" /> net.wars: January 2015 Archives

« December 2014 | Main

January 30, 2015

Not @vodafone

It was during my November trip to Australia that I noticed I had stopped getting SMS Twitter alerts. I find it convenient to use SMS to forward the tweets of a couple of close friends whose updates I don't want to miss, and also to send me @replies for quick answers when I need them.

I assumed a vagary of international gateways. Sometimes you come back to the UK and get a stream of stalled messages.

Not this time. I found instead that as of November 15, 2014 Vodafone stopped supporting SMS alerts from (or, as far as I can tell, posting to) Twitter. My Twitter settings now included this message:

Thumbnail image for twitter-vodafone.jpg

I also found this, in a Vodafone forum:


Cute Twitter button at the bottom there.

And another frustrated Vodafone user looking for alternatives.

For some things push really is better than pull (though not as many as Wired thought in 1997). Replacing the SMS functions I use with a Twitter app is sub-optimal. Both the phone and Twitter feel disabled without the SMS connection, especially at times when data isn't available (Vodafone's roaming charges are prohibitively high). Plus there's the "liveness" factor: if you're in central Liverpool searching for a (physical) mailbox you ask and the messages come to you. You feel connected. In 2008, before UK operators and Twitter were on SMS-trading terms, it was a frequent geeky plaint that people would gladly pay for the service if they *could*. How much was never specified.

On January 2 I began the process of changing phone companies. "Why are you leaving?" asked Vodafone customer service before handing over the PAC number. Naturally, he knew nothing about any Twitter problem. Nor did the woman who called me a day later asking me the same questions. I balked at answering twice. "But I'm from the retention team," she said. So? Talk to your customer service guy. A side benefit: the new supplier has a much better deal on data, both domestic and international.

In response to my emailed query, Vodafone said: "We're delighted to carry Twitter text messages on our networks under the standard commercial arrangements between operators. We do this successfully in a number of countries. Unfortunately, in some countries, Twitter was using a loophole in our systems to deliver text messages without paying us. Wherever this happens, we won't be able to deliver text messages from Twitter. We are working with Twitter to correct this, and we look forward to delivering Twitter messages on the same commercial basis as other SMS services in future." Twitter didn't answer.

Of course it's about money. But what happened? The 2009 Twitter-Vodafone announcement noted a signed agreement. Did it expire? Did Twitter's loophole in "some countries" include the UK, or are we paying for agreement-breaking behavior in other countries? Did Vodafone think Twitter is too out of fashion to matter? Did Twitter base its business model on fragile favored-nation status? The last is likely moot now: SMS doesn't directly generate revenue.

But it does engage users. Twitter's 2013 annual report, indicates that although desktop timeline views are more lucrative than mobile ones, over 70 percent of Twitter's advertising revenues come from mobile. In 2008, the last time Twitter stopped UK SMS alerts, before the company had revenues, "Gigaom reported that Twitter co-founder Biz Stone estimated the cost of termination fees at $1,000 per user per year. Would people have paid that much?

This situation is the kind of thing Donald Norman wrote about in his 2011 book, Living with Complexity: it's not complexity that drives us mad it's confusion. All of us are capable of accomplishing cognitively very complex tasks, like driving to a strange place in an unfamiliar vehicle yet quail at the thought of setting up a modern home cinema system. In this case users have no idea whom to blame or how to fix it. Each service designs its own systems and makes its own financial arrangements with little reference to how they interact with others. Even when there's someone to call - as there must be with a paid service like Vodafone - the likelihood that customer service will know anything about a problem that affects a niche minority of users is negligible. The retention team's best strategy was the losing proposition of trying to convince me that the Twitter thing doesn't matter - which is why I stopped answering their multiple calls a day. (Look, I know this is a 20-year relationship I'm abruptly severing, but you're a big, grown-up phone company now and I've told you why.)

This is why open networks and network neutrality matter. SMS is a controlled, closed system that Twitter can only access by payment or agreement with each mobile network operator. Email is an open system anyone can use. As data roaming charges slowly vaporize and all-you-can-eat data becomes the norm, SMS may join CB radio as something we needed for a time but that subsequent developments have relegated to niche status. For the moment, the Twitter/Vodafone situation is disturbingly analogous to the recurring blackout disputes between US broadcast networks and cable companies. It's a reminder of the way closed systems can hurt consumers.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

January 23, 2015

The color purple

The multi-disciplinary designer Peter Hall recently began a talk on security by invoking Jane Jacobs, best known for her 1961 book The Death and Life of Great American Cities. A classic still often referenced, Jacobs' book critiqued 1950s urban planning and discussed topics such as what makes a city or neighborhood safe and pleasant to live in. In particular, to foster safe, pleasant environments she advocated "eyes on the street": people.

I understand this in that I recall a still-bright summer's evening in Brooklyn, New York, when I came out of the subway and started to follow the directions to a friend's house and realized that the streets were completely empty, all the shops shuttered. I walked through this desert as fast and mean as I could - and saw not one person in the five to ten minutes it took to get to my friends' loft. They were horrified I'd tried it.

For Hall, Jacobs' point was that the public peace is not primarily kept by the police but by an informal, or " almost unconscious", network of standards and controls created and enforced by the people themselves. The best deterrent to crime, she argued, was busy, diverse streets; instead of building business districts that everyone leaves at night, build mixed-use neighborhoods where the mere visible presence of local residents acts as a deterrent. Note: she did not suggest building Jeremy Bentham's panopticon. 512px-Panopticon.jpgInstead, what she was talking about was a collaborative approach to the very real problem of securing public safety.

Cut to this week, when four peers - former Conservative defence secretary Tom King of Bridgwater, the Liberal Democrat former reviewer of counter-terror laws, Alex Carlile QC of Beriew, the former Labour defence minister, Admiral Sir Alan West of Spithead, and the former Metropolitan police commissioner, Ian Blair of Boughton - have tabled the not-dead-only-resting Communications Data Bill as an amendment (PDF) to the Counter-Terrorism and Security bill, currently just past its second reading and plenty controversial all on its own. The lords announced the move yesterday; debate is on Monday.

Recall that when it was passed with widely criticized haste this summer, DRIPA was described as "emergency legislation", and part of the excuse for the haste was that it would automatically expire in 2016, forcing a public debate on the issues. As part of that debate, several reviews were commissioned that have not reported yet. Accordingly, the government's previously stated intention was to revisit the Communications Data bill after the election in May. They've been clear for some time that they want it passed (and might well have gotten it through last time if the LibDems hadn't been in a position to block it). Instead, at least these four peers seem to think they now have a "new normal" in which complex, controversial legislation should be rushed through in such a way as to pre-empt debate, render moot previously commissioned reviews and promises, ignore previous rounds of contravening study , and, for greater ease of confusion, rammed into an entirely separate piece of legislation as an amendment.

Paul Bernal calls it shameful opportunism.

But what could possibly be the objection? Didn't Harvard professors Margo Seltzer (computer science) and Sophia Rosooth (genetics) just tell the Davos forum that privacy is dead? They didn't say to get over it (for which we can all be grateful); they merely predicted that it was "inevitable" that personal genetic information would become public, and painted an image of tiny drones buzzing around grabbing little samples of DNA. They said to send to insurance companies; in today's Britain, it's depressingly easy to imagine a future Theresa May successor arguing that it's vital to store DNA samples from every person in every location because you just don't know what an investigator will need and when.

Return to this week. Here is Theresa May's logic for why the CDB and data retention are needed: the French "highly probably" used communications data. What's with the "highly probably"? Why speculate? You're the Home Secretary, a highly placed person in the British government. Why not ask them what they used, what was valuable, and what was useful distraction?

To some extent, one must blame TV shows' fantasy technology: David Cameron has said publicly that he believes crime dramas illustrate the value of communications data. "Get me all the internet passwords associated with that telephone number!" Kiefer Sutherland's Jack Bauer barks at an underling in the first fifteen minutes of the pilot of 24 - and the underling successfully obeys the order - thereby apparently convincing national leaders that such a thing is *possible*.

Meantime, fighting and refighting this same battle is distracting from the deliberate consideration we should be giving new issues as they arise - like, for example, those DNA-extracting drones or the fact that locations in London are signing up to offer free wifi via a company that thinks it's OK to scoop up everyone's devices' unique MAC addresses. Or even, how to reduce inequality. With more parity, maybe the 1 percent wouldn't have to be so scared of the rest of us and could share our streets instead of fleeing to gated communities.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

January 16, 2015


...And like clockwork, after a bad thing happens, there is much noise followed by we-must-do-something-this-is-something.

This week has seen the government response to two big bad things of the last few weeks: the Sony hack and the Charlie Hebdo murders. The UK seems to have responded primarily to the latter, the US to the former, since it happened in the otherwise slow holiday period and included cancelling the planned premiere showings of The Interview (which, comedian Amy Poehler quipped at the Golden Globes on Sunday, "forced us all to pretend we wanted to see it").

While the first response to both stories on both sides of the Atlantic surrounded defending free speech, the proposed legislative response seems to be framed to target the perceived cause. David_Cameron_and_Barack_Obama_at_G8_summit,_2013.jpgSo in the US, according to ars technica and Wired, President Obama wants Congress to amend the Computer Fraud and Abuse Act (1984) to increase the penalties for hackers and expand the definition of "hacking". In the UK, David Cameron wants to be able to read every communication. Neither would prevent future incidents like the ones that have already happened, but both would hurt many less obvious targets. The UK response especially seems to be seizing on recent events to push an agenda the government had already indicated it wanted anyway.

Taking the US's hacking amendments first, as others have said, the CFAA is the legislation under which Aaron Swartz was prosecuted - or persecuted. Increasing penalties and broadening the definition will catch more people who, like Swartz, are committing civil infractions, but will do nothing to stop a criminal attack like Sony's, which the FBI maintains was directly the responsibility of North Korea, despite expert disagreement. Increasingly, the most dangerous, persistent, and patient attacks are mounted remotely. Brian Krebs' dueling Russian spamlords do not care about US laws, nor do hackers based in North Korea or China. In their own countries, they may be heroes.

"What's left for them to want?" an activist friend asked the day after the Charlie Hebdo murders, before Cameron had spoken. Well: everything they've wanted in the past and didn't get, at least legally.

For one thing, key escrow, the subject of many battles in the late 1990s leading up to the passage of the Regulation of Investigatory Powers Act (2000). They wanted it, we told them (and told them and told them) it was a bad idea, and eventually publicly they gave up but, as we now know from the Snowden revelations, privately went ahead and broke everything they could, either technically or via standards bodies. They also don't have the Communications Data Bill that would require communications service providers to collect and retain third-party data transiting their systems, basically to gain access to things like instant messaging, skype, and private messaging over social networks.

With respect to censorship, the UK already has a comprehensive set of technologies in place: the Internet Watch Foundation, which responds to reports from the public of child abuse images; court-ordered blocking (to date, best known for its use to block torrent sites); and "family-friendly" filters everyone is supposed to make an active choice about. But the IWF has been reluctant to expand its mission beyond material that can be clearly ruled illegal into grey, fuzzy areas such as hate speech.

And that's exactly what they went on to propose: more of everything that failed to prevent the attacks. Besides Cameron, we've heard from Theresa May and the security services.

The US has been complaining about going dark for three years now, but it has to be careful: it has billion-dollar companies that depend on being able to say customers can trust them. Cameron apparently plans to ask Obama to step in and help him out here. You'd expect Obama to just laugh at him but sadly, there is something Obama just might accept as a quid pro quo: getting rid of this nasty data protection reform (which the UK has publicly opposed anyway).

Forbes figures Cameron wants to return Britain to an agrarian society. It would be closer to correct to say that he wants to turn Britain into France before 1999, when crypto was largely outlawed. France got over it at the same time as everyone else, if only because electronic commerce is not viable without secure encryption - which is Forbes's point.

Cory Doctorow, writing a few days ago about Cameron's plans, makes plain the onerous regime that the plan would actually require: total control over the software Britons' computers run; complete ability to censor what they read and where they acquire software; and rampant insecurity. As net.wars has written often, citing Susan Landau, a hole is a hole; it doesn't care who goes through it; Sophos' Graham Cluleyjust calls the plan "crazy".

Elsewhere, Milena Popova has dissected the damage surveillance and censorship do to vulnerable populations.

So, in brief: when a provocative and outrageous media outlet is attacked everyone lines up to champion freedom of speech...and then the next thing many of them want to do is lock us all down real tight.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her website has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

January 9, 2015

Pause for thought

The great playwright, director, and drama critic George S. Kaufman once famously remarked, "Satire is what closes Saturday night. This week, satire got 12 people killed at the French magazine Charlie Hebdo. The papers have far more details than net.wars can, and others such as Jon Stewart, Tina Fey, Conan O'Brien, myriad cartoonists, and Ian Hislop have expressed shocked condolences more eloquently, though see also Jacob Canfield for an unsentimental view of the magazine's output (and the Nielsen-Hayden-hosted discussion where I found that link). The Economist put it this way: Nothing can be done with a pencil or a keyboard that warrants a reprisal with a Kalashnikov.

But this is 2015 and, unfortunately, anyone interested in freedom and privacy can't pause to contemplate the significance of an awful crime but must immediately plot strategy against the probability that opportunistic authorities will seize the shocked aftermath to propose whatever repressive policy has been politically unacceptable until now. It's hard to believe there's anything left to add to the surveillance and censorship now endemic in many Western supposed-to-be democracies, but the depressing likelihood is that they'll think of something. The upshot is that at the moment when we should most be thinking of other people, we are under pressure to think instead of ourselves and the battles that may lie ahead.


The earlier part of Week 1 of 2015 was preoccupied with the much more ordinary internet storm around the so-called VATmess. Red tape, by James PettsUnnoticed by most people until it came into force on January 1, the EU's new rules require retailers of digital goods to collect VAT based on the location of their customers (in VAT-speak "the place of supply"). The fairly obvious goal is to stop large (mostly US) companies from taking advantage of varying tax rates across the EU to compete on unfairly favorable terms and diverting tax revenues to low-rate areas such as Luxembourg. The irony, as many have pointed out, is that the result will likely be to enrich those same (mostly US) companies by forcing microbusinesses to sell through large, third-party platforms rather than directly from their own sites, further damaging not only them but the open internet. Oops. The alternative is to stop selling into EU countries other than their own or register for VAT and the MOSS ("mini-one stop shop") service in their country and keep records of everyone's location for ten years.

Life is one closely complicated tangle, Gilbert and Sullivan's Don Alhambra complained in The Gondoliers - and his creators never had to deal with VAT, let alone 28 countries with 75 different rates among them. TechCrunch has a nice summary of the migraines all this will cause, especially for sole traders and start-ups. What the rules need, of course, is a threshold below which people can trade based on their own location instead of that of their customer's. More details on how to comply - and how to protest - on Github, courtesy of Rachel Andrew.

It's clear that the people who dreamed up these new rules did not think sufficiently long and hard or consult widely enough about the consequences of their plan before taking action. I understand it thusly: government tax authorities are staffed by the opposite of sole traders and entrepreneurs: People With Jobs. PWJs often understand large organizations reasonably well because they work for them, but I believe that to them People Without Jobs are their shiftless cousin who sleeps all day on their couch and is always "borrowing" money. Entrepreneurs and sole traders - that is, *us* - are not, to PWJs, people who *work*. We're unemployed - and if we have money we must have gotten it by nefarious means. It's only a theory, but I think it accounts for the attitude of general distrust.

Also in play may be the generation for whom the internet is Facebook and apps: for latecomers with smartphones and tablets who are almost wholly internet *consumers* the notion that everyone who sells anything works through app stores and third-party platforms seems entirely reasonable. The reality, of course, is that digital goods are sold in all sorts of ways, from public web pages to private email, and that people accepting payment via Paypal need know nothing more than the customer's registered email address. In the old, manual days, the quickest way to get these rules to go away would have been for everyone flood their VATpeople with returns requiring the calculation and transfer of dozens of tiny sums, making the system uneconomic to operate. Now, however, with required electronic submission via the internet and automated calculation via computer, the authorities can afford to create far more burdensome rules than they could in the past. Ain't technology wonderful?

There's another aspect of these rules that might be worth worrying about. HMRC's guidance says suppliers of digital goods - ebooks, music, images, software - must collect each customer's billing address and credit card sort code and store that information for ten years (which also means registering with the information commissioner as a data controller). This means far greater stored detail about what cross-border customers access and think about - and consequently a whole new vector for surveillance.

It seems only yesterday we were all enthusiastic about the new year. Holiday's over.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

January 2, 2015

Think good thoughts about a sunny side

Apparently I am a robot.

A very incompetent robot.

Sometime over the last few weeks, Google launched a new captcha system for its Blogspot subsidiary. The idea, as I understand it from the blog posting announcing it is that most people won't see captchas at all. For these trusted travelers of the internet, all they have to do is check a box that says "I am not a robot", and magic happens.

But not for me. Shadow Robot's Dextrous Hand - from www.shadowrobot.comChecking the box gets me a Rorschach blot, in which I am supposed to discern letters to type into the provided box. Wrong! Try again! With a new image! Somewhere behind the curtain Google psychologists are cackling at the disturbed mentality my feeble attempts indicate. They're certainly getting plenty of data: not counting myriad refreshes to get rid of the least readable ones, it's taking me ten to 15 tries to achieve humanity. The net effect is like taking an eye test administered by Franz Kafka that, if you fail it, will require you to take it again.

In the blog posting linked above, only the sunny side of captcha life is reflected. Google boasts that on the services that have adopted the new system 60 percent of users are getting right through. The fact that life is now hell for the remaining 40 percent appears nowhere. For mobile, the posting shows bright, clear images, from which you select as directed. For a situation like mine, the posting shows an entirely misleading test with three numbers. Numbers! I would kill for numbers! I can do numbers!

Instead here's one of the many images I was supposed to decode this week:
Thumbnail image for w-captcha-4.jpg

One of the blogs where this is happening is one where I've posted comments near-daily for three years from the same desktop computer at the end of the same IP address. You would think a really smart system would know this.

After you find the axe and kill the captcha you still have to fill in the little form to identify yourself via one of a number of options of ID: Google account, OpenID, name/URL, and so on. I don't know why that doesn't come first; you would think that matching those answers with their usual IP address or browser fingerprint would be a useful clue. Instead, I suspect my inability to solve the new captchas easily is working against me. Inside, the API is probably programmed like this: "Took ten tries last time. Probably a spambot that got lucky. Better make it harder this time."

Or, possibly, all the add-ons I have fortifying my installation of Firefox against spies and invaders are messing up the system.

In most tests involving cognition, you can learn to do better through practice. This, however, requires either a trial set you can practice on or feedback. Unfortunately, presumably because Google does not wish to educate the spambots, I can't study my past failures and learn from them. It would be helpful, for example, to be able to compare the image, my answer, and the correct answer so I could see if I'm trying too hard to see letters in stray squiggles, or whether all those things I think are w's are actually twice as many v's. Instead, each fresh attempt is a reset to a state of original ignorance.

Even without specific feedback, spambots are getting better, which is of course why all this is happening. Despite a few annoying stumbles at the beginning, the last iteration of captchas were difficult but solvable within three or four tries. I can't imagine reaching that state with these new ones.

Was my eventual guess at the captcha pictured above even close? I will never know.

Clearly, ten minutes of daily frustration is not comparable to the grief Facebook's year in review graphics caused to myriad bereaved people, most notably web developer Eric Meyer, who called it inadvertent algorithmic cruelty (there's also a follow-up discussing the widespread reaction to the posting). But there seems to me a common root - not, or not solely, the thoughtlessness of programmers, but the relentless cheeriness characteristic of American corporate presentation going all the way back to Dale Carnegie and How to Win Friends and Influence People. Technical documentation, for example, tends to be written as if the software or hardware you're installing will function perfectly, just as American supermarket cashiers must be exhaustively perky, Christmas is always a happy time, and the elderly couples in American TV ads are all healthy and mutually devoted (especially once they've achieved a potent peace of mind by buying Cialis and funeral insurance). Living on a steady diet of upbeat, it's perfectly logical that Facebook's and Google's programmers might not have noticed the negative aspects of their decisions.

A related posting to Dave Farber's list a few days ago noted that missteps like Facebook's will become increasingly uncommon as social bots continue to improve, concluding. "We may soon prefer to 'friend' bots on Facebook rather than actual people."

We may have to. Because at this rate, bots will be the only ones that can pass the "I am not a robot" tests.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.