. In fact, it's arguable that if Crookes isn't suing you your Net presence is so insignificant that you should put your head in a bucket.

One of the things about a very young medium – as the Net still is – is that the legal precedents about how it operates may be set by otherwise obscure individuals. In Britain, one of the key cases determining the liability of ISPs for material they distribute was 1999's Laurence Godfrey vs Demon Internet. Godfrey was, or is, an otherwise unremarkable British physics lecturer working in Canada until he discovered Usenet; his claim to fame (see for example the Net.Legends FAQ) is a series of libel suits he launched to protect his reputation after a public dispute whose details probably few remember or understand. In 2000 Demon settled the case, paying Godfrey £15,000 and legal costs. And thus were today's notice and takedown rules forged.

The truly noticeable thing about Godfrey's case against Demon was that Demon was not Godfrey's ISP, nor was it the ISP used by the poster whose 1997 contributions to soc.culture.thai were at issue. Demon was merely the largest ISP in Britain that carried the posting, along with the rest of the newsgroup, on its servers. The case therefore is one of a string of cases that loosely circled a single issue: the liability of service providers for the material they host. US courts decided in 1991, in Cubby vs Compuserve, that an online service provider was more like a bookstore than a publisher. But under the Digital Millennium Copyright Act it has become alarmingly easy to frighten individuals and service providers into taking down material based on an official-looking lawyer's letter. (The latest target, apparently, is guitar tablature, which, speaking as a musician myself, I think is shameful.)

But the more important underlying thread is the attempt to keep widening the circle of liability. In Cubby, at least the material at issue appeared on the Journalism Forum which, though independently operated, was part of CompuServe's service. That particular judgement would not have helped any British service provider: in Britain, bookstores, as well as publishers, can be held responsible for libels that appear in the books they sell, a fact that didn't help Demon in the Godfrey case.

In the US, the next step was 2600 DeCSS case (formally known as Universal City vs Reimerdes, which covered not only posting copies of the DVD-decrypting software but linking to sites that had it available. This, of course, was a copyright infringement case, not a libel case; with respect to libel the relevant law seems to be, of all things, the 1996 Communications Decency Act, which allocated sole responsibility to the original author. Google itself has already won at least one lawsuit over including allegedly defamatory material in its search results.

But legally Canada is more like Britain than like the US, so the notion of making service providers responsible may be a more comfortable one. In his column on the subject, Geist argues that if Crookes' suits are successful Canadian free speech will be severely curtailed. Who would dare run a wiki or allow comments on their blog if they are to be held to a standard that makes them liable for everything posted there? Who would even dare put a link to a third-party site on a Web site or in a blogroll if they are to be held liable for all the content not only on that site but on all sites that site links to? Especially since Crookes's claim against Wikimedia is not that the site failed to remove the offending articles when asked, but that the site failed to monitor itself proactively to ensure that the statements did not reappear.

The entire country may have to emigrate virtually. Are you now, or have you ever been, Canadian?

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

May 18, 2007

Home improvement

I built a PC this week.

Or, more correctly, I assembled a PC. These days, unless you're someone laboring in the bowels of a hardware manufacturer's research department somewhere – say, IBM, or HP – what people mean when they say they've built a computer requires about as much creative intelligence as a script kiddie needs to color-by-numbers a velvet painting. About the only degree of difficulty is in the fact that it doesn't come with a full set of instructions. That being the case, you really have to wonder why Ikea hasn't started selling flat-packed computer kits; those graphical instruction sheets they do for furniture would be perfect for this. (You do get a manual with the motherboard at least, and there are plenty of sets of instructions around the Web; plus you can successfully search for answers to almost any problem you might encounter for specific components.)

You would think that because PCs are now such commodity items no one could possibly need to build one; it must be one of those middle-aged crises that comes upon people, like turning 50 and trying to pretend they're 22 again, or suddenly desperately wanting to be a grandparent. In fact, the reason to build one is precisely that PCs have become commodity items. They're so standardized that it's almost impossible to find what you actually want.

Five years ago, when I bought my last main desktop machine (a Celeron 1.7GHz, 1Gb of RAM, 60Gb of hard drive space, a DVD-ROM drive, and a dual-head graphics card that came in at about £700, if I remember correctly), I bought from a small supplier who built the machine to order. The dual-head graphics card was the one rather weird feature; standard now, it was a bit exotic then. I didn't actually get the second monitor right away, but I knew I wanted the capacity and planned accordingly. For the time, the processor was some steps back from the leading edge. That was deliberate: extra memory and hard drive space are worth much more to me.

Three years ago, that supplier, like many others, concluded that the margins in selling computers were now so thin you just couldn't make a living trying to compete with Dell. So they quit. You still can, if you try hard or frequent the right electronic conference systems, find people who will build computers to order. Typically, though, they seem to do it as one of a range of add-ons (such as supplying ADSL) that they offer because their consultancy clients. They tend not to show up in Web searches.

What do show up are custom PC builders for the one class of people who are generally willing to spend real money on their computers and care about every detail of how they are constructed: hard-core gamers. Logical. But these machines emphasize the wrong attributes. I don't need to wring every last bit of speed, graphic ability, and high-end bravura out of my machines. I do want my main desktop (eventually) to drive two 24inch widescreens, not keep me waiting when I have 95 Firefox windows open, and write a DVD without tying up the whole machine for an hour.

I had been thinking it was time for a new machine anyway – five years! The old machine was certainly fast enough to type on, and although it balked a bit it didn't really mind having 95 Firefox windows and one of those peer-to-peer Chinese TV players open (along with 16 other things). It was my brief assignment in Second Life that really killed it. I couldn't understand how so many people could enjoy hanging around in a world so badly designed that when you pressed on a cursor key your point of view barely moved. It seemed to take forever to turn around. Then I tried it on my Core 2 Duo laptop…

Oh.

So the new machine is a Core 2 Duo, 2Gb of RAM, 500 Gb of hard drive space, a dual-layer DVD writer, and a much better dual-head graphics card. "Why couldn't you just get a new graphics card?" someone asked me, apparently suspecting that I was Just Making Excuses. Well, because in five years a whole lot of things have changed, and one of them is the way graphics cards plug into motherboards. So I'd need a new motherboard. And because all those faster processors need better cooling than older cases were designed for, I'd need a new case. And anyway, as my friends tell me, a lot of the improvements in speed in recent years haven't really just been processors or faster memory but all kinds of tweaks that individually aren't much but together add up to a whole lot.

In the end, I bought most of the components I wanted from a single small supplier from CIX (of course), who was happy to help with support and advice. It was, in fact, really only one self-assembly step removed from the small supplier of five years ago.

Several people told me that they found having built their own machines a source of great satisfaction. I can't say that (though it is nice, and fast, and, especially, quiet). But it's a great source of new worries. Is 60 degrees C too hot for a CPU?

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

April 27, 2007

My so-called second life

It's a passing fad. It's all hype. They've got good PR. Only sad, pathetic people with no real lives would be interested.
All things that were said about the Internet 12 years ago. All things being said now about Second Life today. Wrong about the Internet. Wrong, too, about Second Life.

Hanging around a virtual world dressed as a cartoon character isn't normally my idea of a good time, but last weekend Wired News asked me to attend the virtual technology exposition going on inworld, and so I finally fired up Gwyndred Wuyts, who I'd created some weeks back.

Second Life is of course a logical continuation of the virtual worlds that went before it. The vending machines, avatars, attachments (props such as fancy items of clothing, laptops, or, I am given to understand, quite detailed, anatomically correct genitals), and money all have direct ancestors in previous virtual worlds such as Worlds Away (Fujitsu), The Palace, and Habitat (Lucasfilm). In fact, though, the prior art Second Life echoed most at first was CompuServe, which in 1990 had no graphics except ASCII art and little sense of humor – but was home to technology companies of all sizes, who spoke glowingly of the wonders of having direct contact with their customers. In 1990 every techie had a CompuServe ID.

Along came the Web, and those same companies gratefully retreated to the Web, where they could publish their view of the world and their support documents and edit out the abuse and backtalk. Now, in Second Life, the pendulum is swinging back it's flattened hierarchies all over again.

"You have to treat everyone equally because you can't tell who anyone is. They could be the CEO of a big company," Odin Liam Wright (SL: Liam Kanno) told me this week. " In SL, he says, what you see is "more the psyche than the economic class or vocation or stature."

Having to take people as they present themselves without the advantage of familiar cues and networked references was a theme frequently exploited by Agatha Christie. Britain was then newly mobile, and someone moving to a village no longer came endorsed by letters from mutual friends. People could be anybody, her characters frequently complain.

Americans are raised to love this kind of social mobility. But its downside was on display yesterday in a panel on professionalism at the Information Security conference, where several speakers complained that the informal networks they used to use to check out their prospective security hires no longer exist. International mobility has made it worse: how do you assess a CV when both the credentials and the organizations issuing them are unknown to you?

Well, great: if the information security professionals don't know whom to trust, what hope is there for the rest of us?

Nonetheless, the speaker was wrong. The informal networks exist, just not where he's looking for them. When informal networks get overrun by the mainstream, they move elsewhere. In the late 1980s, Usenet was such a haven; by 1994, when September stopped ending and AOL moved in, everyone had retreated to gated communities (private forums, mailing lists, and so on). Right now, some of those informal networks are on Second Life, and the window is closing as the mainstream becomes more aware of the potential of the virtual world as a platform.

Previous world were popular and still died. But Second Life is different, first and foremost because of timing. People have broadband. They have computers powerful enough to handle the graphics and multiple applications. Their movement around the virtual world is limited only by their manual dexterity and the capacity of the servers to handle so many interacting simulations at once.

Second: experimentation. At this week's show, I picked up a (beta) headset that plugs Skype into Second Life (Second Talk). People (Cattle Puppy Productions) are providing inworld TV displays (and extracted video clips for the rest of us). Reallusion, one of the show's main sponsors, does facial animation it hopes will transform Second Life from a world of text-typing avatars into one of talking characters. You can pick up a portable office including virtual laptop, unpack it in a park, and write and post real blog entries. Why would you do this when you already have blogging software on your desktop? Because Second Life has the potential to roll everything – all the different forms of communication open on your desktop today – into a single platform. And if you grew up with computer games, it's a more familiar platform than the desktop metaphor generations of office workers required.

Third: advertising. The virtual show looked empty compared to a real-world show; it had 6,000-plus visitors over three days. The emptiness was by design to allow more visitors while minimizing lag. Nonetheless, Dell was there with a virtual configurator on which you could specify your new laptop. Elsewhere inworld, you can drive your new Toyota or Pontiac and read your Reuters news. Moving into Second Life is a way for old, apparently stuffy companies to reinvent their image for the notoriously hard-to-reach younger crowd who are media-savvy and ad-cynical. There is real gold in them thar virtual hills.

Finally, a real reason to upgrade my desktop.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

April 13, 2007

Let's make rules

In London there is a Chinese restaurant that is so famous for the rudeness of its staff that anyone who lives in London reading that can already tell you its name and location: the Wong Kei, in Wardour Street. The food is cheap, quick, and pretty good, so it's always crowded. Last year, I was told they're all polite now. I will never go there again.

Last month, at the Emerging Technology conference, Kathy Sierra, whose talks many people eagerly anticipated, canceled because of death threats and other nastiness on her and several other people's blogs. Not knowing the people of course doesn't stop me from having an opinion, which is that posting her considerable distress on her blog was more likely to feed the troll than to dissuade him. He must be really important and powerful to make a woman cry on her blog that she is too frightened to leave her back yard. Yeah, ME! That kind of thing.

To me, the best response to something like that is to show the death threats to the police if you're seriously concerned but otherwise go on as though the troll is insignficant. What appears to be hatred specifically for you is in fact unlikely to be personal; the troll is looking for someone, anyone, who will respond with fear. In the forums I've been involved in running, you can only get rid of trolls by ignoring them. This requires an enormous amount of discipline, and it's difficult to do because you have to enlist the cooperation of everyone in the forum. But it does work. They get frustrated and go off to find more responsive targets.

Rules don't help much in such a situation. Most people don't need them; the troll gets its rocks off by flouting them. Rules' one usefulness is to be able to point to them when someone crosses the line so you can discipline or ban them without rage and protest on the part of your other users. They, not the troll who's getting all the attention, are the ones who matter because they are your community, your fans, your volunteer helpers, your paying customers…whatever, depending on what kind of forum/IRC channel/Web board/blog/wiki you'are running.

Given that Sierra pulled out of an O'Reilly conference, it's understandable that Tim O'Reilly, coupled with Jimmy Wales, who's had well-documented disciplinary problems of his own lately, would feel impelled to produce a draft code of conduct for the blogosphere. This is wrong – not, as apparently many bloggers have howled, because it's censorship, but because it's irrelevant.

If you doubt this, have a look here. That is Gene Spafford's early 1990s attempt to create a set of rules to civilize Usenet. Usenet: the online area everyone thinks of now as a sinkhole. Did it work? No.

It isn't censorship, in any case, because what it's aimed at controlling is not speech but behavior.
But it does ignore the pre-eminence of community standards, which vary all over the Net and for good reason: we're all different. Some people are unhappy in any gathering that doesn't adhere to the rigid politeness of the Queen's reception rooms; others feel uncomfortably constrained anywhere they're not allowed to tell people to fuck off if they feel like it. Every type of political correctness breeds its companion political incorrectness, and vice versa. And one reason many people love the Net is that it is an open, unconfined antidote to the corsets of everyday life and other media.

Now: the rules. Death threats are illegal, no matter what medium they're made in. We already have real-life rules and community standards about that, and they're remarkably consistent. Whether to allow anonymous or abusive postings must remain withn the discretion of the site owner, who effectively is God in his own little world. As the EFF has maintained for more than a decade now, online anonymity can be extremely important in allowing people to talk about personal problems freely or in cases of corporate whistleblowing.

More important, the draft rules are binary: you're civil or you're not, according to your logo. But this isn't how the Net works because this isn't how people work. The snake-phobics forum might ban all discussion of snakes but still allow people to curse each other out. The polite-language-only forum might allow explicit discussion of how to commit suicide. And the tennis forum might not care whether you mentioned snakes, suicides, or cursed freely – but might delete everything not actually related to tennis because the worst sin in that forum is being off-topic.

Even more important, these rules would not have prevented Sierra's situation. Applying them to her own blog would not have changed the two other blogs on which the death threats against her appeared. And it seems unlikely that the death threat posters would sign up to them. Go to the police; get someone technical to investigate the source; by all means educate the kids coming online about where the line is between legal and illegal behavior.

Sierra herself seems to have decided that the only way to decrease the hatred coming at her is to decrease her visibility. The Net-wide discussion of the threats against her makes that unlikely.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

March 30, 2007

Re-emerging technologies

Along about the third day of this year's email software that works offline; the display looked just like Ameol,an offline mail and news reader I've used for 14 years. (The similarity is only partial, though; Zimbra does synching with mobile devices and a bunch of other things that Ameol doesn't - but that Lotus Notes probably did).

"Reverse pioneering", Tim O'Reilly said the first day, while describing a San Francisco group who build things - including a beer-hauling railway car and carnival rides - out of old bicycle parts.

At some point, also, O'Reilly editor Dale Dougherty gave a talk on the publisher's two relatively new magazines Make and Craft. He illustrated it with pictures of: log cabin quilts, Jacquard looms, the Babbage Differential Calculator, Hollerith tabulating machines, punch cards, and an ancient Singer treadle sewing machine. And oh look! Sewing patterns! And, I heard someone say quite seriously, what about tatting? Do you know anyone who does it who could teach me?

A day later, in Boston, I hear that knitting is taking East Coast geeks by storm. Apparently geek gatherings now produce as many baby hats as the average nursing home.

Not that I'm making fun of all this. After all, recovering old knowledge is a lot of what we do on the folk scene, and I have no doubt that today's geek culture will plunder these past technologies and, very like the Society for Creative Anachronism, which has a large geek (and also folk music community) crossover, mutate them into something newer and stranger. I'd guess that we're about two years away from a quilting bee in the lobby. Of course, the quilting thread will be conductive, and the quilt will glow in the dark with beaded LEDs so you can read under the covers, and version 2.0 will incorporate miniature solar panels (like those little mirrors in the Eastern stuff you used to get in the 1970s) that release heat at night like an electric blanket...and it will be all black.

Of course, this isn't really new even in geek terms. A dozen years ago, the MIT Media Lab held a fashion show to display its latest ideas for embroidering functional keyboards onto networked but otherwise standard Levi's denim jackets and dresses made of conductive fabrics. We don't seem to have come very far toward the future they were predicting then, in which we'd all be wearing T-shirts with sensors that measured our body heat and controlled the room thermostat accordingly (another idea for that quilt).

Instead, geeks, like everyone else, adopted the mobile phone, which has the advantage that you don't have to worry about how to cope with that important conference when your personal area network is in the dirty laundry.

But this is Generation C, as Matt Webb, from the two-man design consultancy Schulze and Webb told us. Generation C likes complexity, connection, and control. GenC is not satisfied with technologies that expect us to respond as passive consumers. We ought to despise mobile phones, especially in the US: they are locked down, controlled by the manufacturers and network operators. Everything should come with an open applications programming interface and...and...a serial port. Hack your washing machine so it only shows the settings you use; hack your luggage so it phones home its GPS coordinates when it's lost.

The conference speaker who drew the most enthusiastic response was Danah Boyd, who had a simple message: people outside of Silicon Valley are different. Don't assume all your users are like you. They have different life stages. This seems so basic and obvious it's shocking to hear people cheer it.
It was during a talk on building technology to selectively jam RFID chips that I had a simple thought: every technology breeds its opposite. Radar to trap speeders begets radar scanners. Cryptography breeds cryptanalysis. Email breeds spam, which breeds spam filtering, which breeds spam smart enough to pass the Turing test.

The same is true of every social trend and phenomenon. John Perry Barlow used to say that years of living in the virtual world had made him appreciate the physical world far more. It's not much of a jump from that to all sorts of traditional crafts.

Don't get me wrong. I'm glad geeks want to knit, sew, and build wooden telescopes. Sewing used to be a relatively mainstream activity, and over the last couple of decades it's been progressively dumbed down. The patterns you buy today are far simpler (and less interesting) to construct than the ones you used to get in the 1970s. It would be terrific if geeks brought some complexity back to it.

But jeez, guys, you need to get out more. Not only is there an entire universe of people who are different from Silicon Valley, there's an entire industry of magazines and books about fabric arts. Next, you get to reinvent colors.

I blogged more serious stuff from etech at Blindside.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her , or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

March 9, 2007

Your cheating heart

The Australian journalist and broadcaster Derryn Hinch once observed (in his book about how to play Scrabble), that "Anything worth having is worth cheating for". I'm not sure it follows, however, that everything people cheat for is worth having.

We all understand that someone might inflate their academic credentials in order to land a job teaching, or writing an article for the New Yorker. That sort of thing is as old as credentials. The Internet has made all kinds of cheating easier, from finding an unaccredited institution to sell you a degree (as Ben Goldacre notes that TV nutritionist Gillian McKeith has done) to finding student papers to turn in as your own, to buying illegal performance-enhancing drugs.

The growing problem, however, seems to be a more subtle form of cheating: accusing someone you don't like of cheating in hopes that the resulting difficulties will persuade them to just go away. This seems to be what happened in the weird case of Chris Dussold, a former professor at Southern Illinois University at Edwardsville, whose story surfaced in the Chronicle of Higher Education about a year ago. Dussold, who had decided to resign after years of denying apparently unquashable rumors that he was sleeping with a student, was summarily fired in 2004 on the charge that he had copied the teaching philosophy statement he had included in his application for tenure. Dussold retaliated by searching for – and finding – examples of plagiarism by the very university dean who fired him, among other university staff. Dussold initiated a lawsuit against the university.

I'm not an academic, and it's hard for me to judge just how terrible it is to copy a statement of teaching philosophy; opinion among academics seems to be divided. Certainly, you can't plagiarize your teaching record, student evaluations, or other material you must submit to win tenure. But it certainly would give a group who already wanted to remove someone a solid excuse.

A different example – but I suspect not uncommon – was a young friend of mine who from a very young age had always been a gifted reader and writer. Due to incurable homework troubles, he found himself in a community college with a writing professor whose own skills (judging by the exercises he assigned and the sample paragraphs he praised) wouldn't have landed him a job writing for one of those Web sites that regularly emails you out of the blue and asks you to write for them in exchange for copies of the Web site. The teacher accused my friend of plagiarism – not because he'd found similar text to my friend's work through Google or one of the term paper sites but because, he said, the writing was "too good". Pointing at one sentence my friend had particularly liked, he said, "That's a professional-level sentence." Well, yes. This particular kid could write publishable prose at 12. But at 18, rather than get into a long, drawn-out battle with the teacher and the college head, my friend agreed to drop the course in return for having no blemish on his record.

Which leads us circuitously to this week's fuss over "Essjay", the Wikipedia admin who awarded himself a PhD in theology and a degree in canon law, as well as a tenured professorship at an unnamed private university. He might never have been found out except that he got quoted in a New Yorker article about Wikipedia (abstract). Essjay has now identified himself as 24-year-old Ryan Jordan, with no advanced degrees and no teaching experience. Although, really, who knows? Maybe that's just another game and the real guy who's written or contributed to 16,000 entries, is one of Wikipedia's most trusted administrators, and has been hired by Wikia, Wikipedia's for-profit sibling company is in fact the dog in that famous New Yorker cartoon.
Now, Wikipedia is a true meritocracy, or close to it. Fourteen-year-olds become respected contributors if they write and edit enough good articles. Why – WHY – would anyone inflate their academic credentials to contribute to Wikipedia? Shouldn't a cheat aim higher than that?

The New Yorker has had, throughout its 80-odd years of existence, a stellar reputation for accuracy, which I suppose is gives this incident some additional deliciousness to those who think that anything that embarrasses the "MSM" (mainstream media) must be a good thing. As Guardian editor Charles Arthur points out, it's a terrible moment for the journalist, who wrote, in general, a very good piece. It's easy to Monday-quarterback now and ask how she thought a professor in a private university would have time to spend his claimed 14 hours a day on the site, or whether a professor could really supervise an in-class quiz while surveying 20 IRC channels. But usually when you're interviewing someone you're trying to get them on your side, to talk to you in a way they don't normally talk to people they've never met. And Essjay certainly was an expert on Wikipedia. Lying about his credentials got him nothing: he'd have been quoted anyway.

If the point was to be able to boast about fooling a stalwart publisher dedicated to accuracy – well, you work for something intended to educate the world. Why was this worth cheating for?

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

December 29, 2006

Resolutions for 2007

A person can dream, right?

- Scrap the UK ID card. Last week's near-buried Strategic Action Plan for the National Identity Scheme (PDF) included two big surprises. First, that the idea of a new, clean, all-in-one National Identity Register is being scrapped in favor of using systems already in use in government departments; second, that foreign residents in the UK will be tapped for their biometrics as early as 2008. The other thing that's new: the bald, uncompromising statement that it is government policy to make the cards compulsory.

No2ID has pointed out the problems with the proposal to repurpose existing systems, chiefly that they were not built to do the security the legislation promised. The notion is still that everyone will be re-enrolled with a clean, new database record (at one of 69 offices around the country), but we still have no details of what information will be required from each person or how the background checks will be carried out. And yet, this is really the key to the whole plan: the project to conduct background checks on all 60 million people in the UK and record the results. I still prefer my idea from 2005: have the ID card if you want, but lose the database.

The Strategic Action Plan includes the list of purposes of the card; we're told it will prevent illegal immigration and identity fraud, become a key "defence against crime and terrorism", "enhance checks as part of safeguarding the vulnerable", and "improve customer service".

Recall that none of these things was the stated purpose of bringing in an identity card when all this started, back in 2002. Back then, first it was to combat terrorism, then it was an "entitlement card" and the claim was that it would cut benefit fraud. I know only a tiny mind criticizes when plans are adapted to changing circumstances, but don't you usually expect the purpose of the plans to be at least somewhat consistent? (Though this changing intent is characteristic of the history of ID card proposals going back to the World Wars. People in government want identity cards, and try to sell them with the hot-button issue of the day, whatever it is.

As far as customer service goes, William Heath has published some wonderful notes on the problem of trust in egovernment that are pertinent here. In brief: trust is in people, not databases, and users trust only systems they help create. But when did we become customers of government, anyway? Customers have a choice of supplier; we do not.

- Get some real usability into computing. In the last two days, I've had distressed communications from several people whose computers are, despite their reasonable and best efforts, virus-infected or simply non-functional. My favourite recent story, though, was the US Airways telesales guy who claimed that it was impossible to email me a ticket confirmation because according to the information in front of him it had already been sent automatically and bounced back, and they didn't keep a copy. I have to assume their software comes with a sign that says, "Do not press this button again."

Jakob Nielson published a fun piece this week, a list of top ten movie usability bloopers. Throughout movies, computers only crash when they're supposed to, there is no spam, on-screen messages are always easily readable by the camera, and time travellers have no trouble puzzling out long-dead computer systems. But of course the real reason computers are usable in movies isn't some marketing plot by the computer industry but the same reason William Goldman gave for the weird phenomenon that movie characters can always find parking spaces in front of their destination: it moves the plot along. Though if you want to see the ultimate in hilarious consumer struggles with technology, go back to the 1948 version of Unfaithfully Yours (out on DVD!) starring Rex Harrison as a conductor convinced his wife is having an affair. In one of the funniest scenes in cinema, ever, he tries to follow printed user instructions to record a message on an early gramophone.

- Lose the DRM. As Charlie Demerjian writes, the high-def wars are over: piracy wins. The more hostile the entertainment industries make their products to ordinary use, the greater the motivation to crack the protective locks and mass-distribute the results. It's been reasonably argued that Prohibition in the US paved the way for organized crime to take root because people saw bootleggers as performing a useful public service. Is that the future anyone wants for the Internet?

Losing the DRM might also help with the second item on this list, usability. If Peter Gutmann is to be believed, Vista will take a nosedive downwards in that direction because of embedded copy protection requirements.

- Converge my phones. Please. Preferably so people all use just the one phone number, but all routing is least-cost to both them and me.

- One battery format to rule them all. Wouldn't life be so much easier if there were just one battery size and specification, and to make a bigger battery you'd just snap a bunch of them together?

Happy New Year!

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

October 20, 2006

Spam, spam, spam, and spam

Illinois is a fine state. It is the Land of Lincoln. It is the birth place of such well-known Americans as Oprah Winfrey, Roger Ebert, and Ronald Reagan. It has a baseball team so famous that even I know it's called the Chicago Cubs. John Dewey (as in the Dewey decimal system for cataloguing library books) came from Illinois. So did the famous pro-evolution lawyer Clarence Darrow, Mormon church founder Joseph Smith, the nuclear physicist Enrico Fermi, semiconductor inventor William Shockley, and Frank Lloyd Wright.

I say all this because I don't want anyone to think I don't like or respect Illinois or the intelligence and honor of its judges, including those of Charles Kocoras, who who awarded $11.7 million in damages to e360Insight, a company branded a spammer by the Spamhaus Project.

The story has been percolating for a while now, but is reasonably simple. e360Insight says it's not a bad spammer guy but a good opt-in marketing guy; Spamhaus first said the Illinois court didn't have jurisdiction over a British company with no offices, staff, or operations in the US, then decided to appeal against the court's $11.7 million judgement. e360Insight filed a motion asking the court to haveICANN and/or Spamhaus's domain registrar, the Canadian company Tucows, remove Spamhaus's domain from the Net. The judge refused to grant this request, partly because doing so would cut off Spamhaus's lawful activities, not just those in contravention of the order he issued against Spamhaus. And a good time is being had by all the lawyers.

The case raises so many problems you almost don't know where to start. For one thing, there's the arms race that is spam and anti-spam. This lawsuit escalates it, in that if you can't get rid of an anti-spammer through DDoS attacks, well, hey, bankrupt them through lawsuits.

Spam, as we know, is a terrible, intractable problem that has broken email, and is trying to break blogs, instant messaging, online chat, and, soon, VOIP. (The net.wars blog, this week, has had hundreds of spam comments, all appearing to come from various Gmail addresses, all landing in my inbox, breaking both blogs and email in one easy, low-cost plan. The breakage takes two forms. One is the spam itself – up to 90 percent of all email. But the second is the steps people take to stop it. No one can use email with any certainty now.

Some have argued that real-time blacklists are censorship. I don't think it's fair to invoke the specter of Joseph McCarthy. For one thing, using these blacklists is voluntary. No one is forced to subscribe, not even free Webmail users. That single fact ought to be the biggest protection against abuse. For another thing, spam email in the volumes it's now going out is effectively censorship in itself: it fills email boxes, often obscuring and sometimes blocking entirely wanted email. The fact that most of it either is a scam or advertises something illegal is irrelevant; what defines spam, I have long argued, is the behavior that produces it. I have also argued that the most effective way to put spammers out of business is to lean on the credit card companies to pull their authorisations.

Mail servers are private property; no one has the automatic right to expect mine to receive unwanted email just as I am not obliged to speak to a telemarketer who phones during dinner.

That does not mean all spambusters are perfect. Spamhaus provides a valuable public service. But not all anti-spammers are sane; in 2004 journalist Brian McWilliams made a reasonable case in his book Spam Kings that some anti-spammers can be as obsessive as the spammers they chase.

The question that's dominated a lot of the Spamhaus coverage is whether an Illinois court has jurisdiction over a UK-based company with no offices or staff in the US. In the increasingly connected world we live in, there are going to be a lot of these jurisdictional questions. The first one I remember – the 1996 case United States vs. Thomas – came down in favor of the notion that Tennessee could impose its community decency standards on a bulletin board system in California. It may be regrettable – but consumers are eager enough for their courts to have jurisdiction in case of fraud. Spamhaus is arguably as much in business in the US as any foreign organisation whose products are bought or used in the US. Ultimately, "Come here and say that" just isn't much of a legal case.

The really tricky and disturbing question is: how should blacklists operate in future? Publicly listing the spammers whose mail is being blocked is an important – even vital – way of keeping blacklists honest. If you know what's being blocked and can take steps to correct it, it's not censorship. But publishing those lists makes legal action against spam blockers of all types – blacklists, filtering software, you name it – easier.

Spammers themselves, however, should not rejoice if Spamhaus goes down. Spam has broken email, that's not news. But if Spamhaus goes and we actually receive all the spam it's been weeding out for us – the flood will be so great that spam will finally break spam itself.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

September 29, 2006

Doppelgangland

One of the many great ways the Net has democratized society is in making it possible for even very obscure, ordinary people to be impersonated.

There is, for example, a local architect at one of my tennis clubs. I was looking up his email address one day, and discovered that someone had bought up the .co.uk version of his .com domain and filled it up with a lot of nasty comments and purported supporting evidence for same alleging that the tennis-playing architect was incompetent, dishonest, and generally worth avoiding.

As you might expect, the backstory was one of those ordinary garden-variety disputes in which a disgruntled, slightly obsessive former client decides, when the profession's governing body declined to support his claim, to take matters into his own hands and make life difficult. The architect thought of suit, then eventually decided it wasn't a good way to spend his time or money. The site's gone now, though the domain is still owned by the disgruntled one. But it has, to our friend's relief, dropped off the list of hits Google produces when the architect's name is typed in. Because, really, the problem wasn't that the site existed; it was that it was way too easy to find.

Now, see, I can understand this story, sort of. Who among us hasn't gotten annoyed enough now and then to want to vent what we believe to be our righteous anger in this way? Most of us never do it, of course, but the desire is recognizably human.

So were the motives of the woman I wrote about a couple of years ago who claimed to be Martina Navratilova on a fan message board. It was pretty clear what she wanted: attention and the glory of being the person everyone was there to admire. She was exposed, apologized, and now is on good terms with the rest of the board. I remember, also, a fake David Letterman turning up on alt.fan.letterman in 1994,

It's worth noting that despite people's willingness to fall for scams like the above, it's been noticeable to me throughout the years that when someone famous really does show up on Usenet there's a lot of skepticism and often even some checking. It does happen, of course: M*A*S*H creator Larry Gelbart likes to hobnob with the fans on alt.tv.mash, and at one time a Frasier producer or two used to hang around alt.tv.frasier.

But what earthly point could there possibly be in impersonating me on Usenet?

It all started, I don't know, a month ago, when someone posted a message such that my email address (or, at least, the one I use for Usenet) appeared in the "From" line. The message itself was the sort of thing I'd normally just ignore if it came from someone else and certainly wouldn't have posted myself. I felt, for a brief moment, like Laurence Godfrey: defamation through misrepresentation. On the other hand, what can you do about it? In Godfrey's case, he sued Demon Internet for not taking the postings in question off his servers when he asked them to. Demon settled, laying the groundwork for today's "notice and takedown" rules. But Godfrey is a serial litigator, and I like an untroubled life.

What is a little more disturbing is that Google indexes all its extensive Usenet archives by email address. The postings in question pop up in a search right alongside the ones I've legitimately made. Even though there are some giveaways that make the fakes easy to spot if you're paying even a modicum of attention, Google Groups can't do it. Nor is it clear whether, under Google Groups' terms and conditions, I actually have the right to remove them: when you select a posting for removal you are required to agree that you made the original posting and therefore have the right to remove it. But, of course, that's the point: I didn't make the postings. Plus, even if you get them removed from Google's cache there are all the other caches and public archives lying around in which they'll still appear.

I don't, of course, like it. I occasionally write about tennis, and I've interviewed one of the players one of the fake postings trashes as ugly. She's not – and she's entertaining, hard-working, and fun. I would hate to have her think I'd said such a thing. Fortunately, Usenet, these days, is very much a minority pastime, and when you're in the news as much as these women are I doubt you go looking for more stuff to read about yourself in obscure online forums. (On a DVD I've been listening to recently, the comic actress Vicki Lewis observes that she had to give up reading comments about herself and her work online: "It's like hitting yourself on the head with a hammer.")

To be fair, in my egocentric haste to simplify the story, I've left out the fact that several other, even more obscure, people on the newsgroup were impersonated, too. Which, you know, is kind of too bad. Otherwise, I could be flattered, right? I'm *that* important.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

June 9, 2006

So long, and thanks for all the pink wishes

I thought for a long time she was a man. No real-life woman, I thought, could possibly be so absurd, even as an ironic joke, as to refer to herself as The Pink Princess.

"Dahling," she posted in 1999 when I (accurately) stated my age as 45 on the newsgroup alt.showbiz.gossip, "I think counting *every* birthday is un-necessesarily greedy, and quite vulgar."

I figured she was as female as Dame Edna Everidge, but so what? It was Usenet as performance theater. So there was a Pink Princess who lived in a castle (Havencrest, in Savanna, Illinois) and claimed to give sumptuous dinner parties. Sure.

What did give me pause in the blithe assumption that she had to be fake was the pictures on her (pink, of course) Web page, which she had described to me as "about my RL". It featured her and her Prince in a series of pictures of quite excotic and lavish-looking interiors: here and here. Even assuming you could get a friend, actor, or husband to do a photo shoot, where would you get those interiors? Yes, all right, filmmakers dress sets all the time, but that seems like an awful lot of work just to make an impression on Usenet.

I see, searching through old email, that in 1999, around the time she published her book on etiquette, Millennial Manners, in fact I told her that I had always assumed she was male. The relaxed nature of her response was an important reason why I eventually decided she probably wasn't.

"I think that is rather common, especially considering the group, and its population," she replied by email. "My autobiography, published in 1984, has pictures of me from the age of three days, so, while it would have increased my ASG/ACF stock considerably, it would have been too easy for a troll to shatter that illusion. Amusingly, many think that LCM [a fellow poster and apparently a good friend of hers in real life] is a girl, I never let him forget that, teehee!" And she signed it, like all her messages, "Pink Wishes". I didn't have many emailed exchanges with her, but in one of the others I asked her about her "fantasy persona", noting that I didn't intend the characterization to be offensive.

"Oh, dahling, I don't find that offensive," she replied. "I mean how seriously can one take flying monkeys and a diet of Godiva and pink champagne?" She added the URLs above and a note, "Although my RL has a good bit of fantasy in it, too, teehee!" This was, I think, the message that made me believe she had to be, utterly counterintuitively, exactly who she said she was, with only a modest garnish of poetic license. Someone acting a part – say, Mae West – would have responded in character, avoiding displaying this consciousness behind it. A psycho would have protested angrily. Or so it seemed to me.

It was rare for me to have this kind of suspicion. Oprah, sometime in the late 1990s, did one of those mainstream-meets-the-terrible-Internet programs, in which she casually tossed off the remark that "90 percent of the time people online aren't what they seem". I remember reacting with some outrage: my experience was that 90 percent of the time people were exactly who they said they were, though sometimes who they said they were was…unusual. Larry Gelbart, the creator of MASH, hangs out on Usenet; so did one of the Frasier producers. The Pink Princess obviously didn't have their achievements; but her presence was no more or less improbable.

Anyone who knows me will tell you that there are few things more likely to annoy me than flamboyant, classic femininity. I hate pink. I loathe the attitude that says women do or should lie about their ages. (In fact, almost all the people I've known who lied about their ages have been men.) I can't stand frills, non-functional garments, make-up, hair care that takes more than five minutes, and overly ornate jewelry.

And yet her combination of malicious wit and kindness made it forgivable.

Google records that our first exchange on the newsgroup alt.showbiz.gossip was on October 6, 1997, around the time when Drudge was getting his Drudge Report going. But the first exchange I remember was asking why everyone said "l___", as if lesbian had become a swear word. She responded, by email, with a full explanation. She didn't berate that "l____" was explained in the group's Anti-FAQ. She was welcoming.

Her real name, I know now, was Adrianne Blue Wakefield-St George. The castle was real, the dinner parties were real, and the business she and her husband ran manufacturing mascot costumes was seriously real. The old-timers in alt.showbiz.gossip report sending her their real-life addresses so they could get one of her (they say) lavishly ornate Christmas cards. An astonishing number of people remember her as "really sweet" and "an original".

And so, one of the great characters of Usenet becomes a search item in Google Groups. She lived the way she wanted to live, and she entertained others with it. How many people can say that? As the Princess was signing her postings recently, *Live, live live!

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).