net.wars

There is a certain kind of mentality that is actually proud of not understanding computers, as if there were something honorable about saying grandly, "Oh, I leave all that to my children."

Outside of computing, only television gets so many people boasting of their ignorance. Do we boast how few books we read? Do we trumpet our ignorance of other practical skills, like balancing a cheque book, cooking, or choosing wine? When someone suggests we get dressed in the morning do we say proudly, "I don't know how"?

There is so much insanity coming out of the British government on the Internet/computing front at the moment that the only possible conclusion is that the government is made up entirely of people who are engaged in a sort of reverse pissing contest with each other: I can compute less than you can, and see? here's a really dumb proposal to prove it.

How else can we explain yesterday's news that the government is determined to proceed with Contactpoint even though the report it commissioned and paid for from Deloitte warns that the risk of storing the personal details of every British child under 16 can only be managed, not eliminated? Lately, it seems that there's news of a major data breach every week. But the present government is like a batch of 20-year-olds who think that mortality can't happen to them.

Or today's news that the Department of Culture, Media, and Sport has launched its proposals for "Creative Britain", and among them is a very clear diktat to ISPs: deal with file-sharing voluntarily or we'll make you do it. By April 2009. This bit of extortion nestles in the middle of a bunch of other stuff about educating schoolchildren about the value of intellectual property. Dare we say: if there were one thing you could possibly do to ensure that kids sneer at IP, it would be to teach them about it in school.

The proposals are vague in the extreme about what kind of regulation the DCMS would accept as sufficient. Despite the leaks of last week, culture secretary Andy Burnham has told the Financial Times that the "three strikes" idea was never in the paper. As outlined by Open Rights Group executive director Becky Hogge in New Statesman, "three strikes" would mean that all Internet users would be tracked by IP address and warned by letter if they are caught uploading copyrighted content. After three letters, they would be disconnected. As Hogge says (disclosure: I am on the ORG advisory board), the punishment will fall equally on innocent bystanders who happen to share the same house. Worse, it turns ISPs into a squad of private police for a historically rapacious industry.

Charles Arthur, writing in yesterday's Guardian, presented the British Phonographic Institute's case about why the three strikes idea isn't necessarily completely awful: it's better than being sued. (These are our choices?) ISPs, of course, hate the idea: this is an industry with nanoscale margins. Who bears the liability if someone is disconnected and starts to complain? What if they sue?

We'll say it again: if the entertainment industries really want to stop file-sharing, they need to negotiate changed business models and create a legitimate market. Many people would be willing to pay a reasonable price to download TV shows and music if they could get in return reliable, fast, advertising-free, DRM-free downloads at or soon after the time of the initial release. The longer the present situation continues the more entrenched the habit of unauthorized file-sharing will become and the harder it will be to divert people to the legitimate market that eventually must be established.

But the key damning bit in Arthur's article (disclosure: he is my editor at the paper) is the BPI's admission that they cannot actually say that ending file-sharing would make sales grow. The best the BPI spokesman could come up with is, "It would send out the message that copyright is to be respected, that creative industries are to be respected and paid for."

Actually, what would really do that is a more balanced copyright law. Right now, the law is so far from what most people expect it to be - or rationally think it should be - that it is breeding contempt for itself. And it is about to get worse: term extension is back on the agenda. The 2006 Gowers Review recommended against it, but on February 14, Irish EU Commissioner Charlie McCreevy (previously: champion of software patents) has announced his intention to propose extending performers' copyright in sound recordings from the current 50-year term to 95 years. The plan seems to go something like this: whisk it past the Commission in the next two months. Then the French presidency starts and whee! new law! The UK can then say its hands are tied.

That change makes no difference to British ISPs, however, who are now under the gun to come up with some scheme to keep the government from clomping all over them. Or to the kids who are going to be tracked from cradle to alcopop by unique identity number. Maybe the first target of the government computing literacy programs should be...the government.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 1:34 PM | Permalink | Comments (0) | TrackBacks (1)

One of the key identifiers of an addiction is that indulgence in it persists long after all the reasons for doing it have turned from good to bad.

A sobered-up Scottish alcoholic once told me the following examplar of alcoholic thinking. A professor is lecturing to a class of alcoholics on the evils of drinking. To make his point, he takes two glasses, one filled with water, the other with alcohol. Into each glass he drops a live worm. The worm in the glass of water lives; the worm in the glass of alcohol dies.

"What," the professor asks, "can we learn from this?"

One of the alcoholics raises his hand. "If you have worms, drink alcohol."

In alcoholic thinking, of course, there is no circumstance in which the answer isn't "Drink alcohol."

So, too, with the ID card. The purpose as mooted between 2001 and 2004 was preventing benefit fraud and making life more convenient for UK citizens and residents. The plan promised perfect identification via the combination of a clean database (the National Identity Register) and biometrics (fingerprints and iris scans). The consultation document made a show of suggesting the cheaper alternative of a paper card with minimal data collection, but it was clear what they really wanted: the big, fancy stuff that would make them the envy of other major governments.

Opponents warned of the UK's poor track record with large IT projects, the privacy-invasiveness, and the huge amount such a system was likely to cost. Government estimates, now at £5.4 billion, have been slowly rising to meet Privacy International's original estimate of £6 billion.

By 2006, when the necessary legislation was passed, the government had abandoned the friendly "entitlement card" language and was calling it a national ID card. By then, also, the case had changed: less entitlement, more crime prevention.

It's 2008, and the wheels seem to be coming off. The government's original contention that the population really wanted ID cards has been shredded by the leaked documents of the last few weeks. In these, it's clear that the government knows the only way it will get people to adopt the ID card is by coercion, starting with the groups who are least able to protest by refusal: young people and foreigners.

Almost every element deemed important in the original proposal is now gone - the clean database populated through interviews and careful documentation (now the repurposed Department of Work and Pensions database); the iris scans (discarded); probably the fingerprints (too expensive except for foreigners). The one element that for sure remains is the one the government denied from the start: compulsion.

The government was always open about its intention for non-registration to become increasingly uncomfortable and eventually to make registration compulsory. But if the card is coming at least two years later than they intended, compulsion is ahead of schedule.

Of course, we've always maintained that the key to the project is the database, not the card. It's an indicator of just how much of a mess the project is that the Register, the heart of the system, was first to be scaled back because of its infeasibility. (I mean, really, guys. Interview and background-check the documentation of every one of 60 million people in any sort of reasonable time scale?)

The project is even fading in popularity with the very vendors who want to make money supplying the IT for it. How can you specify a system whose stated goals keep changing?

The late humorist and playwright Jean Kerr (probably now best known for her collection of pieces about raising five boys with her drama critic husband in a wacky old house in Larchmont, NY, Please Don't Eat the Daisies) once wrote a piece about the trials and tribulations of slogging through the out-of-town openings of one of her plays. In these pre-Broadway trial runs, lines get cut and revised; performances get reshaped and tightened. If the play is in trouble, the playwright gets no sleep for weeks. And then, she wrote, one day you look up at the stage, and, yes, the play is much better, and the performances are much better, and the audience seems to be having a good time. And yet - the play you're seeing on the stage isn't the play you had in mind at all.

It's one thing to reach that point in a project and retain enough perspective to be honest about it. It may be bad - but it isn't insane - to say, "Well, this play isn't what I had in mind, but you know, the audience is having a good time, and it will pay me enough to go away and try again."

But if you reach the point where the project you're pushing ahead clearly isn't any more the project you had in mind and sold hard, and yet you continue to pretend to yourself and everyone else that it is - then you have the kind of insanity problem where you're eating worms in order to prove you're not an alcoholic.

The honorable thing for the British government to do now is say, "Well, folks, we were wrong. Our opponents were right: the system we had in mind is too complicated, too expensive, and too unpopular because of its privacy-invasiveness. We will think again." Apparently they're so far gone that eating worms looks more sensible.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 5:53 PM | Permalink | Comments (0) | TrackBacks (0)

There are many ways for a computer system to fail. This week's disclosure that Her Majesty's Revenue and Customs has played lost-in-the-post with two CDs holding the nation's Child Benefit data is one of the stranger ones. The Child Benefit database includes names, addresses, identifying numbers, and often bank details, on all the UK's 25 million families with a child under 16. The National Audit Office requested a subset for its routine audit; the HMRC sent the entire database off by TNT post.

There are so many things wrong with this picture that it would take a village of late-night talk show hosts to make fun of them all. But the bottom line is this: when the system was developed no one included privacy or security in the specification or thought about the fundamental change in the nature of information when paper-based records are transmogrified into electronic data. The access limitations inherent in physical storage media must be painstakingly recreated in computer systems or they do not exist. The problem with security is it tends to be inconvenient.

With paper records, the more data you provide the more expensive and time-consuming it is. With computer records, the more data you provide the cheaper and quicker it is. The NAO's file of email relating to the incident (PDF) makes this clear. What the NAO wanted (so it could check that the right people got the right benefit payments): national insurance numbers, names, and benefit numbers. What it got: everything. If the discs hadn't gotten lost, we would never have known.

Ironically enough, this week in London also saw at least three conferences on various aspects of managing digital identity: Digital Identity Forum, A Fine Balance, and Identity Matters. All these events featured the kinds of experts the UK government has been ignoring in its mad rush to create and collect more and more data. The workshop on road pricing and transport systems at the second of them, however, was particularly instructive. Led by science advisor Brian Collins, the most notable thing about this workshop is that the 15 or 20 participants couldn't agree on a single aspect of such a system.

Would it run on GPS or GSM/GPRS? Who or what is charged, the car or the driver? Do all roads cost the same or do we use differential pricing to push traffic onto less crowded routes? Most important, is the goal to raise revenue, reduce congestion, protect the environment, or rebalance the cost of motoring so the people who drive the most pay the most? The more purposes the system is intended to serve, the more complicated and expensive it will become, and the less likely it is to answer any of those goals successfully. This point has of course also been made about the National ID card by the same sort of people who have warned about the security issues inherent in large databases such as the Child Benefit database. But it's clearer when you start talking about something as limited as road charging.

For example: if you want to tag the car you would probably choose a dashboard-top box that uses GPS data to track the car's location. It will have to store and communicate location data to some kind of central server, which will use it to create a bill. The data will have to be stored for at least a few billing cycles in case of disputes. Security services and insurers alike would love to have copies. On the other hand, if you want to tag the driver it might be simpler just to tie the whole thing to a mobile phone. The phone networks are already set up to do hand-off between nodes, and tracking the driver might also let you charge passengers, or might let you give full cars a discount.

The problem is that the discussion is coming from the wrong angle. We should not be saying, "Here is a clever technological idea. Oh, look, it makes data! What shall we do with it?" We should be defining the problem and considering alternative solutions. The people who drive most already pay most via the fuel pump. If we want people to drive less, maybe we should improve public transport instead. If we're trying to reduce congestion, getting employers to be more flexible about working hours and telecommuting would be cheaper, provide greater returns, and, crucially for this discussion, not create a large database system that can be used to track the population's movements.

(Besides, said one of the workshop's participants: "We live with the congestion and are hugely productive. So why tamper with it?")

It is characteristic of our age that the favored solution is the one that creates the most data and the biggest privacy risk. No one in the cluster of organisations opposing the ID card - No2ID, Privacy International, Foundation for Information Policy Research, or Open Rights Group - wanted an incident like this week's to happen. But it is exactly what they have been warning about: large data stores carry large risks that are poorly understood, and it is not enough for politicians to wave their hands and say we can trust them. Information may want to be free, but data want to leak.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 1:20 PM | Permalink | Comments (0) | TrackBacks (0)

A few months ago, a neighbour phoned me and asked if I'd be willing to position a camera on my windowsill. I live at the end of a small dead-end street (or cul-de-sac), that ends in a wall about shoulder height. The railway runs along the far side of the wall, and parallel to it and further away is a long street with a row of houses facing the railway. The owners of those houses get upset because graffiti keeps appearing alongside the railway where they can see it and covers flat surfaces such as the side wall of my house. The theory is that kids jump over the wall at the end of my street, just below my office window, either to access the railway and spray paint or to escape after having done so. Therefore, the camera: point it at the wall and watch to see what happens.

The often-quoted number of times the average Londoner is caught on camera per day is scary: 200. (And that was a few years ago; it's probably gone up.) My street is actually one of those few that doesn't have cameras on it. I don't really care about the graffiti; I do, however, prefer to be on good terms with neighbours, even if they're all the way across the tracks. I also do see that it makes sense at least to try to establish whether the wall downstairs is being used as a hurdle in the getaway process. What is the right, privacy-conscious response to make?

I was reminded of this a few days ago when I was handed a copy of Privacy in Camera Networks: A Technical Perspective, a paper published at the end of July. (We at net.wars are nothing if not up-to-date.)

Given the amount of money being spent on CCTV systems, it's absurd how little research there is covering their efficacy, their social impact, or the privacy issues they raise. In this paper, the quartet of authors – Marci Lenore Meingast (UC Berkeley), Sameer Pai (Cornell), Stephen Wicker (Cornell), and Shankar Sastry (UC Berkeley) – are primarily concerned with privacy. They ask a question every democratic government deploying these things should have asked in the first place: how can the camera networks be designed to preserve privacy? For the purposes of preventing crime or terrorism, you don't need to know the identity of the person in the picture. All you want to know is whether that person is pulling out a gun or planting a bomb. For solving crimes after the fact, of course, you want to be able to identify people – but most people would vastly prefer that crimes were prevented, not solved.

The paper cites model legislation (PDF) drawn up by the Constitution Project. Reading it is depressing: so many of the principles in it are such logical, even obvious, derivatives of the principles that democratic governments are supposed to espouse. And yet I can't remember any public discussion of the idea that, for example, all CCTV systems should be accompanied by identification of and contact information for the owner. "These premises are protected by CCTV" signs are everywhere; but they are all anonymous.

Even more depressing is the suggestion that the proposals for all public video surveillance systems should specify what legitimate law enforcement purpose they are intended to achieve and provide a privacy impact assessment. I can't ever remember seeing any of those either. In my own local area, installing CCTV is something politicians boast about when they're seeking (re)election. Look! More cameras! The assumption is that more cameras equals more safety, but evidence to support this presumption is never provided and no one, neither opposing politicians nor local journalists, ever mounts a challenge. I guess we're supposed to think that they care about us because they're spending the money.
The main intention of Meingast, Pai, et al, however, is to look at the technical ways such networks can be built to preserve privacy. They suggest, for example, collecting public input via the Internet (using codes to identify the respondents on whom the cameras will have the greatest impact). They propose an auditing system whereby these systems and their usage is reviewed. As the video streams become digital, they suggest using layers of abstraction of the resulting data to limit what can be identified in a given image. "Information not pertinent to the task in hand," they write hopefully, "can be abstracted out leaving only the necessary information in the image." They go on into more detail about this, along with a lengthy discussion of facial recognition.

The most depressing thing of all: none of this will ever happen, and for two reasons. First, no government seems to have the slightest qualm of conscience about installing surveillance systems. Second, the mass populace don't seem to care enough to demand these sorts of protections. If these protections are to be put in place at all, it must be done by technologists. They must design these systems so that it's easier to use them in privacy-protecting ways than to use them in privacy-invasive ways. What are the odds?

As for the camera on my windowsill, I told my neighbour after some thought that they could have it there for a maximum of a couple of weeks to establish whether the end of my street was actually being used as an escape route. She said something about getting back to me when something or other happened. Never heard any more about it. As far as I am aware, my street is still unsurveilled.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 5:11 PM | Permalink | Comments (0) | TrackBacks (0)

It was Edward Hasbrouck who drew my attention to a bit of rulemaking being proposed by the Transportation Security Agency. Under current rules, if you want to travel on a plane out of, around, into, or over the US you buy a ticket and show up at the airport, where the airline compares your name and other corroborative details to the no-fly list the TSA maintains. Assuming you're allowed onto the flight, unbeknownst to you, all this information has to be sent to the TSA within 15 minutes of takeoff (before, if it's a US flight, after if it's an international flight heading for the US).

Under the new rules, the information will have to arrive at the TSA 72 hours before the flight takes off – after all, most people have finalised their travel plans by that time, and only 7 to 10 percent of itineraries change after that – and the TSA has to send back an OK to the airline before you can be issued a boarding pass.

There's a whole lot more detail in the Notice of Proposed Rulemaking, but that's the gist. (They'll be accepting comments until October 22, if you would like to say anything about these proposals before they're finalised.)

There are lots of negative things to say about these proposals – the logistical difficulties for the travel industry, the inadequacy of the mathematical model behind this (which at the public hearing the ACLU's Barry Steinhardt compared to trying to find a needle in a haystack by pouring more hay on the stack), and the privacy invasiveness inherent in having the airlines collect the many pieces of data the government wants and, not unnaturally, retaining copies while forwarding it on to the TSA. But let's concentrate on one: the profound alteration such a scheme will make to American society at large. The default answer to the question of whether you had the right to travel anywhere, certainly within the confines of the US, has always been "Yes". These rules will change it to "No".

(The right to travel overseas has, at times, been more fraught. The folk scene, for example, can cite several examples of musicians who were denied passports by the US State Department in the 1950s and early 1960s because of their left-wing political beliefs. It's not really clear to me why the US wanted to keep people whose views it disapproved of within its borders but some rather hasty marriages took place in order to solve some of these immigration problems, though everyone's friends again now and it's fresh passports all round.)

Hasbrouck, Steinhardt, and EFF founder John Gilmore, who sued the government over the right to travel anonymously within the US, have all argued that the key issue here is the right to assemble guaranteed in the First Amendment. If you can't travel, you can't assemble. And if you have to ask permission to travel, your right of assembly is subject to disruption at any time. The secrecy with which the TSA surrounds its decision-making doesn't help.

Nor does the amount of personal data the TSA is collecting from airline passenger name records. The Identity Project's recent report on the subject highlights that these records may include considerable detail: what books the passenger is carrying, what answer you give when asked where you've been or are going, names and phone numbers given as emergency contacts, and so on. Despite the data protection laws, it isn't always easy to find out what information is being stored; when I made such a request of US Airways last year, the company refused to show me my PNR from a recent flight and gave as the reason: "Security." Civilisation as we know it is at risk if I find out what they think they know about me? We really are in trouble.

In Britain, the chief objections to the ID card and, more important, the underlying database, have of course been legion, but they have generally focused on the logistical problems of implementing it (huge cost, complex IT project, bound to fail) and its general privacy-invasiveness. But another thing the ID card – especially the high-tech, biometric, all-singing, all-dancing kind – will do is create a framework that could support a permission-based society in which the ID card's interaction with systems is what determines what you're allowed to do, where you're allowed to go, and what purchases you're allowed to make. There was a novel that depicted a society like this: Ira Levin's This Perfect Day, in which these functions were all controlled by scanner bracelets and scanners everywhere that lit up green to allow or red to deny permission. The inhabitants of that society were kept drugged, so they wouldn't protest the ubiquitous controls. We seem to be accepting the beginnings of this kind of life stone, cold sober.

American children play a schoolyard game called "Mother, May I?" It's one of those games suitable for any number of kids, and it involves a ritual of asking permission before executing a command. It's a fine game, but surely it isn't how we want to live.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 1:08 PM | Permalink | Comments (0) | TrackBacks (0)

How can you tell if someone is lying? The American civil rights lawyer Alan Dershowitz said during the OJ Simpson trial that even though we all want to believe we can, most people can't. That, he said, is why we must always look at the evidence.

I was thinking about this last week, when the cyclist Floyd Landis was stripped of his 2006 Tour de France title after an arbitration panel ruled two to one to uphold a two-year suspension after testing positive for synthetic testosterone. In his book, Positively False, Landis does a better job than you might expect of casting doubt on the test's validity. But the ritual public shaming will proceed unabated.

These morality plays cover no one with glory, least of all Dick Pound, the self-righteous, moralizing head of the World Anti-Doping Agency who sees all things in black and white.

Take, for example, his comment in the case of tennis player Mariano Puerta, the 2005 French Open finalist: ""You're dealing with somebody who's tested positive twice in less than two years and clearly doesn't think the rules apply to him."

Puerta's second positive test, which got him a two-year suspension and forfeiture of the money and ranking points he won at that French Open, was for traces of etilefrine so slight that the tribunal hearing the case agreed there was no performance-enhancing benefit he could have derived from it. The tribunal was slightly skeptical of Puerta's story, which was that etilefrine is a component of a medication his wife takes for low blood pressure and they must have switched glasses. But there was enough doubt to reduce his suspension from eight years to two.

Puerta's first positive test was for clenbuterol, administered for an asthma attack. The tribunal agreed that the only performance-enhancing benefit he derived from it was not being dead. Under the rules they had no choice but to suspend him. They made it as short and painless as possible, given the circumstances. Pound's attitude does nothing to win hearts and minds.

There's no question that a lot of lethal stuff is going on: this week the Drug Enforcement Administration mounted a comprehensive steroids raid that shut down 26 underground labs, made more than 50 arrests, and identified major suppliers in China. Surely high-profile top athletes with million-dollar endorsements are not buying their steroids online via hot tips from strangers on MySpace. The military and police that Pound, in his book Inside Dope pegs as heavy users also surely have better sources. It's worse: these steroids are (or were) being sold over the Internet to amateur bodybuilders and high school kids.

But it is arguable that this underground distribution network is a logical by-product of the anti-doping empire that has been built up since Ben Johnson's 1988 disqualification from the Seoul Olympics, just as Prohibition created the Mafia in the form of friendly bootleggers. The steroid message boards now are filled with warnings not to buy anything for a while.

Landis has, I think legitimately, pointed out flaws in the anti-doping system as it's presently constituted. For one thing, its courts are not governed by the due process and civil liberties that normally apply. The testing regime is privacy-invasive: urine or blood samples may be demanded at any time, without notice, and a missed test is treated as a positive test. In the case of a positive test, athletes can only call on assistance from experts who are not part of the WADA system – which means almost all the experts on the subject. Finally, the system is set up to presume guilt.

Based on experience, that may seem reasonable. There's no doubt cycling has a serious drug problem: Reading the former soigneur Willy Voet's 2000 Breaking the Chain is sufficient to show that. If you need more, read David Walsh's From Lance to Landis, Paul Kimmage's Rough Ride, or Werner Reiterer's Positive. Baseball player Jose Canseco's Juiced makes it clear that underneath many sports welcome the results. In baseball, club owners have shrunk the size of parks to increase the rate of home runs – more excitement, more paying fans. Steroids do this, too, by as much as 50 to 100 percent, according to this calculation.

Professionalism in sports has brought with it early entry, better training methods, and better nutrition, plus the freedom from other work that allows full-time effort. But American team sports like football, baseball, and hockey have been professional for a long time, and yet the change in body shapes in the last decade or two is striking.

Even so: in other areas of law enforcement it isn't enough to *know* someone is guilty, and the technicalities of how the law is applied do matter. Every year WADA expands its reach, into new sports, into new tests, into new areas of sport, including amateur competitions. We are creating the framework for an international legal system in which any legal issues to do with an ever-changing list of drugs and doping techniques are controlled by a single non-democratic organisation with multinational government funding that makes and administers its own laws. Is this what people mean by "clean sport"?

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 3:50 PM | Permalink | Comments (0) | TrackBacks (0)

I seem to have spent the summer dodging in and out of science fiction novels featuring four general topics: energy, security, virtual worlds, and what someone at the last conference called "GRAIN" technologies (genetic engineering, robotics, AI, and nanotechnology). So the summer started with doom and gloom and got progressively more optimistic. Along the way, I have mysteriously lost a lot of hats. The phenomena may not be related.

I lost the first hat in June, a Toyota Motor Racing hat (someone else's joke; don't ask) while I was reading the first of many very gloomy books about the end of the world as we know it. Of course, TEOTWAWKI has been oft-predicted, and there is, as Damian Thompson, the Telegraph's former religious correspondent, commented when I was writing about Y2K – a "wonderful and gleeful attention to detail" in these grand warnings. Y2K was a perfect example: a timetable posted to comp.software.year-2000 had the financial system collapsing around April 1999 and the cities starting to burn in October…

Energy books can be logically divided into three categories. One, apocalyptics: fossil fuels are going to run out (and sooner than you think), the world will continue to heat up, billions will die, and the few of us who survive will return to hunting, gathering, and dying young. Two, deniers: fossil fuels aren't going to run out, don't be silly, and we can tackle global warming by cleaning them up a bit. Here. Have some clean coal. Three, optimists: fossil fuels are running out, but technology will help us solve both that and global warming. Have some clean coal and a side order of photovoltaic panels.

I tend, when not wracked with guilt for having read 15 books and written 30,000 words on the energy/climate crisis and then spent the rest of the summer flying approximately 33,000 miles, toward optimism. People can change – and faster than you think. Ten years ago, you'd have been laughed off the British isles for suggesting that in 2007 everyone would be drinking bottled water. Given the will, ten years from now everyone could have a solar collector on their roof.

The difficulty is that at least two of those takes on the future of energy encourage greater consumption. If we're all going to die anyway and the planet is going inevitably to revert to the Stone Age, why not enjoy it while we still can? All kinds of travel will become hideously expensive and difficult; go now! If, on the other hand, you believe that there isn't a problem, well, why change anything? The one group who might be inclined toward caution and saving energy is the optimists – technology may be able to save us, but we need time to create create and deploy it. The more careful we are now, the longer we'll have to do that.

Unfortunately, that's cautious optimism. While technology companies, who have to foot the huge bills for their energy consumption, are frantically trying to go green for the soundest of business reasons, individual technologists don't seem to me to have the same outlook. At Black Hat and Defcon, for example (lost hats number two and three: a red Canada hat and a black Black Hat hat), among all the many security risks that were presented, no one talked about energy as a problem. I mean, yes, we have all those off-site backups. But you can take out a border control system as easily with an electrical power outage as you can by swiping an infected RFID passport across a reader to corrupt the database. What happens if all the lights go out, we can't get them back on again, and everything was online?

Reading all those energy books changes the lens through which you view technical developments somewhat. Singapore's virtual worlds are a case in point (lost hat: a navy-and-tan Las Vegas job): everyone is talking about what kinds of laws should apply to selling magic swords or buying virtual property, and all the time in the back of your mind is the blog posting that calculated that the average Second Life avatar consumes as much energy as the average Brazilian. And emits as much carbon as driving an SUV for 2,000 miles. Bear in mind that most SL avatars aren't figured up that often, and the suggestion that we could curb energy consumption by having virtual conferences instead of physical ones seems less realistic. (Though we could, at least, avoid airport security.) In this, as in so much else, the science fiction writer Vernor Vinge seems to have gotten there first: his book Marooned in Real Time looks at the plight of a bunch of post-Singularity augmented humans knowing their technology is going to run out.

It was left to the most science fictional of the conferences, last week's Center for Responsible Nanotechnology conference (my overview is here) to talk about energy. In wildly optimistic terms: technology will not only save us but make us all rich as well.

This was the one time all summer I didn't lose any hats (red Swiss everyone thought was Red Cross, and a turquoise Arizona I bought just in case). If you can keep your hat while all around you everyone is losing theirs…

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 3:43 PM | Permalink | Comments (1) | TrackBacks (0)

Our old non-friend Comcast has been under fire again, this time for turning off Internet access to users it deems to have used too much bandwidth. The kicker? Comcast won't tell those users how much is too much.

Of course, neither bandwidth caps nor secrecy over what constitutes heavy usage is anything new, at least in Britain. ntl brought in a 1Gb per day bandwidth cap as long ago as 2003. BT began capping users in 2004. And Virgin Media, which now owns ntl and apparently every other cable company in the UK, is doing it, too.

As for the secrecy, a few years ago when "unlimited" music download services were the big thing, it wasn't uncommon to hear heavy users complain that they'd been blocked for downloading so much that the service owner concluded they were sharing the account. (Or, maybe hoarding music to play later, I don't know.) That was frustrating enough, but the bigger complaint was that they could never find out how much was too much. They would, they said, play by the rules – if only someone would tell them what those rules were.

This is the game Comcast is now playing. It is actually disconnecting exceptionally heavy users – and then refusing to tell them what usage is safe. Internet service, as provided by Franz Kafka. The problem is that in a fair number of areas of the US consumers have no alternative if they want broadband. Comcast owns the cable market, and DSL provision is patchy. The UK is slightly better off: Virgin Media now owns the cable market, but DSL is widespread, and it's not only sold by BT directly but also by smaller third parties under a variety of arrangements with BT's wholesale department.

I am surprised to find I have some – not a lot, but some – sympathy with Comcast here. I do see that publishing the cap might lead to the entire industry competing on how much you can download a month – which might in turn lead to everyone posting the "unlimited" tag again and having to stick with it. On the other hand, as this Slashdot comment says, subscribers don't have any reliable way of seeing how much they actually are downloading. There is no way to compare your records with the company's equivalent to balancing your check book. But at least you can change banks if the bank keeps making mistakes or your account is being hacked. As already noted, this isn't so much of an option for Comcast subscribers.

This type of issue is resurfacing in the UK as a network neutrality dispute with the advent of the BBC's iPlayer. Several large ISPs want the BBC to pay for bandwidth costs, perhaps especially because its design makes it prospectively a bandwidth hog. It's an outrageous claim when you consider that both consumers and the BBC already pay for their bandwidth.

Except…we don't, quite. The fact is that the economics of ISPs have barely changed since they were all losing money a decade ago. In the early days of the UK online industry, when the men were men, the women were (mostly) men, and Demon was the top-dog ISP, ISPs could afford to offer unlimited use of their dial-up connections for one very simple reason. They knew that the phone bills would throw users offline: British users paid by the minute for local calls in those days. ISPs could, therefore, budget their modem racks and leased lines based on the realistic assessment that most of their users would be offline at any given time.

Cut to today. Sure, users are online all the time with broadband. But most of them go out to work (or, if they're businesses, go home at night), and heavy round-the-clock usage is rare. ISPs know this, and budget accordingly. Pipes from BT are expensive, and their size is, logically, enough, specified based on average use. There isn't a single ISP whose service wouldn't fall over if all its users saturated all their bandwidth 24/7. And at today's market rates, there isn't a single ISP who could afford to provide a service that wouldn't fall over under that level of usage. If an entire nation switches even a sizable minority of its viewing habits to the iPlayer ISPs could legitimately have a problem. Today's bandwidth hogs are a tiny percentage of Internet users, easily controlled. Tomorrow's could be all of us. Well, all of us and the FBI.

Still, there really has to be a middle ground. The best seems to be the ideas in the Slashdot posting linked about: subscribers should be able to monitor the usage on their accounts. Certainly, there are advantages to both sides in having flexible rules rather than rigid ones. But the ultimate sanction really can't be to cut subscribers off for a year, especially if they have no choice of supplier. If that's how Comcast wants to behave, it could at least support plans for municipal wireless. Let the burden of the most prolific users of the Internet, like those of health care, fall on the public purse. Why not?

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 4:41 PM | Permalink | Comments (0) | TrackBacks (0)

This has been the week for reminders that the border between real life and cyberspace is a permeable blood-brain barrier.

On Wednesday, Linden Labs announced that it was banning gambling in Second Life. The resentment expressed by some of SL residents is understandable but naive. We're not at the beginning of the online world any more; Second Life is going through the same reformation to take account of national laws as Usenet and the Web did before it.

Second, this week MySpace deleted the profiles of 29,000 American users identified as sex offenders. That sounds like a lot, but it's a tiny percentage of MySpace's 180 million profiles. None of them, be it noted, are Canadian.

There's no question that gambling in Second Life spills over into the real world. Linden dollars, the currency used in-world, have active exchange rates, like any other currency, currently running about L$270 to the US dollar. (When I was writing about a virtual technology show, one of my interviewees was horrified that my avatar didn't have any distinctive clothing; she was and is dressed in the free outfit you are issued when you join. He insisted on giving me L$1,000 to take her shopping. I solemnly reported the incident to my commissioning editor, who felt this wasn't sufficiently corrupt to worry about: US$3.75! In-world, however, that could buy her several cars.) Therefore: the fact that the wagering takes place online in a simulated casino with pretty animated decorations changes nothing. There is no meaningful difference between craps on an island in Second Life and poker on an official Web-based betting site. If both sites offer betting on real-life sporting events, there's even less difference.

But the Web site will, these days, have gone through considerable time and money to set up its business. Gaming, even outside the US, is quite difficult to get into: licenses are hard to get, and without one banks won't touch you. Compared to that, the $3,800 and 12 to 14 hours a day Brighton's Anthony Smith told Information Week he'd invested in building his SL Casino World is risibly small. You have to conclude that there are only two possibilities. Either Smith knew nothing about the gaming business - if he did, he know that the US has repeatedly cracked down on online gambling over the last ten years and that ultimately US companies will be forced to decide to live within US law. He'd also have known how hard and how expensive it is to set up an online gambling operation even in Europe. Or, he did know all those things and thought he'd found a loophole he could exploit to avoid all the red tape and regulation and build a gaming business on the cheap.

I have no personal interest in gaming; risking real money on the chance draw of a card or throw of dice seems to me a ridiculous waste of the time it took to earn it. But any time you have a service that involves real money, whether that service is selling an experience (gaming), a service, or a retail product, when the money you handle reaches a certain amount governments are going to be interested. Not only that, but people want them involved; people want protection from rip-off artists.

The MySpace decision, however, is completely different. Child abuse is, rightly, illegal everywhere. Child pornography is, more controversially, illegal just about everywhere. But I am not aware of any laws that ban sex offenders from using Web sites, even if those Web sites are social networks. Of course, in the moral panic following the MySpace announcement, someone is proposing such a law. The MySpace announcement sounds more like corporate fear (since the site is now owned by News International) than rational response. There is a legitimate subject for public and legislative debate here: how much do we want to cut convicted sex offenders out of normal social interaction? And a question for scientists: will greater isolation and alienation be effective strategies to keep them from reoffending? And, I suppose, a question for database experts: how likely is it that those 29,000 profiles all belonged to correctly identified, previously convicted sex offenders? But those questions have not been discussed. Still, this problem, at least in regards to MySpace, may solve itself: if parents become better able to track their kids' MySpace activities, all but the youngest kids will surely abandon it in favour of sites that afford them greater latitude and privacy.

A dozen years ago, John Perry Barlow (in)famously argued that national governments had no place in cyberspace. It was the most hyperbolic demonstration of what I call the "Benidorm syndrome": every summer thousands of holidaymakers descend on Benidorm, in Spain, and behave in outrageous and sometimes lawless ways that they would never dare indulge in at home in the belief that since they are far away from their normal lives there are no consequences. (Rinse and repeat for many other tourist locations worldwide, I'm sure.) It seems to me only logical that existing laws apply to behaviour in cyberspace. What we have to guard against is deforming cyberspace to conform to laws that don't exist.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 2:01 PM | Permalink | Comments (0) | TrackBacks (0)

One of the things that surprises outsiders most about Britain is that there is no written constitution. I can only judge what that discovery is like for an American, and in the US in particular our written constitution is regarded with such reverence that the notion of not having one is kind of shocking.

There have been various efforts to change this situation. The best known in the time I've been hanging around Britain is, or was, Charter 88. Founded (logically enough) in 1988, the group seemed to fizzle out in the 1990s, though apparently not entirely. The ideas didn't die, in any case, and the dear departed Blair had been making constitutional noises, and now his replacement, Gordon Brown, has made a commitment to constitutional reform.

Wednesday, July 18, therefore, sees the first of what will doubtless be a series of events at the LSE, organized by Fellows Simon Davies and Gus Hosein and featuring a raft of interesting speakers: Exploring options for the process of constitutional change. The project, known as Future Britain, will launch its Web site on Monday, July 16.

It was only after I'd been living in Britain for a while that it occurred to me that the unwritten constitution is that most quintessentially British thing, a gentleman's agreement. The principles by which Britain is governed have accreted over nine centuries, and for much of that time the people in charge of making decisions based on those principles were in fact gentlemen. I always had the sense that Britons regarded our constant American perusal of the Constitution's text as rather childish, a petty, dogmatic insistence on the exact terms of our written contract. Grown-ups trust each other.

Things are of course different now. The country is no longer so homoegeneous; you can't count on the people in charge of making laws to be gentlemen. It was, I think, no coincidence that Charter 88 started up during Margaret Thatcher's years as Prime Minister. She did things that would simply not be possible under the American Constitution, mostly notably abolishing the Greater London Council and several other local governments. That was the moment when I understood just how centralized British government is. It was, or had been, inconceivable to me that in an old and famous democracy a properly elected leader could be deposed in such a way. What was even more amazing was that despite a few protests, these actions were accepted and the country went on as usual. There is no local government if it can be abruptly terminated in that single-handed way, only delegated authority. Britain, I learned from that, is an elected dictatorship.

Writing down a constitution is not the same as reforming one. A constitution is not a blueprint; it has to be flexible enough and general enough in its principles to be adaptable to changing conditions. One of the significant failures of the US Constitution in today's world is that the Founding Fathers left no room for controlling large, multinational corporations. It would not have mattered that there were no such things in the 18th century if they had simply allowed for the possibility of third-party private interests of economic power. But they thought they had it covered when they put in the clause to separate church and state, since at the time the church was the only multinational corporation in town.
Brown's list of desired reforms does not make the kind of deep-rooted change that Charter 88 was calling for. The case for that is made on Open Democracy, by Neal Ascherson, who argues that this is really just an English problem.

The US Constitution, when I read it now, seems to me to be focused on prohibiting the kinds of abuses its drafters had experienced. Separating church and state, limiting the power of government to interfere in individuals' lives, guaranteeing freedom of speech and of assembly – these all speak of bitter experience. Ascherson's argument seems to suggest that something similar happened in creating Britain's undocumented government: the abuse to overthrow was the power of the king. Parliamentary absolutism was an adequate answer. Even the US's Founding Fathers didn't trust the people unless they were sufficiently wealthy land-owning men.

And that's the thing about constitutions: they are not enough by themselves even if they are written down. This point was made to me by the Campaign to Separate Church and State when I was living in Ireland in the late 1980s. The lifetime of the Irish constitution is still measured in decades, and the clause guaranteeing freedom of religion clearly meant the freedom to be Catholic after centuries of British Protestant rule. It did not guarantee equality for atheists, agnostics, or even Jews. So the broader point my Irish friends made was that the constitutional guarantee was meaningless without supporting legislation to enforce it. A constitution is, therefore, only a beginning.

As a foreigner, I don't think it's up to me to say what a British – or English – constitution should be. But I do know it shouldn't be written by the elected dictatorship in power. To have meaning, a constitution must be written by the people. It's our chance to devise a governmental design to which we give consent.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 1:16 PM | Permalink | Comments (0) | TrackBacks (0)

This week, the Open Rights Group released its report on the May 7 electronic voting pilots, conducted during by-elections in various locations in England and across all of Scotland. ORG observed these as closely as it could through the eyes of 25 volunteers.

Much of the report should be familiar to anyone who's read about similar trials and pilot projects in the US and elsewhere (especially the UK's own 2003 trials). There were technical problems when equipment failed or had to be rebooted. There were people problems, when both voters and officials were uncertain how to make machines work. There were security issues, as when ORG observers found PCs and switches with open ports and no one watching them. And there were design problems, when ballot layouts confused voters into spoiling ballots. Sound familiar?

More than that, the process of tallying votes just isn't transparent. At some point in the process, a miracle occurred and numbers were produced. Anti-evoting activists have been talking about "black box voting" for years, and here it was, live and in the silicon.

Probably no one expected ORG to come away from the trials glowing with enthusiasm about the technology. But the group put a significant amount of effort into observing the process and reporting fairly what it saw. The report needs to be taken seriously by the people in charge of choosing how we vote.

The job for the observers, from the sounds of it, wasn't easy. Rules were inconsistent, inconsistently applied, and subject to abrupt change. My favourite was the constituency that apparently got its security advice from someone used to working with banks: they were told not to let anyone see the screens of the laptops. But the whole point of elections is to make the process publicly accountable – which means the nuts and bolts need to be visible.
Curiously enough, it may be the black-box nature of these systems that kills them after all, just not for the reason we always thought.

If there is one consistent refrain throughout the mad rush to move ballot boxes inside computers it's that new technology will engage a new generation of currently disaffected voters. One of the most intriguing observations to come out of the Open Rights Group's report on the recent e-voting trials, therefore, is: "People passionate about local politics were consistently being turned off by the e-voting and e-counting pilot counts in areas observed" (p20).

People who don’t' care that much may just want the counts. But if you're a politician running for office, his agent, or one of the dozens (or thousands) of people who participated in the political process by campaigning for him or who cares about specific issues, just getting the count out of a black box is as much missing the point as watching a tennis match by looking up the final score on the Internet. Worse, since what's at stake is who runs the country (rather an Oscar or a trophy), you need to have confidence that the count has some relation to how people actually voted. If I lived in any of the constituencies where these pilots took place, I'd be demanding they rerun the election.

That might be the thing that kills it, more than the security problems or any philosophical problem the general public might have with privatizing voting. Without passionate supporters there would be no candidates.
Politics, sports, and entertainment all face the same challenge of engaging fans. The lesson from sports in particular is that the more detail you give fans the more obsessive they become. If there were some way to project each ballot, one at a time, on a giant screen, without destroying the secrecy of individual ballots, maybe every election would have the magnetic quality of Bush vs. Gore 2000. It would be quite a show, especially if people had the option of standing up at a microphone and explaining just why they voted the way they did. How's that for public access TV?

As things were, electronic counting meant agents, candidates, and various others couldn't tell what was going on. Internet voters can't be interviewed on existing the poll station, so local parties can't get a sense of how the vote is going. The campaigners who show up on people's doorsteps to get out the vote don't know whose doorsteps to canvass. This may not seem like much of a loss. But, as ORG points out, one way candidates have traditionally decided whether to ask for a recount is by comparing the posted returns with the information the parties have worked to compile throughout the day. (For US voters: after you exit UK polling areas you typically find party representatives conducting exit polls.)

I'm not convinced that the end users – that is, the voters – count for much in any of this. So far, the best efforts of computer scientists, hackers, and activists have had little success in trying to turn back the clock to pencil and paper or other forms of tried and trusted technology. \But if the insiders don't like it – the politicians who award funds, the parties who elect them – there might just be a chance it won't fly permanently. If so, they'd better act now, before the vendors become big enough to own us all.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 6:29 AM | Permalink | Comments (0) | TrackBacks (0)

So, he's gone, or almost.

Ten years is a long time for anyone to remain in power. Blair hasn't quite made it as long as Margaret Thatcher did, but by virtue of the UK's different ways in electing the people who fill its top office it's longer than either Reagan or Bush II. There are children who don't remember what it was like to have the Conservatives in power. And so on.

What's startling in reading the reviews is that although at least some of them do point out how unpopular Blair has been in recent years and point the finger squarely at his policies on Iraq, they generally tend to praise the state in which he's left Britain. What none of these seem to mention is the significant erosion of civil liberties under Blair's time in office. The Britain he leaves is considerably less democratic than the one he inherited.

The most obvious symptom of this is the national ID card, whose acknowledged cost has now reached the £6 billion the LSE report (PDF) predicted – with, no doubt, considerably more to come. The project may yet founder under the weight of its own technological aspirations. But it seems to have been designed to be maximally privacy invasive. Blair also selected as the card's champions first Jack Straw (who used the 9/11 attacks as an excuse to attack those of us who were key escrow); then David Blunkett, who essentially became addicted to the idea; and then Charles Clarke…all, we suppose, in the intersets of proving that Labour was tougher on crime than the Conservatives.

The justification for implementing the card – and the massive databases behind it – has changed over the five years since it was first proposed, but the desire to do it has not. With or without the ID card, Blair leaves behind biometrics in passports – but that we can blame on the International Civil Aeronautics Organization.

Blair talked about making Britain a leader in ecommerce. But first we had lengthy wrangles over key escrow, which eventually even Blair admitted was a mistake, and then we had the achingly slow growth of broadband.

We also had the passage of the Regulation of Investigatory Powers Act in 2000, and the Anti-terrorism, Crime, and Security Act in 2001, the latter passed with unseemly haste after 9/11. Taken together, the two provide law enforcement and the security services with the right to intercept communications or demand data retention, which itself has been the subject of another very long battle. ISPs have universally argued against it; Blair's government has refused to listen.

Yes, Blair's government brought in a Freedom of Information Act – but its availability keeps narrowing. The latest: Blair refuses to condemn proposals to exempt Parliament from it. These are our public servants. Supposedly.

Blair was also for involving faith organizations in policy-making and supported faith schools.

There have also been hotly disputed changes to legislation such as the Police and Criminal Evidence act (1984, revised 2003, and being reviewed again right now – comments to the consultation are due May 31).

During Blair's time in office the right to silence was diluted. You have the right to remain silent under arrest and questioning, to be sure, but if you do the judge and jury at your eventual trial are allowed to infer guilt from your silence.

During Blair's time, CCTV cameras have proliferated everywhere, making Londoners likely to be captured upwards of 200 times a day on camera. This government brought in anti-social behaviour orders, which opponents argue can easily be abused.

And so on, without a clear idea whether any of it is effective (PDF).

But probably the most insidious legacy Blair leaves behind is an important change in the way legislation and policy are enacted. Much new legislation – RIPA and ATCS are cases in point – is now drafted with the details left for secondary legislation that does not require a return to Parliamentary debate. The impact of legislation may be very different depending on how those details are laid out, and removing them from the debate bypasses the democratic process.

The second, the way policy is devised, is a game many countries now play: policy laundering. The game goes something like this. The US wants, say, biometrics in passports, and the UK likes the idea, too. The UK proposes it and when people object the government says, no choice, gotta have it, or the US won't let Brits into their country. When this gets old, they get the idea adopted by, say, ICAO – and thereafter they can say, no choice, it is an international standard mandated by this authority and agreed upon by all these other countries.

Of course these initiatives are not solely Blair's ideas; these proposals are showing up everywhere. But isn't the point of a good leader to resist bad ideas?

Blair was a nominee for "Worst Public Official" in Privacy International's global Big Brother awards. You can argue some geocentrism there, since PI is based in London. Still, here's what they said his credentials were: "his relentless work over ten years to expand the UK into the greatest surveillance society amongst democratic nations".

It's the "democratic" that gets you. There are plenty of countries whose leaders make Blair look like a moderate. But most of them, that's what you expect.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 3:13 PM | Permalink | Comments (0) | TrackBacks (0)

Some months back I blogged a breakdown of the various fees that are added on to each airline ticket and tagged it "What we're paying." A commenter took issue: society at large, he wrote, was paying a good deal more than that for my evil flying habits, and I shouldn't be going to Miami anyway. He had a point. What's offending one niece by missing her wedding? I have more.

The intemperateness of the conversation is the kind of thing smokers used to get from those who've already quit.
Just how acrimonious the whole thing is getting was brought home to me this week when Ian Angell surfaced to claim that it is not really possible to be a privacy advocate and an environmentalist at the same time. Of course, Angell was in part just trying to make trouble and get people arguing. But he says he has a serious point.

"The green issues are providing a moral justification for the invasion of privacy," he says, "and the green lobby must take it on board as part of what they're doing. And the fact that they're not taking it on board makes them guilty."

I wouldn't go that far – I do not think you can blame people for unintended consequences. But there are a number of proposals floating around in the UK that could provide yet more infrastructure for endemic surveillance, even if the intention at the moment is to protect the environment.

For example: the idea of the personal carbon allowance, first mooted in 2005 with the notion that it could be linked to the ID card. Last July, environment minister, David Miliband, proposed issuing swipe cards to all consumers, which you'd have to produce whenever you bought anything like petrol or heating – or plane tickets. That at least would give me ammunition against my blog commenter, because other than flying my carbon footprint is modest. In fact, we could have whole forums of moral superiors boasting about how few carbon points they used, like we now have people who boast about how early they get up in the morning. And we could have billboards naming and shaming those who – oh, the horror – had to buy extra carbon points, like they do for TV license delinquents.

Or take the latest idea in waste management, the spy bin fitted with a microchip sensor that communicates with the garbage truck to tell your local council how much you've contributed to the landfill. Given the apparent eagerness of manufacturers to enhance their packaging with RFID chips, this could get really interesting over time.

This is also a country where the congestion charge – a scheme intended to reduce the amount of traffic in central London – is enforced by cameras that record the license plates of every vehicle as it crosses the border. Other countries have had road tolls for decades, but London's mayor, formerly known as "Red Ken" Livingstone because of his extreme left-wing leanings, chose the most privacy-invasive way to do it. Proposals for nationwide road charging follow the same pattern, although the claim is that there will be safeguards against using the installed satellite tracking boxes to actually track motorists. Why on earth is this huge infrastructure remotely necessary? We already have per-mile road use charging. It's called buying fuel.

Privacy International's executive director, Simon Davies, points out that none of these proposals – nor those to expand the use of CCTV (talking cameras!) – are supported by research to show how the environment will benefit.

Of course, if there's one rule about environmentalism it is, as Angell says, "The best tax is the tax the other guy pays." Personally, I'd ban airconditioning; it doesn't get that hot in the UK anyway, and a load of ceiling fans and exhaust fans would take care of all but the most extreme cases of medical need. It certainly does seem ironic that just at the moment when everyone's getting exercised about saving energy and global warming – they're all putting in airconditioning so cold you have to carry a sweater with you if you go anywhere in the "summer".

So, similarly, when Angell says there are "straightforward, immediate answers" he's perfectly right. The problem is they'll all enrage some large group of businesses. "You could reduce garbage by 80 percent by banning packaging in shops. We are squabbling about tiny little changes when quite substantial changes are just not on the cards."
And then, he adds, "They jump on airline travel because you can bump up the taxes and it's morally justified."

I am convinced, however, that it's possible to be a privacy advocate and an environmentalist simultaneously. This is a type of issue that has come up before, most notably in connection with epidemiology. If you make AIDS a notifiable disease you make it easier to track the patterns of infection and alert those most at risk; but doing so invades patient privacy. But in the end, although Angell's primary goal was to stir up trouble, he's right to say that environmentalists need to ensure that their well-meaning desire to save the planet is not hijacked. Or, he says, "they will be blamed for the taxation and the intrusion."

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 1:58 PM | Permalink | Comments (0) | TrackBacks (0)

Back in 1975, the Ithaca, New York apartment building I was living in had a fire in the basement, and by the time it was out so was my telephone line. The repairman's very first move was to disconnect the $3 30-foot cable I had bought at K-Mart and confiscate it. At the time, AT&T's similar cable cost $25.

In fact, by then AT&T had no right to control what equipment you attached to your phone line because of the Carterfone case, in which the FCC ruled against AT&T's argument that it had to own all the equipment in order to ensure that the network would function properly. But this is how the telco world worked; in Edinburgh in 1983 legally you could only buy a modem from British Telecom. I think it cost about £300 – for 300 baud. Expensive enough that I didn't get online until 1990.

Stories like this are part of why the Internet developed the way it did: the pioneers were determined to avoid a situation where the Internet was controlled like this. In the early 1980s, when the first backbone was being build in the US to connect the five NSF-funded regional computing centers, the feeling was mutual. John Connolly, who wrote the checks for a lot of that work, told me in an interview in 1993 that they had endless meetings with the telcos trying to get them interested, but those companies just couldn't see that there was any money in the Internet.
Well, now here we are, and the Internet is chewing up the telcos' business models and creating havoc for the cable companies who were supposed to be the beneficiaries, and so it's not surprising that the telcos' one wish is to transform the Internet into something more closely approximating the controlled world they used to love.

Which is how we arrived at the issue known as network neutrality. This particular debate has been percolating in the US for at least a year now, and some discussion is beginning in the UK. This week, at a forum held in Westminster on the subject, Ofcom and the DTI said the existing regulatory framework was sufficient.

The basic issue is, of course, money. The traditional telcos are not, of course, having a very good time of things, and it was inevitable that it would occur to some bright CEO – it turned out to be the head of Verizon – that there ought to be some way of "monetizing" all those millions of people going to Google, Yahoo!, and the other top sites. Why not charge a fee to give priority service? That this would also allow the telcos to discriminate against competitor VOIP services and the cablecos (chiefly Comcast) to discrminate against competing online video services is also a plus. These proposals are opposed not only by the big sites in question but by the usual collection of Net rights organization, who tend to believe all sites were created equal – or should be.
Ofcom – and others I've talked to – believes that the situation in the UK is different, in part because although most of the nation's DSL service is provided either directly or indirectly by BT that company has to be cooperative with its competitors or face the threat of regulation. The EU, however, is beginning to take a greater interest in these matters, and has begun legal proceedings against Germany over a law exempting Deutsche Telecom from opening the local loop of its new VDSL network to competitors.

But Timothy Wu, a law professor at Columbia and author of Who Controls the Internet: Illusions of a Borderless World, has pointed out that the current debates are ignoring an important sector of the market: wireless. The mobile market is not now, nor ever has been, neutral. It is less closed in Europe, where you can at least buy a phone and stick any SIM in it; but in the US most phones are hardware-locked to their networks, a situation that could hardly be less consumer-friendly. Apple's new iPod, for example, will be available through only one carrier, AT&T Wireless.

Wu's paper, along with the so-called "Carterfone" decision that forced AT&T to stop confiscating people's phone cords, is cited by Skype in a petition to get the FCC to require mobile phone operators to allow software applications open access. Skype's gripe is easy to comprehend: it can't get its service onto mobile phones. The operators' lack of interest in opening their networks is also easy to comprehend: what consumer is going to call on their expensive tariffs if they can use the Internet data connection to make cheap ones? Wu also documents other cases of features that are added or subtracted according to the network operators' demands: call timers (missing), wi-fi (largely absent), and Bluetooth (often crippled in the US).

The upshot is that because the two markets – wireless phones and the Internet – have developed from opposite directions, we have two network neutrality debates, not one. The wonder is that it took us so long to notice.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 2:18 AM | Permalink | Comments (0) | TrackBacks (0)

It's been quite a week for women. Wimbledon has announced equal prize money "across the board" for men and women, and a woman has won the Alan M Turing Award from the Association for Computing Machinery. (Please don't confuse that with passing the Turing test; Frances Allen is a pioneer in computer science, not a cleverly built robot.) That concrete pig a friend gave me as a sort of anti-garden gnome is adjusting his aviator goggles and getting ready to take flight.

In the scheme of things, a woman's winning the Turing Award ought to be the less surprising of the two events. Although few women make the mainstream news in computing, there have been enough of them in computing history that it surely had to happen. The All-England Club, which stages the Wimbledon tennis championships every year, is a private club that can do anything it wants, and has for years insisted that the surveys it's carried out show that the audience prefers men's tennis. (To which I say, "Who did you ask?") Anyway: the silly arguments are finally over now, and the best part of that is that we won't have to read the same debate every June. It had gotten boring. Twenty years ago.

The list of Turing Award winners includes some pretty impressive and famous people – Marvin Minsky and John McCarthy for artificial intelligence, Vint Cerf and Robert E. Kahn for the protocols underlying the Internet, Maurice Wilkes, who went on from designing and building the first computer with an internally stored program to inspire generations of computer scientists at Cambridge. The first female winner's work, like many of the other winners' is less familiar as it's in high-performance computing rather than something as mainstream as the Internet. It's not a sign of prejudice that she wasn't better known until now.

I wish I could say that Allen is the first of many. That's not clear. She's almost certainly the first of some. But the truly sad thing is that the numbers of women in computer science have been dropping steadily over the last decade or two, in both Britain and America (and other countries, too). I recently had occasion to interview Nigel Shadbolt, the head of the British Computer Society (the ACM's British equivalent), and he was quite open about it. He named several female BCS Fellows (a designation you need experience and kudos to get), and concluded, "They are there, but not in the numbers we'd like." Only 6 percent of BCS Fellows are women, though the BCS is determined to improve on that. (Bear in mind also that the average age of Fellows is 60, although it's beginning to drop as the generation who grew up with computers in their homes begin to take advantage of that substantial head start.)

Shadbolt blamed early socialising in schools, where girls get the message early that computer science is a hard career to juggle with the demands of any families they might want to have – and also that the geek image is not one you want to have if you're a girl.
Nonetheless, Shadbolt said the BCS numbers are getting a little better. Of the membership as a whole, 14 percent are women. But of the new members the BCS has been recruiting, 20 percent are female.

Does it matter?

Shadbolt thought so. "Modern IT is about social skills as much as technical skills," he told me.
That statement doesn't fill me with as much delight as it might, I'd rather hear that women are needed for their technical genius than the old saw about how they're better with people. Note that Allen has won her awards for fundamentally changing a technical field.

The odd thing is that there are more women in the history of computing than most people realize. Six female mathematicians programmed ENIAC. Contrary to today's idea that only young males could be obsessive enough to spend all that time with their computers, 50 years ago it was thought that only women had the patience to be programmers.

There are several reasons why it does matter to get women into computer science. The first is for the women themselves: why should they miss out on interesting, challenging careers because of some stupid stereotype? The second is simple numbers and applies to all the hard sciences: we need all the talented people we can get entering those fields. The third is practical: computers pervade every part of life. The greater the diversity of the people designing them, the better.

Daily Tennis points out today that equalizing prize money at Wimbledon, while an important gesture, goes only a small way to redress the prize money gap. The women's tour overall has 22 percent less prize money on offer than the men's (men, by the way, play almost exclusively three-set matches away from the Grand Slams), and the Wimbledon change goes only about 1 percent of the way towards narrowing that gap. The chief effect, therefore, is to make the All-England club stop looking like ante-diluvian, misogynist dorks.

Percentagewise Allen's win is smaller than that. But it will remind an entire generation of girls that it's cool to be a computer scientist,

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 12:35 PM | Permalink | Comments (1) | TrackBacks (0)

Voter-verified paper audit trails won't save us. That was the single clearest bit of news to come out of this week's electronic voting events.

This is rather depressing, because for the last 15 years it's looked as though VVPAT (as they are euphoniously calling it) might be something everyone could compromise on.: OK, we'll let you have your electronic voting machines as long as we can have a paper backup that can be recounted in case of dispute. But no. According to Rebecca Mercuri in London this week (and others who have been following this stuff on the ground in the US), what we thought a paper trail meant is definitely not what we're getting. This is why several prominent activist organisations have come out against the Holt bill HR811, introduced into Congress this week, despite its apparent endorsement of paper trails.

I don't know about you, but when I imagined a VVPAT, what I saw in my mind's eye was something like an IBM punch card dropping individually into some kind of display where a voter would press a key to accept or reject. Instead, vendors (who hate paper trails) are providing cheap, flimsy, thermal paper in a long roll with no obvious divisions to show where individual ballots are. The paper is easily damaged, it's not clear whether it will survive the 22 months it's supposed to be stored, and the mess is not designed to ease manual recounts. Basically, this is paper that can't quite aspire to the lofty quality of a supermarket receipt.

The upshot is that yesterday you got a programme full of computer scientists saying they want to vote with pencils and paper. Joseoph Kiniry, from University College, Dublin, talked about using formal methods to create a secure system – and says he wants to vote on paper. Anne-Marie Ostveen told the story of the Dutch hacker group who bought up a couple of Nedap machines to experiment on and wound up publicly playing chess on them – and exposing their woeful insecurity – and concluded, "I want my pencil back." And so on.

The story is the same in every country. Electronic voting machines – or, more correctly, electronic ballot boxes – are proposed and brought in without public debate. Vendors promise the machines will be accurate, reliable, secure, and cheaper than existing systems. Why does anyone believe this? How can a voting computer possibly be cheaper than a piece of paper and a pencil? In fact, Jason Kitcat, a longtime activist in this area, noted that according to the Electoral Commission the cost of the 2003 pilots were astounding – in Sheffield £55 per electronic vote, and that's with suppliers waiving some charges they didn't expect either. Bear in mind, also, that the machines have an estimated life of only ten years.

Also the same: governments lack internal expertise on IT, basically because anyone who understand IT can make a lot more money in industry than in either government or the civil service.

And: everywhere vendors are secretive about the inner workings of their computers. You do not have to be a conspiracy theorist to see that privatizing democracy has serious risks.

On Tuesday, Southport LibDem MP John Pugh spoke of the present UK government's enchantment with IT. "The procurers who commission IT have a starry-eyed view of what it can do," he said. "They feel it's a very 'modern' thing." Vendors, also, can be very persuasive (I'd like to see tests on what they put in the ink in those brochures, personally). If, he said, Bill Gates were selling voting machines and came up against Tony Blair, "We would have a bill now."

Politicians are, probably, also the only class of people to whom quick counts appeal. The media, for example, ought to love slow counts that keep people glued to their TV sets, hitting the refresh button on their Web browsers, and buying newspapers throughout. Florida 2000 was a media bonanza. But it's got to be hard on the guys who can't sleep until they know whether they have a job next month.

I would propose the following principles to govern the choice of balloting systems:

- The mechanisms by which votes are counted should be transparent. Voters should be able to see that the vote they cast is the vote they intended to cast,

- Vendors should be contractually prohibited from claiming the right to keep secret their source code, the workings of their machines, or their testing procedures, and they should not be allowed to control the circumstances or personnel under which or by whom their machines are tested. (That's like letting the psychic set the controls of the million-dollar test.)

- It should always be possible to conduct a public recount of individual ballots.

Pugh made one other excellent point: paper-based voting systems are mature. "The old system was never perfect," he said, but over time "we've evolved a way of dealing with almost every conceivable problem." Agents have the right to visit every polling station and watch the count, recounts can consider every single spoiled ballot. By contrast, electronic voting presumes everything will go right.

Guys, it's a computer. Next!

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 12:49 PM | Permalink | Comments (1) | TrackBacks (0)

It is a truth that ought to be universally acknowledged that the more you know about computer security the less you are in favor of electronic voting. We thought – optimists that we are – that the UK had abandoned the idea after all the reports of glitches from the US and the rather indeterminate results of a couple of small pilots a few years ago. But no: there are plans for further trials for the local elections in May.

It's good news, therefore, that London is to play host to two upcoming events to point out all the reasons why we should be cautious. The first, February 6, is a screening of the HBO movie Hacking Democracy, a sort of documentary thriller. The second, February 8, is a conference bringing together experts from several countries, most prominently Rebecca Mercuri, who was practically the first person to get seriously interested in the security problems surrounding electronic voting. Both events are being sponsored by the Open Rights Group and the Foundation for Information Policy Research, and will be held at University College London. Here is further information and links to reserve seats. Go, if you can. It's free.

Hacking Democracy (a popular download) tells the story of ,a href="http://www.blackboxvoting.org">Bev Harris and Andy Stephenson. Harris was minding her own business in Seattle in 2000 when the hanging chad hit the Supreme Court. She began to get interested in researching voting troubles, and then one day found online a copy of the software that runs the voting machines provided by Diebold, one of the two leading manufacturers of such things. (And, by the way, the company whose CEO vowed to deliver Ohio to Bush.) The movie follows this story and beyond, as Harris and Stephenson dumpster-dive, query election officials, and document a steady stream of glitches that all add up to the same point: electronic voting is not secure enough to protect democracy against fraud.

Harris and Stephenson are not, of course, the only people working in this area. Among computer experts such as Mercuri, David Chaum, David Dill, Deirdre Mulligan, Avi Rubin, and Peter Neumann, there's never been any question that there is a giant issue here. Much argument has been spilled over the question of how votes are recorded; less so around the technology used by the voter to choose preferences. One faction – primarily but not solely vendors of electronic voting equipment – sees nothing wrong with Direct Recording Electronic, machines that accept voter input all day and then just spit out tallies. The other group argues that you can't trust a computer to keep accurate counts, and that you have to have some way for voters to check that the vote they thought they cast is the vote that was actually recorded. A number of different schemes have been proposed for this, but the idea that's catching on across the US (and was originally promoted by Mercuri) is adding a printer that spits out a printed ballot the voter can see for verification. That way, if an audit is necessary there is a way to actually conduct one. Otherwise all you get is the machine telling you the same number over again, like a kid who has the correct answer to his math homework but mysteriously can't show you how he worked the problem.

This is where it's difficult to understand the appeal of such systems in the UK. Americans may be incredulous – I was – but a British voter goes to the polls and votes on a small square of paper with a stubby, little pencil. Everything is counted by hand. The UK can do this because all elections are very, very simple. There is only one election – local council, Parliament – at a time, and you vote for one of only a few candidates. In the US, where a lemon is the size of an orange, an orange is the size of a grapefruit, and a grapefruit is the size of a soccer ball, elections are complicated and on any given polling day there are a lot of them. The famous California governor's recall that elected Arnold Schwarzeneger, for example, had hundreds of candidates; even a more average election in a less referendum-happy state than California may have a dozen races, each with six to ten candidates. And you know Americans: they want results NOW. Like staying up for two or three days watching the election returns is a bad thing.

It is of course true that election fraud has existed in all eras; you can "lose" a box of marked paper ballots off the back of a truck, or redraw districts according to political allegiance, or "clean" people off the electoral rolls. But those types of fraud are harder to cover up entirely. A flawed count in an electronic machine run by software the vendor allows no one to inspect just vanishes down George Orwell's memory hole.

What I still can't figure out is why politicians are so enthusiastic about all this. Yes, secure machines with well-designer user interfaces might get rid of the problem of "spoiled" and therefore often uncounted ballots. But they can't really believe – can they? – that fancy voting technology will mean we're more likely to elect them? Can it?

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 1:29 PM | Permalink | Comments (1) | TrackBacks (0)

A person can dream, right?

- Scrap the UK ID card. Last week's near-buried Strategic Action Plan for the National Identity Scheme (PDF) included two big surprises. First, that the idea of a new, clean, all-in-one National Identity Register is being scrapped in favor of using systems already in use in government departments; second, that foreign residents in the UK will be tapped for their biometrics as early as 2008. The other thing that's new: the bald, uncompromising statement that it is government policy to make the cards compulsory.

No2ID has pointed out the problems with the proposal to repurpose existing systems, chiefly that they were not built to do the security the legislation promised. The notion is still that everyone will be re-enrolled with a clean, new database record (at one of 69 offices around the country), but we still have no details of what information will be required from each person or how the background checks will be carried out. And yet, this is really the key to the whole plan: the project to conduct background checks on all 60 million people in the UK and record the results. I still prefer my idea from 2005: have the ID card if you want, but lose the database.

The Strategic Action Plan includes the list of purposes of the card; we're told it will prevent illegal immigration and identity fraud, become a key "defence against crime and terrorism", "enhance checks as part of safeguarding the vulnerable", and "improve customer service".

Recall that none of these things was the stated purpose of bringing in an identity card when all this started, back in 2002. Back then, first it was to combat terrorism, then it was an "entitlement card" and the claim was that it would cut benefit fraud. I know only a tiny mind criticizes when plans are adapted to changing circumstances, but don't you usually expect the purpose of the plans to be at least somewhat consistent? (Though this changing intent is characteristic of the history of ID card proposals going back to the World Wars. People in government want identity cards, and try to sell them with the hot-button issue of the day, whatever it is.

As far as customer service goes, William Heath has published some wonderful notes on the problem of trust in egovernment that are pertinent here. In brief: trust is in people, not databases, and users trust only systems they help create. But when did we become customers of government, anyway? Customers have a choice of supplier; we do not.

- Get some real usability into computing. In the last two days, I've had distressed communications from several people whose computers are, despite their reasonable and best efforts, virus-infected or simply non-functional. My favourite recent story, though, was the US Airways telesales guy who claimed that it was impossible to email me a ticket confirmation because according to the information in front of him it had already been sent automatically and bounced back, and they didn't keep a copy. I have to assume their software comes with a sign that says, "Do not press this button again."

Jakob Nielson published a fun piece this week, a list of top ten movie usability bloopers. Throughout movies, computers only crash when they're supposed to, there is no spam, on-screen messages are always easily readable by the camera, and time travellers have no trouble puzzling out long-dead computer systems. But of course the real reason computers are usable in movies isn't some marketing plot by the computer industry but the same reason William Goldman gave for the weird phenomenon that movie characters can always find parking spaces in front of their destination: it moves the plot along. Though if you want to see the ultimate in hilarious consumer struggles with technology, go back to the 1948 version of Unfaithfully Yours (out on DVD!) starring Rex Harrison as a conductor convinced his wife is having an affair. In one of the funniest scenes in cinema, ever, he tries to follow printed user instructions to record a message on an early gramophone.

- Lose the DRM. As Charlie Demerjian writes, the high-def wars are over: piracy wins. The more hostile the entertainment industries make their products to ordinary use, the greater the motivation to crack the protective locks and mass-distribute the results. It's been reasonably argued that Prohibition in the US paved the way for organized crime to take root because people saw bootleggers as performing a useful public service. Is that the future anyone wants for the Internet?

Losing the DRM might also help with the second item on this list, usability. If Peter Gutmann is to be believed, Vista will take a nosedive downwards in that direction because of embedded copy protection requirements.

- Converge my phones. Please. Preferably so people all use just the one phone number, but all routing is least-cost to both them and me.

- One battery format to rule them all. Wouldn't life be so much easier if there were just one battery size and specification, and to make a bigger battery you'd just snap a bunch of them together?

Happy New Year!

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 3:19 PM | Permalink | Comments (0) | TrackBacks (0)

We may joke about the "Great Firewall of China", but by the end of 2007 content blocking will be a fact of Internet life in the UK. In June, Vernon Coaker, Parliamentary Under-Secretary for the Home Department told Parliament, "I have recently set the UK Internet industry a target to ensure that by the end of 2007 all Internet service providers offering broadband Internet connectivity to the UK public prevent their customers from accesssing those Web sites." By "those", he means Web sites carrying pornographic images of children.

Coaker went on to say that by the end of 2006 he expects 90 percent of ISPs to have blocked "access to sites abroad", and that, "We believe that working with the industry offers us the best way forward, but we will keep that under review if it looks likely that the targets will not be met."

The two logical next questions: How? And How much?

Like a lot of places, the UK has two major kinds of broadband access: cable and DSL. DSL is predominantly provided by BT, either retail directly to customers or wholesale to smaller ISPs. Since 2004, BT's retail service is filtered by its Cleanfeed system, which last February the company reported was blocking about 35,000 attempts to access child pornography sites per day. The list of sites to block comes from the Internet Watch Foundation, and is compiled from reports submitted by the public. ISPs pay IWF £5,000 a year to be supplied with the list – insignificant to a company like BT but not necessarily to a smaller one. But the raw cost of the IWF list is insignificant compared to the cost of reengineering a network to do content blocking.

How much will it cost for the entire industry?

Malcolm Hutty, head of public affairs at Linx, says he can't even begin to come up with a number. BT, he thinks, spent something like £1 million in creating and deploying Cleanfeed – half on original research and development, half on deployment. Most of the first half of that would not now be necessary for an ISP trying to decide how to proceed, since a lot more is known now than back in 2003.

Although it might seem logical that Cleanfeed would be available to any DSL provider reselling BT's wholesale product, that's not the case.

"You can be buying all sorts of different products to be able to provide DSL service," he says. A DSL provider might simply rebrand BT's own service – or it might only be paying BT to use the line from your home to the exchange. "You have to be pretty close to the first extreme before BT Cleanfeed can work for you." So adopting Cleanfeed might mean reengineering your entire product.

In the cable business, things are a bit different. There, an operator like ntl or Telewest owns the entire network, including the fibre to each home. If you're a cable company that implemented proxy caching in the days when bandwidth was expensive and caching was fashionable, the technology you built then will make it cheap to do content blocking. According to Hutty, ntl is in this category – but its Telewest and DSL businesses are not.

So the expense to a particular operator varies for all sorts of reasons: the complexity of the network, how it was built, what technologies it's built on. This mandate, therefore, has no information behind it as to how much it might cost, or the impact it might have on an industry that other sectors of government regard as vital for Britain's economic future.

The How question is just as complicated.

Cleanfeed itself is insecure (PDF), as Cambridge researcher Richard Clayton has recently discovered. Cleanfeed was intended to improve on previous blocking technologies by being both accurate and inexpensive. However, Clayton has found that not only can the system be circumvented but it also can be used as an "oracle to efficiently locate illegal websites".

Content blocking is going to be like every other security system: it must be constantly monitored and updated as new information and attacks becomes known or are developed. You cannot, as Clayton says, "fit and forget".

The other problem in all this is the role of the IWF. It was set up in 1996 as a way for the industry to regulate itself; the meeting where it was proposed came after threats of external regulation. If all ISPs are required to implement content blocking, and all content blocking is based on the IWF's list, the IWF will have considerable power to decide what content should be blocked. So far, the IWF has done a respectable job of sticking to clearly illegal pornography involving children. But its ten years have been marked by occasional suggestions that it should broaden its remit to include hate speech and even copyright infringement. Proposals are circulating now that the organisation should become an independent regulator rather than an industry-owned self-regulator. If IWF is not accountable to the industry it regulates; if it's not governed by Parliamentary legislation; if it's not elected….then we will have handed control of the British Internet over to a small group of people with no accountability and no transparency. That sounds almost Chinese, doesn't it?

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 1:40 PM | Permalink | Comments (1) | TrackBacks (0)

So here it is November, and we are drumming our heels impatiently (to the annoyance of the new downstairs neighbours) still waiting for the results of the Gowers Review of Intellectual Property, which was supposed to report to the Chancellor, the Secretary of State for Trade and Industry, and the Secretary of State for Culture, Media, and Sport "in Autumn 2006". I'm not sure when "Autumn" officially begins or ends, but I'd go with August Bank Holiday/Labor Day to the Sunday when the clocks change.

Perhaps the delay is due to global warming.

The Gowers Review is large and complicated. One change the recording industry is lobbying for is copyright term extension for sound recordings; although copyright in sound recordings is 95 years in the US, here you only get (weep for them) 50. The Open Rights Group, on whose advisory board I email, held an event to air the matter earlier this week. It is heartening to report that the event was full of people and passion: one reason copyright has kept getting extended is that no one outside the industry seemed to care.

There are a number of things that *aren't* included in the review. Government information, for example, which had its own review in 2000. Crown Copyright and Parliamentary Copyright (it may not make sense to an American that the text of national legislation is copyright, but so it is). The Patent Office is doing its own review of trademarks and the definition of a "technical step" that's required to make something patentable – this applies in a vital way to the question of patenting software programs. But things like digital rights management, orphan works, archives' right to make preservation copies, and the problem that of perpetual copyright in unpublished work are all being considered. (Yes. A 15th century, anonymous, unpublished poem cannot legally be published or copied.)

The problem is that so many deals can still be cut in smoke-filled back rooms. The reviews' original plan seems more interested in business IP use than in consumers' rights.

We say again: all intellectual property law is a balance between rewarding artists and creators and the rights of the public to access and use their own culture. Corporations that have bought up large numbers of copyrights won't care about this, but (as I also keep saying) every creator is a net consumer of intellectual property. Every writer reads more than he writes; every musician listens to more music than he learns or composes; every filmmaker, even Woody Allen, sees far more films than he will ever make. The more restrictive – or, in Pamela Samuelson's word for it, maximalist – copyright becomes overall the less people will be able to build on the past to produce new work. And no one, no matter how much of a genius, ever creates things that are entirely new with no reference to what has gone before.

So my hope is that what's taking the extra time is that there are lots of impassioned submissions and Gowers and his team are having to consider public interests they didn't expect. And not, instead, that what's happening is behind-the-scenes dickering to skew the report against the public interest.

It's only the future of copyright in the UK.

Still: the point isn't to rush to release the report. The point is to get the report right.

What *should* happen? The Skeptics, another subculture I inhabit, have a saying with reference to the paranormal that "Extraordinary claims require extraordinary proof." Copyright has been with us for centuries, but the relentless march to extend it has vastly accelerated since the mid-1970s. I think we should class the claim that further extension is necessary as extraordinary, and we should demand commensurate proof of its need from those who are lobbying for it. Especially since the industry's major players are the same in every country; in other legal areas we do not assume that the UK must have the same laws as the US. Why should that be true in copyright?

While we're waiting, I have long thought that we need to replace the term "intellectual property". It's a bad metaphor, and calling the intangible results of the creative process "property" stacks the deck against anyone in favor of public access, because as soon as you talk about limiting the term of property rights you sound like a thief. I've been trying to come up with a term that expresses something about products of the creative process ("croducts"?) or what John Perry Barlow talks about as creatures that form in the intellectual and emotional space between two people. I haven't had very much luck. (Could we talk of a "clever"? or borrow Vannevar Bush's term for his Web-like fantasy machine,a "memex"?) "Intellectual children" is my best analogy: like children, you create and murture the products of your mind, and at some point they leave you and have to find their own way in the world. You do not, ever, own them.

A free copy of one of my books to anyone who can come up with a really good answer to this. Meantime, I'm sure Punxsutawney Phil will be along any day now, looking for his shadow.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 11:44 AM | Permalink | Comments (2) | TrackBacks (0)

This week ICANN announced its three new board members for 2006 to 2009: Persistent readers of this column will know that I put my name in for the job. I'm not one of the three. They are: Robert Gaetano, Steven Goldstein, and Rajasekhar Ramaraj, and I know about them approximately what's written by Kieren McCarthy, a journalist who has spent more time than anyone documenting ICANN.

ICANN had 90 applicants for the open jobs – three for the board of directors, and four for various subgroups. I'm told that in Asian countries it would be a terrible loss of face to be on the short list and then not get chosen, and that this could be the reason the names of those on the short list have never been made public. But no statistics have been released either, so we don't even know how many made it that far. Nominating committee members are unlikely ever to divulge even that much; they were required to sign a non-disclosure agreement. I know only this: I was on the short list.

Because so little is known about the ICANN selection process, it seems worth recounting what happened. Shortly before the nominating committee's late September selection meeting in Frankfurt, I got email from the chair, George Sadowsky, asking me to supply a phone number where I could be contacted on Friday, the first day of the meeting. If they wanted to speak to me they would call that number and schedule a phone call for Saturday. I should not draw negative conclusions if they did not contact me. But they did, working around a transatlantic flight, and the phone call was scheduled.

Now, I'm a writer, and kind of a literalist with language. I also have pretty much never applied for a job, and don't work in either the corporate world or academia. Therefore, when his email said they wanted to talk to me for "clarification" I assumed they meant they wanted to ask me questions about what I'd written in my statement of interest. So I reread it. I also spent an hour or two before the phone call reading news and other items on the ICANN site. One of these was the then newly released LSE report (PDF) on the Generic Names Supporting Organization.

None of that helped, because what Sadowsky, who conducted the 20-minute call with utter silence behind him, asked me were things like, "What, in your view, is ICANN's mission?" And "What are the three areas of ICANN you most want to be active in?" The first question made me think I was taking a test; the second seemed more like a job interview, or perhaps a theatrical casting call. You know, the kind where the director and his minions are all sitting, invisible, out in the theater where you can't see them because the stage lights are blinding you. When I asked who else was sitting around the phone they wouldn't say. (They did refer me to the Web page listing the committee's members, but I wasn't sure who might or might not have made the actual meeting.)

"What," the last question went, "would you want to say you had accomplished that only you could do" if I were chosen. I said I wanted to see ICANN become a more trusted and accountable organization.

There's no point pretending otherwise: I sounded completely lame and unprepared. Hardly surprising, because I was. I did manage to suggest that one reason I didn't know more about ICANN – enough, say, to know what they meant by "three areas" (countries? subcommittees? policies? "What are the choices?" I asked, and was referred again to the Web page) – was, as the LSE report agreed, the difficulty of navigating their Web site. It, like the European Union government sites, is perfectly understandable if you are already an expert on its content, but otherwise not so much.

In this sort of endeavor I have a second problem: journalists learn to deadline and forget everything the second they send the article in. In any given year I probably write 200 articles on dozens of topics. There isn't a single one of those topics where I don't have to reread what I've written to know what I said, even if I wrote it yesterday (I also reread my own work because I trust the research).

So, yes, I should have had the sense to be better prepared, but it was all, as I say, so unexpected. I serve on other boards. None requires anything like the effort the ICANN board does; and arguably none of them is as decisive in determining what the organizations do. In all cases I joined because I was asked; I never went through a selection process like this one.

As a reject, I can't really comment intelligently on how ICANN went about making its choices. I merely tell the story here in case my experience can help another applicant, somewhere down the line, be less confused than I was.

Thanks to all those who emailed or posted messages of support, and especially to my three referees.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 12:25 PM | Permalink | Comments (4) | TrackBacks (0)

Elections have always had two parts: the election itself, and the dickering beforehand (and occasionally afterwards) over who gets to vote. The latest move in that direction: at the end of September the House of Representatives passed the Federal Election Integrity Act of 2006 (H.R. 4844), which from 2010 will prohibit election officials from giving anyone a ballot who can't present a government-issued photo ID whose issuing requirements included proof of US citizenship. (This lets out driver's licenses, which everyone has, though I guess it would allow passports, which relatively few have.)
These days, there is a third element: specifying the technology that will tabulate the votes. Democracy depends on the voters' being able to believe that what determines the election is the voters' choices rather than the latter two.

The last of these has been written about a great deal in technology circles over the last decade. Few security experts are satisfied with the idea that we should trust computers to do "black box voting" where they count up and just let us know the results. Even fewer security experts are happy with the idea that so many politicians around the world want to embrace: Internet (and mobile phone) voting.

The run-up to this year's mid-term US elections has seen many reports of glitches. My favorite recent report comes from a test in Maryland, where it turned out that the machines under test did not communicate with each other properly when the touch screens were in use. If they don't communicate correctly, voters might be able to vote more than once. Attaching mice to the machines solves the problem – but the incident is exactly the kind of wacky glitch that's familiar from everyday computing life and that can take absurd amounts of time to resolve. Why does anyone think that this is a sensible way to vote? (Internet voting has all the same risks of machine glitches, and then a whole lot more.)

The 2000 US Presidential election isn’t as famous for the removal from the electoral rolls in Florida of few hundred thousand voters as it is for hanging chad – but read or watch on the subject. Of course, wrangling over who gets to vote didn't start then. Gerrymandering districts, fighting over giving the right to vote to women, slaves, felons, expatriates…

This is in fact the sort of point that opponents are making.

There are plenty of other logistical problems, of course, such as: what about absentee voters? I registered in Ithaca, New York, in 1972. A few months before federal primaries, the Board of Elections there mails me a registration form; returning it gets me absentee ballots for the Democratic primaries and the elections themselves. I've never known whether my vote is truly anonymous; nor whether it's actually counted. I take those things on trust, just as, I suppose, the Board of Elections trusts that the person sending back these papers is not some stray British person who's does my signature really well. To insert voter ID into that process would presumably require turning expatriate voters over to, say, the US Embassies, who are familiar with authentication and checking identity documents.

Given that most countries have few such outposts, the barriers to absentee voting would be substantially raised for many expatriates. Granted, we're a small portion of the problem. But there's a direct clash between the trend to embrace remote voting - the entire state of Oregon votes by mail – and the desire to authenticate everyone.
We can fix most of the voting technology problems by requiring voter-verifiable, auditable, paper trails, as Rebecca Mercuri began pushing for all those years ago (and most computer scientists now agree with), and there seem to be substantial moves in that direction as state electors test the electronic equipment and scientists find more and more serious potential problems. Twenty-seven states now have laws requiring paper trails. But how we control who votes is the much more difficult and less talked-about frontier.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 12:54 PM | Permalink | Comments (0) | TrackBacks (0)

Persistent readers of net.wars may remember that last February I spent a month working in an office. A couple of days ago, it was announced that Jim Fruchterman, the owner The Benetech Initiative, the office in question, has been given the MacArthur "Genius" award for his work as a "social entrepreneur".

The $500,000 award joins Fruchterman to a pretty elite and eclectic gang: Richard Stallman (free software pioneer), Pamela Samuelson (the first to blow the whistle on where copyright was going), and (the first time I ever heard of these awards) magician and paranormal investigator James Randi. The awards famously have no strings: you could take the half-mil and head for retirement. But the people MacArthur picks are the passionate, creative kind who are too driven to do anything but plough the money back into their work.

My corner of Benetech was the Human Rights Database Group which, under the leadership of Patrick Ball, uses relational databases to extract scientifically defensible statistics from testimony documenting human rights abuses, and also makes the Martus program to securely collect and manage unstructured information (such as testimony). But HRDAG is only one of several Benetech projects. Its other programs include Bookshare, an effort that (legally) scans in books to make them available to the vision-impaired, Route 66, a literacy program for adults and teenagers with learning disabilities, and a new tool for landmine detection and removal.

When I was there, Fruchterman, had just returned from his fourth visit to the World Economic Forum in Davos, where he'd been hobnobbing with the sort of people who have to check their aircraft carriers at the door. No entourages and, sadly, not much in the way of direct quotables. Fruchterman's presence at Davos reflected five years of increasing interest in incorporating the social sector into what began as primarily a meeting between business and government (plus the occasional rock star). Religious leaders, Union leaders, non-government organisations, and Fruchterman's own category, social entrepreneurs, are all represented now, he said, and about half of the content of the conference is about social issues. Concerned at the beginning that their invitations might just be "social window dressing", there is now a general sense that they belong.

Enlightened self-interest," he said, in explaining why the welfare of the less fortunate is important to the Davos crowd. It's a quote from Tony Blair, but the point is clear: investing in the socially less fortunate is a matter of self-preservation. Global warming doesn't distinguish between rich and poor countries, just as incurable tuberculosis flitting through an aircraft's ventilation system doesn't discriminate between the rich person in first class and the relatively poor one sitting 30 rows back.

There's a clear line from the first company Fruchterman founded, Calera, an early (1982) optical character recognition company, to Benetech: Fruchterman started wanting to build a reading machine as long ago as his years studying pattern recognition as an undergraduate at Caltech. He didn't have the usual sort of reason; neither he nor a family member has a visual disability. Other than a short detour to start a rocket company ("the rocket blew up") making the world of text available to the visually impaired is a constant thread through his work life.

In 1989, he founded Arkenstone, a non-profit that used Calera's optical character recognition to develop and market such a machine for the blind. It was, he says, a technical breakthrough because the machine needed no training and did not need specific fonts. Arkenstone was eventually sold to Freedom Scientific, which shares Benetech's offices in Palo Alto.

"When you start a company," Fruchterman told me he'd come out of Davos this year thinking, "you imagine there's a gap that needs to be filled, that's why you're doing it. Sometimes you want to make a lot of money. Something you do it because you want to build something – like the average engineer. I came out realizing that there are a whole bunch of demands that people are beginning to put on technology and content. For example, they want better education, more literacy, more health, better economic opportunities for the poor, cleaner energy, to stop global warming."

We're now past the stage of a few years ago, when people were still trying to understand what the issues were. Now, we pretty much know: "It's not complicated, but we need to figure out ways." As a simple example: "Stop systematically screwing poor countries."

By now, he said, "We are transitioning from hype-filled discussions of, 'We have to fix the digital divide' to asking what that really means. People are experimenting." He sees two separate threads to those experiments. One: the PC thread. This includes Negroponte and his cheap laptops, Microsoft's starter edition, Linux and open source generally. The other: the mobile phone group, who are convinced that cellphones will be the platform for everything.

For what Fruchterman does, "I don't care which group wins. The fact that both support Web browsing means we could be delivering Route 66 content to teach people reading and digital textbooks on these platforms." As long as Benetech can build what Fruchterman calls the "last social mile" on the platform, Fruchterman is happy.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post comments here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 1:29 PM | Permalink | Comments (0) | TrackBacks (0)

If there is one thing we always said about the ID card it's that it was going to be tough to implement. About ten days ago, the Sunday Times revealed how tough: manufacturers are oddly un-eager to bid to make something that a) the Great British Public is likely to hate, and b) they're not sure they can manufacture anyway. That suggests (even more strongly than before) that in planning the ID card the government operated like an American company filing a dodgy patent: if we specify it, they will come.

I sympathize with IBM and the other companies, I really do. Anyone else remember 1996, when nearly all the early stories coming out of the Atlanta Olympics blamed IBM' prominently for every logistical snafu? Some really weren't IBM's fault (such as the traffic jams). Given the many failures of UK government IT systems, being associated with the most public, widespread, visible system of all could be real stock market poison.

But there's a secondary aspect to the ID card that I, at least, never considered before. It's akin to the effect often seen in the US when an amendment to the Constitution is proposed. Even if it doesn't get ratified in enough states – as, for example, the Equal Rights Amendment did not – the process of considering it often inspires a wave of related legislation. The fact that ID cards, biometric identifiers, and databases are being planned and thought about at such a high level seems to be giving everyone the idea that identity is the hammer for every nail.

Take, for example, the announcement a couple of days ago of NetIDme, a virtual ID card intended to help kids identify each other online and protect them from the pedophiles our society apparently now believes are lurking behind every electron.

There are a lot of problems with this idea, worthy though the intentions behind it undoubtedly are. For one thing, placing all your trust in an ID scheme like this is a risk in itself. To get one of these IDs, you fill out a form online and then a second one that's sent to your home address and must be counter-signed by a professional person (how like a British passport) and a parent if you're under 18. It sounds to me as though this system would be relatively easy to spoof, even if you assume that no professional person could possibly be a bad actor (no one has, after all, ever fraudulently signed passports). No matter how valid the ID is when it's issued, in the end it's a computer file protected by a password; it is not physically tied to the holder in any way, any more than your Hotmail ID and password are. For a third thing, "the card removes anonymity," the father who designed the card, Alex Hewitt, told The Times. But anonymity can protect children as well as crooks. And you'd only have to infiltrate the system once to note down a long list of targets for later use.

But the real kicker is in NetIDme's privacy policy, in which the fledgling company makes it absolutely explicit that the database of information it will collect to issue IDs is an asset of a business: it may sell the database, the database will be "one of the transferred assets" if the company itself is sold, and you explicitly consent to the transfer of your data "outside of your country" to wherever NetIDme or its affiliates "maintain facilities". Does this sound like child safety to you?

But NetIDme and other systems – fingerprinting kids for school libraries, iris-scanning them for school cafeterias – have the advantage that they can charge for their authentication services. Customers (individuals, schools) have at least some idea of what they're paying for. This is not true for the UK's ID card, whose costs and benefits are still unclear, even after years of dickering over the legislation. A couple of weeks ago, it became known that as of October 5 British passports will cost £66, a 57 percent increase that No2ID attributes in part to the costs of infrastructure needed for ID cards but not for passports. But if you believe the LSE's estimates, we're not done yet. Most recent government estimates are that an ID card/passport will cost £93, up from £85 at the time of the LSE report. So, a little quick math: the LSE report also guessed that entry into the national register would cost £35 to £40 with a small additional charge for a card, so revising that gives us a current estimate of £38.15 to £43.60 for registration alone. If no one can be found to make the cards but the government tries to forget ahead with the database anyway, it will be an awfully hard sell. "Pay us £40 to give us your data, which we will keep without any very clear idea of what we're going to do with it, and in return maybe someday we'll sell you a biometric card whose benefits we don't know yet." If they can sell that, they may have a future in Alaska selling ice boxes to Eskimos.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 1:54 PM | Permalink | Comments (4) | TrackBacks (0)

Like many of the Net's founders and creators, I am an idealist: I want the Net to remain as free and unfettered as possible, avoiding the twin dangers of stagnation and disintegration, both of which are possible outcomes of poor management. ICANN's job is nominally to provide technical oversight of naming and addressing, but it is impossible to consider these issues without making what is essentially public policy. Governments, corporations, technologists, and lawyers have an important role to play, but they are not the only stakeholders, and it seems to me that Net *users* and consumers are insufficiently represented. I believe I can help represent that point of view. I also believe increased representation of that point of view is necessary. The uniform dispute resolution procedures, for example, are generally considered to be disproportionately weighted in favor of large corporations at the expense of the very small businesses and individuals that the Net is supposed to empower.

The Internet was famously decentralized to withstand a bomb outage. Even so, from the earliest days there have been a number of benevolent dictators who guided the development of specific areas or applications. It is to some extent unavoidable that assigning unique identifiers – names, numbers, and ports – must be handled by one or more central authorities. The most visible aspect of this, the Domain Name System, for all that it has scaled well since Paul Mockapetris devised it in the 1980s, is a single, central point of failure managed by an organization that no one understands and few people trust.

The lack of trust is partly unavoidable. ICANN's predecessor, Jon Postel, was a rare man whom almost everyone trusted. Had Postel lived, he might have been able to act as a guarantor of the fledgling ICANN and been able to transfer some of that trust. After his untimely death and in his absence, it was inevitable that Netizens would treat any new authority with suspicion, especially since many had already vehemently rejected the earlier proposed gTLD-MOU that was widely interpreted (however incorrectly) as a "coup".

But much of today's distrust was not unavoidable. Despite ICANN's insistence that it is an open and accoutable organization, observer after observer has complained that while portions of its official meetings are public decisions are in reality made behind closed doors, often in advance. While I appreciate that the changing meeting venues are intended to avoid giving an unequal advantage in attendance to any one nation or group of nations, the meetings' perpatetic nature make it hard for observers without significant funding to attend on any regular basis. Therefore, it is even more crucial for ICANN to engage the Internet community at large on questions of policy and direction. The decision to do away with elected At-Large board members was widely perceived to derive from a dislike of the electoral results; that, too, has made ICANN look secretive and unaccountable.

The past cannot be changed, but the future can. ICANN has frequently stated that it intends to be publicly accountable and open, and perform its duties of technical oversight by consensus. But because code is law (Amazon UK), technical decisions have public policy consequences. "Technical oversight" is an incorrect description unless ICANN's mission becomes the janitorial role of merely implementing technical decisions made by others (a role to which some have argued it should be constrained). ICANN's latest strategic planning statement (PDF) expresses no such intent. Instead, it says, "The continued evolution of the Internet, especially the DNS, brings with it an increasing number of policy issues of ever increasing complexity that need to be decided through the ICANN process."

But as a policy-making body ICANN has the endemic structural problem of lacking the checks and balances that constrain a democratic government's behavior. Admittedly, technology moves fast and democratic deliberation takes time. As long as ICANN is tied to the Department of State, there is at least some small measure of democratic oversight. WSIS, for all its flaws, is made up of representatives of democratically elected governments. Other technical bodies, such as the IETF, make technical policy by opening their meetings and allowing full participation; technical merit gets you heard. The early Internet made history for its openness, using RFCs to suggest, not impose, technical changes. As ICANN's strategic plan itself recognizes, this is a key moment in ICANN's history: if it is to become independent it must find a way to become truly accountable. It would be a betrayal of every principle on which the Internet was founded for the Internet's most important single point of failure to be completely controlled by a self-selecting body whose inner deliberations and functioning remain obscure.

In these latter days, it is hard for anyone who is not, as I am not, a programmer (or lawyer) to make significant contributions to the Internet's development. The Internet in its many aspects has been my main focus as a London-based journalist since 1991. I continue to make that choice because I want to help push Internet policy and development in what I feel are the right directions: toward openness and experimentation, away from closure and control.

I believe that serving on the ICANN board would be a logical continuation of my work over the last 15 years.

P.S.: I also really love to travel.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 2:03 PM | Permalink | Comments (4) | TrackBacks (0)

An old Net joke holds that the best way to kill the Net is to invent a new application everyone wants. The Web nearly killed the Net when it was young. Binaries on Usenet. File-sharing. Video on demand may finally really do it. Not, necessarily, because it swamps servers, consumes all available bandwidth. But because, like spam, it causes people to adopt destructive schemes.

Two such examples turned up this week. The first, from the IP Development Network, the brainchild of Jeremy Penston, formerly of UUnet and Pipex, HD-TV over IP: Who Pays the Bill? (PDF), argues that present pricing models will not work in the HDTV future, and ISPs will need to control or provide their own content. It estimates, for example, that a consumer's single download of a streamed HD movie could cost an ISP £21.13, more than some users pay a month. The report has been criticized, and its key assumption – that the Internet will become the chief or only gateway to high-definition content – is probably wrong. Niche programming will get downloaded because any other type of distribution is uneconomical, but broadcast will survive for mass-market.

The germ that isn't so easily dismissed is the idea that bandwidth is not necessarily going to continue to get cheaper, at least for end users.

Which leads to exhibit B, the story that's gotten more coverage, a press release – the draft discussion paper isn't available yet – from the London-based Association of Independent Music (AIM) proposing that ISPs should be brought "into the official value chain". In other words, ISPs should be required to have and pay for licenses agreed with the music industry and a new "Value Recognition Right" should be created. AIM's reasoning: according to figures they cite from MusicAlly Research, some 60 percent of Internet traffic by data volume is P2P, file-sharing, and music has been the main driver of that. Therefore, ISPs are making money from music. Therefore, AIM wants some.

Let's be plain: this is madness.

First of all, the more correct verb there is "was", and even then it's only partially true. Yes, music was the driver behind Napster eight years ago, and Gnutella six years ago, and the various eHoofers. But now Bittorrent is the biggest bandwidth gobbler, and the biggest proportion of transferred data transferred is video, not music. This ought to be obvious: MP3 4Mb, one-hour TV show 350Mb, movie 700Mb to 4.7Gb. Music downloads started first and have been commercialized first, but that doesn't make it the main driver; it just makes it the historically *first* driver. In any event, music certainly isn't the main reason people get online: that is and was email and the Web.

Second of all, one of the key, underrated problems for any charging mechanism that involves distinguishing one type of bits from another type of bits in order to compensate someone is the loss of privacy. What you read, watch, and listen to is all part of what you think about; surely the inner recesses of your mind should be your own. A regime that requires ISPs to police what their customers do – even if it's in their own financial interests to do so – edges towards Orwell's Thought Police.

Third of all, anyone who believes that ISPs are making money from P2P needs remedial education. Do they seriously think that at something like £20 per month for up to 8mbps ADSL anyone's got much of a margin? P2P is, if anything, the bane of ISPs' existence, since it turns ordinary people into bandwidth hogs. Chris Comley, managing director of Wizards, the small ISP that supplies my service (it resells BT connections), says that although his company applies no usage caps, if users begin maxing out their connections (that is, using all their available bandwidth 24 hours a day, seven days a week), the company will start getting complaining email messages from BT and face having to pay higher charges for the connections it resells. Broadband pricing, like that of dial-up before it (when telephone bills could be relied upon to cap users' online hours), is predicated on the understanding that even users on an "unlimited" service will not in fact consume all the bandwidth that is available to them. In Comley's analogy, the owner of an all-you-can-eat buffet sets his pricing on the assumption that people who walk in for a meal are not in fact going to eat everything in the place.

"The price war over bandwidth is going to have to be reversed," he says, "because we have effectively discounted what the user pays for IP to such a low level that if they start to use it they're in trouble, and they will if they start using video on demand or IPTV."

We began with an old Internet joke. We end with an old Internet saying, generally traced back to the goofy hype of Nicholas Negroponte and George Gilder: that bandwidth is or will be too cheap to meter. It ought to be, given that the price of computing power keeps dropping. But if that's what we want it looks like we'll have to fight for it.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 1:51 PM | Permalink | Comments (1) | TrackBacks (0)

Wednesday night was a rare moment of irrelevant glamor in my life, when I played on the Guardian team in a quiz challenge grudge match.

In March, Richard Sarson (intriguingly absent, by the way) accused MPs of not knowing which end was up, technically speaking, and BT funded a test. All good fun.

But Sarson had a serious point: MPs are spending billions and trillions of public funds without the technical knowledge to them. His particular focus was the ID card, which net.wars has written about so often. Who benefits from these very large IT contracts besides, of course, the suppliers and contractors? It must come down to Yes, Minister again: commissioning a huge, new IT system gives the Civil Service a lot of new budget and bureaucracy to play with, especially if the ministers don't understand the new system. Expanded budgets are expanded power, we know this, and if the system doesn't work right the first time you need an even bigger budget to fix them with.

And at that point, the issue collided in my mind with this week's other effort, a discussion of Vernor Vinge's ideas of where our computer-ridden world might be going. Because the strangest thing about the world Vernor Vinge proposes in his new book, Rainbows End, is that all the technology pretty much works as long as no one interferes with it. For example: this is a world filled with localizer sensors and wearable computing; it's almost impossible to get out of view of a network node. People decide to go somewhere and snap! a car rolls up and pops open its doors.

I'm wondering if Vinge has ever tried to catch a cab when it was raining in Manhattan.

There are two keys to this world. First: it is awash in so many computer chips that IPv6 might not have enough addresses (yeah, yeah, I know, no electron left behind and all that). Second: each of these chips has a little blocked off area called the Secure Hardware Environment (SHE), which is reserved for government regulation. SHE enables all sorts of things: detailed surveillance, audit trails, the blocking of undesirable behavior. One of my favorite of Vinge's ideas about this is that the whole system inverts Lawrence Lessig's idea of code is law into "law is code". When you make new law, instead of having to wait five or ten years until all the computers have been replaced so they conform to the new law, you can just install the new laws as a flash regulatory update. Kind of like Microsoft does now with Windows Genuine Advantage. Or like what I call "idiot stamps" – today's denominationless stamps, intended for people who can never remember how much postage is.

There are a lot of reasons why we don't want this future, despite the convenience of all those magically arriving cars, and despite the fact that Vinge himself says he thinks frictional costs will mean that SHE doesn't work very well. "But it will be attempted, both by the state and by civil special interest petitioners." For example, he said, take the reaction of a representative he met from a British writers' group who thought it was a nightmare scenario – but loved the bit where microroyalties were automatically and immediately transmitted up the chain. "If we could get that, but not the monstrous rest of it…"

For another, "You really need a significant number of people who are willing to be Amish to the extent that they don't allow embedded microprocessors in their lifestyle." Because, "You're getting into a situation where that becomes a single failure point. If all the microprocessors in London went out, it's hard to imagine anything short of a nuclear attack that would be a deadlier disaster."

Still, one of the things that makes this future so plausible is that you don't have to posit the vast, centralized expenditure of these huge public IT projects. It relies instead on a series of developments coming together. There are examples all around us. Manufacturers and retailers are leaping gleefully onto RFID in everything. More and more desktop and laptop computers are beginning to include the Trusted Computing Module, which is intended to provide better security through blocking all unsigned programs from running but as a by-product could also allow the widescale, hardware-level deployment of DRM. The business of keeping software updated has become so complex that most people are greatly relieved to be able to make it automatic. People and municipalities all over the place are installing wireless Internet for their own use and sharing it. To make Vinge's world, you wait until people have voluntarily bought or installed much of the necessary infrastructure and then do a Project Lite to hook it up to the functions you want.

What governments would love about the automatic regulatory upgrade is the same thing that the Post Office loves about idiot stamps: you can change the laws (or prices) without anyone's really being aware of what you're doing. And there, maybe, finally, is some real value for those huge, failed IT projects: no one in power can pretend they aren't there. Just, you know, God help us if they ever start being successful.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

Posted by Wendy M. Grossman at 8:05 AM | Permalink | Comments (1) | TrackBacks (0)