" /> net.wars: September 2006 Archives

« August 2006 | Main | October 2006 »

September 29, 2006

Doppelgangland

One of the many great ways the Net has democratized society is in making it possible for even very obscure, ordinary people to be impersonated.

There is, for example, a local architect at one of my tennis clubs. I was looking up his email address one day, and discovered that someone had bought up the .co.uk version of his .com domain and filled it up with a lot of nasty comments and purported supporting evidence for same alleging that the tennis-playing architect was incompetent, dishonest, and generally worth avoiding.

As you might expect, the backstory was one of those ordinary garden-variety disputes in which a disgruntled, slightly obsessive former client decides, when the profession's governing body declined to support his claim, to take matters into his own hands and make life difficult. The architect thought of suit, then eventually decided it wasn't a good way to spend his time or money. The site's gone now, though the domain is still owned by the disgruntled one. But it has, to our friend's relief, dropped off the list of hits Google produces when the architect's name is typed in. Because, really, the problem wasn't that the site existed; it was that it was way too easy to find.

Now, see, I can understand this story, sort of. Who among us hasn't gotten annoyed enough now and then to want to vent what we believe to be our righteous anger in this way? Most of us never do it, of course, but the desire is recognizably human.

So were the motives of the woman I wrote about a couple of years ago who claimed to be Martina Navratilova on a fan message board. It was pretty clear what she wanted: attention and the glory of being the person everyone was there to admire. She was exposed, apologized, and now is on good terms with the rest of the board. I remember, also, a fake David Letterman turning up on alt.fan.letterman in 1994,

It's worth noting that despite people's willingness to fall for scams like the above, it's been noticeable to me throughout the years that when someone famous really does show up on Usenet there's a lot of skepticism and often even some checking. It does happen, of course: M*A*S*H creator Larry Gelbart likes to hobnob with the fans on alt.tv.mash, and at one time a Frasier producer or two used to hang around alt.tv.frasier.

But what earthly point could there possibly be in impersonating me on Usenet?

It all started, I don't know, a month ago, when someone posted a message such that my email address (or, at least, the one I use for Usenet) appeared in the "From" line. The message itself was the sort of thing I'd normally just ignore if it came from someone else and certainly wouldn't have posted myself. I felt, for a brief moment, like Laurence Godfrey: defamation through misrepresentation. On the other hand, what can you do about it? In Godfrey's case, he sued Demon Internet for not taking the postings in question off his servers when he asked them to. Demon settled, laying the groundwork for today's "notice and takedown" rules. But Godfrey is a serial litigator, and I like an untroubled life.

What is a little more disturbing is that Google indexes all its extensive Usenet archives by email address. The postings in question pop up in a search right alongside the ones I've legitimately made. Even though there are some giveaways that make the fakes easy to spot if you're paying even a modicum of attention, Google Groups can't do it. Nor is it clear whether, under Google Groups' terms and conditions, I actually have the right to remove them: when you select a posting for removal you are required to agree that you made the original posting and therefore have the right to remove it. But, of course, that's the point: I didn't make the postings. Plus, even if you get them removed from Google's cache there are all the other caches and public archives lying around in which they'll still appear.

I don't, of course, like it. I occasionally write about tennis, and I've interviewed one of the players one of the fake postings trashes as ugly. She's not – and she's entertaining, hard-working, and fun. I would hate to have her think I'd said such a thing. Fortunately, Usenet, these days, is very much a minority pastime, and when you're in the news as much as these women are I doubt you go looking for more stuff to read about yourself in obscure online forums. (On a DVD I've been listening to recently, the comic actress Vicki Lewis observes that she had to give up reading comments about herself and her work online: "It's like hitting yourself on the head with a hammer.")

To be fair, in my egocentric haste to simplify the story, I've left out the fact that several other, even more obscure, people on the newsgroup were impersonated, too. Which, you know, is kind of too bad. Otherwise, I could be flattered, right? I'm *that* important.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

September 22, 2006

The last social mile

Persistent readers of net.wars may remember that last February I spent a month working in an office. A couple of days ago, it was announced that Jim Fruchterman, the owner The Benetech Initiative, the office in question, has been given the MacArthur "Genius" award for his work as a "social entrepreneur".

The $500,000 award joins Fruchterman to a pretty elite and eclectic gang: Richard Stallman (free software pioneer), Pamela Samuelson (the first to blow the whistle on where copyright was going), and (the first time I ever heard of these awards) magician and paranormal investigator James Randi. The awards famously have no strings: you could take the half-mil and head for retirement. But the people MacArthur picks are the passionate, creative kind who are too driven to do anything but plough the money back into their work.

My corner of Benetech was the Human Rights Database Group which, under the leadership of Patrick Ball, uses relational databases to extract scientifically defensible statistics from testimony documenting human rights abuses, and also makes the Martus program to securely collect and manage unstructured information (such as testimony). But HRDAG is only one of several Benetech projects. Its other programs include Bookshare, an effort that (legally) scans in books to make them available to the vision-impaired, Route 66, a literacy program for adults and teenagers with learning disabilities, and a new tool for landmine detection and removal.

When I was there, Fruchterman, had just returned from his fourth visit to the World Economic Forum in Davos, where he'd been hobnobbing with the sort of people who have to check their aircraft carriers at the door. No entourages and, sadly, not much in the way of direct quotables. Fruchterman's presence at Davos reflected five years of increasing interest in incorporating the social sector into what began as primarily a meeting between business and government (plus the occasional rock star). Religious leaders, Union leaders, non-government organisations, and Fruchterman's own category, social entrepreneurs, are all represented now, he said, and about half of the content of the conference is about social issues. Concerned at the beginning that their invitations might just be "social window dressing", there is now a general sense that they belong.

Enlightened self-interest," he said, in explaining why the welfare of the less fortunate is important to the Davos crowd. It's a quote from Tony Blair, but the point is clear: investing in the socially less fortunate is a matter of self-preservation. Global warming doesn't distinguish between rich and poor countries, just as incurable tuberculosis flitting through an aircraft's ventilation system doesn't discriminate between the rich person in first class and the relatively poor one sitting 30 rows back.

There's a clear line from the first company Fruchterman founded, Calera, an early (1982) optical character recognition company, to Benetech: Fruchterman started wanting to build a reading machine as long ago as his years studying pattern recognition as an undergraduate at Caltech. He didn't have the usual sort of reason; neither he nor a family member has a visual disability. Other than a short detour to start a rocket company ("the rocket blew up") making the world of text available to the visually impaired is a constant thread through his work life.

In 1989, he founded Arkenstone, a non-profit that used Calera's optical character recognition to develop and market such a machine for the blind. It was, he says, a technical breakthrough because the machine needed no training and did not need specific fonts. Arkenstone was eventually sold to Freedom Scientific, which shares Benetech's offices in Palo Alto.

"When you start a company," Fruchterman told me he'd come out of Davos this year thinking, "you imagine there's a gap that needs to be filled, that's why you're doing it. Sometimes you want to make a lot of money. Something you do it because you want to build something – like the average engineer. I came out realizing that there are a whole bunch of demands that people are beginning to put on technology and content. For example, they want better education, more literacy, more health, better economic opportunities for the poor, cleaner energy, to stop global warming."

We're now past the stage of a few years ago, when people were still trying to understand what the issues were. Now, we pretty much know: "It's not complicated, but we need to figure out ways." As a simple example: "Stop systematically screwing poor countries."

By now, he said, "We are transitioning from hype-filled discussions of, 'We have to fix the digital divide' to asking what that really means. People are experimenting." He sees two separate threads to those experiments. One: the PC thread. This includes Negroponte and his cheap laptops, Microsoft's starter edition, Linux and open source generally. The other: the mobile phone group, who are convinced that cellphones will be the platform for everything.

For what Fruchterman does, "I don't care which group wins. The fact that both support Web browsing means we could be delivering Route 66 content to teach people reading and digital textbooks on these platforms." As long as Benetech can build what Fruchterman calls the "last social mile" on the platform, Fruchterman is happy.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post comments here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

September 15, 2006

Mobile key infrastructure

Could mobile phones be the solution to online security problems? Fred Piper posed this question yesterday to a meeting of the UK branch of the Information Systems Security Association (something like half of whom he'd taught at one point or another).

It wasn't that Piper favored the idea. He doesn't, he said, have a mobile phone. He was putt off the whole idea long ago by an ad he saw on TV that said the great thing about mobile phones was when you left the office it would go with you. He doesn't want to be that available. (This is, by the way, an old concern. I have a New Yorker cartoon from about the 1970s that shows a worried, harassed-looking businessman walking down the street being followed by a ringing telephone on a very long cord.)

But from his observation, mobile phones (PPT) are quietly sneaking their way into the security chain without anyone's thinking too much or too deeply about it. This trend he calls moving from two-factor authentication to two-channel authentication. You can see the sense of it. You want to do some online banking, so for extra security your bank could, in response to your entering your user name and password, send you a code to your previously registered mobile phone, which you then type into the Web site (PDF) as an extra way of proving you're you.

One reason things are moving in this direction is that even though security is supposed to be getting better in some ways it's actually regressing. For one thing, these days impersonating someone is easier than cracking the technology – so impersonation has become the real threat.

For another thing, there are traditionally three factors that may be used in creating an authentication system: something you know (a PIN or credit card number), something you have (a physical credit, ATM, or access card), or something you are (a personal characteristic such as a biometric). In general, good security requires at least two such factors. That way, if one factor is compromised although the security system is weakened it's not broken altogether.

But, despite the encryption protecting credit card details online, since you are not required to present the physical card, most of the time our online transactions rely for authentication on a single factor: something we know. The upshot is that credit cards no longer are as secure as in the physical world, where they rely on two factors, the physical card and something you know (the PIN or the exact shape of your signature). "The credit card number has become an extended password," he said.

Mobile phones have some obvious advantages. Most people have one, so you're not asking people to buy special readers, as you would have to if you wanted to use a smart card as an authentication token. To the consumer, using a mobile phone for authentication seems like a freel lunch. Most people, once they have one, carry them everywhere. So you're not asking them to keep track of anything more than they already are. The channel, as in the connection to the mobile phone, is owned by known entities and already secured by them. And mobile phones are intelligent devices (even if the people speaking into them on the Tube are not).

In addition, if you compare the cost of using mobile phones as a secure channel to exchange one-time passwords for specific sessions to the cost of setting up a public key infrastructure to do the same thing, it's clearly cheaper and less unwieldy.

There are some obvious disadvantages, too. There are black holes with no coverage. Increasingly, mobile phones will be multi-network devices. They will be able tocommunicate over the owned, relatively secure channel – but they will also be able to use insecure channels such as wi-fi. In addition, Bluetooth can add more risks.

Another possibility that occurs to me is that if mobile phones start being used in bank authentication systems we will see war-dialling of mobile phone numbers and phishing attacks on a whole new scale. Yes, such an attack would require far greater investment than today's phishing emails, but the rewards could be worth it. In a different presentation at the same meeting, Mike Maddison, a consultant with Deloitte, presented the results of surveys it's conducted of three industry sectors: financial services, telecommunications and media, and life sciences. All three say the same thing: attacks are becoming more sophisticated and more dangerous, and the teenaged hacker has been largely replaced by organised crime.

Piper was not proposing a "Mobile Key Infrastructure" as a solution. What he was suggesting is that phones are already being used in this way, and security professionals should be thinking about what it means and where the gotchas are going to be. In privacy circles, we talk a lot about mission creep. In computer software we talk about creeping featurism. I don't know if security folks have a standard phrase for what we're talking about here. But it seems to me that if you're going to build a security infrastructure it ought to be because you had a plan, not because a whole bunch of people converged on it.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

September 8, 2006

Crossing the streams

OK, this is weird. I'm sitting at my desk in London watching a match from the U.S, Open (a modestly sized tennis tournament finishing up this week in New York City. I'm watching it on the laptop. Not so strange; lots of people watch TV on their computers these days. Only in this case I'm watching the match as broadcast on USA Network, a satellite channel people get by cable. In the US.

Some months back in the online tennis forum I hang out in, you started seeing mention of "streams" of live tennis, all coming from Asia somewhere, somehow And damn if it wasn't true. Forget all those P2P networks that make you wait a day or two while someone seeds their digital copy of last night's broadcast – if anyone else is even interested enough in that quarter-final Jankovic-Dementieva match to upload it. Pick a player, and although the picture is small, you can have it live. Complete with commercials. At last I can see the ads repeating 12 times an hour that everyone else is complaining about. Whee!

It's weird the frisson of excitement with which you can welcome ads when they're part of something exotic and slightly forbidden. Believe me, if I were sitting in my friends' living room in Pennsylvania – I'd be complaining away with the best of them about *how many times* do we have to see that Sharapova-as-Leona Helmsley commercial (what's she supposed to be selling, anyway? Noblesse oblige?). But viewed this way it's suddenly so cool, like huddling around the short wave radio and tuning in South Africa.

The closer analogy is the early days of satellite television, when satellite nuts (this was before we learned the politically correct phrase "early adopters") had big dishes in their backyards, and found all sorts of interesting things in the sky, like free HBO (in those days, still known as Home Box Office). When dish owners numbered 1.7 million, the pay-TV services got bothered began encrypting their services to force dish owners to pay cable rates. The upshot: one of the great moments of satellite television; href="http://www.findarticles.com/p/articles/mi_m1511/is_v7/ai_4293600">"Captain Midnight" hijacked HBO's output for four and a half minutesin protest. Captain Midnight was later identified as John MacDougall, a satellite TV salesman, and he was eventually fined $5,000.

Things are likely to be less kindly in the Internet era. For one thing, the companies that own the biggest broadcast networks are bigger, meaner, and have more laws. The first Internet TV casualty was probably the Canadian-targeted iCraveTv, which for a few months in 2000 had 17 American and Canadian channels online,. The service got squashed like a bug, despite offering to pay broadcasters. Bear in mind that the first cable companies operated much the way iCraveTV did: they put up a repeating and ran a bunch of wires.

Well, we know how the Internet works. Take out one guy and in return you get a lot more guys that are harder to deal with. I've lost count now of the players and sites: TVUPlayer, TVAnts, PPLive, Sopcast. All are Asian, all stream live TV, and all use peer-to-peer networking technologies to spread the load. Which means, in turn, that the single biggest expense in streaming – bandwidth – is shared among the users. Most of whom, as far as I can tell, are sports nuts, which is only logical. The picture you get from these players is, while good enough to watch, still relatively small and low-resolution. For scripted television, you can get a better experience by waiting the day and downloading a torrent or a legal copy from the pay services that are beginning to open up.

But the whole experience of sports is the fact that it is live, and no one really knows how it's going to come out. Within some limits, a bad, live picture is often preferable to a perfect, delayed one. Even if you can't really see what Federer is doing when he hits the ball, you want the emotional rush of being there with him. You can always watch the full-size version later for artistic appreciation.

Theoretically, the fact that the pictures are small ought to give broadcasters the same kind of confidence that publishers have when it comes to file-sharing. People will pay for big-screen viewing just as they'll pay for books. Nonetheless, we're standing on the brink of the WIPO broadcast treaty that net.wars wrote about in February, 2005.

James Love has a lengthy critique of the current proposals (PDF). But one thing he leaves out is that as far as I can make out, today's streaming players "rebroadcast" their signals by pointing at an IP address where the broadcaster itself is streaming its own output. Are we talking about making it illegal to access or publish IP addresses based on the content that's available at them? TEOTIAWKI. (The End of the Internet as we know it.)

I can't believe these streams are really legal, despite this argument regarding law enforcement actions in Italy. Even if they include ads, someone in London is not in the target demographic for the USTA. Presumably, eventually everybody will encrypt their streams and we'll all have to have protected players and subscriptions in order to view them. In the meantime, enjoy your giant satellite dish.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

September 1, 2006

The elephant in the dark

Yesterday, August 31, was the actual 50th anniversary of the first artificial intelligence conference, held at Dartmouth in 1956 and recently celebrated with a kind of rerun. John McCarthy, who convened the original conference, spent yesterday giving a talk to a crowd of students at Imperial College, London, on challenges for machine learning, specifically recounting a bit of recent progress working with Stephen Muggleton and Ramon Otero on a puzzle he proposed in 1999.
Here is the puzzle, which expresses the problem of determining an underlying reality from an outward appearance. Most machine learning research, he noted, has concerned the classification of appearance. But this isn't enough for a robot – or a human – to function in the real world. "Robots will have to infer relations between reality and appearance."

One of his examples was John Dalton's work discovering atoms. "Computers need to be able to propose theories," he said – and later modify them according to new information. (Though I note that there are plenty of humans who are unable to do this and who will, despite all evidence and common sense to the opposite, cling desperately to their theory.)

Human common sense reasons in terms of the realities. Some research suggests, for example, that babies are born with some understanding of the permanence of objects – that is, that when an object is hidden by a screen and reappears it is the same object.

Take, as McCarthy did, the simple (for a human) problem of identifying objects without being able to see them; his example was reaching into your pocket and correctly identifying and pulling out your Swiss Army knife (assuming you live in a country where it's legal to carry one). Or identifying the coin you want from a collection of similar coins. You have some idea of what the knife looks and feels like, and you choose the item by its texture and what you can feel of the shape. McCarthy also cited an informal experiment in which people were asked to draw a statuette hidden in a paper bag – they could reach into the paper bag to feel the statue. People can actually do this with little difference than if they can see the object.

But, he said, "You never form an image of the contents of the pocket as a whole. You might form a list." He has, he said, been trying to get Stanford to make a robotic pickpocket.

You can, of course, have a long argument about whether there is such a thing as any kind of objective reality. I've been reading a lot of Philip K. Dick lately, and he had robots that were indistinguishable from humans, even to themselves; yet in Dick's work reality is a fluid, subjective concept that can be disrupted and turned back on itself at any time. You can't trust reality.

But even if you – or philosophers in general – reject the notion of "reality" as a fundamental concept, "You may still accept the notion of relative reality for the design and debugging of robots." Seems a practical approach.
But the more important aspect may be the amount of pre-existing knowledge. "The common view," he said, "is that a computer should solve everything from scratch." His own view is that it's best to provide computers with "suitably formalized" common sense concepts – and that formalizing context is a necessary step.

For example: when you reach into your pocket you have some idea of the contents are likely to be. Partly, of course, because you put them there. But you could make a reasonable guess even about other people's pockets because you have some idea of the usual size of pockets and the kinds of things people are likely to put in them. We often call that "common sense", but a lot of common sense is experience. Other concepts have been built into human and most animal infants through evolution.

Although McCarthy never mentioned it, that puzzle and these other examples all remind me of the story of the elephant and the blind men, which I first came across in the writings of Idries Shah, who attributed it to the Persian poet Rumi. Depending which piece of the elephant a blind man got hold of, he diagnosed the object as a fan (ear), pillar (leg), hose (trunk), or throne (back). It seems to me a useful analogy to explain why, 50 years on, human-level artificial intelligence still seems so far off. Computers don't have our physical advantages in interacting with the world.

An amusing sidelight that seemed to reinforce that point. After the talk, there was some discussion of building the three-dimensional reality behind McCarthy's puzzle. The longer it went on, the more confused I got about what the others thought they were building; they insisted there was no difficulty in getting around the construction problem I had, which was how to make the underlying arcs turn one and only one stop in each direction. How do you make it stop? I asked. Turns out: they were building it mentally with Meccano. I was using cardboard circles with a hole and a fastener in the middle, and marking pens. When I was a kid, girls didn't have Meccano. Though, I tell you, I'm going to get some *now*.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, at her , or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).