" /> net.wars: May 2009 Archives

« April 2009 | Main | June 2009 »

May 29, 2009

Three blind governments

I spent my formative adult years as a musician. And even so, if I were forced to choose to sacrifice one of my senses as a practical matter pick sight over hearing: as awful and isolating as it would be to be deaf it would be far, far worse to be blind.

Lack of access to information and therefore both employment and entertainment is the key reason. How can anyone participate in the "knowledge economy" if you can't read?

Years ago, when I was writing a piece about disabled access to the Net, the Royal National Institute for the Blind put me in touch with Peter Brasher, a consultant who was particularly articulate on the subject of disabled access to computing.

People tend to make the assumption - as I did - that the existence of Braille editions and talking books meant that blind and partially sighted people were catered for reasonably well. In fact, he said, only 8 percent of the blind population can read Braille; its use is generally confined to those who are blind from childhood (although see here for a counterexample). But by far and away the majority of vision loss comes later in life. It's entirely possible that the percentage of Braille readers is now considerably less; today's kids are more likely to be taught to rely on technology - text-to-speech readers, audio books, and so on. From 50 percent in the 1950s, the percentage of blind American children learning Braille has dropped to 10 percent.

There's a lot of concern about this which can be summed up by this question: if text-to-speech technology and audio books are so great, why aren't sighted kids told to use them instead of bothering to learn to read?

But the bigger issue Brasher raised was one of independence. Typically, he said, the availability of books in Braille depends on someone with an agenda, often a church. The result for an inquisitive reader is a constant sense of limits. Then computers arrived, and it became possible to read anything you wanted of your own choice. And then graphical interfaces arrived and threatened to take it all away again; I wrote here about what it's like to surf the Web using the leading text-to-speech reader, JAWS. It's deeply unpleasant, difficult, tiring, and time-consuming.

When we talk about people with limited ability to access books - blind, partially sighted; in other cases fully sighted but physically disabled - we are talking about an already deeply marginalized and underserved population. Some of the links above cite studies that show that unemployment among the Braille-reading blind population is 44 percent - and 77 percent among blind non-Braille readers. Others make the point that inability to access printed information interferes with every aspect of education and employment.

And this is the group that this week's meeting of the Standing Committee on Copyright and Related Rights at the World Intellectual Property Office has convened to consider. Should there be a blanket exception to allow the production of alternative formats of books for the visually impaired and disabled?

The proposal, introduced by Brazil, Paraguay, and Ecuador, seems simple enough, and the cause unarguable. The World Blind Union estimates that 95 percent of books never become available in alternative formats and when they do it's after some delay. As Brasher said nearly 15 years ago, such arrangements depend on the agendas ofcharitable organizations.

The culprit, as in so many net.wars, is copyright law. The WBU published arguments for copyright reform (DOC) in 2004. Amazon's Kindle is a perfect example of the problem: bowing to the demands of publishers, text-to-speech can be - and is being - turned off in the Kindle. The Kindle - any ebook reader with speech capabilities - ought to have been a huge step forward for disabled access to books.

And now, according to Twits present, at WIPO, the US, Canada, and the EU are arguing against the idea of this exemption. (They're not the only ones; elsewhere, the Authors Guild has argued that exemptions should be granted by special license and registration, something I'd certainly be unhappy about if I were blind.)

Governments, particularly democratic ones, are supposed to be about ensuring equal opportunities for all. They are supposed to be about ensuring fair play. What about the American Disabilities Act, the EU's charter of fundamental human rights, and Canada's human rights act? Can any of these countries seriously argue that the rights of publishers and copyright holders trump the needs of a seriously disadvantaged group of people that every single one of us is at risk of joining?

While it's clear that text-to-speech and audio books don't solve every problem, and while the US is correct to argue that copyright is only one of a number of problems confronting the blind, when the WBU argues that copyright poses a significant barrier to access shouldn't everyone listen? Or are publishers confused by the stereotypical image of the pirate with the patch over one eye?

If governments and rightsholders want us to listen to them about other aspects of copyright law, they need to be on the right side of this issue. Maybe they should listen to their own marketing departments about the way it looks when rich folks kick people who are already disadvantaged - and then charge for the privilege.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, follow on Twitter, or email netwars@skeptic.demon.co.uk (but please turn off HTML).

May 23, 2009

InPhormed consent

This week's announcement that the UK is to begin hooking up its network of CCTV cameras to automatic number plate recognition software is a perfect example of a lot of things. Function creep, which privacy advocates always talk about: CCTV was sold to the public on the basis that it would make local streets safer; ANPR was sold to the public on the basis that it would decrease London's traffic congestion. You can question either or both of those propositions, but nowhere in them was the suggestion that marrying the two technologies together would give the police a network enabling them to track people's movements around the country. In fact, as I understand it, there will probably be two such networks, one for police and the other for enabling road pricing.

It's also a perfect example of why with today's developing technology it's nearly impossible for people to give informed consent. Do I want to post personal photographs where only my friends and family can see them? Sure. Do I want those photos to persist online even after I think I've deleted them and be viewable by outsiders via content delivery networks and other caches? No, or not necessarily.

And it's a perfect example of why opt-in is an important principle. Will I trade access to slightly better treatment and the occasional free ticket for my travel data (in the form of frequent flyer programs)? Apparently so. Does that mean that every casual flyer should perforce be signed up with a frequent flyer number and told to opt out if they don't want their data sold for marketing purposes? Obviously not.

Developing technologies are an area where experts have trouble predicting the outcome. Most people will not or cannot find the time to try to understand the implications, even if those were available. How is anyone supposed to give intelligent and informed consent? Making a system opt-in means that only those who have taken at least some trouble make the trade-offs. With CCTV and ANPR, most of us have little choice: we may vote for or against politicians based on their policies, but we don't have a fine-grained way of voting for this policy and against that one.

Even if we did, however, we'd still have the problem that technology is developing faster than anyone can say "small-scale pilot". This is why it's difficult for anyone to give intelligent and informed consent when a new idea like Phorm comes along to argue that their service is so wonderful and compelling that everyone should be automatically joined to it and those few who are too short-sighted to see the benefits should opt out.

When Phorm first came along and everyone got very hysterical very fast, I took a more cautious, hang-on-let's-see-what-this-is-about view that was criticized by some expert friends and called "a breath of sanity" by one of the Phorm folks I met. Richard Clayton did a careful technical analysis (PDF). Then it emerged that BT had been conducting trials of Phorm's packet inspection technology without getting the consent of its customers. (What do we pay for, eh?). This was clearly arrogant and wrong, a stand with which the EU concurs in the form of a lawsuit despite the Home Office's expressed belief last year that Phorm operates within UK law.

For a lot of us, if we don't quite understand the technology, can't guess the implications, and aren't sure of the implications, we play the man instead of the ball. Who are the people who want us to use this stuff? And do they behave honourably? The BT trial is a clear "no" answer to the last. As for the former, that's where the Stop Phoul Play Web site is so helpful in characterizing its opponents as privacy pirates. I am not listed, but I note that many of those who are serve with me on the Open Rights Group advisory council and/or on that of the Foundation for Information Policy Research, an organization whose aims I also support. But the whole Stop Phorm Web site is written in precisely the tone of the fake news pieces that appear in C. S. Lewis's novel That Hideous Strength, deliberately written as outright lies and propaganda by a weak character under the influence of the novel's forces of evil.

If Phorm had sat down to calculate carefully what its best strategy would be for alienating as many people as possible, it would have created exactly this Web site. I might disagree with but respect an organization that set out its claims and reasoning for public debate. An organization that thinks claiming it's being smeared while smearing its opponents (calling The Register a "media mouthpiece" is particularly hilarious) is either stupid or dishonest, and in neither case can we trust its claims about what its technology does and does not do.

Though we can wonder: did the Home Office support Phorm's proposals because they thought that having a third party build a deep packet inspection system might be something they could use later at low cost? I'm not normally paranoid, but...

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at the other blog, follow on Twitter, or send email to netwars@skeptic.demon.co.uk (but please turn off HTML).

May 15, 2009


There is a basic principle that ought to go like this: if someone is making a claim that a treatment has an impact on someone's health it should be possible to critique the treatment and the claim without being sued for libel. The efficacy of treatments that can cost people their lives - even if only by omission rather than commission - should be a case where the only thing that matters is the scientific evidence.

I refer, of course, to the terrible, terrible judgement in the case of British Chiropractic Association v. Simon Singh. In brief: the judge ruled that Singh's use of the word "bogus" in commentary that appeared in the Guardian (on its comments pages) and which he went on to explain in the following paragraph 1) was a statement of fact rather than opinion and 2) meant that the BCA's members engaged in deliberately deceiving their patients. The excellent legal blogger Jack of Kent (in real life, the London solicitor specialising in technology, communications, and media law David Allen Green) wrote up the day in court and also an assessment of the judgement and Singh's options for discussion.

None of it is good news for anyone who works in this area. Singh could settle; he could proceed to trial to prove something he didn't say and for which under the English system his lawyers may not be allowed to make a case for anyway; or he could appeal this ruling on meaning, with very little likelihood of success. Singh will announce his decision on Monday evening at a public support meeting (Facebook link).

A little about the judge, David Eady (b. 1943). Wikipedia has him called to the bar in 1966 and specializing in media law until 1997, when he was appointed a High Court judge. Eady has presided over a number of libel cases and also high-profile media privacy cases.

Speaking as a foreigner, this whole case has seemed to me bizarre. For one thing, there's the instinctive American reaction: English libel law reverses the burden of proof so that it rests on the defendant. Surely this is wrong. But more than that, I don't understand how it is possible to libel an organisation. The BCA isn't a person, even if its members supply personal services, and Singh named no specific members or officers. I note that it's sufficiently bizarre to British commenters that publications that normally would never reprint the text of a libel - like The Economist - are doing so in this case and analysing every word. Particularly, of course, the word "bogus", on which so much of the judgement depends. The fact that Singh explained what he meant by bogus in the paragraph after the one in dispute apparently did not matter in court.

We talk about the chilling effects of the Digital Millennium Copyright Act, but the chilling effects of English libel law are far older and much more deeply entrenched. Discussions about changing it are as perennial and unproductive as the annual discussions about how it would be a really good idea to add another week between the French Open and Wimbledon. And this should be of concern throughout the English-publishing world: in the age of the Internet English courts seem to recognise no geographical boundaries. The New York author Rachel Ehrenfeld was successfully sued in Britain over allegations made in her book on funding terrorism despite the fact that neither she, the person who sued, nor the publisher were based in the UK. The judge was...David Eady.

Ehrenfeld asked the New York courts to promise not to enforce the judgement against her. When they couldn't (because no suit had been filed in New York), the state passed a law barring courts from enforcing foreign libel judgements if the speech in question would not be libellous under US law. Other states and the federal government are following to stop "libel tourism".

None of that, however, will help Simon Singh or anyone else who wants to critically examine the claims of pseudoscientists. The Skeptic, which I founded and edited some years (look for our Best Of book, soon), routinely censors itself, as does every other publication in this country. There are certain individuals and organisations who are known to be extremely litigious, and they get discussed as little as possible. Libel law is supposed to encourage responsible reporting and provide redress to wronged individuals, but at this virulent a level libel law is actually preventing responsible reporting of contentious matters of science and the individuals who are wronged are the public who are at risk of being deprived of the knowledge they need to make informed decisions. David Allen Green, writing in New Scientist, provides an excellent summary of cases in point.

It will be understandable if Singh decides to settle. I've seen an estimate that doing so now could cost him £100,000 - and continuing will be vastly more expensive. Lawsuits are, I'm told, like having cancer: miserable, roller-coaster affairs that consume your waking life and that of everyone around you. I have no idea what decision he will or should make. But he has my sympathy and my support.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to follow on Twitter, post here, or reply by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

May 8, 2009

Automated systems all the way down

Are users getting better or worse?

At what? you might ask. Naturally: at being thorns in the side of IT security people. Users see security as damage, and route around it.

You didn't need to look any further than this week's security workshop, where this question was asked, to see this principle in action. The hotel-supplied wireless was heavily filtered: Web and email access only, no VPNs, "undesirable" sites blocked. Over lunch, the conversation: how to set up VPNs using port 443 to get around this kind of thing. The perfect balanced sample: everyone's a BOFH *and* a hostile user. Kind of like Jacqui Smith, who has announced plans to largely circumvent the European Court of Human Rights' ruling that Britain has to remove the DNA of innocent people from the database. Apparently, this government perceives European law as damage.

But the question about users was asked seriously. The workshop gathered security folks from all over to brain storm and compare notes: what are the emerging security threats? What should we be worrying about? And, most important, what should people be researching?

Three working groups - smart environments, malware and fraud, and critical systems - came up with three different lists, mostly populated with familiar stuff - but the familiar stuff keeps going and getting worse. According to Symantec's latest annual report spam, for example, was up 162 percent in 2008 over 2007, with a total of 349.6 billion messages sent - simply a staggering waste of resources. What has changed is targeting; new attacks are short-lived, small distribution affairs - much harder to shut down.

Less familiar to me was the "patch window" problem, which basically goes like this: it takes 24 hours for 80 percent of Windows users to get a new patch from Windows Update. An attacker who downloads the patch as soon as it's available can quickly - within minutes - reverse-engineer it to find out what bug(s) it's fixing. Then the attacker has most of a day in which to exploit the bug. Last year, Carnegie-Mellon's David Brumley and others found a way to automate this process (PDF). An ironic corollary: the more bug-free the program, the easier a patch window attack becomes. Various solutions were discussed for this, none of them entirely satisfactory; the most likely was to roll out the patch locked, and distribute a key only after the download cycle is complete.

But back to the trouble with users: systems are getting more and more complex. A core router now has 5,000 lines of code; an edge router 11,000. Someone has to read and understand all those lines. And that's just one piece. "Today's networks are now so complex we don't understand them any more," said Cisco's Michael Behrenger. Critical infrastructures need to be more like the iPhone, a complex system that nonetheless just about anyone can operate.

As opposed, I guess, to being like what most people have now: systems that are a mish-mash of strategies for getting around things that don't work. But I do see his point. Once you could debug even a large network by reading the entire configuration. Pause to remember the early days of Demon Internet, when the technical support staff would debug your connection by directly editing the code of the dial-up software we were all using, KA9Q. If you'd taken *those* humans out of the system, no one could have gotten online.

It's my considered view that while you can blame users for some things - the one in 12.5 million spam recipients Christian Kreibich said actually buys the pharma products so advertised springs to mine - blaming them in general is a lot like the old saw about how "only a poor workman blames his tools". It's more than 20 years since Donald Norman pointed out in The Design of Everyday Things that user error is often a result of poor system design. Yet a depressing percentage of security folks complaining about system complexity don't even know his name and a failure to understand human factors is security's single biggest failure.

Joseph Bonneau made this point in a roundabout way by considering Facebook which, he said, really is inventing the Web - not just in the rounded corners sense, but in the sense of inventing its own protocols for things for which standards already exist. Plus - and more important for the user question - it's training users to do things that security people would rather they didn't, like click on emailed links without checking the URLs. "Social networks," he said, "are repeating all the Web's security problems - phishing, spam, 419 scams, identity theft, malware, cross-site scripting, click fraud, stalking...privacy is the elephant in the room." Worse, "They really don't yet have a business model, which makes dealing with security difficult."

It's a typical scenario in computing, where each new generation reinvents every wheel. And that's the trouble with automation with everything, too. Have these people never used voice menus?

Get rid of the humans and replace them with automated systems that operate perfectly, great. But won't humans have to write the automated systems? No, automated systems will do that. And who will program those? Computers. And who...

Never mind.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to follow (and reply) on , post here, at net.wars home, at her personal blog, or by email to netwars@skeptic.demon.co.uk (but please turn off HTML).

May 1, 2009

Twit crit

In his book Learning How to Learn the Sufi author and teacher Idries Shah listed the stages of Western criticism before it can stop:
1. It is impossible.
2. It is possible, but it is useless.
3. It is useful, but I knew about it all the time.

Twitter seems to be somewhere between stage one and stage two. Stage one, in Twitter's case, I guess would be the assumption that while the technology was possible no one would ever, every want to use it. There's some logic to that. I think everyone I've talked to agrees that the first thing they thought the first time they saw Twitter was: "That is the silliest use of technology I ever saw."

Stage two is: anyone who would actually use Twitter is sad and pathetic, and why would you want to read all the time that some friend has just had a cup of coffee or brushed his teeth?

Stage two is: Twitter is a fad. Don't click on that and give Business Week the satisfaction of its own stupidity. The summary: Twitter's retention rate is lower than that of Facebook and MySpace at the same stage in their development. And it cites the survey everyone was talking about on Tuesday before swine flu turned everyone into hypochondriacs, Nielsen Online's study that showed that 60 percent of the people who join Twitter don't come back the following month. (The arrival of Oprah should speed up departures.) As compared to Facebook, with a 70 percent retention rate. I'd say that's deceptive; Facebook probably thinks it's retained me, but in fact I just let Twitter feed it, and ignore it hugely otherwise.

Stage two is: well, yeah, we use it, and our friends use it, and our number of followers keeps growing and we keep following more people, and it's really useful to us, but it's still nonsense, do you hear?

Cut to March 2000, when the stock market crashed. (How much would you give to be having that crash right now instead of the one we're actually having?) "See? We told you the Internet was a fad," people said. That is, people who weren't in the technology business. While watching technology shares plummet, every single technologically literate person, if asked, agreed that the Internet would be bigger in 2005 than it was in 2000 and by a lot. They were all absolutely correct, too.

Twitter is not a fad. Twitter the company may or may not survive, but five years from now platforms to support microblogging - short messages integrated across Web, mobile phones, PDAs, and other clients - will be all over the place. Eventually, every company will have one running on its intranet alongside its Web server, instant messaging, email, and voice calling software and people will be in stage three.

My simplest explanation of Twitter is this: Twitter is where the online party is this week. It was on Internet Relay Chat, Usenet, bulletin boards, CompuServe, mailing lists, CIX, and the WELL in the 1980s and early 1990s; then it was on the Web; then blogs. Now it's on Twitter, which is sucking the life out of a lot of people's blogs the same way online technologies have plundered each other before. The 140-character limit forces people to be succinct; no one message can eat up your time the way someone who buys his electrons by the barrel can on older systems. There are no flame wars (yet) because a) although you *can* be abusive in 140 characters (you pointless waste of space) back-and-forth conversations don't tend to last that long and b) the idiots haven't arrived yet (or if they have, no one follows them). There is just the zeitgeist; if you pick correctly you can follow the stream-of-thought of interesting people you could not access in such compact form in any other way. RSS, be damned.

Others have suggested that the Nielsen study is flawed: are people leaving or have they abandoned the Web interface (featureless and clunky) for desktop clients (featureful and functional) or mobile phones (mobile!)? If they're not posting, does that mean they've gone, that they are lurkers (as are 90 percent of the users of any given online discussion forum), or that they only use Twitter for direct messages (which don't show up to outsiders)? Used over the Web, Twitter does seem a pointless and dispensable entertainment; the key to its usefulness as a tool is the third-party clients and the mobile connections.

Nielsen responded to these criticisms by expanding the study to 30 more Web sites and applications - and got the same result. But in restating that a retention rate of 40 percent is a problem for Twitter the company also proved Twitter's usefulness: the immediacy and breadth of the response forced it to do additional research to stand up its claims. Sometimes value isn't just quantitative.

The other complaint that's showing up this week is that - gasp! - people are posting information to it that is less than wholly accurate. My God, when did that last happen on the Internet?
Surely, we are only a week or two away from tabloid stories that terrorists, organized crime, child abusers, and drug dealers are using it and cries that we must shut down this latest scourge to civilization.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. On Twitter: wendyg.